The 2025 SANS Emerging Threats Summit delivered a powerful message: the era of quantum computing is rapidly approaching, and its impact on cybersecurity, while profound, is just one facet of its transformative potential. The summit highlighted many emerging developments across the cyber threat landscape, but quantum computing stood out as the clear strategic priority—from its foundations and disruptive power to the urgent need for defensive readiness.
Recent analyses underscore the urgency of quantum threats. According to the Global Risk Institute's 2024 Quantum Threat Timeline Report, experts estimate that within 5-15 years, a cryptographically relevant quantum computer (CRQC) could break standard encryptions in under 24 hours. Meanwhile, Deloitte’s Global Future of Cyber survey found that 52% of organizations are currently measuring their exposure to quantum-related risks and developing corresponding strategies, and an additional 30% are taking decisive actions to implement solutions addressing these risks. This indicates a growing awareness and proactive stance among enterprises regarding the cybersecurity challenges posed by quantum computing.
Building on that theme, discussions at the summit coalesced around seven key takeaways that security leaders should prioritize to prepare for the quantum era:
7 Quantum Takeaways from the SANS Emerging Threats Summit
1. Quantum computers are imminent and will break current encryption.
Quantum computing is on track to fundamentally disrupt cryptographic security. Experts estimate that by the early 2030s, quantum systems will enable threat actors to bypass widely used public key infrastructure algorithms like RSA and ECC—rendering them ineffective for protecting sensitive data. In response, NIST released its first set of finalized Post-Quantum Cryptography (PQC) standards in August 2024. These quantum-resistant algorithms, including CRYSTALS-Kyber, CRYSTALS-Dilithium, and SPHINCS+, have been vetted for long-term resilience and are ready for implementation across government and industry.
“If attackers get a cryptographically relevant quantum computer and can start factoring 2048-bit RSA or breaking ECC keys quickly… that’s the moment everything changes.”
2. PQC is the defensive priority.
The introduction of PQC standards marks a major shift in cybersecurity strategy. The new algorithms are specifically designed to withstand the capabilities of quantum brute force attacks and will serve as the foundation of secure communications in the post-quantum era. Organizations are encouraged to begin facilitating PQC migration across their systems now. Full adoption will take considerable time, and early movers will have a distinct advantage in maintaining trust, compliance, and operational continuity as the cryptographic landscape evolves.
“All new hardware will support post-quantum cryptography… and if your old systems can’t, they’re not going to belong in the 2030s anyway.”
3. Data encrypted today could be vulnerable tomorrow.
The quantum threat isn't just about the future—data encrypted today is already at risk. Nation-states adversaries and other bad actors are stealing sensitive information now, with the intent to decrypt it later using quantum tools once available. This tactic, known as "harvest now, decrypt later" (HNDL) attacks, targets data with long-term sensitivity. To counter this, security leaders should prioritize protecting assets with enduring confidentiality requirements. Identifying and securing that data with quantum-resistant encryption is one of the most immediate and impactful steps organizations can take.
“Nation-states have already been harvesting our pockets for years… and once they get the quantum tools, they’ll use them.”
4. The quantum shift will affect every sector.
Quantum computing will impact more than encryption. Its arrival will reshape industries that depend on digital trust, from finance and healthcare to defense and manufacturing. These sectors must plan for ripple effects across compliance, supply chains, and operational security. Building cross-functional awareness is crucial. CISOs and security teams should work closely with leadership to ensure quantum readiness is included in strategic planning, not just technical roadmaps.
“We have real-world lives protected by cryptography… not just credit cards or identity, but actual physical impacts.”
5. Migrating to quantum-safe systems is challenging but essential.
PQC migration is a large-scale effort. It starts with discovering where vulnerable cryptography exists, then evolves into planning how to replace or augment those systems with quantum-safe alternatives. Complexity varies across infrastructure, and performance tradeoffs may emerge. To navigate this, many organizations are using hybrid approaches that pair classical and PQC algorithms to minimize disruption. Engaging vendor partners early, building migration roadmaps, and prioritizing agility in security architecture will help ease the transition.
“It’s not going to be one big change—things are already happening. The shift is underway.”
6. Regulatory momentum is building.
Public-sector regulatory action is accelerating. Agencies like NIST, CISA, and the NSA have issued detailed guidance to support the transition to quantum-resistant cryptography. These directives outline expectations for cryptographic inventory, system readiness, and future-proofing security architectures. Private organizations should view this as both a policy signal and a strategic mandate. Aligning early with government recommendations will position them to reduce compliance risk and meet future standards with less disruption.
“Regulatory pressure is mounting. Organizations need to initiate quantum readiness plans. A comprehensive and accurate cryptographic inventory remains the indispensable first step.”
7. The time to act is now.
Quantum threats are advancing on a known timeline. Delaying action creates risk that will be harder and more expensive to manage later. The most resilient organizations are already mapping their cryptographic environments and aligning with NIST’s standards and roadmaps. Getting ahead means more than technical fixes. It requires education, risk modeling, and coordinated execution. Teams that build this readiness now will be far better positioned for what is coming next.
“Quantum is coming, whether it’s in seven years or in 15. Now is the time to act. If you wait until quantum arrives, it’s already too late.”
Expert Perspectives from the SANS Emerging Threats Summit
While the seven key takeaways provide a high-level roadmap for preparing for quantum risk, the real value of the SANS Emerging Threats Summit was in hearing from practitioners and experts who are navigating this transformation in real time. The following presentations offered a closer look at how different sectors are tackling the challenge from theoretical grounding to real-world implementation.
Understanding the Landscape: The Nature of the Quantum Shift
Dr. Kawin Boonyapredee (LinkedIn), Chief Strategy Officer of Applied Quantum, set the stage with a primer on how quantum computing works, and more importantly, why it matters. His session provided context for quantum’s computational potential beyond security—highlighting breakthroughs in fields like health and materials science—and connected that promise back to the very real risk to today’s encryption. This reminded attendees that quantum is not just a threat vector, but a technology shift with broad implications.
Moving from Awareness to Action
In a session focused on preparedness, Marin Ivezic (LinkedIn), Founder of Applied Quantum, stressed that cryptographic readiness is a priority that cannot wait. He pointed to rising regulatory expectations and emphasized the importance of aligning cryptographic inventories with high-priority areas of your security environment. His message reinforced a recurring theme: the first step in defending against quantum threats is knowing what you need to protect most.
Why PQC Works—and Why It’s Ready
Konstantinos Karagiannis (LinkedIn), Director of Quantum Computing Services at Protiviti, took the conversation deeper into the science behind PQC. His explanation of lattice-based cryptography and the mathematical hardness behind “learning with errors” helped demystify why these new algorithms are considered secure, even against quantum attacks. His breakdown of ML-KEM’s performance also gave attendees a tangible sense of what PQC can deliver in current systems.
Lessons from the Field: PQC in Practice
Bringing a practical view from the financial sector, Mark Carney (LinkedIn) of Santander Global Tech walked attendees through his organization’s real-world approach to PQC migration. He detailed how his team approaches cryptographic discovery, aligns migration efforts with long-term risk exposure, and treats cryptographic governance as part of continuous DevSecOps workflows. His use of the “OODA loop” framework drove home a crucial point: adapting to quantum isn’t a one-time change. It’s an ongoing and evolving process.
Taken together, the actionable insights from various presentations signified the summit's core message: quantum-driven cyber risk is no longer theoretical. Whether from the vantage point of cryptographic science, regulatory urgency, or enterprise-scale strategy, the call to action was clear. Quantum readiness must be intentional, cross-functional, and underway now.
Fostering a Safer Future Together
The SANS Institute continues to support security professionals with training, research, and expert-led events that equip organizations with the skills needed to navigate evolving threats. As the cybersecurity landscape shifts with the rise of quantum computing and other advanced technologies, ongoing education and community engagement are more important than ever. SANS provides a trusted platform for security leaders and practitioners to stay ahead of emerging risks, refine their strategies, and connect with peers facing similar challenges.
Interested in attending a SANS Summit? We offer both live and online attendance options, making it easier than ever to stay informed and connected with the global security community. Find the full list of 2025 summits here.
Ready to deepen your cybersecurity knowledge or help position your security team for quantum readiness? Explore SANS courses and register for upcoming live instructor training or self-study options.
Disclaimer: To capture insights from four expert talks and a panel on Quantum technology, SANS combined advanced AI tools with human writing and editing. AI generated initial summaries to efficiently handle the volume and complexity, while our team refined the content to keep it accurate, engaging, and free from robotic tone.
