【凱捷研究院】凱捷研究院后量子加密

Futureencrypted

Whypost-quantumcryptographytopsthenewcybersecurityagenda

#GetTheFutuΓeYouWant

2

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

Tableofcontents

04

ExecutivesummaΓy

10

Whyisquantumsafetyapriority

14

Quantumsafetyisontheradarofmostorganizations

26

OrganizationsareexploringapotentialtransitiontoPQC

CapgeminiResearchInstitute2025

CapgeminiResearchInstitute2025

3

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

68

38

Conclusion

FeworganizationsarereadyforthetransitiontoPQC

69

50

ReseaΓchmethodology

Howorganizationscanmakethemselvesquantum-safe

CapgeminiResearchInstitute2025

4

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

Mostorganizationshavequantumsafetyontheirradars:Sevenin10organizationswesurveyedareassessingor

deployingquantum-safemeasures(werefertotheseas“earlyadopters”).Sixintenearlyadoptersbelieve

thatquantumbreakthroughscanoccurwithinthenext

decade.Overhalfrecognizethatearlyinvestmentwillyieldadvantages.Mostrecognizepost-quantumcryptography(PQC)asthebestoptionwithwhichtoaddressquantum-securityrisks.

However,30%oftheoverallsamplestillunderestimatethethreat,riskingfuturedataexposureandregulatorypenalties.

OrganizationsaregraduallyexploringPQCtransition:

Roughlyhalfofearlyadoptersarerunningpilots,butskills

gaps,budgetuncertainty,andlimitedavailabilityofsolutionshaveslowedprogress.Mostleanonspecialistvendorsand

cloudprovidersforproofs-of-concept(PoCs),hardware

upgrades,andhybrid-transportlayersecurity(TLS)services.

Quantumcomputingisrapidlyadvancing,threateningto

breaktoday’sencryptionstandardssuchasRSAandECC.

Sensitivedatainterceptednowcouldbedecryptedlater—

Executive

posingaseriousrisktoprivacy,compliance,andnational

summary

security.Tostayahead,organizationsmustprioritize

quantum-safecryptographytoday,ensuringlong-termcyberresilienceandtrustinapost-quantumworld.

Whyquantumsafetyisapriority:Therapidprogressof

quantumcomputinghaslefttraditionalmethodsandpublic-keycryptographyvulnerable.“Harvest-now,decrypt-later”attacks,togetherwithtighteningregulationsandchangesinthetechnologystackhaveelevatedquantumsafety

fromatechnicalconcerntoaCsuitemandate.Becomingquantum-safeisacomplex,multi-yeareffortthatmust

beginnow.Delayingactioncouldexposecriticalassetsanderodetrust.Regulatorydemands,customerexpectations,andcompetitiveadvantageallfavorearlymovers.In

cybersecurity,beingearlymeansbeingsafe.

CapgeminiResearchInstitute2025

5

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

?Planfortransition:LaunchtargetedPQCpilotsandcraftaphasedmigrationroadmapthatscaleslessonslearnedacrosstheenterprise.

?Focusoncrypto-agility:Equipteams,design

infrastructure,andsoftwaresocryptographicalgorithmscanbeswappedefficientlyasstandardsmature.

?Ensuresystemprotection:Applyquantum-safecontrolstobothedgedevicesandlegacysystems,withsecure-

updatemechanismsbuiltin.

?Investincapacitydevelopmentandperformance:

FunddedicatedteamsandupskillstafftosustainPQCadoptionwithoutsacrificingsystemthroughputwhileinvestingindevelopingcomputational,bandwidth,andstoragecapacity.

?Strengthencollaboration:Insertquantum-safeclausesasstandardinsuppliercontractsandfostercross-industrypartnershipstoacceleratejointreadiness.

FeworganizationsarereadyforPQCtransition:Only

aminority(16%ofearlyadoptersand11%oftheoverall

Executive

sample)qualifyas“quantum-safechampions,”whocombinematuregovernancewithstrongtechnicalexecution.

summary

Gapstypicallylieinorganizationalstrategy,cryptographic

inventory,supply-chainengagement,andhardware

infrastructure.Thepracticesofthequantum-safechampionsofferablueprintforothers.

Howorganizationscanbequantum-safe:PQCdemands

astrategic,long-termapproach—it'snotaone-time

compliancecheckboxbutacontinuousjourneytoward

resilience.Embracingcrypto-agilityensuresorganizationscanadaptswiftlyasquantum-safestandardsandthreatsevolve.

?Conductquantumriskassessment:Maintainalive

cryptographicinventoryandrankeveryassetbysensitivitytoguiderisk-basedmitigation.

?CreateawarenessofPQC:Driveenterprise-wide

educationandestablishagovernancestructurethatkeepsquantumsecurityontheC-suiteagenda.

CapgeminiResearchInstitute2025

6

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

Whoshouldreadthisreportandwhy?

ThisreportisessentialreadingforCISOs,CIOs,CTOs,andHeadsofInformationSecurityresponsiblefor

safeguardingcriticalinfrastructure,sensitivedata,

andlong-termdigitaltrust.Asquantumcomputingadvances,cryptographicsystemsthatunderpin

securecommunications,authentication,andkey

exchangeareatrisk.Leadersinsecurity,compliance,andenterprisearchitecturemustunderstandthe

timeline,technicallandscape,andstrategicdecisionsrequiredtoadoptpost-quantumcryptography(PQC)andensurecrypto-agilityacrosssystems.

ItisalsohighlyrelevantforITinfrastructure

leaders,PKImanagers,andproductsecurityteamsworkinginorganizationswheredataconfidentialityandintegritymustbepreservedoverextended

timeframes.Fororganizationswithcomplexsupply

chainsorglobalregulatoryexposure,thisreport

offersaroadmaptoassessquantumreadiness,

launcheffectivePQCpilots,andmanagecross-

functionaltransformation.Whetheryou’rejust

beginningtoexplorequantumthreatsoradvancingtowardfullmigration,thisreportprovidesactionableinsightsgroundedinresearch,industrybenchmarks,andexpertguidance.

Thisreportisbasedonthefindingsofa

comprehensivesurveyof1,000organizationswithannualrevenueof$1billionacross13sectorsand13countriesinAsia–Pacific,Europe,andNorthAmericaandin-depthinterviewswith16selectedexecutives.70%ofthosesurveyedthatwerefertoas"early

adopters"inthisreport,areeitherworkingonorplanningtoworkonquantum-safesolutionsinthenextfiveyears.

Seetheresearchmethodologyattheendof

thereportformoredetailsontheorganizationssurveyed.

%

oftheorganizationssurveyedthat

werefertoas"earlyadopters"inthisreport,areeitherworkingonorplanningtoworkonquantum-safesolutionsinthenext

fiveyears.

CapgeminiResearchInstitute2025

7

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

CapgeminiResearchInstitute2025

8

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

Definitions

Terminology

Acronym/definition

PQC

Post-quantumcryptography

Quantumsafety

Protectingdatafromfuturequantumcomputersthatbreakencryption

Harvest-now,decrypt-later

Attackersstealencrypteddatanow,expectingtodecryptitlaterusingfuture,morepowerfultechnologies

Q-Day

Q-Dayisthehypotheticalfuturedatewhenquantumcomputerswillbecomepowerfulenoughtobreakthecryptographicalgorithmsthatcurrentlysecuremostoftheworld’sdigitaldataandcommunications

PKC

Publickeycryptography

CRQC

Cryptographicallyrelevantquantumcomputer

Cryptographicinventory

Acomprehensivelistofallcryptographicassets,algorithms,andprotocolsinuse

Crypto-agility/cryptographicagility

Abilitytoquicklyswitchcryptographicalgorithmswithoutmajorsystemorsoftwarechanges

NCSC–UK

NationalCyberSecurityCentre–UK

NIST

NationalInstituteofStandardsandTechnology

NSA

NationalSecurityAgency

CapgeminiResearchInstitute2025

9

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

Terminology

Acronym/definition

TLS

Transportlayersecurity

RSA

Rivest–Shamir–Adleman(apublic-keycryptosystem,anasymmetricencryptionalgorithm,usedforsecuredatatransmissionanddigitalsignatures)

ECC

Ellipticcurvecryptography(atypeofpublic-keycryptographythatusesellipticcurvestogeneratekeys)

QKD

Quantumkeydistribution

MFA

Multi-factorauthentication

PKI

Public-keyinfrastructure

AES

AdvancedEncryptionStandard

VPN

Virtualprivatenetwork

SHA-256

Securehashalgorithm256-bit(acryptographichashfunctionthatproducesa256-bithashvalue(32bytes)fromanyinputdata)

FIPS

FederalInformationProcessingStandard

Mosca’stheorem

Mosca'stheoremhighlightsthatifquantumcomputerscansolvefactoringanddiscretelogarithms,thenallcurrentpublic-keycryptographybecomesinsecure,urgingquantum-safealternatives.

Accordingtothistheorem,(X+Y)>Z,theamountoftimethatdatamustremainsecure(X)plusthetimeittakestoupgradecryptographicsystemstobecomequantum-safe(Y)isgreaterthanwhenlarge-scalequantumcomputerswillbeavailablewithenoughpowertobreakcryptography(Z),youhavealreadyrunoutoftime.

CapgeminiResearchInstitute2025

10

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

WhyisquantumsafetyapΓioΓity?

Quantumcomputingharnessesquantummechanicstosolveproblemsfarbeyondthereachofclassicalcomputers.Itcanbringgreaterefficienciesinrisk

management,discoveryoflightweightmaterialsornewdrugs,addressingclimatechange,amongotherareas.Ourresearchon“quantumtechnologies”

exploredhoworganizationscanpreparetoleveragethisquantumadvantage.1However,thispotential

ofquantumalsocomeswithrisksitcanposetotoday’scybersecurity.

Asquantumpowergrows,sodoestheurgencyforquantum-resilientsecurity.Organizationsmust

assesstheirreadinesstosafeguardsensitivedataagainstquantumthreats.Cryptographicagility

–theabilitytoadaptswiftlyandimplementnew

cryptographicsolutions–isessentialtocounteract

CapgeminiResearchInstitute2025

11

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

thevulnerabilitiesposedbyquantumcomputing.Toensurelong-termdatasecurityandfostertrustindigitalsystems,theadoptionofquantum-safemeasuresisparamount.

?Harvest-now,decrypt-laterattacksarealreadystealingdata

Harvest-now,decrypt-laterattacksrelyonthe

acquisitionofcurrentlyunreadabledatawiththe

possibilityofdecryptingitafter“Q-Day.”2Sensitivedatasuchascustomer,health,orfinancialdata

siphonedoffnowcouldbeexposedonceQ-Day

arrives.Ourresearchhasshownthatthisisaconcernfor65%oforganizations.InJune2025,researchersreportedtheleakageof16billioncompromised

logincredentialsfrom30exposeddatabases,givingcybercriminalsunprecedentedaccesstoidentity

theft,accounttakeovers.3Thescaleofthishighlightsthemassiveproblemorganizationswillneedto

tackleoncetheencryptionalgorithmscanbebrokendownbyquantumcomputers.

?Regulatorsareencouragingthetransitiontoquantum-safety

InAugust2024,theUSNationalInstituteof

StandardsandTechnology(NIST)announcedthefirstthree(CRYSTALS-Kyber,CRYSTALS-Dilithium,and

SPHINCS+)post-quantumalgorithms.Thesewere

formulatedastheresultofahugeeight-yeareffort,andNISTencouragessystemadministratorstobeginintegratingthemimmediately.4Further,theNationalSecurityAgency(NSA)hasreleasedguidance

recommendingthedeprecationoftheRivest–

Shamir–Adleman(RSA)algorithmswithkeylengthsshorterthan2048bits–equivalenttoapproximately112bitsofsymmetricsecuritystrength–aswellas

ellipticcurvecryptography(ECC),by2030.Theuse

ofthesealgorithmsisexpectedtobedisallowed

entirelyby2035.5TheEuropeanUnionissueda

roadmaprecommendingitsmemberstatestostarttransitioningtoPQCbytheendof2026.Atthesame,

itrecommendsthatcriticalinfrastructuresshouldbetransitionedtoPQCassoonaspossibleandnolaterthanbytheendof2030.6

?Theecosystemisalreadyadapting

Majorcloudprovidersarerollingoutsupportfor

transitiontoPQC.AWSbeganenablingKyber-

based(apost-quantumalgorithmstandardized

byNIST)keyexchangeforclients;7Cloudflarehas

deployedsupportforhybridkeyagreementsforTLShandshakesandhasannouncedtherolloutofPQC

acrossitswholeplatform.8AppleannouncedPQ3,

whichprovidesdefensesagainstquantumattacks,

foritsiMessageplatform.9Microsoftannounced

PQCsupportforitsWindowsInsidersCanary

builds(27852andabove),allowingdevelopersto

experimentwithPQC.10Andoneofthewidelyusedsoftwarelibraries,OpenSSL,releaseditsfinalversion(3.5)inApril2025withsupportforPQCalgorithms.11

CapgeminiResearchInstitute2025

12

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

?Timeisrunningout

Thequantumthreatisn’tadistantconcern–it’s

apresentandpressingone.MostCISOsstill

underestimatethescaleoftransformationrequired:

fromrecompilingthousandsofcustomapplicationstoreplacingcryptographiclibraries,rotatingkeys,

updatingHSMs,andreissuingcertificates.For

sectorslikebanking,thisisamonumentallift.And

witheveryonesoonscramblingforthesamescarcequantum-safetalent,thewindowtoactisrapidly

closing.Byplanningforthemulti-yearmigrationandbudgetingforthetransitionearly,organizationscan

avoidregulatorypenaltiesandexpensivehardwareupgradesinthecaseofaquantumbreakthrough.Further,thismigrationalsosignalsastrong

cybersecurityposturetostakeholders.

MarcoPereira,GlobalHeadofCybersecurityat

Capgemini,summarizes,“Quantumreadiness

isn’taboutpredictingadate–it’saboutmanagingirreversiblerisk.Everyencryptedassettodaycouldbecometomorrow’sbreachiforganizationsdelayadoptingpost-quantumprotections.Transitioningearlyensuresbusinesscontinuity,regulatory

alignment,andlong-termtrust.”Thetransition

toquantumisnolongerpurelytheoretical.While

itisestimatedthatbuildingaCRQC–capableof

breakingRSA-2048orECC–islikelywithinfiveto

10years,focusingsolelyonwhenQ-Daywilloccurisariskymaneuver;bythetimeaquantumadversary

emerges,itwillbetoolatefororganizationsto

retrofittheircryptographicfoundations.Regulations,technologicalchanges,andthemarketmandatethatorganizationsembedquantum-safesolutionsinto

theirstrategyandoperations,withurgency.

CapgeminiResearchInstitute2025

13

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

“Quantumreadinessisn’taboutpredictingadate–it’saboutmanagingirreversiblerisk.Everyencryptedassettoday

couldbecometomorrow’sbreachiforganizationsdelay

adoptingpost-quantumprotections.Transitioningearly

ensuresbusinesscontinuity,regulatoryalignment,andlong-termtrust.”

MarcoPereira

GlobalHeadofCybersecurityatCapgemini

14

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

01

Quantumsafetyisontheradarofmostorganizations

CapgeminiResearchInstitute2025

CapgeminiResearchInstitute2025

15

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

Aconventionalcomputerisestimatedtorequire(anotional)

300trillionyearstobreakRSA-2048byfactoringpublic

keys.CraigGidneyfromGoogleestimatesthatfactoringa2048-bitRSAkeycouldtakeunderaweekusingfewerthanamillionnoisyqubits.Withadvancesinerrorcorrection,

hardware,andalgorithms,thetaskmightbecompleted

inhoursordays–markinga1,000ximprovementover

thepast15years.12Recentadvancementsinquantum

computingincludeMicrosoft’sMajorana1chip,13which

leveragesanovel“topoconductor”materialtoreducequbiterrorrates,andChina’sTianyan-504system,featuringa

504-qubitsuperconductingchipnamedXiaohong.14Thesedevelopmentsshowcaseprogressinbothqubitfidelityandscalability.Additionally,China’sZuchongzhi-3,a105-qubitsuperconductingprocessor,hasdemonstratedquantum

advantageinspecificsamplingtasks.15

Acryptographicallyrelevantquantumcomputer(CRQC)

wouldrendertoday’spublickeycryptographyobsolete.

WidelyusedalgorithmssuchasRSA,ECC,andDiffie-Hellman

–coretosecurekeyex-changeanddigitalsignatures–

wouldbebrokenbyquantumattacks,compromisingsecurecommunicationsacrossemail,VPNs,websites,financial

transactionsandcriticalinfrastructure.Protocolssuchas

TLS/SSL,SSH,andmanyblockchainimplementationswouldbecomevulnerable.Theimpactwouldrippleacrosssectors,underminingconfidentialityandoperationalcontinuity.

Sevenintenorganizationsareeither

currentlyworkingonorareplanningtousequantum-safesolutionsinthenext

fiveyeaΓs

Oursurveyof1,000executivesfromglobalorganizationswithrevenuesover$1billion,withkeyC-suiteleaders

suchasCTOs,CIOs,andCISOs,revealsthat70%ofthese

organizationsareeitherworkingonorplanningtoimplementquantum-safesolutionswithinthenextfiveyears.These

%

ofsurveyedorganizationsarenot

workingonquantum-safesolutions

currentlyanddon'tplantodosowithinthenextfiveyears.

arethe“earlyadopters”(seefigure1).Ourprevious

cybersecurityresearch16indicatesthat92%oforganizationshadexperiencedacybersecuritybreachinthepreceding

12months.Thisunderscorestheimportanceofquantumsecurityasbusinessespreparetosafeguardtheirdigitalinfrastructures.

"Oncequantumcomputersareoperational,theycouldbreachallexistingencryptedcommunications,"saysRinatZilberstein,AT&TIsraelGeneralManagerandVPR&DatAT&T.17Over

80%ofearlyadoptershaveglobalrevenueexceeding$10billion,reflectingtheimperativetosecurefuturedigitalinfrastructures.

CapgeminiResearchInstitute2025

FiguΓe1.

Sevenin10organizationssaytheyarecurrentlyworkingonorplanningtousequantum-safesolutionsinthenextfiveyears

Areyoucurrentlyworkingonorplanningtousequantum-safesolutionsinthenext?veyears?

Average

Defense

Banking

Aerospace

Telcom

Hightech

Insurance

Publicsector

Automotive

Healthcare

Utilities

Energy

Retail

Consumerproducts(includingFMCG)

70%

30%

10%14%

90%86%

83%

17%24%25%

76%

75%

73%

27%

68%

33%35%36%

40%

65%

64%60%

46%51%

53%

54%49%

48%

YesNo

Source:CapgeminiResearchInstitute,PQCsurvey,April–May2025,N=1,000organizations.

16

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

Thedefensesectorleadsinadoptingquantum-safesolutions,with90%oforganizationsplanningtoimplementwithinthenextfiveyears.Bankingfollowsat86%,whileaerospacealsoshowsstronginterestat83%.Incontrast,boththeconsumerproductsandretailsectorslagsignificantly,withonly48%

and49%,respectively,planningtoadoptthesesolutions.

%

ofdefensesectororganizationsare

currentlyworkingonorplanningtoadoptquantum-safesolutionsinthenext

fiveyears

CapgeminiResearchInstitute2025

17

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

Mostearlyadoptersunderstandtheneedforquantumsafety

Thereisaconsensusthatquantumcomputingthreatsarenotimminentbutareexpectedtobecomesignificantwithinthenextdecade,asanticipatedby61%ofearlyadopters,while

17%expectbreakthroughswithinthenextfiveyears(seefigure2).

Manyorganizationsrecognizethecriticalimportance

ofensuringtheirsystemsaresecureagainstquantum

computingthreats.Huawei,forexample,istestingquantumencryptiontoimproveinternetsecurity.18Thisproactive

approachisvitalforsafeguardingsensitivedataand

maintainingrobustcybersecuritymeasures.“EarlyPQC

adoptionisn’tjustaboutsecurity–it’sastrategicadvantage.Itbuildscustomertrust,avoidscostlyretrofits,andpositionsusaheadofregulatorymandates,”addsVivekSharma,HeadofGlobalPartnerManagementatBosch.

%

ofearlyadoptersbelievethatquantumcomputerswillachievethecapabilitytobreakcurrentencryptionmethodswithinthenext10years

FiguΓe2.

AroundsixintenearlyadoptersbelieveQ-Daycanhappenwithinthenextdecade

Inyourorganization’sview,howsoonwill

quantumcomputersachievethecapabilitytobreakcurrentencryptionmethods?

3%

14%

16%

24%

44%

Within1–2years

(i.e.,thethreatisimminent)

Within2–5years(i.e.,

threatisnotimminentbutinthemediumterm)

Within5–10years

(i.e.,thethreatisinthelongerterm)

Morethan10years

(i.e.,quantumcomputingbreakthroughsarenotonthehorizon)

Uncertain

Source:CapgeminiResearchInstitute,PQCsurvey,April–May2025,N=703earlyadopters.

Quantumcomputerscouldsoonadvancetothepoint

wheretheycanbreakcurrentencryptionstandards,

promptingashifttoquantum-resistantalgorithms.

ACISOataglobalproviderofcustomerrelationship

managementandbusiness-processoutsourcingservicessays,“Intwoyears,quantumwillbecomeacommon

discussionattheC-level.Thingsaremovingtoofasttoignoreitmuchlonger.”Around65%oforganizationsinourresearchconsiderquantumcomputingthemostsignificantthreattotheircybersecurityinthenext

threetofiveyears.OrganizationsintheUK(68%),US(69%),Australia(75%)andFrance(68%)viewquantumcomputingasasignificantcybersecuritythreatinthenextthreetofiveyears,particularlyintheaerospace(71%)anddefense(68%)sectors.

Asshowninfigure3,75%sayindustry-wide

collaboration(e.g.,withgovernmentbodies,technologyconsortia)iscriticaltoaddressingquantum-related

securityrisks.19Forexample,BTQTechnologies,a

quantumcompanyofferingPQCsolutions,signedamemorandumofunderstanding(MOU)withSouthKoreanquantumorganizationstosupportglobal

collaborationinindustrialstandards,events,andindustry-academicprograms,advancingquantumtechnologyinnovation.

CapgeminiResearchInstitute2025

18

Consideringtheimprovementstoerror-correctingcodes,hardwarefidelities,andalgorithmicimprovements,Q-Daydoesnotseemtheoreticalanymore.Overhalf(57%)of

organizationssaytheyarepreparingforQ-Daybyadoptingquantum-safepractices,regardlessofwhenlarge-scale

quantumcomputingbecomesareality.Commenting

abouttheurgencyandawareness,JulioPadilha,CISOof

Volkswagen&Audi,SouthAmerica,said“Peopledo∩’t

believeitwillhappe∩u∩tilithappe∩s.The?ΓstpublicattackbΓeaki∩9e∩cΓyptio∩willtΓi99eΓuΓ9e∩cy.U∩tilthe∩,it’s

haΓdtojustifyi∩vestme∩ti∩somethi∩9weca∩’tyetsee.”

Quantumthreatsarerealandimminent.Withoutserious

investmentinquantum-safeinitiativestoday,weriskbeingblindsidedtomorrow.Theraceison–actnoworfallbehindinsecuringourdigitalfuture.

%

ofearlyadopterssaytheyarepreparing

forQ-Daybyadoptingquantum-safepractices,regardlessofwhenlarge-scalequantum

computingbecomesareality.

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

FiguΓe3.

Twointhreeearlyadoptersofquantumsafetyconsiderquantumcomputingthemostcriticalthreattotheircybersecuritypostureinthenext3–5years

Industry-widecollaboration(e.g.,withgovernmentbodies,technology

consortia)iscriticaltoaddressingquantum-relatedsecurityrisks.

Regulatoryguidelines,suchasthosefromNIST,arehelpfulforourquantum-safetransition.

Weconsiderquantumcomputingthemostcriticalthreattoourcybersecurity

postureinthenextthreeto?veyears.

Weconsiderquantumcomputingapriorityonourcybersecurityroadmap.

75%

68%

65%

60%

Source:CapgeminiResearchInstitute,PQCsurvey,April–May2025,N=703earlyadopters.

CapgeminiResearchInstitute2025

19

“Peopledon’tbelieve

itwillhappenuntil

ithappens.Thefirst

publicattackbreaking

encryptionwilltriggerurgency.Untilthen,

it’shardtojustify

investmentinsomethingwecan’tyetsee.”

JulioPadilha

CISOofVolkswagen&Audi,SouthAmerica.

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

FiguΓe4.

Overhalfofearlyadoptersbelievethatearlyinvestmentinquantum-safetechnologieswillyieldsignificantstrategicbenefits

WearepreparingforQ-Daybyadoptingquantum-safepractices,regardlessofwhenlarge-scalequantumcomputersbecomeareality.

Webelievethatearlyinvestmentinquantum-safetechnologieswillyield

signi?cantstrategicbene?tsovertime.

Ourboardandexecutiveleadershipregularlydiscusstheimplicationsofquantumcomputingforoursecurityposture.

57%

53%

39%

Source:CapgeminiResearchInstitute,PQCsurvey,April–May2025,N=216senior-levelexecutivesfromearlyadopters.

CapgeminiResearchInstitute2025

20

Futureencrypted:Whypost-quantumcryptographytopsthenewcybersecurityagenda

Three-quarters(75%)ofexecutivescite“regulatory

compliance”and71%“futureproofingagainstquantum

attacks”askeyfactorsdrivingtheirorganization’s

considerationforadoptingquantum-safetechnologies.WealsoseefederalbodiessuchasNISTandtheUK’sNationalCyberSecurityCentre(NCSC)issueregulatoryguidance

andrecommendations(forexample,theNCSCfocusesonquantum-resistantencryptiontoprotectcriticalsectorsby2035).20

Amongtheorganizationswesurveyed,70%ofearlyadopterscitedataencryptionamongthetopfivecryptographic

functionstobetransitionedtoquantum-safealternatives,suggestingthatquantumcomputingcouldchangehow

organizationsapproachdataencryptionforever.21

The“harvest-now,decrypt-later”threatisimmediate.Onthesurface,nobreachisvisible,noalarmssound,andencryptionholds–fornow.Thoughundetectednow,thebreach

threatenslong-termconfidentiality–especiallyforsensitiveassetslikemedicalrecords,tradesecrets,orclassified

information.Datastolentodaymaybedecryptedbyfuturequantumcomputers.

Theshifttoquantum-safeencryptionismorethanatechnicalupgrade—it’sastrategicimperative.Whilesymmetric

cryptographyisexpectedtoremainsecurewithlongerkeylengths,replacingtoday’spublic-keysystems(e.g.,RSA,

ECC)isfarmorecomplex.Emergingsolutionslikequantumkeydistribution(QKD)showpromiseforspecificusecasesbutaren’tyetbroadlyscalable.Atthesametime,key

managementinhybridcryptographicenvironments(whereclassicalandpost-quantuma