Thales has revealed the findings from its 2025 Data Threat Report, highlighting the urgent need for organisations to prepare for the post-quantum era. Its annual report, based on a global survey of over 3,100 IT and security professionals from across 20 countries and 15 industries, reflects the latest data security threats, trends, and emerging topics.
Post-quantum readiness
While 60% of organisations are already prototyping or evaluating quantum-resistant encryption, the report emphasises that this is a highly complex and urgent transition, one that must begin now to protect today’s sensitive data from tomorrow’s quantum decryption threats.
In addition to prototyping, half (50%) of respondents are actively assessing their current encryption strategies, with top priorities including evaluating post-quantum cryptography (PQC) algorithms, improving cryptographic agility, and developing comprehensive encryption strategies to strengthen post-quantum defences.
Thales also found that one in three organisations plan to rely on Cloud providers or telecoms to implement post-quantum encryption. Although this may offer short-term ease, it risks contributing to a fragmented and inconsistent encryption landscape.
Concerningly, 57% of enterprises already manage five or more key management systems, and adding more layers could significantly increase the risk of misconfigurations, operational errors, and potential data exposure.
Concern is growing
Concern over quantum computing threats has steadily grown since 2021, evolving from general unease to more specific and technical fears:
- In 2021, 47% of organisations said they were ‘very concerned’ about quantum risks, with another 38% ‘somewhat concerned’
- By 2022, these concerns became more concentrated, with 58% worried about network decryption and 52% about the future decryption of today’s data
- In 2023, those numbers rose to 62% and 55%, respectively, showing a deepening awareness of quantum threats
- In 2024, the spotlight shifted to future encryption compromise (68%) and key distribution vulnerabilities (63%)—highlighting fears that quantum computers could break encryption or disrupt secure communications
- By 2025, these remained the top concerns: 63% cited future encryption compromise, 61% key distribution, and 58% still feared the future decryption of today’s data
This evolution shows a clear trend: organisations are not only more aware of quantum threats but are also increasingly focused on the specific ways quantum computing could undermine data security.
“The clock is ticking on post-quantum readiness, and quantum threats are no longer theoretical, they’re rapidly becoming a real-world challenge for security teams.” said Chris Harris, EMEA Technical Director at Thales. “While it’s promising to see three out of five organisations beginning their post-quantum journeys, fragmented strategies and overreliance on third parties risk leaving critical data exposed. True quantum readiness demands cohesive strategies, cryptographic agility, and urgent action to safeguard today’s data against tomorrow’s quantum capabilities.
“The UK’s Industrial Strategy makes clear that quantum technologies will play a critical role in the nation’s economic growth, national security, and innovation leadership. But as the UK accelerates quantum development, we must also prepare for the serious security implications. With threats such as ‘harvest now, decrypt later’ already acknowledged by the NCSC and global agencies, building quantum advantage must go hand-in-hand with building quantum resilience. That means fast-tracking post-quantum cryptography adoption, mandating crypto-agility in digital infrastructure, and maintaining sovereign key management across cloud and hybrid environments. The stakes are too high for complacency.”
Justin Walker, VP Digital Solutions, Thales UK added: “Post-quantum readiness isn’t just about future-proofing encryption, it’s about protecting the sensitive data at the heart of our national infrastructure today. At Thales, we’re uniquely positioned to support organisations on this journey. Through our consulting expertise, we can help audit cryptographic assets, identify areas of risk, and prioritise where post-quantum safeguards – such as crypto-agile key management and quantum-resistant encryption – should be implemented first. Our combination of leading technology and deep advisory capability means we can deliver both the strategic roadmap, and the operational tools needed to achieve true quantum resilience.”
