Malik Haidar has spent his career in the trenches of multinational cybersecurity, watching threats evolve from simple viruses to sophisticated nation-state actors. As an expert in security intelligence, he bridges the gap between technical defense and corporate strategy. Today, he joins us to discuss the looming “Q-day” and why the current pace of adoption for post-quantum cryptography is leaving global infrastructure dangerously exposed.
With less than 10% of global SSH servers currently supporting post-quantum cryptography, why is the transition moving at such a glacial pace despite the clear warnings?
It is a sobering reality that only 8% of SSH servers worldwide currently support PQC, a minor increase of just two percentage points over the last year. This slow progress stems from a dangerous “wait-and-see” attitude where many organizations feel the threat is too distant to warrant immediate investment. We see 59% of leaders believing the technology won’t mature enough until at least 2030, which creates a false sense of security. In the corporate world, if a threat doesn’t have an immediate impact on this quarter’s bottom line, it often gets pushed to the back burner, leaving us with a massive technical debt that will be impossible to pay off when Q-day finally arrives.
You have mentioned the concept of “harvest-now-decrypt-later” attacks; how real is this threat for companies that believe their data is safe under current encryption standards?
The threat is far from theoretical; it is happening in the shadows right now, evidenced by programs like Muscular and Tempora mentioned in the Snowden leaks. Adversaries, including groups like Salt Typhoon and various nation-states, are likely “hoovering up” massive amounts of encrypted traffic today with the intent to decrypt it once they have a cryptographically relevant quantum computer. When you see massive redirections of internet traffic through China, it serves as a chilling reminder that our current data is already being archived by entities with very long memories. Even if the data is encrypted now, any information with a long shelf life—such as intellectual property—is essentially a ticking time bomb waiting for quantum decryption to catch up.
IBM projects its fault-tolerant quantum computer, Starling, will be ready by 2029, yet many strategic plans do not account for this timeline. How should leadership reconcile these conflicting schedules?
There is a staggering disconnect when 87% of business leaders admit quantum computing will disrupt their industry by 2030, but only 35% have actually made it a strategic priority for the next five years. We are on a collision course where the G7 Cyber Expert Group’s roadmap places the migration and testing phase in 2028-2029, which is the exact same window when IBM’s Starling is expected to go live. This leaves zero room for error, creating a high-stress environment where a single delay in procurement or testing could leave a multi-billion dollar corporation completely vulnerable. Leadership needs to stop viewing this as a futuristic “what-if” and start treating it as a standard infrastructure upgrade that requires immediate, proactive inventorying.
For a C-suite executive looking to start this journey today, what are the most critical “crypto-agility” steps they can take to ensure their network is not left behind?
The first step is gaining real-time, continuous visibility by inventorying every single asset on the network that uses encryption to understand what it runs and if it can support PQC. You must inject cybersecurity requirements directly into the procurement process so that every new purchase is automatically vetted for quantum readiness. This approach works passively at scale without the need for a dedicated, separate program that might get bogged down in bureaucracy. Building for “crypto-agility” means upgrading to frameworks like TLS 1.3 now, which ensures you have the structural framework in place to switch ciphers in the future without a catastrophic system overhaul.
What is your forecast for the state of global data security as we approach 2030?
My forecast is that we will see a “Great Decryption” event where the gap between the quantum-ready and the laggards becomes a matter of corporate survival. As we move closer to 2030, the 87% of leaders who expect disruption will find themselves in a frantic race, but those who failed to start their inventory adjustments today will find their historical data archives laid bare. We will likely see a surge in sophisticated retroactive data breaches where secrets stolen in the mid-2020s are finally decrypted and used for geopolitical leverage or corporate espionage. Success won’t be defined by who has the fastest quantum computer, but by who had the foresight to build a flexible cryptographic foundation before the first fault-tolerant machine ever hummed to life.
