Quantum computers may break current encryption within 10–15 years, putting sensitive data in finance, defense, and digital systems at risk. Europol’s Quantum Safe Financial Forum and CERT-In warn of “harvest now, decrypt later” attacks, where data is stolen now to decrypt later using quantum tools. India’s Aadhaar, online banking, and crypto systems are particularly vulnerable. Experts urge early adoption of quantum-safe encryption and strong cybersecurity practices to stay protected.
Image Source: Freepik
Quantum computing, long anticipated for its power to solve problems beyond the reach of classical computers, is now emerging as a serious cybersecurity threat. With the potential to crack widely used encryption protocols, this technology poses an imminent risk to critical sectors such as finance, defense, telecommunications, and digital infrastructure.
Current cryptographic methods like RSA and ECC underpin secure online communications, authentication processes, and financial transactions. However, quantum algorithms can solve these underlying mathematical problems exponentially faster, rendering existing encryption ineffective once large-scale quantum systems mature.
In a stark warning earlier this year, the Quantum Safe Financial Forum—under Europol—advised Europe’s financial sector to prepare for this shift. “For the financial industry, the advent of quantum computers poses a risk to customer confidentiality and peer communications, authentication processes, and trust in digital signatures,” the forum stated. They estimate that quantum computers capable of breaking certain encryption standards could arrive within 10–15 years, though this timeline could accelerate.
Adding urgency is the rise of the “harvest now, decrypt later” tactic. Cybercriminals and state-backed actors are believed to be collecting encrypted data today in anticipation of decrypting it once quantum capabilities are achieved. This could turn secure data like financial records, personal identities, or intellectual property into future vulnerabilities.
This concern is echoed by the Indian Computer Emergency Response Team (CERT-In) and cybersecurity firm SISA. In a recent white paper, they warn that encryption protecting services such as Aadhaar, online banking, cryptocurrencies, and personal devices could be rendered obsolete. “Attackers may already be stockpiling encrypted data to unlock later using quantum tools, a tactic called ‘harvest now, decrypt later’.” If not addressed, this approach could compromise massive amounts of sensitive data.
“AI is adding to the urgency. As it becomes more embedded in digital systems, it also increases access to user data, raising the stakes if encryption is compromised,” the paper adds. India’s major digital systems, including Aadhaar and IoT infrastructure, are considered particularly at risk.
CERT-In recommends everyday users mitigate exposure by regularly updating devices, using strong passwords with multi-factor authentication, and avoiding long-term online storage of sensitive data. Privacy-focused platforms like Signal and ProtonMail are also advised.
Globally, regulators and industry players are beginning to respond. A new report by the Capgemini Research Institute, which surveyed 1,000 organizations across 13 sectors and countries, found that around 70% of respondents are considered “early adopters,” either working on or planning to implement quantum-safe solutions within five years.
Two-thirds (65%) of these firms expressed concern about “harvest now, decrypt later” threats, while one in six early adopters believe “Q-day”—the moment when quantum computers can break encryption—will arrive within five years. About 60% expect it to happen within a decade.
“Transitioning early ensures business continuity, regulatory alignment, and long-term trust,” said Marco Pereira, Global Head of Cybersecurity at Capgemini. “Quantum safety is not a discretionary spend but a strategic investment, which can turn a looming risk into a competitive advantage.”
The report notes that 70% of surveyed organizations have already begun implementing post-quantum cryptographic algorithms to future-proof their systems.
In the U.S., the federal government has mandated agencies to become “quantum resistant” by 2035. Leading cryptographic standards like CRYSTALS-Kyber and Dilithium are being developed and adopted. Britain’s National Cyber Security Centre (NCSC), part of GCHQ, has also urged businesses to act swiftly. The NCSC noted that the threat to cryptography from future large-scale, fault-tolerant quantum computers was now well understood, and warned that many entities were not taking the risk seriously enough.
The Quantum Safe Financial Forum, which includes central banks, insurers, and major financial institutions like Mastercard, Allianz, and Barclays, maintains that no new laws are needed. Current EU regulations already require data protection—what’s needed now is a shift in how organizations meet those requirements.
To prepare, businesses must begin by mapping where and how encryption is used, assessing data lifespans, and planning transitions to quantum-safe systems. Hybrid encryption solutions that blend classical and quantum-resistant techniques may offer a practical interim step.
As quantum computing rapidly evolves, the collective global response—spanning governments, corporations, and cybersecurity agencies—reflects a growing consensus: this is no longer a distant risk. Proactive transition toward post-quantum security is the only way to ensure long-term data resilience in the face of what may be the most transformative technological shift in decades.
You must be logged in to post a comment.
Stay ahead in the dynamic world of trade and commerce with India Business & Trade's weekly newsletter.