In addition to overarching concerns about Q-day, three emergent threats (and more on the way) need IT leaders’ urgent attention.
Quantum computing promises to revolutionize technology, but also presents unprecedented cybersecurity threats that demand urgent attention.
Among the emerging quantum threats, three stand out as most concerning: the vulnerability of public key infrastructure (PKI) and internet security protocols; the risk of forged digital signatures undermining software supply chains; and long-term data exposure risks especially in critical sectors such as pharmaceuticals.
This strategy guide examines each of the above threats to give IT leaders an overview of their severity and how they can be mitigated.
Overarching quantum threats: a primer
Fully fault-tolerantquantum computers, expected within the next decade in some sectors, could be used to compromise the traditional encryption methods that currently protect data in countless digital systems posing a direct threat to global cybersecurity infrastructure.
According to one expert, Sergey Lozhkin, Head, GReAT (Asia Pacific, Middle East Turkey and Africa), Kaspersky, threats include the interception and decoding of sensitive diplomatic, military, and financial communications, as well as the real-time decryption of private negotiations — something quantum systems could handle much faster than classical machines, turning secure discussions into public reading.
Basically, threat actors can already harvest valuable encrypted data today, as they assume they can count on being able to decrypt it when quantum computers reach sufficient accessibility.
Lozhkin noted that a joint statement by 18 EU member states have already declared: “We urge public administration, critical infrastructure providers, IT providers, as well as all of industry, to make the transition to post-quantum cryptography a top priority. […] Organizations and governments should start the transition now.”
Additionally, Lozhkin mentioned two other well-known aspects of quantum threats:
- Sabotage in blockchain and cryptocurrency: Blockchain networks are not immune to quantum threats. Bitcoin’s Elliptic Curve Digital Signature Algorithm (ECDSA), which relies on elliptic curve cryptography (ECC), is especially vulnerable. Potential risks include forging digital signatures, which threatens Bitcoin, and other cryptocurrencies; attacks on ECDSAs that secure crypto wallets; and tampering with blockchain transaction history, undermining trust and integrity.
- Transitioning to post-quantum cryptography requires international coordination and urgency: “Quantum computers are not yet a direct threat, but by the time they are, it may be too late to respond,” Lozhkin noted. That is why preparations must begin now and the security decisions we make today will define the resilience of our digital infrastructure for decades. Without international coordination and timely infrastructure upgrades
Three new avenues for concern
As described earlier, three areas of emerging concern involve:
- Vulnerability of Public Key Infrastructure (PKI) and Internet security protocols
The foundational internet security protocols, including HTTPS, VPNs, and email encryption, rely heavily on PKI to authenticate identities and secure communications. However, quantum computers threaten to break the cryptographic algorithms safeguarding these certificate trust chains. This capability could enable attackers to issue fake certificates, mount man-in-the-middle attacks, and conduct large-scale phishing. The ripple effect would undermine global trust in online systems and disrupt digital commerce, government communications, and private messaging. - Risks to software supply chains via forged digital signatures
A parallel and equally alarming risk lies in the potential for attackers to forge digital signatures that validate software and system updates. Quantum attacks against elliptic curve cryptography (ECC) and RSA — cornerstones of secure code signing — could allow malicious actors to impersonate trusted software vendors. This would compromise software supply chains, enabling widespread malware infiltration through seemingly legitimate update mechanisms. Ensuring the integrity of software ecosystems will require rapid adoption of quantum-resistant cryptographic standards to safeguard users and enterprises from systemic compromise. - Industry-specific long-term data exposure, especially in the pharmaceutical and life sciences
Long-term data exposure is another critical concern, with particularly acute implications for industries such as pharmaceuticals, life sciences, and healthcare. These sectors maintain sensitive data with exceptionally long lifecycles, for example, clinical trial data and patient records that must remain confidential for decades. Quantum-powered adversaries may harvest encrypted data today with the intent to decrypt it in the future once powerful quantum machines become available. The consequences of retroactive decryption could include intellectual property theft, regulatory violations, and patient privacy breaches, risking lives, reputations, and commercial advantage.
Tackling new and ongoing quantum threats
The urgency of preparing for all quantum threats is now heightened by the current reality that most organizations and government agencies remain unprepared. Despite high awareness — as seen in surveys where over 80% recognize quantum risks — only a small fraction have clear migration or mitigation plans.
The complexity of transitioning cryptographic infrastructures to post-quantum algorithms, including newly standardized ones vetted by NIST, poses significant technical and operational challenges that require early, coordinated action.
In response, cybersecurity professionals advocate for “crypto-agility”: building flexible security architectures that can swiftly adopt post-quantum cryptographic algorithms as standards evolve.
Investments in quantum-safe hardware security modules (HSMs), quantum key distribution (QKD), and hybrid encryption models are also emerging as essential components of a quantum-resilient defense strategy.
Meanwhile, collaboration between governments, academia, and industry will be vital to accelerate research, standardization, workforce training, and global coordination to mitigate the multifaceted quantum threat landscape.
The pragmatic mindset to adopt, as Marin Ivezic, put it, is: “Think of quantum computing as the master key to every encrypted lock we use today. The difference is that the clock is ticking, and the race isn’t who builds the key first, but who locks their doors before Q-Day arrives.”
