Despite investor scepticism, prominent quantum computing stocks have seen a notable rise at the beginning of 2025. Even prominent tech leaders like Jensen Huang and Mark Zuckerberg stating the field won’t be profitable hasn’t stopped investors and the wider public from being excited.
In cyber security, however, quantum computing offers both unprecedented capabilities and significant threats, making it a double-edged sword that demands careful navigation. Just as white hat hackers can use it to bolster defences, their malicious counterparts might be able to supercharge their efforts, too.
But how do we grapple with this quantum quandary? That’s exactly what we’ll tackle in this article, as we must collectively ensure they are not blindsided by the risks while leveraging its advantages.
Due to the presence of qubits, quantum systems can perform multiple calculations simultaneously, exponentially increasing computational power for specific tasks.
For cyber security, we already know this means quantum computers could break widely used encryption methods, particularly those relying on factoring large prime numbers, such as RSA and ECC.
These encryption standards form the backbone of secure online communication, financial transactions, and digital identity verification.
The versatility of quantum computing goes beyond cracking encryption. Its computational power could revolutionise cyber security applications by improving pattern recognition, anomaly detection and optimisation algorithms. Tasks that once took days or months to process could be executed within minutes, drastically reducing response times to potential threats.
Breaking encryption: A looming threat
Classical cryptography, based on mathematical problems too complex for current computers to solve within a practical timeframe, faces obsolescence in the quantum era. Shor’s algorithm, a quantum computing method, can efficiently factorise large integers, undermining RSA encryption’s security.
Just for comparison, in the context of Shor’s algorithm:
- A traditional computer might need trillions of years to crack a 2,048-bit RSA key.
- A quantum computer would need hours, if not days, to perform the same action.
Similarly, elliptic curve cryptography (ECC), celebrated for its efficiency, is vulnerable to the same algorithm. This vulnerability jeopardises everything from personal data protection to national security.
Hence, experts fear that hackers equipped with quantum capabilities could decrypt intercepted communications, exposing sensitive corporate or governmental information. And we all know how hard it is for politicians to adapt to modern tech.
Even data encrypted today could be at risk due to the “harvest now, decrypt later” strategy, where adversaries collect encrypted data now, anticipating quantum decryption in the future. The implications extend to industries like banking, healthcare and energy, where secure communication is paramount.
Strengthening cyber security with quantum technology
It’s not all doom and gloom, as quantum computing offers plenty of tools to counter these threats. Quantum Key Distribution (QKD), for instance, uses quantum mechanics to establish secure communication channels. As a result, any attempt to eavesdrop on quantum-transmitted keys would alter their state, immediately alerting both parties to the intrusion.
In addition to QKD, quantum random number generation (QRNG) is another promising application. Unlike classical methods, which rely on algorithms that could be predicted or replicated, QRNG leverages the inherent unpredictability of quantum processes to create genuinely random sequences. This strengthens cryptographic protocols, making them more resistant to attacks.
Last, but most certainly not least, quantum-enhanced machine learning could also aid in identifying and mitigating cyber threats. If the current applications of ML seem daunting, think of what quantum ML can do by analysing vast datasets more efficiently than classical systems. Quantum algorithms could detect subtle patterns indicative of an attack, enabling earlier intervention.
Post-quantum cryptography: The immediate response
The cyber security industry is not waiting passively for the quantum threat to materialise. Post-quantum cryptography (PQC) aims to develop encryption algorithms resistant to both classical and quantum attacks.
Standards bodies like the National Institute of Standards and Technology (NIST) are already advancing PQC algorithms, with several candidates already released or in the final stages of evaluation.
Despite the apparent defensive potential, transitioning to PQC involves significant logistical challenges. Organisations must inventory their cryptographic assets, evaluate quantum risks and implement new algorithms across their systems.
For industries like finance and healthcare, where data sensitivity is paramount, the transition timeline could stretch into years, requiring immediate action to stay ahead of quantum advancements.
The degree of difficulty gets even higher if legacy systems are being relied upon, as backwards compatibility in a quantum context isn’t something developers of old thought about.
Likewise, PQC adoption requires extensive testing to ensure compatibility with existing systems and resilience against emerging threats. This, unfortunately, means allocating additional resources to train personnel, upgrade infrastructure and maintain compliance with evolving regulatory requirements.
Mr Hyde: How cyber criminals benefit from quantum computing
We’ve spent a lot of time discussing how quantum computing can aid in defending our data, but white hat hackers and red teams aren’t the only ones interested in these advancements.
Nation states and cyber crime conglomerates with nine-figure sums to spend will certainly finance the R&D of offensive tools, which can pose problems for everyone from governments to small businesses.
In particular, sophisticated attacks, such as quantum-enhanced phishing or cracking biometric data, could exploit quantum-powered pattern recognition to unprecedented degrees. These capabilities pose a direct threat to authentication mechanisms, access controls and user trust.
Overnight, staples like QR codes and various forms of MFA will become easily corruptible due to the sheer computing power at the criminals’ disposal. Widely used for payments and authentication, they may require updates or complete overhauls to resist quantum-generated attacks.
Even the seemingly simple act of scanning a QR code could become a security risk if quantum-powered adversaries exploit flaws in code generation or scanning software.
Regulatory and strategic considerations
Despite claims that quantum computing will become feasible or profitable in several decades, we must still prepare for that inevitable moment.
Governments and regulatory bodies are beginning to address the quantum challenge. Investments in quantum research and the establishment of frameworks for quantum-safe technologies are gaining momentum.
For businesses, aligning with these initiatives is critical to ensure compliance and leverage state-of-the-art defences. Will cyber security become more expensive? Inevitably. But at the same time, there will be many more incidents than the 2,200 a day companies experienced in 2024.
Moreover, collaboration between the public and private sectors will play a pivotal role in quantum readiness. Sharing threat intelligence, standardising best practices, and incentivising quantum-safe transitions will strengthen collective security.
Most importantly, governments must invest in building a robust quantum infrastructure to ensure that technological advantages are not monopolised by adversaries.
But how will we be able to balance between protectionism and benefiting the human race as a whole? We’ll find out sooner or later, that’s for sure.
Preparing for the quantum future
Quantum computing is no longer a distant possibility, but an imminent reality. Organisations of all sizes must adopt a proactive stance, integrating quantum risk assessments into their cyber security strategies. In particular, we must collectively focus on:
- Education and awareness: IT and cyber security teams must receive the right education on quantum concepts and their implications. Building in-house expertise will be critical to navigating the complexities of quantum integration.
- Cryptographic inventory: This means mapping current cryptographic use to identify vulnerable assets. It allows organisations to prioritise upgrades where they are most needed.
- Adopting PQC: Currently, the best option is to transition to NIST-approved post-quantum algorithms. Early adoption minimises the risk of falling behind competitors or compliance requirements.
- Testing quantum services: In addition, it’s up to organisations to pilot technologies like QKD and QRNG to evaluate their practical benefits. Testing in real-world scenarios ensures smooth integration and operational efficiency.
Conclusion
Quantum computing’s dual potential in cyber security – as a tool for both defence and attack – requires a balanced approach. While its threats to traditional encryption are undeniable, its innovations also promise stronger, more resilient defences.
Organisations that act now to understand and prepare for the quantum era will not only safeguard their assets, but position themselves as leaders in a rapidly evolving technological landscape.
Otherwise, no one’s data will be safe, and we’ll have no way of keeping up with the computing power at the hackers’ disposal.
Source
