IT-driven businesses may soon have to spend around $1 trillion USD annually to combat and lessen the negative effects of ransomware, data breaches, and hacks on the economy and society.
Around the world, incidents like the December 2023 National Public Data (NPD) cyberattack, which led to the theft of about 2.9 billion records—including names, email addresses, phone numbers, mailing addresses, financial information, and, tragically, social security numbers—are becoming all too common.
Considering what a potential tsunami might look like if adversaries like China, Iran, North Korea, Russia, and Pakistan use networking and quantum computing to unleash a cyber-catastrophe on their rival economies as part of a cyber-geopolitical war, this is just a day at the beach.
The consequences of a quantum cyber disaster could be severe and quick. Quantum-capable nation-state hackers could quickly and widely access private financial, health, and other sensitive data. Cracking system passwords and launching ransomware or DDoS attacks could simultaneously compromise critical infrastructure, including hospitals, water systems, and power grids, crippling entire cities and preventing access to essential life-sustaining services. At the national level, it would be easy to compromise government systems, revealing confidential information and endangering national security.
Since SMEs—often the backbone of digital and platform-based economies—are under-resourced and ill-prepared to defend against adversaries enabled by quantum technology, the repercussions would be severe across supply chains. These SMEs are a weak link in most digital ecosystems, which include e-commerce and logistics. The attack surface is enormous because almost everything is online. The warning is clear in such a situation: businesses risk going extinct unless they begin allocating funds for strong, quantum-resilient cybersecurity, which could cost up to a trillion dollars. This readiness is essential to the future of safe infrastructure, commerce, and national stability.
Cyber disaster scenarios have been around for a while in non-quantum contexts, but quantum technology adds a whole new level of urgency. With speeds billions of times faster than those of today's conventional systems, quantum computing and networking represent a radical leap that will enable the rapid and effective cracking of almost all existing encryption techniques. In contrast to earlier threats, public key cryptography—the cornerstone of digital security in e-commerce, banking, IT, and national infrastructure—can be broken by quantum systems. Significant advancements have already been made by tech behemoths like Microsoft and Google. Complex problems that would take classical systems thousands of years to solve can be resolved in minutes thanks to Google's "Willow" chip, which performs quantum computations with exceptionally low error rates. In the meantime, Microsoft's "Majorana 1" provides a dependable and expandable quantum computing platform, enabling calculations that were previously unthinkable.
These developments imply that adversaries may soon use quantum power to breach vital systems and destroy economies with previously unheard-of ease and speed. This is a paradigm shift in cybersecurity, not just another chapter. Building quantum-resilient systems before adversaries take advantage of this disruptive technology is imperative due to the threat's magnitude and urgency. As stated by Vibhor Jain - Acting CEO and Chief Operating Officer, ONDC: “Quantum security is no longer optional; it’s a national imperative. As quantum computing challenges today’s cryptography, open networks too must embed quantum-safe safeguards at their foundation. Protecting transactions, data, and collaboration across these interconnected ecosystems will preserve trust, fuel innovation, and secure inclusive economic growth for decades to come.”
A KPMG survey of businesses in North America, Australia, and Germany found that quantum technology will be one of the biggest cyber threats by 2030. With new rules like CNSA 2.0, NIST CSF 2.0, and the EU's Cyber Resilience Act, there is a growing push for businesses to use post-quantum cryptography (PQC) and quantum-resilient frameworks. This article identifies significant quantum cyber challenges and suggests resilience-enhancing measures for enterprise managers to promote the vision of a "quantum viksit and surakshit Bharat/duniya" (a quantum-developed and secure India/world).
Also read: Why does cybersecurity management in enterprises fail?
Quantum technology will lead to huge breakthroughs in drug research, energy, e-commerce, manufacturing, finance, AI, and more (that's why Amazon, IBM, Google, and Microsoft are spending millions of dollars to build quantum technology), but it also comes with huge cybersecurity risks.
Rival nations investing in quantum – China and Russia, two of the world's strongest economies, are putting billions of dollars into quantum each year. As a result, quantum technology can break into password-protected software and mobile apps that use a 12-character password with one uppercase letter, one number, and one symbol in minutes. It would take a regular computer 34,000 years to do the same thing. Consider the (catastrophic) consequences that this technology could have on (a) the stability, sustainability, and trust of (open) digital e-commerce ecosystems and platforms that have thousands of small and medium-sized businesses (with far fewer resources to even think about fighting a quantum war) on both the supply and demand sides, and (b) the national economy as a whole that gets a boost from open-networked digital commerce.
Confidential data CIA will be at huge risk – Public key cryptography (PKC) is a big part of the core cybersecurity principles of confidentiality, integrity, and accessibility (CIA). Quantum computing is a big threat to PKC. Jack Hidary says that a "train wreck" is coming, and most businesses aren't ready for quantum-enabled cyberattacks. A quantum breach could expose huge amounts of sensitive data in digital and open e-commerce platforms in fields like healthcare, finance, transportation, and retail. Transactions with credit and debit cards and private messages would be very easy to hack. "Harvest Now, Decrypt Later" attacks will become more common, making encrypted data less safe after the fact. The risk includes corporate spying and the disruption of big platforms like ONDC, which are important to the country's economic plans. Without quantum-resistant defense, the goal of creating large, welcoming digital marketplaces by 2030 could fail due to competition from other businesses, which would slow down the growth of online shopping, buyer-seller networks, and the integration of rural and urban areas. Quantum readiness is not something you can choose to do; it is necessary and urgent for the future of safe digital commerce.
Skewed geopolitical power will explode cyber incident frequency overnight – Consider two unchanging truths. One, the fact that cyber enemies are always one step ahead of the defenders. Second, there have been many well-known cyberattacks on important parts of the economy and society in the hopes of bringing them down. The first truth will only get stronger in the quantum world, where only a few economically powerful countries (like nuclear powers) will have the power to launch quantum cyber-attacks on businesses with fewer resources to control the world for political reasons. For the second invariant truth, significantly increase the number of events and add nation-backed open networked digital commerce platforms to the list of critical infrastructure.
Cyber ‘non-visionary’ boards and upper management – Most corporate boards and C-suites, especially in small and medium-sized businesses, don't care much about cybersecurity unless it has to do with their product or service. This is especially bad for small and medium-sized businesses that do a lot of online business and don't spend much on cybersecurity. Not many businesses actively use new or disruptive cybersecurity technologies, and even fewer are ready for new threats like quantum cyber risks. Simon Sinek says that many executives put short-term profits ahead of long-term stability, ignoring the strategic value of integrating cybersecurity across people, processes, and technology. This lack of foresight leads to bad risk-reward assessments, especially when it comes to complicated threats like quantum attacks. In open, interconnected digital ecosystems, these kinds of underestimations can add up across independent businesses, which could lead to systemic problems or even catastrophic failures after a major cyber event. If businesses don't have visionary leaders who put long-term cyber resilience first, they could face problems that go beyond just one breach. These problems could even cause economic shockwaves.
Align to an asset-driven cyber resilience framework – In the age of quantum technology, everyone in the business ecosystem needs to be on the same page with a cyber resilience framework made for quantum-enabled service applications. The NIST cybersecurity framework is a well-known basic standard, but it should be improved by adding an asset inventory that is specific to each stakeholder and business. This asset-driven approach gives organizations a dashboard that shows them what's going on in real time. This helps them keep an eye on and improve the resilience of each system component that contributes to overall cyber resilience. For instance, in an open network e-commerce platform, important assets include quantum-capable devices at the network edge and core; communication networks (physical, quantum, and logical) and their protocols; operational applications for both the platform and its merchants; sensitive data like consumer and business PII; and people like developers, users, managers, and support staff. By mapping these parts to the NIST framework, businesses can make sure they are following the rules and are ready for new quantum threats that may come up in their digital infrastructure.
Training business developers and users – Big companies have a duty to teach their developers and employees how to make safe and ethical applications because of new technologies like quantum computing and networking. To make sure that everything works together well, management needs to look at the cost-benefit trade-offs between people, processes, and technology. In important areas like open and closed e-commerce platforms, which are very important to the economies of many countries, teaching stakeholders is necessary to achieve quantum resilience. Human capability is especially important during the absorption and incident response phases of the NIST cybersecurity framework. Resource redundancy, diversity, modularity, and built-in adaptability are all important for effective responses. Because quantum is still new and complicated, businesses need to hire a small but elite group of quantum experts—technicians and risk managers—who can: (a) find weaknesses that come up when quantum is used for offensive or defensive purposes, (b) help move from classical to quantum-secure systems in hybrid environments, and (c) make cryptographic and communication protocols that are safe for quantum. In a world where quantum threats are real, building a workforce like this is not optional; it's necessary for the long-term security and continuity of your business.
Timely deployment of right security technology – Businesses need to make it a top priority to quickly and safely roll out quantum-resistant technologies to protect themselves from new threats. Michele Mosca from the University of Waterloo says that the time it takes to keep data safe and the time it takes to update cryptographic systems must be less than the time it takes for quantum computers to break current encryption using Shor's algorithm. Public key cryptography (PKC) used in e-commerce is in serious danger of failing because research is moving so quickly, especially on how to use Shor's algorithm. Businesses need to start getting rid of PKC and switch to quantum-resistant algorithms like ML-DSA, ML-KEM, and XMSS. The US NSA's CNSA 2.0 directive says these algorithms should be used by January 2027. Companies should also use hardware like Lattice Field Programmable Gate Arrays (LFPGAs) to improve their defences and use Quantum Key Distribution (QKD) with the BB84 protocol to encrypt their data. Adding quantum security gateways to existing networks is another way to protect them in depth. Quantum-secure blockchains, China's Quantum Network, BT and Toshiba's QKD systems, and other real-world examples show that the future of quantum security isn't just a theory—it's already happening. Companies need to act now, or they might not matter anymore.
Ranjan Pal (MIT Sloan School of Management, USA)
Bodhibrata Nag (Indian Institute of Management Calcutta)
First Published: Sep 30, 2025, 16:29
Subscribe Now