Collaboration and data give rural land investor a climate edge
Using board-led, science-based planning, New Zealand Rural Land Company developed a climate transition plan for long-term resilience.
ANTHEM
Harvest now, decrypt later: wake-up call for boards
Transitioning to post-quantum cryptography will be slow and complex. Boards must act early to protect long-term data and digital trust.
IBM Vice President Jay Gambetta made a bold statement in May about the emerging field of quantum computing. Speaking about its revolutionary potential, he warned CEOs who are not yet preparing for the quantum era are “already too late”.
It’s a striking claim, especially at a time when the commercial application of quantum algorithms remains years away. For many directors and boards, the natural response is to question whether this is truly a 2025 issue, or whether boards can afford to wait.
Researchers are increasingly confident that breakthroughs in quantum computing are on the horizon, although no fixed timeframe has been unilaterally agreed. Most experts land on the technology being fully realised somewhere between four and 13 years.
The potential advantages of quantum computing will be profound: accelerating the discovery of new medicines, optimising complex logistics and enabling entirely new categories of data analysis. Yet, while these benefits have attracted much public attention, the same capabilities also present significant risks, particularly to the encryption foundations upon which modern digital trust is built.
Our businesses and societies are underpinned by encryption standards that were designed to resist conventional computing power. These protocols secure online banking transactions, protect confidential communications and keep sensitive records safe from prying eyes. That is why IBM and others are urging business leaders to act now.
Fortunately, the security community has not been idle. Over the past decade, researchers have developed a suite of new “post-quantum” algorithms, designed around mathematical problems that neither classical nor quantum computers can solve efficiently.
These algorithms form the basis of post-quantum cryptography and international standards bodies are already working to formalise their adoption. Yet, moving entire businesses and all the data they hold to new cryptographic standards will not be a matter of simple replacement.
When it comes to any sort of major technology step change, history shows the process is invariably slow, complex and beset by practical obstacles. Even where the security weaknesses of older systems are widely acknowledged, organisations have struggled to complete transitions in a timely manner.
These delays matter because they highlight the likely gap between the emergence of quantum capability and the global eradication of vulnerable cryptography. If quantum computers capable of breaking current encryption standards become available within the next five to 10 years, then we face a prolonged window in which sensitive data will be exposed.
The risk is compounded by a strategy that cybersecurity experts have been warning about for several years, often referred to as “harvest now, decrypt later”. In this model, adversaries quietly capture encrypted traffic and data today, without attempting to break it. They simply store it, waiting until the day when quantum capability renders the encryption meaningless. At that point, the data can be decrypted, often years after the breach occurred, with no warning or trace.
“Preparing for the quantum threat is not about panic or hype. It is about foresight. Boards do not need to master the mathematics, but they must ensure their organisations are planning strategically for its adoption.”
The implications of this are sobering for any organisation whose data must remain secure for long periods. A customer database in the medical industry, for instance, may retain its sensitivity for decades. Intellectual property or government records may hold value indefinitely. Once harvested, these data sets cannot be retroactively protected.
The moment quantum capability arrives, the information is exposed and the damage will already be done. A plan to respond to this risk must be factored into any quantum planning.
The lesson from past transitions is that waiting until the threat fully materialises is not an option. By then, it will be too late to act. Preparing for a post-quantum world requires long lead times because organisations must not only adopt new algorithms but also adapt their infrastructure, applications and supply chain dependencies. This is not merely a technical task for IT departments; it is a strategic issue that requires board-level oversight.
It is tempting to regard quantum as a distant problem, but for boards and directors the strategic threat window is already open. Organisations that wait until quantum capability is widely announced may find themselves scrambling in an environment where the adversaries are already ahead.
The better path is to start the process now: to understand where encryption is used, to identify the data that must remain secure well into the future, and to engage with emerging standards as they are formalised by bodies such as the US-based National Institute of Standards and Technology.
Preparing for the quantum threat is not about panic or hype. It is about foresight. Boards do not need to master the mathematics, but they must ensure their organisations are planning strategically for its adoption.
In 2025, the most important step directors can take is to ensure preparation is under way. The technology may not yet be here, but the risk is – and the time to plan is already upon us.
Related content
