Quantum computing is coming for your encryption: the real-world blast radius
- Johan Steyn
- Feb 17
- 4 min read
From banking logins to school records, here’s what gets exposed first and how to triage risk.
Audio summary: https://youtu.be/RzLasCVkHpg
Follow me on LinkedIn: https://www.linkedin.com/in/johanosteyn/
Most leaders hear “quantum computing” and still picture a distant science project. The more practical reality is this: if an attacker can steal encrypted data today and store it, they may be able to decrypt it later when quantum capabilities mature. That idea is often called “harvest now, decrypt later”, and it matters because so much of what we encrypt is valuable for years, not minutes. The uncomfortable shift is that the work to reduce quantum risk starts long before the first truly powerful quantum machines arrive for most businesses. The good news is we’re not guessing blindly: standards and roadmaps now exist, and some vendors are already shipping “quantum-resistant” features as part of mainstream security products.
CONTEXT AND BACKGROUND
Quantum computing threatens specific forms of encryption that underpin modern digital life, especially public-key cryptography used for key exchange, digital signatures, and identity. If you strip away the maths, the simplest framing is this: much of today’s security depends on problems that are hard for classical computers, but could become tractable for sufficiently capable quantum systems.
That is why governments and standards bodies are pushing organisations to start migrating to post-quantum cryptography (PQC). NIST has published post-quantum standards that are designed to replace widely used public-key algorithms. At the same time, national cybersecurity agencies are signalling that “wait and see” is not a strategy. The UK’s National Cyber Security Centre has urged organisations to plan for migration over the coming decade rather than leaving it to a last-minute scramble.
South Africa should pay attention not because we are uniquely exposed, but because our economy is deeply interconnected: banking rails, telco networks, cloud platforms, and identity services are global by design. We also have growing quantum capability ambitions and partnerships, including high-profile work on quantum communications links, which is a reminder that quantum is not “future talk” on the periphery of our systems.
INSIGHT AND ANALYSIS
If quantum risk feels abstract, map it to a “blast radius” you can actually manage.
Start with banks. The first break won’t be “all money disappears overnight”. It will be identity and trust at scale: certificates, signatures, and authentication chains that prove a person, device, or transaction is legitimate. When those trust anchors are threatened, everything downstream becomes harder: fraud rises, dispute resolution becomes messier, and compliance costs balloon.
Now consider schools and hospitals. Their most sensitive data is also the longest-lived: a child’s health history, learning records, special needs assessments, and family information can remain sensitive for decades. If it is harvested today, the harm can surface years later through extortion, discrimination, or social engineering. This is why “harvest now, decrypt later” is not a spy thriller plot; it is a risk model that forces us to care about long-term confidentiality, not just today’s breach headlines.
Messaging platforms sit in an awkward middle. Apps like WhatsApp-style services rely on cryptographic handshakes, device identity, and forward secrecy. If the public-key parts of these systems become weaker over time, the pressure will be to upgrade protocols and key agreement mechanisms. Some of the market is already moving: consumer security products are starting to advertise quantum-resistant options as a competitive feature, which tells you this is moving from academic debate to product roadmaps.
National ID systems raise the stakes further, because they combine identity proofing, signatures, and citizen data in a single critical service. If we treat PQC as purely an “IT upgrade”, we miss the policy dimension: trust in identity is trust in the state, and failures are social as much as technical.
IMPLICATIONS
The simplest prioritisation approach for organisations is: protect long-life secrets first, then protect trust chains.
One, classify your data by “how long it must remain confidential”. If it’s 10+ years (children’s records, medical histories, certain financial and legal data), you prioritise it for quantum-safe protection earlier, because it is the most attractive target for “harvest now, decrypt later”.
Two, inventory where public-key cryptography lives in your environment: TLS, VPNs, certificate authorities, code signing, document signing, device identity, and any bespoke integrations. You cannot migrate what you cannot see.
Three, insist on “crypto agility” in procurement. That means your systems can swap algorithms without a rebuild. It is also where leadership matters: you make quantum readiness a vendor requirement, not an internal afterthought.
And finally, don’t assume everyone else is ready. Even in markets with strong guidance, research coverage continues to suggest many enterprises remain underprepared for quantum-era threats.
CLOSING TAKEAWAY
Quantum won’t break cybersecurity in one dramatic moment; it will quietly undermine the assumptions we’ve baked into identity, trust, and long-term secrecy. The organisations that cope best won’t be the ones with the most scientists. They’ll be the ones that treat PQC as a practical risk programme: classify long-life data, map cryptography dependencies, demand crypto agility from vendors, and move early on the systems that protect children, patients, and citizens. The sooner we stop thinking of quantum as a distant “innovation topic”, the sooner we start acting like responsible custodians of the digital world we’ve built.
Author Bio: Johan Steyn is a prominent AI thought leader, speaker, and author with a deep understanding of artificial intelligence’s impact on business and society. He is passionate about ethical AI development and its role in shaping a better future. Find out more about Johan’s work at https://www.aiforbusiness.net
Comments