Quantum technologies stand to offer huge economic and social benefits. However, major risks are also on the horizon, potentially within a decade. These include cryptographic challenges (encryption and authentication) with potentially cascading impacts; new extremes in concentration of economic and business power; and an amplification of security risks. Cryptographic complacency Cryptographic risks are looming from expected quantum computing attacks on classical mathematics-based cryptography. The latter underlies current user authentication as well as data protection, storage and transmission, affecting the digital lives of all organizations and individuals. The quantum algorithm that exists today (known as Shor’s algorithm) already poses a theoretical threat to classical mathematics-based cryptography. Importantly, there are two specific threat vectors and impacts: First is decryption of private data, which will threaten Personally Identifiable Information (PII) and data privacy (e.g. medical data) as well as intellectual property data. This threat is immediate, due to so-called “harvest now, decrypt later” campaigns, whereby encrypted data is stolen and stored until quantum technology becomes sufficiently advanced to decrypt it.117 The second threat relates to breaking the cryptographic system that lets people, devices or services prove who they are online. Shor’s algorithm threatens to break this so-called “public-key infrastructure” as it is based on asymmetric keys and allows the impersonation of identities. All forms of digital authentication – including impersonation of online wallets for blockchain, authentication of digital contracts, trust establishment between a credit card and the issuing bank, or trust establishment between digital devices – will be at risk. National critical infrastructure could be at risk, too, since hostile actors could, for example, potentially take over self-driving vehicles or utilities. This threat is a longer-term one, as it does not depend on data, rather on whether quantum protection is in place at the time that a quantum attack becomes possible. Shor’s algorithm is waiting for a quantum computer powerful enough to run it, and progress towards this objective is quickening thanks to AI. According to a survey conducted in 2024, 53% of quantum experts believe that within a decade there will be at least a 50% likelihood of a quantum computer being able to break RSA-2048, a type of public-key classical mathematics-based cryptography118 within 24 hours.119 Time is thus of essence in preparing for this milestone, often termed “Q-day”.120 The US National Institute of Standards and Technology (NIST) in 2024 took the lead121 in issuing a set of standards for post-quantum cryptography (PQC),122 which is currently serving as a benchmark for other jurisdictions, focused on implementing new PQC algorithms that are resistant to Shor's algorithm. EU Member states have also developed a roadmap for the transition to PQC.123 However, many organizations appear to be lagging when it comes to understanding the potential impacts of quantum, both positive and negative. Only 12% of employers surveyed view quantum and encryption as critical technologies that will transform their organizations.124 Moreover, it is estimated that only 5% of organizations have quantum-safe encryption (i.e. to protect against Shor’s algorithm) in place.125 According to IBM’s Quantum Safe Readiness Index, which assesses organizations’ level of readiness across quantum- safe discovery, observability and transformation, the average quantum-safe readiness score is only 25 out of 100, where 100 is the safest.126 While large companies and some governments may have the know-how and resources to implement protections in time, many smaller companies Getty Images, Unsplash Global Risks Report 2026 54