Quantum computing’s top 3 cybersecurity threats, and why we can’t ignore them

One of the most discussed technological challenges of the coming decade is the rise of quantum computing and its potential impact on digital security. To better understand the scope of this evolving threat, we identified three of the most urgent quantum-related risks that demand action from the cybersecurity community.

What does Moore’s law have to do with it?

Silicon technologies will reach their limits in the fairly foreseeable future. Moore’s law, which stated that transistor density would double every two years, has significantly slowed down in recent years as transistor size is now approaching atomic scale, which makes further miniaturization challenging. As classical computers approach their physical limits, their performance growth is also slowing, constraining progress in areas that depend on complex computation. Quantum computers, on the other hand, offer the potential to solve specific problems far faster than classical systems. For now, however, their practical use remains limited to narrow and experimental domains – current quantum computers have only hundreds of physical qubits and lack robust error correction.

Nevertheless, experts estimate that we may see a fully fault-tolerant quantum computer within the next decade — a development that could unlock significant advances, but also unleash a new era of cybersecurity threats. Supporting this urgency, Deloitte’s 2024 Global Future of Cyber Survey reports that 83 percent of organizations are already assessing or taking steps to address quantum computing risks, demonstrating growing awareness and proactive strategies in the private sector.

Governments and corporations are investing heavily in quantum computing research and development, demonstrating growing awareness and proactive strategies in the private sector, and we are already seeing the prerequisites for widespread use of quantum computers in the next 10-15 years:

2030s roadmaps suggest thousands of qubits will be available.
Google announced it aims to build a 1 million qubit machine by the end of the decade.
Leading countries have established their own national programs focused on quantum, investing billions of dollars worldwide.
10 powerful quantum-based systems plausible in ten years.

A target for the advanced actors: Where do the risks hide?

Despite the expected computational advantages, the potential of quantum computers to break today’s widely used encryption methods raises urgent security concerns. While fraudsters are unlikely to gain access to such advanced and expensive technology, the threat is very real from advanced persistent threat (APT) groups and nation-state actors.

Quantum computers could be used to compromise the traditional encryption methods that currently protect data in countless digital systems, posing a direct threat to global cybersecurity infrastructure. Threats include the interception and decoding of sensitive diplomatic, military, and financial communications, as well as the real-time decryption of private negotiations – something quantum systems could handle much faster than classical machines, turning secure discussions into public reading.

1. Store now, decrypt later: the key threat of the coming years

Threat actors are already harvesting encrypted data today, with the intention of decrypting it in the future once quantum capabilities have advanced. This “store now, decrypt later” tactic could expose sensitive information years after it was originally transmitted, including diplomatic exchanges, financial transactions, and private communications.

This concept is echoed in a joint statement by 18 EU member states: “This is a threat when the confidentiality of data needs to be protected for a long time period (for instance sensitive personal data or commercial secrets).[…] We urge public administration, critical infrastructure providers, IT providers, as well as all of industry, to make the transition to post-quantum cryptography a top priority. […] Organizations and governments should start the transition now”.

2. Sabotage in blockchain and cryptocurrency

Blockchain networks are not immune to quantum threats. Bitcoin’s Elliptic Curve Digital Signature Algorithm (ECDSA), which relies on elliptic curve cryptography (ECC), is especially vulnerable.

Potential risks include forging digital signatures, which threatens Bitcoin, Ethereum, and other cryptocurrencies; attacks on ECDSAs that secure crypto wallets; and tampering with blockchain transaction history, undermining trust and integrity.

3. Quantum-resistant ransomware: A new defence line

Looking ahead, developers and operators of advanced ransomware may begin adopting post-quantum cryptography to protect their own malicious payloads. So-called “quantum-resistant” ransomware would be designed to resist decryption by both classical and quantum computers, potentially making recovery without paying a ransom nearly impossible.

At present, quantum computing does not offer a way to decrypt files locked by current ransomware. Data protection and recovery still rely on traditional security solutions and collaboration among law enforcement agencies, quantum researchers, and international organizations.

Building quantum-safe defenses

Quantum computers are not yet a direct threat, but by the time they are, it may be too late to respond. Encrypted data with long-term value is already at risk from future decryption.

The cybersecurity community, IT companies, and governments must coordinate to address the risks ahead, or risk systemic vulnerabilities that cannot be retroactively fixed. Policymakers should develop clear strategies to migrate to post-quantum algorithms. Businesses and researchers need to begin implementing new security standards now.

Transitioning to post-quantum cryptography will take years. Preparations must begin now and the security decisions we make today will define the resilience of our digital infrastructure for decades. Without international coordination and timely infrastructure upgrades, the risks to financial, governmental, and corporate data could become critical.

Sergey Lozhkin is Head of GReAT for META and APAC at Kaspersky.

TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.

Featured image: Mohamed Marey on Unsplash

Beyond the grade: Why one founder bet her life savings to rethink education in Singapore