Editor’s Note: We had so many submissions for our 2025 Expert Predictions that were mainly focused on post-quantum cybersecurity issues that we broke this out for a separate column. The following provides a curated list of just some of those experts who submitted their key insights and emerging trends that may shape post-quantum cybersecurity for 2025.
Ben Packman, CSO of PQShield
NIST in 2025
PQShield co-authored the PQC standards released by NIST this summer, and he has worked with The White House, the European Parliament, and the likes of AMD and Microchip Technologies to support the implementation of this technology.
Ben Packman, CSO of PQShield, made this prediction for 2025:
In 2025, enterprises will start deploying post-quantum cryptography at scale – moving out of the “discovery” phase at the start of their adoption roadmaps.
After NIST’s PQC standards were finalized in summer 2024, the conversation around PQC became more definite and adopting PQC became about compliance. For most businesses, the first phase to compliance was cryptographic discovery, in which they identified where their most critical data with the longest half-life lay and understood their vulnerabilities and their vendors’ as well.
Now, most enterprises are entering 2025 with a greater understanding of what the transition to PQC means and how they can manage their assets to enter the “deployment” phase. At the same time, the pathway to compliance will become clearer as industry bodies align on a standard method for achieving “hybrid” protection, between PQC and traditional cryptography (PQ/T). As a result, enterprises will find it easier to stay one step ahead of the attackers and modernize their cryptography.
Ben Packman
CSO of PQShield
Rob Stevenson – BackupVault
I believe 2025 will be a crucial year for quantum computing. The transition from physical qubits to logical qubits will fundamentally redefine what quantum technology can achieve, opening doors that were previously locked by high error rates and scalability limitations.
From a cybersecurity perspective, this evolution demands urgent attention. Quantum computers will eventually have the capability to break current encryption standards, making quantum-safe cryptography a critical focus for businesses and governments alike.
In 2025, I believe organizations should prioritize understanding and adopting post-quantum cryptographic algorithms to future-proof their data. Look for partnerships between quantum hardware providers and cybersecurity firms aimed at developing robust encryption methods.
Beyond security, quantum technology’s advancements will influence industries such as renewable energy, drug discovery, and supply chain optimization. For example, quantum simulations will accelerate breakthroughs in battery technologies and renewable energy systems, key to achieving global sustainability goals. Businesses in these sectors should be prepared to integrate quantum-powered solutions as they become commercially viable.
Another trend to keep an eye out for is the rise of neutral-atom quantum computing. This approach not only promises scalable performance but also a smaller ecological footprint compared to traditional quantum systems. As the tech industry grapples with sustainability challenges, neutral-atom computing’s energy efficiency could make it a preferred choice.
Founder & Tech Expert at BackupVault
John Prisco, Toshiba Consultant and CEO of Quantum Safe
As we approach 2025, the quantum technology industry is on the cusp of transformative breakthroughs. It’s crucial to highlight technologies that can address the growing cyber risks of tomorrow. Quantum Key Distribution (QKD) offers a vital layer of protection in a world where there’s a surge of data breaches and cyber attacks. It’s estimated that one cybersecurity attack occurs every 39 seconds, according to recent data.
That’s why quantum-safe cryptography must become a priority in 2025. By adopting QKD, organizations can not only secure their communications today but also safeguard them against the emerging threats of quantum computing. This can be done by establishing encryption protocols that are safe from quantum attacks and by partnering with QKD service providers. Typically, a phased approach is recommended, which involves securing critical communication channels first and then gradually expanding the security measures to cover the broader IT infrastructure.
Additionally, quantum computer development will focus on error correction, thus creating logical qubits instead of simply adding non-corrected qubits like in previous years. This approach will eventually lead to cryptographically relevant quantum computers which will demand quantum protection provided by QKD and PQC.
Lastly, QKD is a strong tool for protecting sensitive communications in industries such as finance, healthcare, and government. It ensures that any attempt to intercept the key will alter the quantum state and be instantly detectable. This makes QKD a powerful method for safeguarding sensitive communications and can help organizations future-proof their cybersecurity strategies and reduce the risks posed by quantum-enabled cyber threats.
Toshiba Consultant and CEO of Quantum Safe
Kurt Thomas, Senior System Engineer at Fortra
Adoption of the new NIST-approved encryption algorithms for post-quantum cryptography for data in transit has started and will slowly climb in 2025, starting first in the especially risk-aware sectors like defense and finance. This will reduce the risk of harvest-now-decrypt-later attacks on confidential data.
Kurt Thomas
Senior System Engineer at Fortra
Dr. Avesta Hojjati, VP of Engineering at DigiCert
Last year, we predicted that ongoing advances in quantum computing would motivate executives to learn more about its risks and accelerate their investments in post-quantum cryptography (PQC). We predict that 2025 will be the year that PQC takes a major leap forward, from abstract line items on IT roadmaps to deployed operational solutions.
We’re already seeing the first steps toward putting PQC into play. The U.S. National Security Agency (NSA) is expected to announce CNSA 2.0 algorithms for critical NSS networks. We predict adoption of quantum-resistant cryptography will grow, with advanced encryption becoming available in hardware security modules (HSMs) and applications.
As its adoption accelerates, PQC will also evolve to become a regulatory compliance imperative. Global organizations have acknowledged the need for a quantum-secure economy, and compliance standards and regulations are in process for financial services organizations as well as healthcare providers.
VP of Engineering at DigiCert
Todd Moore, Vice President, Data Security Products at Thales
Post-Quantum Cryptography will spotlight crypto agility.
Earlier this year, NIST released its first sets of post-quantum encryption algorithms. Before these standards were released, many enterprises needed help grasping the need for PQC. NIST’s standards have brought urgency to address the impact of quantum advancements and the need to address these threats. Even though the TLS and SSH protocols have been updated to meet NIST’s new standards, NIST is already working on its next set of algorithms, meaning that the algorithms implemented today will be different by the time the threat of quantum computing arrives. This points to the importance of crypto agility in adapting to these evolving security recommendations.
While TLS and SSH protocols are being updated to meet NIST’s standards, enterprises will need to embrace crypto agility in 2025. The biggest barrier will be ensuring they have the time and resources to identify their exposure, take inventory of their assets, and employ crypto discovery. This will manifest in a steady rise of crypto centers of excellence among major enterprises. Enterprises must place agility at the center of their quantum readiness, ensuring crypto-agile solutions are leveraged to keep pace with emerging quantum-resistant cryptography.
Vice President, Data Security Products at Thales at Thales
Bill Wisotsky, Principal Technical Architect, SAS
Quantum computing is set to make significant advancements in error mitigation and correction, substantially increasing the number of computational qubits. This progress will continue to revolutionize the data and AI industry. The fields of quantum machine learning, quantum optimization, and quantum chemistry and biology stand to benefit the most.
Quantum computing will also advance in its hybrid development, with Quantum Processing Units (QPUs) being further integrated with CPUs, GPUs, and LPUs. QPUs will be employed for specialized problem classes or formulations. This hybridization will inspire new approaches to classical algorithms, leading to the development of superior quantum-inspired classical algorithms. Looking ahead, investing in quantum computers promises once-in-a-century breakthroughs, unlocking unprecedented solutions and discoveries in science and physics, akin to the impact of electricity.
Bill Wisotsky
Principal Technical Architect, SAS
Tomas Gustavsson, Chief PKI Officer, Keyfactor
The National Institute of Standards and Technology (NIST) recently released its initial public draft of a post-quantum cryptography (PQC) timeline – a huge milestone that will have massive influence in the next several years. With this new development, NIST has established a clear timeline for organizations to transition away from RSA and ECC, answering one of the most common questions around PQC, with expectations that other compliance frameworks will soon align with this guidance. For example, Federal Information Processing Standards (FIPS) are U.S. government-issued guidelines for ensuring security and interoperability in computer systems used by federal agencies and contractors, ranging across a variety of sectors including like the financial industry, telecom, automotive, manufacturing, rail, etc. Therefore, every sector and business must consider these timelines, and it is impossible to ignore them.
Given that previous transitions, like SHA-1 to SHA-2, took over a decade, starting early is essential as the timeframe for PQC adoption is much shorter. With real, tangible deadlines to work against, organizations can’t afford to postpone their journeys to quantum-resiliency. They must take action now to ensure their systems comply with standards, which will aid in managing the migration of legacy systems and the development of new ones.
Tomas Gustavsson
Chief PKI Officer, Keyfactor
