Region enterprises that are not already vested in quantum-ready cybersecurity need to prepare escape paths, or expect existential turbulence.

Quantum computing is rapidly shifting from theoretical promise to practical reality, and with it comes a seismic change in the cybersecurity landscape.

While the full impact of quantum attacks may still be five to 10 years away, the window for preemptive action is closing fast. For C-level and IT leaders, the imperative is clear: begin investing now in quantum-resilient strategies to safeguard your organization’s future. This is especially relevant in ASEAN, where countries such as Singapore, Malaysia, and Thailand are launching national quantum strategies, investing in quantum-safe networks, and urging regulated industries to prepare for the post-quantum era.

PQC

At the same time, adversaries are actively harvesting encrypted data today, intending to decrypt it later when quantum capabilities mature. The risk is not hypothetical — it is a looming inevitability.

Three viewpoints, one clear clarion call
According to Todd Moore, Vice President (Data Security Products), Thales, “NIST’s standards have brought urgency to address the impact of quantum advancements and the need to address these threats,” and he has urged enterprises to “place agility at the center of their quantum readiness, ensuring crypto-agile solutions are leveraged to keep pace with emerging quantum-resistant cryptography.”

According to a spokesperson at another cybersecurity firm, Check Point Software Technologies: “By 2025, we’ll see the first tangible signs of quantum computing’s impact on cybersecurity. Organizations (need to) proactively start transitioning to quantum-safe encryption methods to safeguard their sensitive data before it’s too late.”

Similarly, Takanori Nishiyama, Senior Vice President and Country Manager (Japan), Keeper Security, has chimed-in the advantage of achieving preemptive quantum readiness: “The ‘store-now, decrypt-later’ threat, where attackers collect encrypted data today with the intent of decrypting it in the future using more advanced quantum technology, is very real. While fully capable quantum computers may still be a decade or more away, leaders in the cybersecurity industry are acting now to mitigate risks, as transitioning encryption standards across industries takes years.”

Assessing organizational quantum readiness levels
Per textbook diligence, the first step for any executive team is to conduct a comprehensive assessment of quantum readiness.

Begin with an internal audit of your organization’s cryptographic landscape. Map out where and how cryptography is used across applications, data stores, and communications channels. This inventory should cover not only what algorithms are in use but also the metadata about how and why they are deployed. Benchmark your readiness against industry peers to understand your relative position and identify best practices. Also:

  • Engage stakeholders early in the process. Quantum resilience is not just a technical challenge: it is a cross-functional priority that spans IT, compliance, risk management, and business leadership. Establish clear, measurable KPIs that tie quantum initiatives to business outcomes, such as reduced risk exposure, improved compliance posture, or enhanced customer trust. This ensures that quantum investments are aligned with strategic goals and that progress can be tracked over time.
  • Build a cryptographic center-of-excellence: To coordinate and accelerate the transition, create a crypto center of excellence (CCOE). This dedicated team should be responsible for maintaining cryptographic inventories, setting policies for algorithm replacement, and serving as a central resource for expertise and training. The CCOE can also lead the evaluation and vetting of new PQC algorithms, ensuring that any migration is both secure and operationally viable.
  • Establish centralized governance: Develop policies for algorithm substitution, data retention, and the mechanics of cryptographic upgrades. These policies should be flexible enough to accommodate future changes, as post-quantum cryptographic standards will continue to evolve in response to new research and emerging threats. Collaborate closely with vendors to understand their roadmaps for quantum readiness and to ensure that third-party products and services will not become weak links in your security chain.
  • Invest in crypto-agility and hybrid strategies: One of the most important principles for quantum resilience is cryptographic-agility — the ability to rapidly adapt cryptographic methods as standards and threats evolve. Organizations should prioritize the development of crypto-agile applications and infrastructure. This means designing systems that can swap out cryptographic algorithms with minimal disruption, and that can support hybrid approaches combining classical and quantum-safe methods. Also, hybrid cryptography is emerging as the practical bridge to a quantum-safe future. By deploying both traditional and PQC algorithms in parallel, organizations can maintain compatibility with legacy systems while incrementally upgrading security. This approach also provides a hedge against unforeseen vulnerabilities in new PQC standards, allowing for a smoother and less risky transition.
  • Enhance detection and resilience capabilities: Quantum threats will not only challenge encryption but also increase the sophistication of cyberattacks. Investing in advanced, automated threat detection — leveraging AI-driven analytics and security operations centers —is essential for maintaining uptime and minimizing the impact of quantum-powered attacks. Consider adopting preemptive defense technologies such as Automated Moving Target Defense (AMTD), which dynamically shifts network parameters to confuse attackers and reduce exploitability. These measures add layers of resilience and help ensure business continuity in the face of evolving threats.
  • Prioritize talent management, partnerships, and continuous learning: Quantum cybersecurity is a rapidly evolving field that demands new skills and expertise. Invest in upskilling your teams through training, workshops, and partnerships with academic and industry leaders. If in-house expertise is limited, collaborate with vendors or research institutions to access specialized knowledge and accelerate pilot projects. Foster a culture of continuous learning and cross-functional collaboration—quantum readiness is not a one-off project, but an ongoing journey.
  • Strategically plan and test quantum-safe solutions: Prioritize critical systems with long-lived data (e.g., financial or medical records) for early PQC adoption, focusing on NIST-approved algorithms such as CRYSTALS-Kyber and CRYSTALS-Dilithium. Test these algorithms in sandbox environments to validate performance and compatibility. Budget for costs such as hardware upgrades and training, and ensure compliance with regulations. Explore Quantum Key Distribution as a complementary approach where feasible. Leverage open-source tools such as Open Quantum Safe, and engage with industry consortia (e.g., PQC Coalition) to stay updated. Assess supply chain vendors for quantum readiness to avoid weak links.
  • Engage in standards development, quantum-safe protocols, incident response, and collaboration: To stay ahead, participate in NIST’s ongoing PQC standardization process to influence and adopt emerging standards. Implement quantum-safe protocols such as TLS with PQC algorithms for secure communications, and test these in pilot environments. Develop quantum-specific incident response plans to address potential quantum-powered attacks, including scenarios where encrypted data is compromised. Join industry working groups (e.g., ETSI, IETF) and regional initiatives, especially in ASEAN, to share knowledge, align on standards, and accelerate adoption through cross-industry collaboration.