- As Q-Day (Quantum Day) approaches, the focus should stay on clearly defined use cases, not problems classical computing already solves well.
- Post-quantum cryptography (PQC) is the most essential immediate action.
- CTOs should also be starting their cryptographic audit, defining their quantum use case and making crypto-agility a design requirement in their organisation.
Google’s recent shift of its Q-Day timelines to 2029 is a signal, not a surprise. For UK CTOs who have been watching this space, it confirms what the most forward-thinking organisations already know; the quantum transition is a strategic imperative rather than a theoretical exercise.
With the National Cyber Security Centre (NCSC) leading the way on global quantum standards and a recent £2bn commitment to invest in quantum technologies, the UK is intent on competing early. But government alone cannot set the pace. The window for industry to act with intentionality and purpose is open right now, before quantum’s arrival forces the issue.
Build security in from the outset
One of the clearest lessons from the AI era is what happens when security becomes an afterthought. According to IBM’s 2025 Cost of a Data Breach Report, 13% of organisations experienced breaches of AI models or applications – 97% of which lacked proper access controls. C-suite leaders chased innovation whilst leaving the door open.
Quantum offers a chance to do things differently. The NCSC’s framework gives UK CTOs clear direction, with post-quantum cryptography (PQC) as the most essential immediate action.
Three things matter here
- Treat PQC as a standing governance issue with regular senior-level reporting
- Map every system where quantum-vulnerable encryption exists, well beyond core IT
- Prioritise data with the longest exposure lifespan: intellectual property, financial records, customer data
Aside from risk mitigation, a genuine commitment to PQC sends a commercial signal: your organisation is a trustworthy, long-term steward of data. In competitive procurement and partnership discussions, that distinction will increasingly matter.
The blockchain parallel and why it matters for quantum and AI
Quantum’s disruption will not stop at traditional encryption. It poses a direct challenge to blockchain, the technology underpinning cryptocurrencies, smart contracts, and a growing range of enterprise applications. The cryptographic foundations that make blockchain ‘immutable’ are built on the same mathematical problems a sufficiently powerful quantum computer will solve.
This is not a future problem. Blockchain transactions recorded today could be retroactively compromised once quantum capability matures; the same ‘harvest now, decrypt later’ risk that applies to all encrypted data. CTOs with supply chain, financial settlement, or identity systems built on blockchain need to start assessing quantum exposure now.
Blockchain also offers a strategic lesson. When it emerged, many organisations rushed in without a clear problem to solve. The ones that created real value were disciplined: they identified specific use cases where the technology’s properties solved a genuine challenge, piloted carefully, and built expertise incrementally. Apply that same discipline to quantum by resisting the hype, focusing only on problems uniquely suited to quantum solutions, and carefully auditing which AI or blockchain-dependent systems will require post-quantum hardening.
Buy early, but land quickly, making quantum investment count
Quantum hardware has long lead times, so securing early access can make sense, however the AI era showed the risk of buying ahead of strategy. CTOs should move on hardware if needed, but quickly anchor on a single high-value use case and deliver a fast proof of concept.
As Q-Day approaches, the focus should stay on clearly defined use cases, not problems classical computing already solves well. Quantum’s value lies where current methods fall short: complex optimisation, drug discovery, materials science, and large-scale financial modelling. Start with an honest capability assessment and small pilots to build expertise and evidence; the leaders will be those who turn early access into early results.
The architecture decisions you make now will define your quantum readiness
The instinct of the past decade has been to throw more at performance challenges: more data, more parameters, more GPUs at enormous energy cost and with diminishing returns. Quantum changes that equation fundamentally. Where classical computing scales linearly, more power for more performance, quantum systems can evaluate vast solution spaces simultaneously, meaning problems that currently demand warehouse-scale infrastructure running for weeks could be solved in hours. For the right challenges, this isn’t an incremental improvement, but a different class of computation.
That means designing architecture for change from the ground up. Systems built without this flexibility will accumulate serious technical debt. CTOs who delay may face replacing entire infrastructure from scratch, at far greater cost and disruption than acting now.
In my conversations with enterprise leaders across EMEA, the organisations making the most meaningful progress share one characteristic: they are treating quantum-readiness as an infrastructure design principle today rather than a future migration. A hybrid classical-quantum strategy is the most credible near-term approach, enabling initial business applications ahead of full commercialisation and allowing organisations to build confidence and capability incrementally.
The window is open, step through it
The UK government is creating the conditions for quantum to move from laboratory to economy faster than almost anywhere else in the world. Real use cases are being piloted and the commercial timeline is compressing. The organisations that lead will not be those with the largest budgets, they will be the ones that started asking the right questions first.
What does this mean in practice? Right now, there are three things every CTO should be doing:
• Start your cryptographic audit. Map every system, including blockchain-dependent ones, where quantum-vulnerable encryption exists. You cannot protect what you haven’t identified.
• Define your quantum use case. Identify one high-value problem in your organisation that classical computing cannot solve effectively and begin scoping a small-scale quantum pilot around it.
• Make crypto-agility a design requirement. Every significant infrastructure decision from this point forward should be evaluated against quantum-readiness. Build for change now or pay a far higher price later.
The quantum era will not announce itself with fanfare. It will arrive for the prepared and disrupt the rest. The question is not whether your organisation needs a quantum strategy, it is whether you’ll have one ready when it matters.
Ginna Raahauge is international CTO – EMEA, Via55 WWT.
Read more
The future of quantum computing – what you need to know – Nick Martindale explores the future of quantum computing: how it works, the benefits and the risks that you need to be aware of
