Quantum computing is set to be one of the most transformative technologies of the digital age, unlocking unprecedented computational power to drive innovation at scale.
By harnessing the principles of quantum mechanics, these computers promise to solve complex problems exponentially faster than classical machines, driving breakthroughs in fields like drug discovery, supply chain optimisation, and AI.
However, alongside the opportunity lies a threat. Quantum computing’s immense power has the potential to break many types of traditional encryption, putting both future systems and historic data at risk.
Attackers are already harvesting encrypted information today, aiming to decrypt it once quantum capabilities mature.
Myth: There’s plenty of time to act
According to PwC, one of the most serious misconceptions is the belief that the quantum threat to encryption is still years away. “Many organisations believe quantum computing is a distant concern and are prioritising other issues,” says Clinton Firth, Partner, Cybersecurity, PwC Middle East and Quantum Computing specialist. “Recent research suggests it could be mainstream within five years or less. Replacing legacy encryption with quantum-ready solutions takes time, so businesses must act now to stay ahead of the threat.”[1]
Myth: Only asymmetric encryption is at risk
The form of cryptography most at risk from quantum computing is asymmetric encryption, which uses a pair of mathematically linked keys—one public and one private—allowing secure data exchange such that information can be shared openly but only decrypted by the intended recipient.
However, most businesses are unaware that symmetric encryption, which secures data using a single key for both encryption and decryption, may also be at risk in the future.
“Just as Shor’s algorithm demonstrates how quantum machines can break asymmetric encryption, Grover’s algorithm presents a challenge for symmetric encryption,” adds Firth. “The concern is that quantum computing will make brute-force attacks far more effective.”[2] [3]
Anton Tkachov, Managing Director, Cybersecurity, PwC UK, explains further: “Complex systems, such as satellite arrays or ATM networks, are required to transport encryption keys to meet requirements around periodic key rotation. These keys are ‘wrapped’ using asymmetric key exchange algorithms. Instead of trying to brute-force access to encrypted information, an attacker armed with quantum computer, could crack the ‘wrapper’ and obtain keys to decrypt sensitive data.”
Myth: Vendors will take care of the challenge
Another concern highlighted by PwC’s quantum specialists, is businesses relying on vendors to address the quantum threat.
“If I’m a CIO running a complex technology estate, I might be well-prepared for quantum myself—but I’m still heavily reliant on vendors. Replacing a key vendor could take three-to-five years, and by the time I realise they’re falling behind on their quantum journey, it may already be too late,” says Tkachov.
Firth agrees: “Businesses can’t outsource risk—it remains their responsibility. Vendors won’t upgrade their cryptography by default. Without strong pressure from businesses, it simply won’t happen.”
Another challenge stems from the increasing “noise” around quantum solutions.
“Every time a major vendor announces a quantum breakthrough—whether that’s a new chip or an emulation tool—boards and executives, often reading headlines in mainstream business publications, immediately ask: ‘Is our encryption broken? Are we about to be hacked? Can you prove we’re safe?’ This creates huge pressure and extra work for security teams, often without cause,” says Tkachov.
Getting ready for the post-quantum world
To help their businesses cut through these myths and misconceptions, CISOs must first raise awareness of the scale of the encryption risk—and the urgency of acting now.
Tkachov concludes: “The time is now. Businesses must develop a post-quantum encryption strategy, build internal awareness, map the assets at risk, and redesign their applications.
“No single encryption algorithm will solve the challenge. Instead, organisations need an agile approach that allows them to rapidly adopt new standards as soon as old ones are broken—staying one step ahead of threat actors.”
To learn more about how organisations can prepare for the post-quantum world, register for PwC’s new webinar here.
To find out more about Clinton Firth, click here.
To find out more about Anton Tkachov, click here.
To learn more visit us here.
This is for general information purposes only.
2025 PwC. All rights reserved
[1] PwC, “Is quantum computing about to radically change the world?,” https://www.pwc.com/gx/en/issues/reinventing-the-future/take-on-tomorrow/quantum-computing-podcast-episode.html