It goes without saying that technological advancements create pretty “complex” environments for cybersecurity.
With every progressive step, threats also evolve, and cybercriminals develop increasingly sophisticated methods to exploit vulnerabilities in these systems. That’s exactly the case with quantum computing: a new tool for the good guys is also a weapon for the bad guys.
The only way to stay ahead of these attacks is to be aware of security trends, anticipate advanced threats, and build resilient defenses.
So, what’s ahead for you? We have amazing insights to share below. We spoke with a few of Keyfactor’s post-quantum cryptography (PQC) experts and gathered some predictions you should look out for in 2025.
PQC in 2025
Prediction
PQC adoption in IoT may begin with high-value devices like smart meters and medical equipment before expanding to high-volume consumer devices like home routers.
2024 was the year of quantum readiness, but 2025 demands action, particularly for critical sectors like government, finance, energy, healthcare, and transportation. These organizations face mounting pressure from mandates like NSM-10 and guidelines from CISA and NIST to transition to quantum-resistant encryption.
This urgency is compounded by the capture-now, decrypt-later threat, where attackers harvest encrypted data today, aiming to decrypt it later once quantum resources are available—a scenario that could cripple sectors like public transportation if realized.
Aside from that, critical industries are better positioned for quantum resistance because they use IoT devices that support crypto-agile and resource-intensive algorithms, a capability lacking in consumer-grade devices. Additionally, these organizations often have dedicated cryptography teams, giving them an edge in implementing advanced encryption technologies like PQC.
Even with all these advantages, critical industries might still encounter unforeseen challenges and “gotcha moments” that show that the PQC transition will be phased.
– Ted Shorter, Chief Technology Officer at Keyfactor
PQC compliance
Prediction
Globally standardized PQC regulations and frameworks will become available, providing organizations with clear roadmaps for integration and compliance.
Regions like Europe and North America are leading the way in PQC regulations. For instance, Europe’s Cyber Resilience Act (CRA) enforces quantum resistance in devices before they reach the market, while the U.S. has introduced three NIST-approved quantum-resistant algorithms for critical sectors. These efforts combine legal enforcement with technical guidance, setting a precedent for other countries to develop their own quantum security regulations.
These guidelines are strategically designed to force manufacturers to implement secure-by-design principles, ensuring quantum security is built into devices from the ground up. By mandating quantum-resistant chips at the manufacturing level, the security impact extends beyond critical sectors to other industries relying on IoT.
These standards are not exclusive to Western countries; countries like Japan, for instance, are developing algorithms that might become global standards. This suggests that the world will move away from a small set of commonly used algorithms and instead adopt a wide variety of options.
– Ellen Boehm, SVP IoT Strategy & Operations at Keyfactor
Evolving threat landscape
Prediction
AI-driven quantum attacks are expected to emerge on a large scale, with finance and healthcare industries being primary targets due to their reliance on sensitive data.
We are going to see our first large-scale AI-based quantum attacks on IoT in 2025. Here’s an illustration of how this will pan out:
Imagine a global financial institution that uses traditional RSA encryption to secure billions of dollars worth of transactions and customer data. If a nation-state attacker employs the capture now, decrypt later attack method, they can use advanced AI models to identify and intercept encrypted data in transit over the internet.
They’ll store the encrypted data for future decryption once quantum computers are capable of quickly breaking RSA. Fast forward 5-7 years later, when quantum computers with sufficient qubits become available. The attacker can use Shor’s algorithm (optimized by AI for efficiency) to break the RSA encryption and expose sensitive financial records, transaction details, and client information.
They can also use AI systems to quickly analyze decrypted data to find high-value targets—like corporate executives, government contracts, or wealthy clients. From there, fraudulent transfers, identity theft, and market manipulation follow on a massive scale.
The remedy to this lies in adopting quantum-resistant algorithms and maintaining crypto-agility. By transitioning early to these algorithms, organizations can protect data against future quantum threats, ensuring long-term security even as quantum technology advances.
– Chris Hickman, Chief Security Officer at Keyfactor
It takes a village
Prediction
Cybersecurity consortia and brain trusts will become central players shaping the future of PQC and cryptography as a whole.
Strategic partnerships are crucial for ensuring the secure and effective deployment of PQC in digital infrastructure. These partnerships help organizations navigate the complexities of integrating PQC into their systems by providing the necessary expertise, resources, and technology.
By aligning with the right partners, businesses can select suitable PQC algorithms, adapt their public key infrastructure (PKI) tools, ensure system compatibility, and facilitate the transition from current cryptographic standards.
Examples of such partnerships include:
- Partnership with cryptographic solutions providers: Organizations can integrate a crypto provider’s PQC solutions into their cloud infrastructure to achieve quantum resistance. This collaboration leverages the provider’s technical expertise to build cryptographic systems resilient to quantum threats.
- Partnerships between academic institutions and the private sector: For instance, a university like MIT could partner with a company like IBM to advance quantum-safe cryptography research. This partnership allows IBM to use MIT’s cutting-edge research to develop practical, deployable PQC algorithms.
- Partnerships with quantum-resistant SaaS companies: Private sector firms, particularly those lacking dedicated cryptography teams, can collaborate with quantum-resistant SaaS providers like Keyfactor. These companies help integrate advanced PQC solutions into certificate encryption and IoT machine identities. By doing so, organizations leverage scalable, cloud-based, quantum-safe tools to safeguard customer data and transaction systems effectively.
– Ted Shorter, Chief Technology Officer at Keyfactor
Conclusion
Quantum computing is no longer a distant possibility – it’s shaping the future of cybersecurity now.
2025 will be a pivotal year for PQC, with emerging guidelines and standards taking center stage alongside developments in IoT and AI security for critical industries. To stay ahead, adopt crypto agility, strategically partner with quantum-secure vendors, and adhere to security best practices.
Don’t wait until quantum threats become a reality. See how Keyfactor can help you stay ahead with scalable PQC solutions tailored to your needs. Schedule a demo today to learn how to future-proof your security strategy.
