The global cybersecurity community faces a ticking clock. China’s rapid advances in quantum computing, combined with insufficient global investment in quantum-safe cryptography, have placed Chief Information Security Officers (CISOs) at a critical crossroads.
With an estimated remediation timeline of seven years for most organisations, experts warn that critical systems are already at risk of future quantum attacks.
Quantum computing’s potential is often likened to a ‘Quantum Key’ capable of simultaneously testing every possible lock combination—effectively rendering today’s encryption obsolete.
If realised, such capabilities could expose every encrypted email, financial transaction, and state secret currently thought to be secure.
A 2024 report from the Global Risk Institute estimated a 5–14% chance that RSA-2048 encryption could be broken by 2029, rising to 19–34% by 2034. Those estimates, however, may already be outdated.
In early 2025, Chinese researchers unveiled breakthroughs in photonic quantum chips and a 72-qubit quantum processor named ‘Origin Wukong,’ capable of fine-tuning billion-parameter AI models. Earlier, in October 2024, Chinese scientists published a method for breaking RSA encryption.
With China reportedly investing $10–15 billion in quantum development—vastly outpacing the US, EU, and Microsoft’s combined commitments—there are growing fears that the West is losing the quantum arms race.
The geopolitical consequences of quantum dominance could be immediate and devastating. From unlocking encrypted communications to enabling undetectable weapons systems, a lead in quantum technology may deliver military and economic supremacy
The ‘harvest now, decrypt later’ strategy—where sensitive data is collected now to be decrypted when quantum computing is mature—presents an especially urgent concern for governments, banks, and healthcare providers.
Despite the looming threat, many organisations are underprepared. The long remediation period—estimated at over seven years for full transition—means that even proactive companies are not immune to future breaches.
The National Institute of Standards and Technology (NIST) has recommended the ML-KEM algorithm for post-quantum cryptography, with the HQC algorithm selected as a backup.
In contrast, China launched its own national cryptographic competition (NGCC) in early 2025, signalling distrust of foreign standards and intent to develop domestic alternatives.
To prepare for a post-quantum world, organisations should act now:
- Conduct discovery: Identify systems reliant on RSA or ECC encryption, and catalogue keys based on risk.
- Engage vendors: Ask suppliers about their post-quantum transition plans and expected compliance timelines.
- Build a team: Assemble a multidisciplinary group including cryptography specialists, project managers, architects, and change leaders to lead a 5–7 year remediation program.
The systems most vulnerable to quantum threats include public-key cryptography (RSA, ECC), SSL/TLS protocols, secure messaging platforms, and cryptocurrency infrastructure.
By contrast, legacy and non-networked systems without encryption are generally considered low risk.
While some may compare this to the Y2K scare, there’s a critical difference: Y2K had a known deadline. The quantum threat has no set arrival date.
As with a surprise exam, unpreparedness can be far more dangerous. Still, the transition will likely unfold gradually rather than overnight, giving early movers a significant advantage.
The message is clear: the time to begin migrating to quantum-resistant cryptography is now. The future of national security, economic stability, and digital privacy may well depend on who gets there first.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
