Kaspersky is addressing one of the most debatable technological challenges of the coming decade: the rise of quantum computing and its potential impact on digital security. In this context, experts have identified the main quantum threats that demand immediate action from the cybersecurity community.
As classical computers approach their physical limits, their performance growth is slowing — constraining progress in areas that depend on complex computation. At the same time, quantum computers, offering the potential to solve specific problems far faster than classical systems. For now, however, their practical use remains limited to narrow and experimental domains.
Nevertheless, experts estimate that we may see a fully fault-tolerant quantum computer within the next decade — a development that could unlock significant advances, but also unleash a new era of cybersecurity threats.
Supporting this urgency, Deloitte’s 2024 Global Future of Cyber Survey reports that 83% of organizations are already assessing or taking steps to address quantum computing risks, demonstrating growing awareness and proactive strategies in the private sector.
To better understand the scope of the evolving threat, Kaspersky has identified three of the most urgent quantum-related risks that demand action from the cybersecurity community:
The top three risks
Quantum computers could be used to compromise the traditional encryption methods that currently protect data in countless digital systems — posing a direct threat to global cybersecurity infrastructures.
Threats include the interception and decoding of sensitive diplomatic, military, and financial communications, as well as the real-time decryption of private negotiations – something quantum systems could handle much faster than classical machines, turning secure conversations into open books.
1. Store now, decrypt later: the key threat of the coming years
Threat actors are already harvesting encrypted data today, with the intention of decrypting it in the future once quantum capabilities advance. This “store now, decrypt later” tactic could expose sensitive information years after it was originally transmitted — including diplomatic exchanges, financial transactions, and private communications.
2. Sabotage in blockchain and cryptocurrency
Blockchain networks are not immune to quantum threats. Bitcoin’s Elliptic Curve Digital Signature Algorithm (ECDSA), which relies on elliptic curve cryptography (ECC), is especially vulnerable.
Potential risks include forging digital signatures, which threatens Bitcoin, Ethereum, and other cryptocurrencies; attacks on ECDSA that secure crypto wallets; and tampering with blockchain transaction history, undermining trust and integrity.
3. Quantum-resistant ransomware: a new front
Looking ahead, developers and operators of advanced ransomware may begin adopting post-quantum cryptography to protect their own malicious payloads. So-called “quantum-resistant” ransomware would be designed to resist decryption by both classical and quantum computers — potentially making recovery without paying a ransom nearly impossible.
At present, quantum computing does not offer a way to decrypt files locked by current ransomware. Data protection and recovery still rely on traditional security solutions and collaboration among law enforcement agencies, quantum researchers, and international organizations.
Building quantum-safe defenses
Quantum computers are not yet a direct threat — but by the time they are, it may be too late to respond. Transitioning to post-quantum cryptography will take years. Preparations must begin today.
The cybersecurity community, IT companies, and governments must coordinate to address the risks ahead. Policymakers should develop clear strategies to migrate to post-quantum algorithms. Businesses and researchers need to begin implementing new security standards now.
“The most critical risk lies not really in the future, but in the present: encrypted data with long-term value is already at risk from future decryption. The security decisions we make today will define the resilience of our digital infrastructure for decades. Governments, businesses, and infrastructure providers must begin adapting now, or risk systemic vulnerabilities that cannot be retroactively fixed”, states Sergey Lozhkin, Head of Kaspersky Global Research & Analysis Team for META and APAC.
