The ISACA Quantum Pulse Poll 2025, presented in Madrid, set out to determine the level of quantum computing preparedness among businesses. The study found that 67% of European IT professionals are concerned about the impact of quantum computing on cybersecurity, only 4% of organizations currently have a formal strategy to deal with the quantum threat, and just 2% feel extremely familiar with the technology.
Quantum computing has the potential to break current cryptographic algorithms, so it represents a direct threat to the confidentiality of data, financial transactions, medical records, and government systems protected by encryption.
This comes at a time when the Spanish government has presented its Quantum Technologies Strategy 2025-2030, which envisages a public investment of 808 million euros and plans to mobilize a further 700 million. The four main objectives of the plan are to strengthen R&D&I, to create a Spanish quantum market, to prepare society for disruptive change, and to consolidate the quantum ecosystem. It will be financed with FEDER funds and the PRTR, and will focus on three fields: computing (cybersecurity and privacy), communications (quantum internet), and sensorics (science, health, and defense).
Likewise, the creation of a quantum communications hub has been approved with 10 million euros.
CSO Spain had the opportunity to talk to Ramsés Gallego, president of the Barcelona chapter of ISACA and expert in quantum computing, who has analyzed various aspects of quantum computing, and especially the threats related to this technology.
In his opinion, and as far as threats are concerned, he considers that we are at a turning point. “Quantum computing is no longer a distant promise: it is a rapidly advancing reality, with disruptive capabilities that directly affect the cryptographic systems that today protect our critical infrastructures, our medical records, our banking transactions,” he says. “Rather than preparing for the future, we must prepare from the present. As I like to say, quantum is a re-evolution—it’s not an incremental evolution, it’s a paradigm shift—and only organizations that understand this will be able to navigate the new digital age with confidence. The key is to act today to protect tomorrow.”
Gallego says the challenge is not theoretical but practical, adding, “We are already seeing clear warning signs.” He warns of “the so-called ‘harvest now, decrypt later’ attacks, which consist of intercepting encrypted data today to decrypt it in the future with quantum technology. This is not science fiction, but a concrete threat that requires immediate responses.
Prepare now for Q-day
European organizations are not prepared to deal with this type of threat, Gallego says: “Only 4% of European organizations have a formal quantum threat strategy. And just 2% of the professionals surveyed feel genuinely familiar with these technologies. That gap between risk awareness and actual action is worrying. Preparedness cannot be optional; it must be a strategic priority.”
Gallego believes that “there is a significant lack of quantum literacy.” In his opinion, quantum computing breaks technological molds and forces us to rethink how we manage privacy, identity, and data integrity. (See also: 9 steps to take to prepare for a quantum future)
“Some organizations believe this is a problem of the future, but the truth is that preparation must start today. Because when ‘Q-day’ comes—that moment when a quantum computer is able to break today’s encryption—it will be too late to react. What we don’t encrypt securely today will be vulnerable tomorrow,” he continues. “There are already standards developed by organizations such as NIST, and it is essential to start integrating them.”
Therefore, the first thing that organizations have to do is to train their professionals in quantum fundamentals, in new encryption algorithms, and in how to adapt their infrastructures to this new paradigm, he says. The second thing they have to do is to identify which sensitive data is protected with algorithms that may become obsolete in a short time. And the third thing, according to Gallego, is to start the transition to post-quantum cryptography as soon as possible.
“Finally, I strongly believe in public-private collaboration. Real innovation happens when the state, business, and academia are rowing in the same direction. The Spanish Government’s Quantum Strategy, with more than 800 million euros of investment, is a big step in that direction,” he adds. “The ‘Q-day’ will come, we don’t know if in five, 10, or 15 years, but it is an inevitable horizon. We cannot afford a scenario in which all of our confidential information is massively exposed. Encryption-based security is non-negotiable.”
This article originally appeared on Computerworld Spain.
Source:: Network World