Cylindrical quantum computer with multiple gold cooling stages inside a laboratory enclosure
Quantum Computing: Impact on IT Security

Quantum computing promises to deliver breakthroughs in medicine, materials research, and logistics. However, this new computing power threatens the very foundation of today's digital security. Learn how to rethink cybersecurity at it-sa 365.

Qubits instead of bitsFAQTechnical terms

Post-quantum security: Your guide to the cryptographic turning point

How secure will your business be when quantum computers become a reality? From long-term data protection to IT infrastructure: If you want to protect your data, you need to test your encryption now. This page provides an overview of the threat posed by quantum computers and offers practical advice on how to future-proof your IT strategy.

 

In this article

Why you should act now
Quantum computers
An overview of computer generations
Post-quantum security
Related talks and recordings
Quick check
FAQ

The next technological leap: Why you should act now

Quantum technology is not just an evolution of classical computers; it's a revolution in physics. What would have taken decades of computing time is now within reach. However, as computing power grows, so does the responsibility for securing your data.

 

Quantum computing: The state of the art in 2026

  • Investments: Billions are being poured into developing stable quantum systems worldwide to achieve industrial breakthroughs in chemistry, logistics, and medicine. In the EU alone, funding programs such as Quantum Flagship are securing technological sovereignty.
  • Relevance: The question is no longer if, but when cryptographically relevant hardware will be available. Experts estimate a 15% probability of a breakthrough by 2031— an extremely short timeframe for IT migrations.
  • Status: By 2026, quantum computing will have moved from research laboratories to strategic IT security planning. What was once theoretical is now the subject of audits and compliance reviews.

 

Regulatory requirements

To prevent the technological revolution from becoming a security risk, European and national authorities have established guidelines. These deadlines are not mere recommendations. Experience shows that migrating complex IT infrastructures takes many years, so 2026 should be the starting point for operational implementation.

BSI: The end of traditional methods

The BSI has officially signaled the end of RSA and ECC for sensitive data. These must be replaced by PQC by the end of 2030. Anyone who does not begin the inventory process by 2026 will not be able to meet this deadline from a technical standpoint.

Source

EU roadmap: National migration plans

According to EU recommendation 2024/1193, all member states must submit national PQC roadmaps by december 31, 2026. Auditors will begin verifying compliance with these plans starting in 2027.

Source

Sector focus: high-risk applications

Based on recommendations from ENISA and the european commission, the goal is to complete the migration for critical sectors such as finance, energy, and government by 2030.

Source

Qubits instead of bits: How quantum computers work differently

Classical computers operate using bits (0 or 1). Quantum computers use qubits. This is the key difference because quantum computers solve certain problems in a fundamentally different way, and they are much faster. The following factors are crucial to this:

Superposition

A qubit can be 0, 1, or both at the same time, meaning it can exist in multiple states simultaneously.

Quantum parallelism

Thanks to the entanglement of qubits, quantum computers can evaluate millions of possible solutions simultaneously, rather than processing them one after another.

Exponential performance

For specific mathematical problems, computing power does not grow linearly, but rather increases exponentially.

A direct comparison: An overview of computer generations

Retro computer with monitor, keyboard, and mouse, surrounded by digital icons and connections

Classic computer

Logic: Binary (bits: 0 or 1). Operation: Sequential, i.e., step by step. Capabilities: Everyday tasks: Office, web, streaming, simple logic. Limitations: Fails due to exponential complexity. Comparison: Like a reader reading a book line by line.

Several server racks in a network, connected by glowing data cables

Supercomputer (HPC)

Logic: Binary (billions of bits). Operation: Parallel; many processors share a single task. Strength: Huge amounts of data, such as weather models and crash tests. Limitation: Requires enormous amounts of energy and time for complex calculations. Comparison: Thousands of readers, each reading one page of a book.

Futuristic quantum or computing unit with floating elements and data visualizations

Quantum computers

Logic: Quantum mechanical (qubits). How they work: Simultaneous; uses superposition to test all possibilities at once. Strengths: Complex structures: molecules, cryptography, optimization. Limitations: Requires extreme cooling; specialized for specific algorithms. Comparison: A reader who takes in every page of the book at the same moment.

Why Quantum computing is changing cybersecurity

The entire digital world—from online banking and cloud logins to government communications—is based on asymmetric cryptography, such as RSA and ECC. These methods are considered secure today because it would take an enormous amount of time for a classical computer to solve the underlying mathematical problems, such as prime factorization.

The Breakdown of Trust: Quantum computers use specialized algorithms, such as Shor's algorithm, that can theoretically reverse these mathematical "one-way functions" in a matter of minutes. As soon as a sufficiently powerful computer exists, the foundation of public-key infrastructure (PKI) will collapse. This puts key security mechanisms under pressure:

  • Data encryption
  • Digital signatures
  • and authentication systems.

The consequence? Public-key cryptography, which secures the web and banking, requires a new mathematical safeguard.

 

The underestimated threat: Harvest now, decrypt later

One of the greatest dangers is not an immediate attack, but rather a gradual one. Attackers follow the strategy of "harvest now, decrypt later" (HNDL):

  • Harvest: Encrypted data streams are currently being intercepted and stored on a massive scale.
  • Decrypt: As soon as quantum hardware is ready, this data will be decrypted retroactively.

This is particularly critical for information with a long retention period.

gavel
Intellectual property
Patents and research data that remain relevant for decades.
security
State secrets
Communication that must be preserved for generations to come.
health_and_safety
Health data
Highly sensitive patient records that remain confidential for a lifetime.

The answer is post-quantum security

However, companies are not defenseless against the quantum threat. Post-quantum security, also known as post-quantum cryptography (PQC), is the solution. PQC is a new generation of cryptography that relies on mathematical problems too difficult for even quantum computers to solve.

functions
New mathematical shields
Unlike quantum computing, which is based on prime factorization, PQC is based on complex structures, such as lattice-based cryptography. These "mathematical labyrinths" are so high-dimensional that quantum computers cannot exploit any algorithmic shortcuts.
public
Global standardization
The National Institute of Standards and Technology (NIST) introduced the official framework for this new security model with the release of the FIPS 203, 204, and 205 standards. These standards will be implemented worldwide beginning in 2025/26.
merge_type
The hybrid approach
During the transition phase, companies are turning to hybrid cryptography. This approach combines traditional methods (to meet current compliance requirements) with PQC methods (to ensure quantum resilience).

Roadmap: What companies can do now

The transition to quantum-secure cryptography is not a short-term project, but rather a long-term transformation process. The following four steps lay the groundwork for migration:

inventory_2
Quantum inventory
Identify where asymmetric cryptography (RSA/ECC) is used in your infrastructure, from website encryption to VPN tunnels and digital signatures.
analytics
Risk analysis & prioritization
Classify your data based on its protection period. Any information that must remain confidential beyond 2030 (e.g., patents or long-term archiving) should be migrated to PQC first.
support_agent
Manufacturer dialogue
Review the PQC roadmaps of your software and cloud providers. Require "quantum readiness" for all upcoming IT procurements.
sync_alt
Crypto agility
Design your IT architecture in a way that allows you to replace cryptographic algorithms on a modular basis in the future without rebuilding the entire application.

The quick check: Is your company ready for the post-quantum era?

Answer these three questions to find out what steps you need to take to prepare for the new technology:

  1. Long-Term Confidentiality: Do you process data that must remain confidential beyond 2030, such as patents, 10-year contracts, or digital patient records?
  2. Critical infrastructure/KRITIS: Does your company operate in a high-risk sector, such as finance, energy, telecommunications, or healthcare?
  3. Lifecycle Management: Do you have systems or hardware in use with a planned lifespan extending beyond 2030?
     

Evaluation:

  • 3x Yes: This indicate the highest priority. You must submit a migration plan by the end of 2026, in accordance with the EU roadmap.
  • 1-2x Yes: Strategic action is required. A gradual transition to "hybrid modes" is strongly recommended to avoid the "Harvest Now, Decrypt Later" risk.
  • 0x Yes: Watch list. Ensure that new purchases are "PQC-ready" to avoid future technical debt.

See the white paper: ENISA – Post-Quantum Cryptography: Current State and Quantum Mitigation.
 

The transformation has already begun

Quantum computing is no longer a distant vision. It is an emerging security reality that is redefining the foundation of our digital trust. Those who set the course today are not only protecting their data from future decryption attacks, but also securing a decisive competitive advantage through digital sovereignty.

 

Further ressources

it-sa Expo&Congress 2025: Security in motion – from networked supply chains to quantum-secure algorithms
Post-Quantum Cryptography: Why Companies Must Act Now
Quantum Technologies and Quantum-Secure Cryptography (link in German)

 

Computer keyboard featuring a highlighted red key labeled “Community”

Planning for Post-Quantum Security in the it-sa 365 Community

In order to best prepare for the benefits and risks of quantum technology, it is essential to have knowledge, collaboration, and strong networks. Connect with IT security experts, share experiences, and stay informed about the latest developments in the it-sa 365 Community.

As a member, you’ll benefit from:

  • Exchanges with peers and industry experts
  • Exclusive technical content and insights
  • Personalized topic feeds on relevant security trends
  • Direct access to solution providers
     

Join the community and prepare for the era of quantum technology!

Sign up for free now!

The most important questions and answers about quantum computing

Quantum computing is a revolutionary form of information processing based on the laws of quantum mechanics. While conventional computers use bits that function like a series of switches that are either on or off, quantum computers use qubits. Due to a phenomenon known as superposition, qubits can exist in multiple states simultaneously. This enables them to perform highly complex calculations in a matter of minutes.

A classical computer operates like a librarian checking each book to find a piece of information. In contrast, a quantum computer uses the laws of quantum physics, such as superposition, to effectively open all the books in the library simultaneously. Consequently, it can solve highly complex calculations faster and in a completely new way.

The main risk is the "harvest now, decrypt later" scenario. Attackers steal encrypted data today with the intention of cracking it in a few years using quantum computers. Since IT lifecycles and data retention periods often exceed 10 years (e.g., for patents or medical records), this risk is already a reality.

Post-quantum security, also known as post-quantum cryptography, refers to new encryption methods designed to be unbreakable by both classical and future quantum computers. PQC algorithms run on standard hardware, such as servers, laptops, and smartphones. They replace vulnerable mathematical methods, such as RSA or ECC, with new, highly complex mathematical structures, like lattice-based cryptography.

No, classical computers still cannot break RSA. However, as soon as a "cryptographically relevant quantum computer" (CRQC) exists, this protection could collapse in seconds. According to the BSI and NIST, the transition to post-quantum methods will take 10 to 15 years, so companies need to start planning now.

Costs vary depending on the complexity of the IT infrastructure. However, organizations that establish "crypto-agility" (see glossary) as the standard for new acquisitions can minimize costs by ensuring a smooth transition. Costs tend to rise significantly when a migration must be carried out under time pressure.

Yes, in August 2024, the U.S. National Institute of Standards and Technology (NIST) published the world's first post-quantum cryptography standards: FIPS 203, 204, and 205. These standards lay the groundwork for modern post-quantum solutions and are also endorsed by European authorities, including the BSI.

A brief explanation of the most important technical terms in quantum computing

Unlike a bit, which can be either 0 or 1, a qubit can exist in both states simultaneously thanks to superposition. This enables quantum computers to calculate an enormous number of possible solutions simultaneously.

The Shor algorithm is a mathematical method developed specifically for quantum computers. It poses a threat to current encryption methods because it can quickly factor large numbers into their prime factors.

Lattice-based cryptography is at the heart of most post-quantum cryptography (PQC) schemes (e.g., ML-KEM / Kyber). In this approach, data is hidden within a high-dimensional geometric lattice. Even quantum computers cannot find an efficient path to the goal within this mathematical "maze."

Crypto-agility is the ability of an IT system to quickly replace encryption algorithms without requiring major changes to the source code. In a post-quantum world, this is a survival strategy that enables systems to respond flexibly to new threats.

Hybrid mode is a security method that combines traditional encryption, such as RSA/ECC, with new PQC methods. It provides dual protection, offering security against current hackers and resilience against future quantum attacks.