SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Flux result 8108b1b2 c0ca 4e51 9f77 22868d4106aa
#
Firewalls
#
Data Protection
#
Ransomware

Cyber security chiefs split on quantum threat urgency

Wed, 15th Apr 2026
Author image
By Shannon Williams, News Editor

Cyber security leaders are issuing diverging warnings on quantum threats.

The comments come as the technology sector marks World Quantum Day and debates how quickly organisations should respond.

Executives from consulting and security firms have set out contrasting views on the urgency of preparing for quantum attacks on encryption, as companies reassess long-term data protection risks.

Some argue that quantum computers already influence commercial systems and security planning. Others say organisations should focus first on more immediate threats, such as AI-driven malware, before committing significant resources to quantum migration.

The debate comes as governments, standards bodies and major technology providers push ahead with post-quantum cryptography. Many enterprises still lack a clear inventory of the encryption used across their infrastructure.

Robin Macfarlane, president and chief executive officer at mainframe consultancy RRMac Associates, argued that most businesses underestimate how far quantum computing already shapes business technology.

"I see a lot of conversation around when quantum computing can be expected to impact different industries, and what will that first impact look like. The truth of the matter, and maybe what most people don't realize, is that quantum computing is already here and is affecting every industry! Companies like IBM, Microsoft, JP Morgan, Google, and Honeywell (just to name a few) are already using quantum computing for risk & data analysis, optimizing investment strategies, assisting AI and machine learning, and expanding industrial applications. That's one of the reasons IBM stated they designed their new z16 mainframe with quantum safeguards, and to support emerging post-quantum cryptographic standards. Because I view things from a mainframe perspective, my first thoughts surrounding 'shiny new technology' always go to security & data privacy concerns. With the rapid, unchecked, and unregulated advancement of quantum computing, we are almost beyond the day when traditional encryption methods are vulnerable. As quantum computing continues to evolve and become more commonplace, it will be crucial to protect individuals and organizations from increasingly sophisticated threats. My advice to organizations looking to adapt to this new way of computing life is to be as proactive as possible, as soon as possible. Invest in training your IT and security teams on quantum risks and management, conduct an internal audit on vulnerabilities surrounding your encryption methods, and be prepared to quickly implement new security protocols and frameworks that can adapt to new and ever-changing threats as they emerge. To quote William Gibson, "The future is already here...""

Macfarlane presents quantum as both a current business tool and an emerging security risk. The comments point to uses in financial services, artificial intelligence and industrial workloads, as well as IBM's efforts to build quantum-resilient features into its z16 mainframe range.

The view reflects concerns in parts of the mainframe and critical infrastructure community. Organisations in sectors with long data-retention periods, such as banking and government, face so-called "harvest now, decrypt later" risks, in which attackers steal encrypted data now in the expectation of decrypting it later with quantum systems.

For these operators, migration to post-quantum cryptography is moving from theory into planning and early implementation. Many chief information security officers are auditing cryptographic use and identifying which systems need early upgrades.

Jon Abbott, chief executive officer and co-founder of London-based security firm ThreatAware, takes a different view of where quantum preparation should sit on today's cyber risk agenda.

"Until we have a fully production-ready quantum computer, we cannot truly understand its capabilities and limitations, and therefore we cannot be certain whether the encryption methods we are developing today are genuinely quantum-proof. That said, NIST published its post-quantum cryptography standards in 2024, which is a meaningful stake in the ground and worth being aware of. If you don't already have an inventory of all the encryption in use across your estate, that is a good place to start, though building a complete picture across every device and application is a significant undertaking. A more pragmatic approach is to prioritise your external-facing equipment and your most sensitive internal data sources first. For each, understand which encryption standard is in use and whether it needs to be upgraded to align with the new post-quantum standards. And apply common sense to remediation: if a device is due for replacement in two years, leave it. Focus your effort where it will have the longest shelf life. My strong view is that we have far more immediate and pressing threats to focus on, such as the speed at which AI-powered malware can swarm a network once inside. Get all of your other defences right first, and only then would I consider quantum a priority."

Abbott points to the publication of the first post-quantum cryptography standards by the US National Institute of Standards and Technology in 2024. He argues that they give organisations a reference point, but not a reason to neglect basic defensive hygiene.

Security teams now face practical questions about sequencing. Many run large, mixed estates of legacy hardware, cloud workloads and third-party applications that rely on different cryptographic libraries and protocols.

Abbott advocates triage over exhaustive, low-value exercises. His focus on external-facing systems and critical data sources reflects a broader preference among chief information security officers for staged adoption rather than wholesale change.

Macfarlane takes a more urgent stance, especially from a mainframe perspective, where systems often support core payment, trading and public-sector functions for decades. She describes "rapid, unchecked, and unregulated advancement" in quantum computing and warns that traditional encryption is nearing obsolescence for some threat models.

The contrast highlights an emerging split in the market. One group prioritises early adoption of quantum-safe cryptography, especially in high-value or long-life environments. Another focuses on near-term attack vectors such as ransomware and AI-enhanced intrusion, while treating quantum migration as a secondary concern.

Both perspectives converge on one point: organisations that delay gaining visibility into their encryption landscape risk falling behind once regulatory or commercial pressures force faster adoption of post-quantum standards.

"My strong view is that we have far more immediate and pressing threats to focus on, such as the speed at which AI-powered malware can swarm a network once inside. Get all of your other defences right first, and only then would I consider quantum a priority."
Related stories
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Cyber insurance now common among North American SMBs
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
Autonomize launches healthcare AI platform version 3
CERN joins OpenSearch foundation as associate member