Executives warn of rising quantum data security risks

Gigamon and Thales executives warn on rising quantum security risks.

They say attackers are already using a "harvest now, decrypt later" strategy against encrypted data.

Security leaders are approaching what many describe as an inflection point in cybersecurity, as advances in artificial intelligence and quantum computing reshape threat models. Industry surveys also point to a gap between concern over quantum-era attacks and the practical preparations many organisations have made.

Gigamon's soon-to-be-published 2026 Hybrid Cloud Security Survey of 1,000 security leaders found that 35% of organisations globally view encrypted traffic as their biggest breach risk. It also found that 87% of security and IT leaders are concerned about the rise of so-called harvest-now, decrypt-later attacks.

Chaim Mazal, chief AI and security officer at Gigamon, said attackers are already changing their behaviour in anticipation of practical quantum decryption.

"Cybersecurity has reached an inflection point. While defenders are already contending with AI-powered attacks, security leaders now must prepare for quantum-driven risks. The next 12 months will be critical for every security team, because the problem is no longer theoretical: attackers are actively harvesting encrypted data with the expectation that quantum computing will make it readable. This 'harvest now, decrypt later' strategy is a wake-up call for every security team.

"Despite these concerns, a dangerous assumption persists: 76% of organizations still believe their encrypted data is inherently secure. While many organizations know quantum may disrupt their encryption strategies in the years ahead, few are meaningfully preparing for it. That makes post-quantum readiness a defining issue for cybersecurity in the next year. Organisations that treat this as a present-day priority by focusing on audits and asset inventory, modernising security architecture, and adopting more adaptive, zero-trust approaches to gain the visibility they need will be far better positioned to navigate a post-quantum landscape."

Concerns over quantum risk are not limited to a single vendor's research. Thales pointed to its own findings showing that 61% of organisations now cite harvest-now, decrypt-later as their leading quantum risk, even as many enterprises still lack basic visibility into their data flows and cryptographic exposure.

Chris Harris, EMEA technical director for data and application security at Thales, said the industry should treat the impact of quantum computing on cryptography as a current risk rather than a distant possibility.

"The post-quantum threat is no longer theoretical; it is already shaping today's risk landscape. While quantum computing promises transformative breakthroughs, it will also fundamentally undermine the cryptographic foundations that protect our digital economy. What's changed is the timeline. The question is no longer if quantum will break current encryption, but when, and attackers are already exploiting that gap.

"'Harvest now, decrypt later' has become the leading concern for organisations, with 61% citing it as their top quantum risk. Sensitive data stolen today could be exposed years from now, creating a long-tail security liability that many organisations are still underestimating. At the same time, most organisations are not in a position to respond effectively. Only 34% have full visibility of where their data resides, and less than half of sensitive cloud data is encrypted. You can't protect what you can't see, and in a quantum context that visibility gap becomes a strategic risk, not just an operational one.

"There are signs of progress. Nearly six in ten organisations are already experimenting with post-quantum cryptography, signalling a shift from awareness to action. But experimentation alone is not enough. The real challenge is industrialising this transition by embedding crypto-agility, modernising key management, and identifying where cryptography sits across increasingly complex, cloud-first environments. Preparing for a post-quantum world is not a single upgrade; it is a transformation in how organisations approach data security. That means acting now: mapping cryptographic dependencies, prioritising high-value data with long confidentiality lifecycles, and building the foundations for quantum-safe architectures. The organisations that start now will be the ones ready for the quantum era."

The warnings reflect growing concern that, while quantum computing research is still emerging, it has already changed attacker incentives. Adversaries can steal high-value encrypted data today and store it until cryptographic protections no longer hold, creating a multi-year risk window for sectors such as finance, government and healthcare, where information may require long-term confidentiality.

Vendors describe a widening gap between awareness of the threat and concrete remediation. Both commentaries point to low levels of full data visibility across hybrid and multi-cloud environments, along with incomplete encryption of sensitive workloads, as structural weaknesses in current security postures.

Security teams are assessing post-quantum cryptography as standards progress, yet many organisations still treat the work as experimentation rather than a structured migration programme. Industry voices increasingly frame post-quantum readiness as a broader transformation involving asset inventories, cryptographic mapping, zero-trust architectures and updated key management.

As World Quantum Day draws attention to the technology's potential benefits, security specialists are also underscoring its disruptive effect on today's defences. Harris said organisations that move early on data discovery, crypto-agility and protection for long-lived data will be best placed to maintain trust in the quantum era.