Quantum computing promises to solve complex problems that are beyond the reach of today’s computers, but its potential to break modern public-key cryptography and expose sensitive data has raised concerns among security leaders. And while quantum computing’s practical applications are still emerging, security leaders can’t afford to wait until it fully arrives. IANS Faculty members recently weighed in on what organizations should be doing today to prepare for the quantum age.

LEARN MORE: Quantum-Proofing the Enterprise: Build Crypto-Agility for a Post-Quantum World

What is the Quantum Challenge

The biggest concern for CISOs is the potential for quantum computers to break widely used encryption methods—especially asymmetric cryptography. A successful quantum attack could undermine security protections: authentication, digital signatures, and secure transactions would all be at risk.

Even before quantum computers become operationally viable, attackers can engage in “harvest now, decrypt later” strategies—collecting encrypted data today in anticipation of decrypting it in the future. This creates a long-term business risk for sensitive intellectual property, financial records, or national security data.

What Concerns Do CISOs Have About Quantum Computing

For security leaders, the implications extend beyond cryptography itself:

• Business Continuity & Reputation: A quantum-driven breach of encryption could impact customer trust, investor confidence, and regulatory standing.
• Vendor Dependence: Organizations will rely heavily on vendors to adopt post-quantum cryptography (PQC) standards. CISOs must assess vendor roadmaps and hold partners accountable for crypto agility.
• Regulatory Preparedness: Governments and industry bodies will push new requirements around PQC adoption. Being unprepared risks both compliance violations and reputational damage.
• Legacy Systems: Older platforms unable to support PQC will become a critical vulnerability. Transition planning must start before quantum risk becomes imminent.

CISOs should set a strategic course now. Agility and flexibility will be the differentiators between organizations that can adapt and those that could be vulnerable.

READ MORE: Tips to Prevent Quantum Computing Encryption Data Breaches

What CISOs Can Do Now

Security leaders should task their teams with the following priorities today:

1. Inventory and Assess Cryptography: Document all algorithms in use across systems, including encryption, key management, and digital signatures.
2. Build Crypto Agility: Ensure cryptographic modules can be swapped out easily. For new projects, require modular designs that support future algorithms.
3. Plan for Key Management: Design strategies to support multiple key lengths and certificate types. Increase key rotation frequency to reduce exposure from crypto harvesting.
4. Reduce Legacy Risks: Identify systems that cannot support PQC and plan for their decommissioning or replacement.
5. Minimize Data Exposure: Delete unnecessary stored data and limit retention to reduce the value of what adversaries could harvest today.
6. Engage Vendors Early: Evaluate vendor roadmaps for PQC support and push for timelines that align with your organization’s risk tolerance.

Quantum computing may still be years from mainstream deployment, but the risks it poses are immediate. For CISOs, the focus should be less on predicting when quantum will arrive and more on ensuring the organization is prepared to adapt when it does. By prioritizing crypto agility, tightening data protection practices, and holding vendors accountable, security teams can position their organizations to weather the quantum shift with confidence.

Download our 2025 Security Software and Services Benchmark Report—and gain access to valuable insights and practical strategies for managing vendors and MSSPs, especially during periods of budget constraints.

Take our CISO Comp and Budget Survey in less than 10 minutes and receive career-defining data and other valuable insights and data sets.

Security staff professionals can take our  2025 Cybersecurity Staff Compensation and Career Benchmark Survey.

Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.