Even before the era of quantum computing has begun, real risks are already emerging. Those who want to protect their data in the long term must act now. A clear understanding of the risks and a well-developed policy plan are essential for this, according to ISACA.
From cross-border payments and shared health data across cloud platforms to digital government services: digital trust is an essential component of the European economy.
However, the development of quantum computers promises to become a double-edged sword. Quantum computers can boost discoveries, optimizations, and AI, but also put pressure on the cryptography that today keeps our data private and protects critical services. That pressure is already being felt even before the first real quantum computer has seen the light of day.
Risk Already Present
“Quantum computers will eventually break today’s encryption standards,” warns Chris Dimitriadis, Chief Global Strategy Officer at ISACA. “Criminals are already collecting data, with the intention of decrypting it in the future. Companies cannot afford to wait.”
Quantum computers will eventually break today’s encryption standards.
Chris Dimitriadis, Chief Global Strategy Officer ISACA
New research from ISACA shows this reality crystal clear: about two-thirds of professionals expect more cyber risk due to quantum, but only a fraction has a developed strategy ready today. Only about one in twenty organizations says it has a clear plan.
Limited Readiness
The threat is real, but readiness is lagging behind. According to ISACA’s survey, 56 percent of professionals have not yet taken any steps. “That is a serious concern for Europe, which with the Digital Decade agenda puts trust and resilience at the center of digital transformation,” notes Dimitriadis.
He is clear about what must happen now: “Don’t wait. Map where encrypted data is located and which is most sensitive, use quantum-resistant algorithms for new data and systems where possible, and create a concrete re-encryption plan before quantum breaks through at scale.”
The quantum story is not science fiction, but European reality. The EU is pumping one billion euros into the Quantum Technologies Flagship, Germany has been investing two billion euros since 2020, the Netherlands is allocating 615 million euros for Quantum Delta NL, and Belgium and Luxembourg have activated a cross-border QKD link. Laboratory experiments are becoming pilots, and security challenges are shifting along.
Not a Patch but a Project
Becoming ‘quantum-ready’ is not just a technology exercise. Policy also plays an important role. Organizations need insight into where cryptography sits under the hood everywhere: in products, services, and cross-border integrations.
On top of that comes what ISACA calls ‘crypto-agility’: the flexibility to upgrade algorithms and keys without rewriting the entire application landscape. Such capabilities touch on architecture, software development, identity, archives, contracts, and third parties.
At those layers, European regulations and government contractors want to sharpen the framework. Waiting for “perfect” clarity threatens to make tight deadlines unattainable.
Re-encryption through decades of archives and complex chains takes years.
Chris Dimitriadis, Chief Global Strategy Officer ISACA
Dimitriadis warns that the biggest obstacles are not purely technical: “Re-encryption through decades of archives and complex chains takes years. But the real stumbling blocks are correct priorities and policy. Only seven percent of organizations label quantum risk as a high business priority, while 62 percent acknowledge that current internet encryption will be broken.”
Policy and Resources
That is a split that is difficult to maintain. For European companies, there is also the coordination with evolving regulations such as the EU Cybersecurity Strategy, NIS2, and the AI Regulation. “The challenge is making the leap from awareness to implementation: updating policy, allocating resources, and training teams,” says Dimitriadis.
Scientific progress in quantum is advancing faster than training programs. National initiatives are emerging, but adoption depends on organizations that train leaders, architects, and engineers and frame quantum within the broader ‘digital trust’ agenda. ISACA sees in practice that maturity grows as soon as there is ownership at the board of directors and C-level.
Make it Concrete
Tangible milestones are important for this: map critical data flows, start pilots with post-quantum control mechanisms where the impact is greatest, and make agreements with suppliers so that changes roll through the entire chain. Especially long-lived data and digital identities must receive priority protection that survives the quantum era.
The approaching quantum era does not bring only risk: quantum technology is also part of the solution. Think of Quantum Key Distribution (QKD), next-gen encryption, and leaps in pattern recognition that can actually strengthen defense. AI applications also benefit, provided that governance keeps pace and value does not come at the expense of security.
At the ISACA 2025 Europe conference, taking place from October 15-17 in London, ISACA is organizing a session that delves deeper into the risks of quantum technology, and especially the measures and policies with which organizations can meet the challenges. More information can be found via this link.