Secure the post-quantum future

The advent of quantum computing will reshape how businesses secure their data and systems.

At the heart of this challenge is cryptography—the science of protecting information through encryption, which ensures that sensitive data remains confidential and unaltered during storage or transmission. Current encryption methods, while robust against today’s threats, could be broken by sufficiently powerful quantum computers. 

Governments are already acting. In 2024, the US National Institute of Standards and Technology (NIST) published three post-quantum cryptography (PQC) standards designed to withstand quantum-enabled attacks. These serve as global benchmarks for compliance and best practice. NIST is assessing additional algorithms for post-quantum data encryption. The UK’s National Cyber Security Centre advises high risk systems to migrate to PQC by 2030, with full adoption by 2035. Europe is aligning with NIST while pursuing national strategies, and many Asia Pacific countries are building their own PQC frameworks.

However, quantum computers capable of breaking today’s encryption may emerge five to six years before most organizations complete their transition.
 

Threat actors are already using “harvest now, decrypt later” tactics — stealing encrypted data today to unlock once quantum capabilities mature. 

 
Meanwhile, IBM Institute for Business Value (IBM IBV) research (2023) finds most leaders expect the shift to take more than a decade, hindered by the complexity of identifying vulnerabilities across thousands of custom applications. The pace of these efforts is tempered by the complexity of identifying vulnerabilities and dependencies across thousands of applications and services.
 

“For us, quantum computing first entered our strategic radar through the cybersecurity lens. Its ability to render today’s encryption obsolete has profound implications for national infrastructure.” 

Harrison Lung
Group Chief Strategy Officer, e&, UAE

The takeaway: the timeline to act is shorter than it seems, and preparing now is essential to safeguard the digital backbone of every organization. 

When quantum computers achieve sufficient scale and stability, they will render many current encryption methods obsolete—and cryptography touches every corner of our digital world (see figure). This disconnect underscores the urgency of developing quantum‑safe solutions. While challenging, this transition is achievable through early preparation and industry collaboration. 
 

Why quantum safe impacts your organization

 
To assess quantum-safe preparedness, the IBM Institute for Business Value, in collaboration with Phronesis Partners, surveyed 750 executives across 27 countries and 14 industries. These executives lead business, operations, security, or technology functions within their organizations, and all organizations surveyed generate at least $250 million in annual revenue.

Our research indicates some leaders are charting a path forward. By examining leadership priorities and practices, we developed the Quantum-Safe Readiness Index, which identifies the top 10% of quantum‑safe adopters —Quantum‑Safe Champions (QSCs) — and how they navigate this complex transition. This report also uncovers critical gaps between intention and execution and outline steps to secure a post‑quantum future.  Download the report to learn more.

The Quantum-Safe Readiness Index

 
The IBM Quantum-Safe Readiness Index (QSRI) assesses the global state of readiness for security in the quantum era, as measured by the readiness of individual organizations. The QSRI is intended to help leaders and stakeholders understand how their organizations are progressing in their quantum-safe initiatives.

The QSRI evaluates 14 activities, or indicators, across three key areas: quantum-safe discovery, observability, and transformation (see figure). Scores provide an indication of the organization’s relative progress in their journey to becoming a quantum-safe organization. These 14 indicators are grouped into the below three categories and weighted based on IBM’s subject-matter expertise and experience with clients. Scores are calculated based upon a 100-point index, with 100 representing the maximum possible score. The QSRI, first defined in 2023, is intended to assess (and re-assess) the quantum-safe readiness of an organization, industry, or region over time.

In 2025, the average quantum-safe readiness score is 25 on a 100-point scale—up 4 percentage points from the average score of 21 in 2023. This score represents a global average, reflecting organizations across industries and regions. We have designated organizations with the highest QSRI scores—the top 10%—as Quantum-Safe Champions (QSCs). QSCs scored 35 or above, with 50 being the highest score attained by any organization, up from 44 in 2023 (see figure).
 

 
Given quantum safety is only now gaining greater visibility—with many organizations still in the planning stages—the quantum-safe readiness score is most influenced by early-stage activities such as an organization’s discovery capabilities.

The 2025 QSRI shows gradual overall progress toward quantum resilience, with early phases—Discovery and Observability—advancing more quickly as organizations improve their ability to identify and monitor cryptographic risks. The Transformation phase is also improving but remains at low absolute scores, indicating strong early‑stage momentum. Sustained focus and investment will be essential to convert preparedness into true quantum‑safe capability.