Post-Quantum Readiness: A Business Imperative for Canadian Leaders

As quantum technology continues to develop, traditional encryption methods such as RSA and ECC will become obsolete, posing a long-term risk to critical systems and data. With clear guidance and time still on our side, organizations that act now will be in the strongest position to mitigate future business risks. These are the organizations that will adapt with confidence into the post-quantum world ahead.

Recognizing the importance of the quantum threat, the Canadian government has released a detailed roadmap to help organizations become “quantum ready.” This guideline was specifically designed to give companies an idea of what to expect, and “to reduce the need for organizations to start from scratch”. The government has also announced that they will start their own post-quantum strategy by April 2026, with the goal for all departments to be fully post-quantum ready by 2035.

In addition to these efforts from the government, according to the research that KPMG conducted in 2023. Over 13 per cent of 90 large Canadian companies have already started investing in their post-quantum strategy. So why isn’t early adoption gaining traction among business leaders?

Limited Knowledge

Based on our discussions with industry leaders and observations of the current business landscape, the problem for many businesses often stems from limited knowledge on the impact of the quantum threats. Some organizations:

• lack awareness altogether

• are unsure where to begin their post-quantum migration

• have concerns about the cost of investment

• feel they can wait a little longer

This inaction can lead to organizations being increasingly exposed to quantum attacks in the long run.

Early adoption and preparation before the threat becomes visible are crucial for reducing business risk. As Canadian business leaders, we have seen this concept before, in the evolution of cybersecurity. As digital threats emerged and evolved, from simple viruses to advanced persistent threats, businesses were forced to adapt. Firewalls, antivirus, intrusion detection, multi-factor authentication, and traditional encryption were all new technology at one point — many of which were adopted late by enterprises.

This history has shown that when facing disruptive technology threats, proactive planning and early adoption lead to the best outcomes for businesses. Today, with the emerging quantum threat, we must do the same.

The Road Ahead

The industries most critically affected by quantum attacks include:

• Finance and Insurance

• Healthcare and Government

• Automotive and Aerospace

• Technology and Telecommunications

These industries have complex infrastructure and handle highly sensitive data, meaning they require a high degree of crypto agility to remain protected.

The attacks will directly target encryption, email, authentication systems, communication networks, IoT and OT networks. Most notably they will also affect both data-at-rest, and data-in-motion, making unprotected data extremely vulnerable.

The number of security breaches in Canada has steadily increased over the past several years, and the scale of these attacks will only grow more when bad actors leverage quantum technology. With quantum computers becoming commercially available by the early part of the next decade, or sooner, the time for action is now.

A good first step for any organization is to conduct a pre-assessment of its current cryptographic assets. Carried out with internal resources and an external provider, this process will help clarify the magnitude and scope of the work ahead, enabling informed decisions and a structured path toward post-quantum readiness.

To conclude, we are closer now to commercially available quantum technology than ever before. Waiting until the threat is visible will be too late, leaving organizations exposed. The most resilient businesses will be those that take proactive steps to understand the risks and prepare for change. Now is the time to evaluate your organization’s readiness and develop a strategy that will ensure it is prepared for the post-quantum era ahead.