Quantum readinessAI SecurityGlobal Service ProviderSecurity
News3 minute read

Quantum is coming. Here's what CTOs can be doing today

Ginna Raahauge of WWT talks us through quantum strategy and what you as a CTO should be doing to prepare your organisation.

by Ginna Raahauge, via Information Age

  • As Q-Day (Quantum Day) approaches, the focus should stay on clearly defined use cases, not problems classical computing already solves well.
  • Post-quantum cryptography (PQC) is the most essential immediate action.
  • CTOs should also be starting their cryptographic audit, defining their quantum use case and making crypto-agility a design requirement in their organisation.

Google's recent shift of its Q-Day timelines to 2029 is a signal, not a surprise. For UK CTOs who have been watching this space, it confirms what the most forward-thinking organisations already know; the quantum transition is a strategic imperative rather than a theoretical exercise.

With the National Cyber Security Centre (NCSC) leading the way on global quantum standards and a recent £2bn commitment to invest in quantum technologies, the UK is intent on competing early. But government alone cannot set the pace. The window for industry to act with intentionality and purpose is open right now, before quantum's arrival forces the issue.

Build security in from the outset

One of the clearest lessons from the AI era is what happens when security becomes an afterthought. According to IBM's 2025 Cost of a Data Breach Report, 13% of organisations experienced breaches of AI models or applications – 97% of which lacked proper access controls. C-suite leaders chased innovation whilst leaving the door open.

Quantum offers a chance to do things differently. The NCSC's framework gives UK CTOs clear direction, with post-quantum cryptography (PQC) as the most essential immediate action.

Three things matter here

  1. Treat PQC as a standing governance issue with regular senior-level reporting
  2. Map every system where quantum-vulnerable encryption exists, well beyond core IT
  3. Prioritise data with the longest exposure lifespan: intellectual property, financial records, customer data

Aside from risk mitigation, a genuine commitment to PQC sends a commercial signal: your organisation is a trustworthy, long-term steward of data. In competitive procurement and partnership discussions, that distinction will increasingly matter.

The blockchain parallel and why it matters for quantum and AI

Quantum's disruption will not stop at traditional encryption. It poses a direct challenge to blockchain, the technology underpinning cryptocurrencies, smart contracts, and a growing range of enterprise applications. The cryptographic foundations that make blockchain 'immutable' are built on the same mathematical problems a sufficiently powerful quantum computer will solve.

This is not a future problem. Blockchain transactions recorded today could be retroactively compromised once quantum capability matures; the same 'harvest now, decrypt later' risk that applies to all encrypted data. CTOs with supply chain, financial settlement, or identity systems built on blockchain need to start assessing quantum exposure now.

Blockchain also offers a strategic lesson. When it emerged, many organisations rushed in without a clear problem to solve. The ones that created real value were disciplined: they identified specific use cases where the technology's properties solved a genuine challenge, piloted carefully, and built expertise incrementally. Apply that same discipline to quantum by resisting the hype, focusing only on problems uniquely suited to quantum solutions, and carefully auditing which AI or blockchain-dependent systems will require post-quantum hardening.

 

Read full article