1. Map your cryptography
Most organisations do not know where their cryptography lives. Start by inventorying algorithms, certificates, embedded libraries and key-management systems — especially in legacy environments.
With insights from
David Elliman
Global Chief of Software EngineeringQuantum computing is edging closer to commercial reality, and with it comes a fundamental challenge to the cryptographic systems that underpin global trust.
The same machines capable of accelerating drug discovery and climate modelling could, in time, dismantle the encryption that protects financial systems, healthcare data, national infrastructure and the digital signatures that keep global commerce functioning.
In this episode of Tech Tomorrow, Zühlke’s David Elliman speaks with Dr Sarah McCarthy to explore a question every business leader should be asking: are we prepared for a world where today’s secrets can be tomorrow’s open books?
Meet the guest: Dr Sarah McCarthy
Dr Sarah McCarthy began her career in pure mathematics before moving into the world of applied cryptography.
Today she is the Quantum Readiness Programme Lead at Citi, helping one of the world’s largest financial institutions prepare for the next era of cyber risk. She specialises in making sense of a world “where logic bends,” as she puts it, and where conventional security can fail overnight.
Key takeaways from the episode
Why quantum computing changes the rules
At the heart of the threat is a property unique to quantum mechanics: superposition. While classical bits switch between 0 and 1, a quantum bit (the qubit) can represent both simultaneously. “Like the Cheshire Cat,” Dr McCarthy notes, “a qubit can exist in two states at once,” enabling quantum machines to explore vast mathematical possibilities in parallel.
The implications are profound. Many of the cryptographic systems that secure digital communication, online banking, and identity verification rely on mathematical problems that would take classical computers millions of years to solve. Quantum computers could solve them in hours or even minutes.
The Red Queen reality: Security that must keep running just to stand still
In Through the Looking Glass, Alice runs as fast as she can only to stay in the same place. Dr McCarthy says this perfectly captures the reality of modern cybersecurity.
“Attacks are continuously evolving. Not just from quantum computing, but from new cryptanalysis and side-channel techniques. You can’t plan for post-quantum cryptography once and forget about it. Security is a moving target.”
Even before a viable quantum computer arrives, organisations must continuously update, experiment, and train. Cryptography isn’t a one-off investment, but really an ongoing race.
What is cryptographic agility (and why does it matter)?
When the landscape changes this fast, flexibility becomes a superpower.
“Cryptographic agility,” says Dr McCarthy, “is like Alice navigating Wonderland: she has to adapt to growing, shrinking, and shifting paths. Organisations must be able to swap out cryptographic components, adjust protocols, and stay ahead of new threats.”
The best approach today is a hybrid model: combining classical encryption with post-quantum algorithms. If one layer fails, the other holds. This dual system creates a safety net: a pragmatic bridge between today’s systems and tomorrow’s standards.
The invisible threat already underway
Perhaps the most urgent challenge is one many leaders underestimate: “harvest now, decrypt later.”
Adversaries are already collecting encrypted data, storing it, and waiting for quantum capability to mature. Long-lived data such as financial transactions, medical records, intellectual property and government communications will still carry value in a decade. If it is intercepted today, it could be decrypted tomorrow.
The same applies to digital signatures. In a quantum-enabled world, they could be forged retroactively, altering records or undermining historical agreements.
Why leaders must act before Q-Day
“Q-Day” — the moment when quantum computers can break existing cryptography — could be ten to fifteen years away, or closer. No one really knows. And, as Dr McCarthy points out, it may already have happened before we notice.
“A hostile nation state isn’t going to announce they’ve built a cryptographically relevant quantum computer,” she says. “By the time we find out, it’ll be too late.”
The lesson is clear: don’t wait for Q-Day to act.
Early adopters of post-quantum security gain three advantages:
- Resilience: Data that stays secure for decades.
- Regulatory readiness: Avoiding fines as compliance frameworks evolve.
- Reputation: Earning trust as a forward-looking, secure partner.
A practical roadmap for executives
Quantum readiness is not about panic. It is about structured preparation. Dr McCarthy outlines five practical steps leaders can begin now:What we can learn from early pioneers
A number of organisations have already begun their journey through the quantum looking glass:
- Cloudflare deploys hybrid post-quantum cryptography within TLS 1.3 by default, protecting millions of secure connections.
- Central banks are experimenting with post-quantum encryption for cross-border payment systems and secure communications.
- Hardware vendors are creating post-quantum-enabled security modules compatible with existing infrastructure.
These early movers demonstrate that quantum-resilient systems are not futuristic — they are operational today.
Beyond the rabbit hole: a pragmatic optimism
Quantum computing will not collapse cybersecurity overnight. But it will rewrite the assumptions on which digital trust is built. The organisations that act early — those that inventory their cryptography, strengthen their architectures and build true agility — will shape the next generation of digital standards.
As Dr McCarthy concludes:
“Quantum computing won’t instantly break today’s security, but it forces us to rethink our long-lived systems. The organisations that inventory their cryptography, identify the high risk use cases, and adopt crypto agile architectures, are the ones who'll be able to transition the most smoothly.”
