Part 1: What Is Quantum Computing -and Why It Matters to Security

Quantum computing is no longer confined to the theoretical corners of academic research. With billions in investment from governments and industry giants, and with credible milestones being reached by companies like IBM, Google, and startups such as IonQ and PsiQuantum, the field is inching closer to practical utility. For boards, CIOs, and national infrastructure decision-makers, quantum computing isn't just about speed or exotic physics—it's a looming strategic challenge to the very foundations of digital trust: encryption.

This article introduces the essential characteristics of quantum computing, explains how its development intersects with cryptographic risk, and outlines the potential boardroom consequences of inaction.

1. What Is Quantum Computing? A Primer for Non-Engineers

At its core, quantum computing leverages the counterintuitive principles of quantum mechanics to perform calculations that would be infeasible on classical computers. Where traditional bits are binary (0 or 1), quantum bits or "qubits" can exist in a superposition of both states simultaneously. This enables quantum computers to process exponentially more information in parallel.

Two quantum phenomena are particularly important:

• Superposition: A qubit can represent multiple possible outcomes at once.

• Entanglement: Qubits can be correlated in such a way that the state of one instantly influences the state of another, no matter how far apart they are.

These properties allow quantum computers to excel at solving certain classes of problems—notably those involving large-scale factorisation and complex optimisation—that underpin modern cryptographic algorithms.

2. Why Should Business and Government Leaders Care?

From telecom authentication to digital banking, national identity schemes, and the encrypted traffic flowing through every data centre, our digital lives depend on cryptographic primitives that assume certain mathematical problems are unsolvable within a reasonable timeframe.

Quantum computing threatens to invalidate that assumption. It doesn’t matter if these systems are broken now or in 10 years—if data is being intercepted and stored today, it can be decrypted retroactively once a sufficiently powerful quantum computer becomes available.

This gives rise to the so-called "harvest now, decrypt later" threat, in which adversaries stockpile encrypted data now with the expectation of cracking it in the quantum future.

3. Milestones and Market Signals: Quantum Is Closer Than You Think

Many boards dismiss quantum computing as distant science fiction. But credible technical and commercial progress should prompt reconsideration:

• IBM has publicly committed to developing a 100,000+ qubit system by 2033, in partnership with national laboratories and universities.

• Google's 2019 demonstration of quantum supremacy showed a quantum computer solving a synthetic problem faster than any supercomputer.

• NIST and other national bodies have escalated funding, standardisation, and threat modelling to prepare for the post-quantum era.

According to McKinsey, private and public quantum tech investments surpassed $35 billion globally by late 2023.

4. Quantum-Enabled Threats: A Preview

Not all problems benefit equally from quantum speed-up. But two areas are especially relevant to business and state resilience:

• Shor’s Algorithm: Breaks RSA, ECC, and Diffie-Hellman encryption by factoring large integers and computing discrete logs efficiently.

• Grover’s Algorithm: Reduces the effective strength of symmetric encryption by roughly half (e.g., 256-bit AES security becomes comparable to 128-bit).

RSA and ECC, in particular, are widespread in:

• VPNs and SSL/TLS protocols

• Blockchain signatures

• Telecom signalling and authentication

• Secure email, cloud storage, and financial messaging

These systems do not degrade gracefully. Once broken, they fail catastrophically.

5. Why Boards Must Act Now: The Strategic Lens

The quantum threat isn’t just a cryptographic problem—it’s a fiduciary, operational, and reputational risk.

Key questions for boards:

• Which parts of our infrastructure depend on cryptographic algorithms vulnerable to quantum attack?

• How long does our sensitive data need to remain secure? (e.g., health, financial, or defense records)

• What steps are we taking to ensure algorithm agility and crypto-resilience in new projects?

Inaction today creates systemic vulnerabilities tomorrow. Worse, it may imply regulatory non-compliance in the near future as PQC mandates emerge.

6. Preparing for the Transition: It's About Agility, Not Panic

Leaders should resist hype-driven overreaction. No credible actor is claiming that RSA will collapse overnight. Instead, the imperative is to build a roadmap toward crypto-agility:

• Create an inventory of all systems using public key cryptography.

• Understand which systems manage long-lived sensitive data.

• Mandate that new systems support algorithm replacement.

• Monitor NIST and international PQC standardisation processes.

This is not an engineering-only issue. Boards must fund, monitor, and govern quantum readiness just as they do for climate risk or cybersecurity.

Footnotes and References

1. IBM Quantum Roadmap: https://research.ibm.com/blog/ibm-quantum-roadmap-2023

2. Google Quantum Supremacy: https://www.nature.com/articles/s41586-019-1666-5

3. McKinsey & Co Quantum Investment Tracker: https://www.mckinsey.com/industries/technology-media-and-telecommunications/our-insights/the-quantum-technology-monitor

4. NIST PQC Project: https://csrc.nist.gov/projects/post-quantum-cryptography

5. NSA CNSA 2.0 Guidelines: https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3193847/nsa-releases-new-quantum-resistant-algorithm-requirements/

Next in the Series: Part 2 — Breaking the Code—How Quantum Threatens Today’s Encryption