What Quantum Computing actually means for your business security

Scientists from Kings College have become the first UK academic research team to gain access to Google’s cutting-edge quantum technology. The Willow chip, Google says, can solve a theoretical problem in 5 minutes which classical computers couldn’t have ever been predicted to be solved. Not in our lifetimes anyway. Google estimates that a theoretical problem that Willow can solve now would take approximately 10 septillion years to solve. Septillion as-in 2.2 quadrillion Earth lifetimes. This should put into perspective how truly groundbreaking this technology is, and why UK scientists are excited to be involved.

So why should you care?

You’re probably thinking ‘Great, a new distant scientific technology, that won’t impact my day to day life at all’. Well unfortunately this isn’t true, this announcement from Kings is a clear signal that the “quantum era” is closer than most business leaders assume. In fact Google and CloudFlare have set firm internal deadlines of 2029 to complete their migration to Post-Quantum Cryptography (PQC), to make their encrypted files unhackable by the new machines they are building.

So yes quantum technology will be able to do great things that probably will have nothing to do with your business. Such as increasing processing speed and drug discovery, but like with every groundbreaking technology, there will be bad guys who use and abuse it and business leaders need to be prepared for this.

What Is quantum computing, really?

Classical computers, the ones powering your laptop, your phone, your entire digital infrastructure, think in binary. Every piece of information is a bit, a switch that is either 0 or 1. That's it. Every calculation, every transaction, every encrypted message ultimately comes down to potentially billions of these tiny 0s or 1s happening at speed.

Quantum computers throw that rulebook out entirely, because instead of bits, they use qubits. And a qubit doesn't have to be a 0 or a 1, it can be both simultaneously. This is superposition, which is the ability of a quantum particle to exist in multiple states at once, until the moment it's actually measured.

I might have lost you here, but think of it like a coin spinning in the air, it's neither heads nor tails until it lands. A classical ‘bit’ is a coin that's already landed. A ‘qubit’ is one that's still spinning.

So, where a classical computer works through possibilities one by one, a quantum computer can explore vast numbers of possibilities at the same time. Which is why Google's Willow chip can theoretically dispatch a problem in minutes that would take a classical computer 10 septillion years.

So quantum computers won’t just do things faster, they will solve a fundamentally different class of problems, and one of these problems it will be uniquely good at solving is breaking the maths that underpins modern encryption.

Enter the CRQC, the real game changer

Now for some good news and some bad news…

The quantum technology that exists today, including Google's Willow, is impressive, groundbreaking, but currently largely useless for breaking your encryption. They're what researchers call noisy systems -powerful in theory, but prone to errors, difficult to stabilise, and nowhere near the scale required to threaten real-world cryptography. Yet!

Today's machines are just proof of a future threat called a Cryptographically Relevant Quantum Computer, or a CRQC.

This is the machine that keeps security professionals up at night. A quantum computer powerful and stable enough to break the public-key cryptography that silently underpins virtually everything your business does digitally. And we're talking about everything.

The very algorithms that encrypt your data, verify digital signatures, and authenticate identities across all areas of your business. You don't see them, but you rely on them constantly. A CRQC running an algorithm called Shor's algorithm could render all three obsolete, not weaken them, not strain them, but mathematically break them.

So when could this actually happen? Sooner than most boards are planning for. The Global Risk Institute puts the probability of a CRQC capable of cracking RSA-2048 within 24 hours at 17-34% by 2034.And the most recent expert survey on quantum threat timelines places the averaged probability of a CRQC emerging within ten years at 28-49%.

What's at stake, when do we act and what do we do?

The main thing you need to take away from this is what’s at stake for businesses, and its security & privacy.

Encrypted customer data, health records, financial transactions all rely on the same algorithms a CRQC would break.But also, contracts, software updates, identity verification, and legal records depend on cryptographic signatures. A CRQC could enable the forgery of digital signatures, allowing adversaries to impersonate identities and undermine trust in digital systems entirely.

There is also the "Harvest Now, Decrypt Later" threat. Because these systems will exist eventually,adversaries are collecting encrypted data today with the intention of decrypting it once a CRQC exists. Data stolen today doesn't require a quantum computer to be valuable a decade from now, only patience.

Back to the "So what, it's not here yet?" objection, well there's a framework that CISOs and government security agencies use to help understand the urgency. It's called the Mosca Inequality.

It works like this. Take three numbers:

1. How long will it take your organisation to fully migrate to quantum-safe cryptography?
   
2. How long does the data you're protecting today need to remain secret?
   
3. How long until a CRQC arrives?
   
   

If the first two added together exceed the third, that is to say if your migration window and your data's required lifespan overlap with the arrival of a CRQC, you are already exposed. Not in the future, not 2029/2030/2034, now.

So what you need to do now for your business is:

• Build a cryptographic inventory - understand where and how encryption is used across your systems.
  
• Adopt post-quantum cryptography standards - NIST published the first post-quantum standards in 2024 covering key exchange and digital signatures, giving businesses approved migration targets
  
• Start now, not at Q-Day - be about it. The businesses that act early will maintain trust and continuity.
  

Be prepared

So, the Willow chip won't break your encryption today. But academic research on it from UK teams is a massive milestone on a road that leads somewhere every business leader needs to understand, and prepare for.