Why Asia’s Quantum Ambitions Need Post-Quantum Security

David H. Holtzman
Hub Hub

Guest Post by David Holtzman, Executive Chair at Naoris Quantum Protocol 

The White House’s June 22 executive order, which accelerates quantum computing efforts and places post-quantum cryptography firmly on the agenda, reflects a growing recognition that quantum readiness now sits alongside broader national security planning.

Across Asia, governments have been moving in the same direction for some time, with significant investment going into quantum research, national infrastructure and the talent needed to build long-term capability. The region is actively positioning itself for the economic, scientific and strategic opportunities quantum technology could create, and there is clear momentum behind those ambitions.

As that momentum grows, security planning needs to develop alongside it, because much of the digital infrastructure supporting financial systems, government services, healthcare networks and critical infrastructure still relies on encryption that future quantum computers may be able to break. Building quantum capability and preparing the systems that will need to withstand its impact should be treated as part of the same long-term effort, particularly where sensitive data and essential services are concerned.

Asia is Already Setting the Pace

Government money tells the clearest story. The Asia-Pacific region leads the world in public quantum investment, with more than €19 billion committed, close to 47 percent of the global total. China holds the largest national share, and in 2024 it established a government-backed venture fund worth roughly $138 billion covering quantum and other frontier technologies.

The spending runs across the region as Japan has committed around $7.4 billion and Singapore more than $222 million toward research and talent, while South Korea has put forward roughly €2 billion and India close to €0.8 billion. China’s hardware progress matches the budgets, moving from the 105-qubit Zuchongzhi 3.0 to the 504-qubit Tianyan-504 within a single year. The capability curve is steep, and it is regional.

The Breakthrough and the Defense Run on Different Clocks

A cryptographically relevant quantum computer would have the potential to break much of the public-key encryption that currently protects banking systems, government records, healthcare data and critical infrastructure across Asia, and while no one can say with certainty exactly when that capability will arrive, the exposure associated with it has already begun to build.

This is because adversaries do not need a quantum computer in their hands today to create a future security problem as they can collect encrypted information now and store it until the technology is advanced enough to decrypt it, which is commonly known as a harvest-now-decrypt-later strategy. For data that has a long sensitivity life, including state records, financial information, citizen identity data and intellectual property, the risk begins at the moment that information is transmitted across a network or stored in a system that may still need to be protected years from now.

At the same time, cryptographic migration is not a quick or simple process, particularly for large institutions that operate across legacy systems, cloud environments, third-party platforms and complex supply chains. IBM has estimated that a full transition to post-quantum cryptography could take around 12 years, and much of that time is likely to be spent identifying where vulnerable cryptography sits within systems that were never designed with this transition in mind. Despite the scale of the challenge, adoption remains extremely limited, with peer-reviewed research published in 2025 placing deployment at around 0.029 percent even within national supercomputing clusters.

This means that the breakthrough and the defense are running on very different clocks. Quantum hardware investment is accelerating year after year, while the work required to identify, prioritise and replace vulnerable cryptography has only just begun in many organisations. A region can lead the world in building quantum capability and still leave its banks, energy grids, government services and telecommunications networks exposed if its security planning does not move at the same pace as the technology it is helping to advance.

Singapore Wrote the Playbook Early

If there is one country that has shown what a serious approach to quantum preparedness looks like, it is Singapore. Rather than waiting for quantum computing to mature, policymakers have treated the transition as a long-term national security and financial stability challenge that requires action well before the technology reaches its full potential.

That approach became clear in February 2024, when the Monetary Authority of Singapore issued guidance to the chief executives of every financial institution, instructing them to identify where cryptography is embedded across their organisations, assess which systems would be most vulnerable, and begin planning their migration to quantum-safe security.

The response has been equally practical. DBS, HSBC, OCBC and UOB have already worked alongside the regulator in a quantum-safe communications sandbox, supported by S$100 million in government funding for quantum and AI innovation in financial services. Singtel has also launched Southeast Asia’s first nationwide quantum-safe network. Together, these initiatives show that quantum security is no longer a research project or a future ambition. It is already being deployed as part of the infrastructure that underpins a modern digital economy.

What the US order Signals for the Region

The executive order carries two messages that Asian governments and enterprises should read closely. Section 4(f) directs US intelligence and defense leaders to assess the national security implications of commercial quantum computers, including the implications for the migration to post-quantum cryptography. Washington now treats cryptographic readiness as a defense matter.

One of the most significant aspects of the White House’s executive order received relatively little attention. Alongside accelerating quantum research, it calls for closer coordination with allies on supply chains, export controls, and research security, recognising that quantum resilience will increasingly depend on shared standards and trusted partnerships. As those standards begin to emerge, countries that move early on quantum security will be better positioned to collaborate across borders, while those that delay may find themselves having to catch up.

For Asia, the implications extend well beyond the technology sector. The region’s financial systems, telecommunications networks, power grids, government identity platforms, and cross-border payment infrastructure all rely on public-key cryptography that quantum computers are expected to compromise. These are long-life systems that cannot be upgraded overnight, and many also protect some of the most sensitive data held by governments and enterprises. The scale of that challenge is precisely why planning for migration has to begin long before Q-Day arrives.

The Window is the Asset

The quantum race is often discussed through headline figures such as qubit counts, research breakthroughs and the scale of government investment flowing into the sector, and while those measures are important, for security teams the more meaningful question is time, because every year before quantum computers become cryptographically relevant is another year in which sensitive information is being created, transmitted and stored using encryption that may eventually become vulnerable.

This is particularly important because much of the data being protected today, whether it relates to financial activity, government systems, healthcare records or critical infrastructure, may need to remain secure for many years or even decades. The risk is therefore not limited to the day a quantum computer becomes powerful enough to break existing public-key cryptography, as data can be collected and stored now with the expectation that it may be decrypted later once the technology reaches that point.

That period between today and Q-Day should be viewed as a valuable window for preparation, and governments and enterprises across Asia that begin mapping where cryptography is used across their systems, identifying their most critical data and infrastructure, and putting practical migration plans in place now will be in a far stronger position when quantum technology reaches its tipping point.

This does not mean that every organisation needs to replace its security systems overnight, because the most effective approach will be a considered and phased one that starts with building a clear cryptographic inventory, prioritising the areas of greatest risk, and ensuring that future technology investments are designed with quantum resilience in mind from the outset.

Asia has already shown that it can lead in quantum research, infrastructure and talent, and applying that same focus to quantum readiness will be just as important, because it will help protect the systems that underpin the region’s economies while ensuring that the investments being made today translate into lasting security as well as long-term technological leadership.

This article is a guest contribution. The views, opinions, analysis, and claims expressed are those of the guest author alone and do not necessarily reflect the views of The Quantum Insider or it’s editorial staff.

Keep track of everything going on in the Quantum Technology Market. In one place.

Share

Stay Ahead of Quantum

Get the latest research, company news, and market intelligence every week.

MENTIONED IN THE ARTICLE

More in Research

Related Articles