According to Roger Grimes, cybersecurity expert at KnowBe4, it is important for organizations to realize that quantum computing not only offers opportunities but also brings risks. And waiting 'until it happens' is really a very bad idea.
"Quantum computing is expected to enable breakthroughs within ten years that classical computers simply cannot achieve. Think of hyper-personalized medicine, where treatments are fully tailored to the individual. This could lead to much faster and more effective results than we are used to today. That is, of course, great news," says Grimes.
"At the same time, we must also understand very well that this technology will have a huge impact on our existing technology and particularly on cybersecurity. In clear terms: if your organization does not have a post-quantum project today, you are really falling behind. The smartest experts in the world warn that 'Q-Day' - the moment when quantum computers can break existing cryptography - is approaching rapidly and may occur as early as 2030. That is theoretically still a few years away. However, it also takes years to be prepared for it."
The developments in quantum computing are already having an impact. Every organization will eventually need to analyze and adjust all its systems, software, and hardware to become 'post-quantum' safe. This makes it likely one of the largest and most complex IT projects a company will ever undertake. Yet most organizations still have no plan, no budget, and often not even an idea of where their critical data is located.
"There is currently too little attention for quantum computing. And that needs to change quickly," continues Grimes. "We really need to get to work on this topic. The problem is that companies underestimate the practical impact and the scope of the necessary preparations. They often have no insight into what data they have and what cryptography protects it." However, conducting a complete data protection inventory is a time-consuming and intensive process.
Grimes therefore advises organizations to start now. For example, by ensuring that the topic is discussed at the board level, leading to executive sponsorship and the initiation of a formal post-quantum program with budget and resources. An important step is mapping out what data exists, how it is protected, and what needs to be adjusted or replaced. Additionally, organizations need to critically examine their procurement policies. "Stop purchasing technology that will be difficult to upgrade later. Ask suppliers if their products are 'quantum proof' and when they are not, when they will be. Concepts like 'crypto agility' (the ability to easily adapt cryptography) will become essential," concludes Grimes.
The message on World Quantum Day 2026 is therefore both simple and urgent: Do not wait until Q-Day and until problems become concrete. Start now, because the impact of quantum computing for all organizations, worldwide, is coming closer than we think.
