em360tech image

Moona undertook her Quantum research on behalf of the ISF, Information Security Forum, a membership organisation helping their members enhance their cyber security. By providing thought-leadership, specialist guidance, and peer-learning, ISF allows members to cut through the noise and enhance their cybersecurity posture as part of their security transformation.

  1. Can you give a brief overview of your speaking session at DTX London 2025?

My session provides clarity amidst uncertainty and hype to deliver a practical roadmap for quantum readiness. We cover why complacency is not an option, regulatory and other timelines, and provide practical steps organisations can take today, avoiding panic-driven procurement and analysis paralysis. Learn how leading financial services organisations are already securing competitive advantages through strategic implementation, why data lifecycle management is your first line of defence, and how to build quantum resilience that strengthens your current security posture against attacks like ransomware, supply chain threats, and adversarial use of AI. The session also provides guidance on where each organisation should be in their post-quantum journey and why. I undertook this research on behalf of the ISF, Information Security Forum, who help their members enhance their cyber security.

  1. How can organisations effectively distinguish between exaggerated claims about quantum threats and genuine risks?

The quantum threat is real but rushed solution procurement is not needed. Be wary of "urgent need to act immediately" narratives that push specific products. Instead, focus on the actual timeline recommended by bodies like UK NCSC: plan by 2028, migrate between 2031 and latest by 2035. Solid quantum preparedness focuses on strategic planning and proven steps that can be taken in-house, rather than immediate large-scale investments or unproven solutions. However, be aware that today the risk of HNDL (Harvest Now, Decrypt Later) attacks is real: adversaries are already collecting encrypted data to decrypt it once quantum computing becomes available. Membership of an organisation like ISF, the Information Security Forum, helps guide organisations and cut through the noise around issues such as these.

  1. How can organisations protect both today's sensitive data and tomorrow's high-value information against potential quantum attacks?

The most critical immediate steps are implementing robust data classification and lifecycle management, performing periodic quantum risk assessments, and having active conversations about the post-quantum threat and preparedness at all levels. Implementing crypto-agility and quantum-resistance during routine hardware refresh cycles and other security upgrades is recommended. Quantum preparedness activities can be included in existing security activities, to make them cost and resource effective. The key activity phases will repeat and generally run concurrently to support continuous improvement. Early preparation is essential because of the quantum timeline dilemma: while today's harvested data will lose some value before quantum computers arrive, any data we create in the coming years and harvested will still be at peak value when quantum computers can decrypt it, resulting in a potentially disastrous confidentiality breach. The ISF, Information Security Forum, is a membership group guiding organisations through this and other cyber security transformation.

  1. What practical steps should organisations take today to build a realistic quantum readiness roadmap?

The key thing is to be aware that quantum preparedness is a whole-organisational transformation activity, not just something for IT specialists. Begin with foundational steps: establish board-level awareness, create a Data Governance Council with cross-functional authority to drive implementation, and conduct quantum risk assessments. Focus on early wins: enhanced data lifecycle management with classification, automated discovery, cryptographic erasure. Embed crypto-agility as a design principle in all new systems and start engaging with supply chain partners about their quantum readiness plans. Early on in the transition journey, secure key exchange protocols and start using a hybrid of post-quantum and traditional encryption. Membership of an organisation like ISF, the Information Security Forum, can be helpful for organisations to learn from peers and access specialist advice and guidance for enhancing their post-quantum and cybersecurity posture.

  1. How do you believe quantum computing will evolve in the years ahead?

Y2Q (Year to Quantum), means the arrival of quantum computers capable of breaking widely-used encryption methods, such as RSA and ECC: this is expected between 2030 and 2040. Unlike with Y2K, the timeline for widespread cryptographic disruption remains uncertain. However, significant advances in computing power and speed could also be achieved in other areas, so doing nothing is certainly not an option. Note that nation states in possession of quantum computers, may not announce this for a while. The HNDL-threat is real but insidious and invisible. Hence, I encourage more organisations to begin strategic planning . Organisations in high-risk industries should continue implementation. 2025 is the International Year of Quantum Science and Technology, so awareness, regulatory guidance, and industry coordination around quantum preparedness are expected to grow. Early adopters like HSBC, Barclays, and Mastercard will likely continue demonstrating their early competitive advantages, encouraging more organisations to begin their quantum readiness journeys. Beyond the security challenges, quantum computing will also create significant business opportunities in areas like optimisation, simulation, sensing, positioning and timing, and enhanced analytics. The ISF, Information Security Forum, is a membership group guiding organisations through this and other changes to the cyber threat landscape and beyond.

Moona is speaking at DTX London, the UK’s number one event for business transformation. Join her for her session on ‘Beyond the hype: Strategic preparedness for the post-quantum era’ which takes place on the Holistic Cyber Strategies Stage on Wednesday 1st October at 1:05PM - 1:30PM.