后量子加密

Table of contents Capgemini Research Institute 2025 ExecutivesummaryQuantum computing is rapidly advancing, threatening tobreak today’s encryption standards such as RSA and ECC.Sensitive data intercepted now could be decrypted later—posing a serious risk to privacy, compliance, and nationalsecurity. To stay ahead, organizations must prioritizequantum-safe cryptography today, ensuring long-term cyberresilience and trust in a post-quantum world.Why quantum safety is a priority:The rapid progress ofquantum computing has left traditional methods and public-key cryptography vulnerable. “Harvest-now, decrypt-later”attacks, together with tightening regulations and changesin the technology stack have elevated quantum safetyfrom a technical concern to a C suite mandate. Becomingquantum-safe is a complex, multi-year effort that mustbegin now. Delaying action could expose critical assets anderode trust. Regulatory demands, customer expectations,and competitive advantage all favor early movers. Incybersecurity, being early means being safe. Most organizations have quantum safety on their radars:Seven in 10 organizations we surveyed are assessing ordeploying quantum-safe measures (we refer to theseas “early adopters”). Six in ten early adopters believethat quantum breakthroughs can occur within the nextdecade. Over half recognize that early investment will yieldadvantages. Most recognize post-quantum cryptography(PQC) as the best option with which to address quantum-security risks.However, 30% of the overall sample still underestimate thethreat, risking future data exposure and regulatory penalties.Organizations are gradually exploring PQC transition:Roughly half of early adopters are running pilots, but skillsgaps, budget uncertainty, and limited availability of solutionshave slowed progress. Most lean on specialist vendors andcloud providers for proofs-of-concept (PoCs), hardwareupgrades, and hybrid-transport layer security (TLS) services.Capgemini Research Institute 2025 ExecutivesummaryFew organizations are ready for PQC transition:Onlya minority (16% of early adopters and 11% of the overallsample) qualify as “quantum-safe champions,” who combinemature governance with strong technical execution.Gaps typically lie in organizational strategy, cryptographicinventory, supply-chain engagement, and hardwareinfrastructure. The practices of the quantum-safe championsoffer a blueprint for others.How organizations can be quantum-safe:PQC demandsa strategic, long-term approach—it's not a one-timecompliance checkbox but a continuous journey towardresilience. Embracing crypto-agility ensures organizations canadapt swiftly as quantum-safe standards and threats evolve.•Conduct quantum risk assessment:Maintain a livecryptographic inventory and rank every asset by sensitivityto guide risk-based mitigation.•Create awareness of PQC:Drive enterprise-wideeducation and establish a governance structure that keepsquantum security on the C-suite agenda. •Plan for transition:Launch targeted PQC pilots and crafta phased migration roadmap that scales lessons learnedacross the enterprise.•Focus on crypto-agility:Equip teams, designinfrastructure, and software so cryptographic algorithmscan be swapped efficiently as standards mature.•Ensure system protection:Apply quantum-safe controlsto both edge devices and legacy systems, with secure-update mechanisms built in.•Invest in capacity development and performance:Fund dedicated teams and upskill staff to sustain PQCadoption without sacrificing system throughput whileinvesting in developing computational, bandwidth, andstorage capacity.•Strengthen collaboration:Insert quantum-safe clausesas standard in supplier contracts and foster cross-industrypartnerships to accelerate joint readiness.Capgemini Research Institute 2025 Who should read this reportand why?This report is essential reading for CISOs, CIOs, CTOs,and Heads of Information Security responsible forsafeguarding critical infrastructure, sensitive data,and long-term digital trust. As quantum computingadvances, cryptographic systems that underpinsecure communications, authentication, and keyexchange are at risk. Leaders in security, compliance,and enterprise architecture must understand thetimeline, technical landscape, and strategic decisionsrequired to adopt post-quantum cryptography (PQC)and ensure crypto-agility across systems.It is also highly relevant for IT infrastructureleaders, PKI managers, and product security teamsworking in organizations where data confidentialityand integrity must be preserved over extendedtimeframes. For organizations with complex supplychains or global regulatory exposure, this reportoffers a roadmap to assess quantum readiness,launch effective PQC pilots, and manage cross-functional transformation. Whether you’re justbeginning to explore quantum threats or advancingtoward full migration, this report provides actionableinsights grounded in research, industry benchmarks,and expert guidance.This report is b