Intelligence

The Expert View: Quantum Readiness Before It's Too Late

Samuel Modupe, CISO explains harvest-now-decrypt-later and what quantum readiness actually looks like in practice.
Noha Moussaddak
Cybersecurity enthusiast and writer

When most executives hear the words quantum computing, they tend to file it away alongside flying cars and nuclear fusion: fascinating, potentially revolutionary, but still years away from affecting everyday business.

That assumption may prove to be the biggest risk of all.

The challenge with quantum technology isn't knowing the exact day it arrives. It's recognising that by the time it becomes impossible to ignore, it may already be too late to prepare.

To understand what organisations should be doing today, we spoke with Samuel Modupe, cybersecurity expert and Chief Information Security Officer at VFD Group, about what the quantum era means for business leaders, security teams, and anyone responsible for safeguarding sensitive information.

Understanding the Real Quantum Threat

At the heart of modern cybersecurity lies the simple promise of trust.

Every secure website, banking transaction, VPN connection, and digital certificate depends on encryption to keep information private. Much of that protection relies on cryptographic systems designed under one critical assumption: that computers would never become powerful enough to break them within a reasonable timeframe.

Quantum computing changes that equation.

"The biggest concern is not quantum computing itself," Samuel explains. "It is its ability to break the cryptographic foundations that protect today's digital systems."

Particularly vulnerable are widely used public-key encryption systems such as RSA, which underpin everything from HTTPS connections to corporate identity management systems and blockchain infrastructure. If those protections fail, so does the trust model that powers the modern internet.

What Exactly Is Q-Day?

Security experts use the term Q-Day to describe the moment when quantum computers become capable of breaking today's public-key cryptography at scale.

No one knows precisely when that day will arrive, but experts increasingly agree it is no longer a distant theoretical concern. Research from the Global Risk Institute found that many leading quantum specialists believe there is a meaningful probability that current encryption standards could be compromised within the next two decades. Technology companies and governments are already acting on that assumption. Google, for example, has publicly outlined plans aimed at preparing systems for a post-quantum future before the end of this decade.

Whether Q-Day arrives in 2029, 2035, or 2040 is almost beside the point, because the preparation required will take years.

The Mistake Businesses Keep Making

One of the most common misconceptions is treating quantum computing as though it is a future problem. History suggests otherwise.

Samuel says that artificial intelligence offers a useful comparison. Just a few years ago, advanced AI systems were accessible only to a handful of researchers and well-funded organisations. Today, sophisticated models are available to virtually anyone with an internet connection.

Quantum technology is likely to follow a similar path. The early versions may be expensive, specialised, and limited. But commercialisation tends to move faster than expected. As competition increases, costs fall, access expands, and capabilities become widely available.

The organisations that wait for quantum technology to become mainstream before acting may discover they are already behind.

The Quantum Threat Has Already Begun

Perhaps the most overlooked aspect of the quantum conversation is that attackers don't need a powerful quantum computer today for quantum risk to exist.

Many security agencies now warn about a strategy known as "harvest now, decrypt later." The concept is straightforward: attackers intercept and store encrypted information today with the expectation that future quantum systems will eventually allow them to unlock it.

For organisations handling information that remains valuable for years, or even decades, this creates an immediate concern. Military intelligence, government and corporate data, financial records, intellectual property, healthcare data, legal communications — the list goes on.

A piece of information stolen today could still be worth exploiting ten, twenty, or even fifty years from now. That's what makes quantum risk different from many other cybersecurity threats. The damage may occur long after the initial breach.

Why Business Leaders Should Care

Quantum risk isn't simply a technology problem. It's a business problem.

Take a pharmaceutical company developing a breakthrough drug. If confidential research data is intercepted today and decrypted years later, competitors could gain access to intellectual property before patents are fully secured.

This same principle applies across sectors. Banks safeguard long-term financial records. Law firms protect privileged communications. Healthcare providers manage sensitive patient information. Infrastructure operators maintain critical system designs.

For organisations built on trust and confidentiality, the consequences extend far beyond technical disruption. They include regulatory exposure, reputational damage, financial loss, and competitive disadvantage.

The question is no longer whether quantum computing matters, but whether your data will still be valuable when it arrives.

Building Quantum Readiness: Know What Needs Protection

Preparing for the quantum era does not require a complete technology overhaul tomorrow. Instead, such preparations must start with visibility.

The first step is understanding where quantum-vulnerable encryption exists within your organisation. Where are public-key systems being used? Which data assets require protection for ten years or more? Which communications would create significant business risk if exposed in the future? Without that inventory, meaningful planning becomes impossible.

Prioritise the High-Impact Changes

A common concern is cost, and fortunately organisations do not need to replace every security system overnight.

One of the most effective starting points is securing the exchange of cryptographic keys: the mechanism that establishes trusted connections between systems. New post-quantum cryptographic standards are already available, many of them developed and standardised through the U.S. National Institute of Standards and Technology (NIST). Organisations can begin adopting hybrid approaches that combine traditional encryption with quantum-resistant alternatives while maintaining operational continuity.

Prepare for a New Compliance Landscape

Regulation is already moving. Governments, standards bodies, and industry regulators are increasingly introducing frameworks that encourage or require quantum-resistant security measures.

The organisations that begin preparing now are likely to find future compliance transitions far smoother than those waiting until mandates arrive. More importantly, preparation sends a message to customers and stakeholders: their information is being protected not just for today, but for the future.

A New Role for Cyber Threat Intelligence

Traditional cybersecurity teams are trained to look for indicators of compromise and signs of active attacks. Quantum threats operate differently. There are no obvious alerts to monitor and no immediate intrusion patterns to detect.

Instead, Cyber Threat Intelligence teams must shift their focus toward strategic forecasting: understanding who is investing in quantum capabilities, identifying sectors most likely to be targeted, monitoring large-scale data collection campaigns, and helping leadership understand long-term risk.

In the quantum era, intelligence becomes less about detecting attacks and more about anticipating them.

The Bottom Line

Quantum computing will not arrive with a dramatic announcement or a flashing warning light. Its impact will emerge gradually, rewarding organisations that prepared early and exposing those that assumed they had more time.

The most important lesson is simple: quantum readiness is not about predicting the future. It's about protecting it.

The organisations asking the right questions today will be the ones best positioned to navigate tomorrow's quantum reality.


Defendis helps security teams monitor exposed credentials, compromised assets, and threat actor activity across the dark web and open sources.
to see how continuous threat intelligence can support your organisation's security posture.

About the author
Noha Moussaddak is a cybersecurity enthusiast and writer who turns complex security topics into simple, human-friendly insights. She shares clear, practical perspectives to help people and organizations stay safer online and make cybersecurity accessible for everyone.

Related Articles

Discover simplified
Cyber Risk Management
Request access and learn how we can help you prevent cyberattacks proactively.