Capgemini Report: Quantum computing poses growing risk to current cybersecurity standards

A new report from the Capgemini Research Institute, titled "Future Encrypted: Why Post-Quantum Cryptography Tops the New Cybersecurity Agenda", warns that the rapid advancement of quantum computing threatens to make current encryption methods obsolete. The emergence of "harvest-now, decrypt-later" attacks, where encrypted data is stolen today with the intention of decrypting it once quantum capabilities mature, combined with stricter regulatory requirements and technological shifts, has elevated the urgency of adopting quantum-safe measures.

Despite growing awareness, many organisations continue to underestimate the risks posed by quantum computing, potentially increasing their exposure to future data breaches and compliance failures.

According to the report, approximately two-thirds (65%) of organisations express concern about the rising threat of harvest-now, decrypt-later attacks. Among early adopters of quantum-safe technologies, one in six expects so-called “Q-day”, the point at which quantum computers can break conventional encryption, to arrive within five years. Nearly 60% anticipate it within the next decade.

“Quantum readiness is not about pinpointing a specific date, it’s about mitigating an irreversible risk. Data encrypted today could be compromised in the future if protective measures are not implemented soon,” said Marco Pereira, Global Head of Cybersecurity, Cloud Infrastructure Services at Capgemini. “Early adoption supports business continuity, regulatory compliance, and sustained trust.”

While current quantum computers are not yet capable of breaking widely used encryption algorithms, high-risk sectors such as defence and banking are leading the implementation of quantum-safe solutions. By contrast, sectors such as consumer goods and retail show relatively lower levels of preparedness.

Preference for post-quantum cryptography (PQC)

The report finds that a majority of organisations (70%) are prioritising the adoption of post-quantum cryptographic (PQC) algorithms to counter emerging quantum threats. PQC is considered a robust approach to securing sensitive data against future quantum attacks.

Nearly half of early adopters are currently assessing the feasibility of, or actively piloting, PQC solutions. For 70% of organisations surveyed, evolving regulatory requirements are a key motivation behind the move toward quantum-safe practices.

However, around 30% of organisations remain unengaged with quantum-readiness efforts. These organisations cite challenges such as limited budgets and resource constraints as barriers to preparing for cryptographic transition.

Research methodology

The Capgemini Research Institute conducted a global survey of 1,000 organisations with annual revenues of at least USD 1 billion. The study covered 13 sectors and 13 countries across the Asia–Pacific, Europe, and North America regions, and was conducted between April and May 2025.

Approximately 70% of the respondents are classified as ‘early adopters’,defined as organisations already working on, or planning to implement, quantum-safe solutions within the next five years. The quantitative data was further supported by in-depth interviews with 16 industry executives.