The Quantum Clock Is Ticking, But Is the C-Suite Ready?
By Jennifer Lawinski • March 2, 2026
In the ever-evolving landscape of technology, quantum computing has lingered on the horizon for years, tantalizing enterprises with its promise yet remaining just out of reach. Despite advancements, some industry leaders are still dismissing it as a distant concern. This attitude could pose significant risks, particularly regarding cybersecurity readiness.
Nick Kathmann, the Chief Information Security Officer (CISO) at LogicGate, recalls that he began his academic journey in computer science focused on information security back in 1998 when quantum computing was seemingly imminent. However, as time has passed, the technology remains elusive. Some executives, like Donald Welch, Chief Information Officer (CIO) of New York University, have relegated quantum computing concerns to the back burner, indicating it lies far down their list of priorities. “It is so far down on my list of priorities that I’ve not devoted any time to thinking about it,” Welch stated candidly.
Conversely, other leaders are acutely aware of the necessity of preparing for this transformative technology, with Dan Wilkins, CISO at the Arizona Department of Economic Security, emphasizing that anticipation is essential. “You can prepare now or you can prepare later, but you still have to do it,” he asserted, indicating the inevitability of quantum advancements.
The stark divergence in perspectives highlights the current state of post-quantum cybersecurity planning within the C-suite. Many organizations remain uncertain about when quantum computers capable of breaching complex encryption methods like RSA will materialize, leading some to underestimate its urgency. Nevertheless, newcomers to the quantum space and industries that rely heavily on sensitive data understand that proactive steps are essential.
Anand Oswal, Executive Vice President of Network Security at Palo Alto Networks, offers a comprehensive analysis, asserting that post-quantum cryptography represents a business risk disguised as a technical issue. The implications of quantum technology have profound ramifications, as it could dismantle the foundational strategies that have safeguarded digital trust within the global economy. “If the basis for a half-century of cryptography collapses,” Oswal warns, “the ‘invisible shield’ protecting everything from financial transactions to communications and national secrets will also falter.”
Wilkins echoes these sentiments, channeling concerns specific to Arizona’s population. The state holds substantial amounts of personal data across its systems, sometimes archived for decades. With threats like "harvest now, decrypt later," the window for taking preventative measures is closing, and the risks grow exponentially as sensitive information accumulates. He identified the disconcerting reality faced by departments constrained to existing technologies, acknowledging that protective measures must evolve alongside emerging threats.
Delaying action until quantum breakthroughs are evident risks reducing years of necessary preparations to reactive crises. Oswal points out that substantial cryptographic migrations may demand five to ten years for completion across vast enterprise infrastructures. Those who hesitate may find their legacy data exposed and vulnerable long before they are equipped to defend it.
Industries that prioritize quantum readiness tend to be those with extensive, sensitive data or strict regulatory obligations. Sandy Carielli, an analyst at Forrester, recognizes that nobody can pinpoint a specific date when quantum risks will peak, making it challenging for leaders to focus amid their numerous existing responsibilities. “My expectation is that the early adopter industries are government and finance,” she noted.
Focusing on the defense sector, Venice Goodwine, a former CIO for the U.S. Air Force and Department of Agriculture, underscores the heightened sense of urgency among defense agencies. “We cared about it more because we rely more on cryptography than probably any other industry,” she remarked. Similarly, Goodwine suggests that the financial sector should prioritize preparations against potential quantum threats.
Despite this awareness, enterprise leaders are often distracted by pressing current challenges, such as managing artificial intelligence initiatives and navigating geopolitical instability. Nauman Abbasi, a senior director analyst at Gartner, posits that unless a significant breakthrough occurs, quantum computing is unlikely to secure ample attention.
The consequences of waiting can be dire; as Carielli cautions, “By the time you wait and see, it will be too late for your existing data.” A strategic gap persists, marked by unforeseen vulnerabilities in systems that have yet to prepare adequately.
For organizations embarking on their quantum readiness journeys, experts recommend a systematic approach starting with an asset inventory. Carielli highlights the critical importance of understanding one’s existing landscape before developing a mitigation strategy. Wilkins agrees, emphasizing the necessity of groundwork to inform future decision-making.
Furthermore, organizations should recognize that not all data requires identical levels of urgency in encryption efforts. Wilkins advises against oversimplifying the problem by suggesting a blanket encryption strategy. Instead, prioritization based on sensitivity and longevity of information is essential. “We don’t need to be encrypting grandma’s cookie recipes and last year’s vacation photos,” he stated.
Threat modeling emerges as a vital component of adequate readiness preparation. Kathmann illustrates that the model should align with the value assigned to the data. Likewise, Carielli reiterates that comprehending one’s systems and prioritizing accordingly is crucial, as failing to do so could lead to dismissing the matter entirely.
Preparing for a post-quantum cybersecurity landscape also comprises developing crypto agility. This involves establishing the capability to adapt to new algorithms seamlessly. Wilkins emphasizes the necessity of integrating flexibility into processes to swiftly adapt to evolving threats.
In tandem, enterprises must ensure that their technology partners are progressing with similar initiatives. Effective communication regarding quantum roadmaps among vendors will be crucial to coordinate efforts. “We can’t progress without the reliance on this other party,” Wilkins remarked, driving home the importance of interoperability in planning.
Lastly, the imperative to take action is underscored even for entities not yet perceiving immediate risks. Government organizations like the National Institute of Standards and Technology have begun issuing guidelines with definitive timelines. Carielli asserts that these regulations, regardless of belief in imminent threats, compel leaders to act. She questions the motivations pushing government entities to enforce such timelines, emphasizing the need for proactive measures regardless of perceived urgency.
In conclusion, while the quantum clock continues to tick, the readiness gap in the C-suite illustrates a critical need for awareness and preparation. Industries relying heavily on sensitive information must prioritize these evolving risks to secure their data and maintain trust in the digital landscape. The time for action is now, and proactive measures in post-quantum cybersecurity planning will be crucial in safeguarding enterprises against potential threats that lie ahead.