ÎÚÑ»´«Ã½

As highlighted in our Top Tech Trends of 2025 report, cybersecurity remains a critical focus with new defenses and emerging threats reshaping the landscape.

One of the most pressing concerns is the quantum cyber threat, which demands immediate attention and action

While less visible than artificial intelligence, quantum computing is advancing just as rapidly. In early 2025, Microsoft and Amazon both unveiled quantum processors with self-correcting capabilities, marking a decisive step towards stable, industrial-grade machines. The horizon for quantum computing is becoming clearer and closer, bringing with it the reality of threats that we must now seriously prepare for.

Cryptography in Danger

One of the strengths of quantum computing is its ability to perform massive calculations in parallel, significantly reducing the time required. This could enable, for example, the creation of highly targeted deepfakes from minimal data, which could be a formidable weapon in the wrong hands. However, the most significant threat concerns cryptography. While the security of commonly used asymmetric encryption algorithms today relies on the fact that it would take classical computers thousands of years to break them, a quantum machine could do it in just a few hours. This means all our data, communications, and authentication systems would become immediately vulnerable. In the post-quantum world, no identity, communication, or transaction can be guaranteed if it remains encrypted as it is today.

This risk is not a fantasy. The algorithms that underpin it have been ready for a long time, and their performance has been mathematically demonstrated. What is missing today are sufficiently stable and industrialized quantum machines. Recent announcements show that they will arrive not in ten, fifteen, or twenty years, but much sooner. And once available, they will be accessible to everyone via the cloud, as current quantum processors, despite their limitations, already are. Hackers are ready, the entry cost will be low, and as soon as the platforms are available, the risk will materialize massively and immediately.

An Already Present Risk

The threat is therefore major and imminent. It is even already present, as malicious actors can store encrypted data they collect today to decrypt it when they have the capability. In five years, most long-term strategic information, financial assets, health data, industrial, diplomatic, or military secrets will still be of great value. The issue is similar in all sectors whose products have a long lifespan and incorporate digital technology: defense, aerospace, transportation, energy, health… This strategy, known as “harvest now, decrypt later,” is a proven reality, with many states acknowledging that they practice it in long-term judicial investigations.

At some level, all organizations will be affected, from SMEs to multinationals, from local authorities to government ministries. In France more than elsewhere, very few have yet realized this, and even fewer have started to implement appropriate measures.

Overhauling Trust Systems

We can, and must, prepare now for this major cryptographic challenge, which will require nothing less than a complete overhaul of all trust systems: directories, APIs, certificates, storage, networks, application development… It will be a considerable project with major operational impacts that cannot be improvised in an emergency. It is necessary to start by scrutinizing the IT system to identify and assess risks, then prioritize interventions, allocate budgets, implement, test, and deploy solutions, manage change, coordinate with partners and suppliers… And it will be impossible to compress all this into a few weeks or months when the threat materializes.

Fortunately, technological countermeasures are being put in place. After a long competition, the NIST (National Institute of Standards and Technology) has approved encryption algorithms (five to date) capable of resisting quantum computers. Or rather, they are resistant based on current knowledge, which means that a certain cryptographic agility will be necessary in case they too are eventually broken. In France, several startups and large companies offer solutions in this area. It is also possible to implement hybrid encryption solutions to protect data against both today’s classical threats and tomorrow’s quantum threats. Finally, another area of study, still experimental, concerns the physical security of communications with QKD (Quantum Key Distribution), which provides absolute certainty that exchanges have not been intercepted.

For once, action must be taken without waiting for explicit regulatory pressure. While ANSSI has been warning about the quantum risk since 2022, these warnings are not yet accompanied by any obligations, not even for OIVs. However, texts like NIS 2, DORA, or GDPR hold leaders accountable without specifying the technical nature of the threats. In other words, an organization subject to such regulations will have no excuse if its data is stolen and decrypted by a quantum computer. In the face of the quantum threat, denial, skepticism, or inaction are no longer acceptable, especially in the current security and geopolitical context.

Click here to know more about our Quantum Lab.