Quantum computing and cryptography: Why businesses should already look at it now!

With the rise of quantum computing and the associated threat to classical encryption techniques, the question comes to the fore: How secure are our data – and for how long?

Quantum computers are based on the principles of quantum mechanics and use so-called qubits, which – unlike classical bits – can be in multiple states at the same time. This superposition and interlocking capability allows quantum computers to perform certain calculations exponentially faster than their classical counterparts.

This results in different fields of application with: disruptive Potential:

• Pharmaceutical: Simulation of complex molecules to develop new drugs.
• Logistic: Optimising global supply chains in real time
• Artificial intelligence: Accelerating training processes for deep learning models.
• Finance: Risk modelling and fraud detection based on huge amounts of data.
• Climate science: Simulation of weather and climate models with previously unachieved precision.
• Cryptography: Factorisation of large numbers to analyse classical encryption techniques.

 

Where are we today?

Companies such as IBM, Google, IonQ and D-Wave have already developed operational quantum processors. However, despite impressive progress, these systems are not yet stable or scalable enough for widespread use. Research is currently focusing on increasing the qubit number, correcting errors and developing efficient quantum algorithms.

A significant milestone for the scientific recognition of quantum computing has been achieved with the Physics Nobel Prize 2025 achieved. The award went to researchers who made fundamental contributions to the practical implementation of quantum algorithms and the scaling of qubit systems.

In addition, 2025 has been recognised by international research organisations and governments as: ‘International quantum year’ declared. The aim is to raise public awareness of the opportunities and challenges of quantum mechanics and to foster collaboration between academia, industry and policy makers.

 

What is the difference between quantum cryptography and post-quantum cryptography?

1. Quantum cryptography

This uses physical principles, such as quantum key distribution (QKD). Photons are transmitted in certain states – eavesdropping changes these states and is immediately detected. Security is therefore physically guaranteed, but QKD requires specific hardware and is currently only operational in pilot projects.

2. Post-Quantum Cryptography (PQC)

PQC is based on: mathematical procedures, which can be used even by high-performance quantum computers not efficiently broken can be used. Unlike quantum cryptography, PQC starts classical hardware it can be integrated into existing IT systems. PQC means: not, that these processes are running on quantum computers, but that they are: protected against quantum attacks are.

 

Why companies should act now

The threat from quantum computers is not hypothetical – it is real and foreseeable. Particularly critical: Data that is intercepted and stored today could be decrypted in a few years’ time (‘Harvest Now, Decrypt Later’).

Companies working with sensitive information – such as healthcare, the financial sector or industry – therefore need to take action now.

 

This will allow companies to prepare for the PQC era already now:

1. Understand the problem and how it affects your business

Before taking technical measures, companies should understand the basics of post-quantum cryptography and analyse the concrete risks and impacts on their industry, systems and data.

 

2. Cryptographic inventory – including software and applications

Record all cryptographic systems used: Certificates, keys, algorithms, logs. Consider also software solutions and applications containing cryptographic functions such as email encryption, VPNs, web servers, databases, mobile apps and embedded systems (e.g. IoT devices, machine controls).

Use automated tools to identify obsolete or unsafe cryptography and detect shadow IT.

Keep a crypto cadastre — a central register of all cryptographic techniques, algorithms and keys used. This helps to keep track of the situation and to target modernisation and migration measures.

 

3. Do you understand your data – what information needs to be protected and for how long?

Not all data are equally sensitive. Companies should analyse which data need to remain confidential in the long term (e.g. health data, intellectual property, financial information) and for how long they need to be protected against future attacks. This assessment helps to set priorities for migration to PQC.

 

4. Understand what is possible and what is not

Not all systems can easily switch to post-quantum-secure procedures. Legacy systems may have limitations that make migration difficult or impossible. Companies should consider at an early stage which components are substitutable, updateable or isolable.

Crypto-agility is a key principle: Systems should be designed to allow cryptographic components to be exchanged flexibly and quickly – for example in case of new standards, threats or regulatory requirements.

 

5. Initial risk analysis

Assess which systems and data are particularly vulnerable when classical encryption is broken by quantum computers.

Consider both technical and commercial risks, such as regulatory requirements, reputational risks or impact on customer trust.

 

6. Training & Governance

Train IT, security and compliance teams on PQC and crypto agility. Establish policies for algorithm switching, key rotation and contingency plans. Integrate PQC criteria into procurement policies and product development.

 

7. Migration Strategy & Timeline

Create a multi-annual migration plan with clear milestones. Consider supply chains, partners and regulatory requirements. Prioritise what needs to be migrated first, based on previous analyses – such as particularly sensitive data or high-risk systems.

 

8. Testing & piloting

Pilot projects with PQC algorithms. Test the impact on performance, compatibility and user experience. Work with specialised partners to avoid implementation errors.

My conclusion: The future starts now

Quantum computing is no longer a distant vision – it is a technological reality that will fundamentally transform our digital infrastructure. Companies engaging in post-quantum secure cryptography at an early stage secure not only their data but also their competitiveness in a quantum-computing digital future.