Quantum computing is no longer a distant theoretical risk. Advances in the field are on track to render the asymmetric cryptography that organisations rely on to secure data and systems unsafe by 2030, a timeline corroborated by Gartner, which has identified post-quantum computing as among its top strategic technology trends requiring active action plans. The window for preparation is not a decade away. It is now.
Those who invest and migrate early will be best positioned when quantum threats materialise. Those who wait will not. But here is what many conversations about quantum readiness continue to overlook: the most exposed vector is not just data encryption – it is identity.
The Harvest Now, Decrypt Later Threat Hits Identity First
A quantum bit, or qubit, exploits the principles of superposition and entanglement to exist in multiple states simultaneously, allowing quantum computers to process vast solution spaces at speeds classical systems cannot approach. The cryptographic backbone underpinning today’s digital infrastructure was simply not designed to withstand this.
We are already seeing this threat take shape through “harvest now, decrypt later” attacks, where malicious actors globally are collecting encrypted data today with the intent to decipher it once quantum devices become widely accessible. Governments are taking note. Singapore announced a S$300 million National Quantum Strategy in 2024 to fuel quantum research and talent, on top of S$400 million already invested in quantum technology by the National Research Foundation since 2002. Key infrastructure initiatives include the Nationwide Quantum Safe Network Plus, positioning Singapore among the first countries to deploy quantum-safe technologies at scale.
The stakes for identity are direct. The majority of authentication and authorisation methods use encryption to sign assertions and tokens. If this encryption is compromised, it opens the door to impersonation and unauthorised access at scale. When quantum breaks encryption, it breaks identity.
Static Identity Controls Are Already a Liability
Even before quantum fully arrives, the identity security landscape has shifted beyond what static controls can handle. Enterprises today face workforces in constant flux, thousands of applications, and AI agents now outnumbering human workers in most cases. Setting access permissions once and reviewing them periodically is not just inefficient; it is a liability. Quantum threats will only amplify these gaps.
An organisation that has not addressed over-permissioning, ungoverned AI agents, or static privilege models will find itself exponentially more exposed when quantum-capable adversaries arrive. What is needed are systems that adapt in real-time rather than operate on fixed assumptions. This is the foundation of adaptive identity security.
Adaptive identity brings together identity, data, and security signals into a unified context, providing clarity, control, and scale across every enterprise identity, human or digital. It is this integrative approach, binding who someone is to what they can access and what the data sensitivity warrants, that makes adaptive identity the right foundation for a post-quantum world.
Dynamic access models replace static privileges with real-time, just-in-time access, so that even if a credential is harvested, the window of exploitability is dramatically reduced. Security in-line enables threats to be addressed inside the security operations centre in real-time. And intelligence embedded at the platform level means the system continuously learns and adjusts, delivering the cryptographic agility the post-quantum era demands.
Critically, adaptive identity extends governance to AI agents. As digital workers proliferate, taking actions on behalf of humans and accessing sensitive data, their context must be tightly bound to both the user they represent and the underlying data they touch. Certifying agents just as humans are certified, through unified identity context, is foundational to any quantum-resilient security posture.
Your Quantum Clock Is Already Running
Organisations should ask a simple question: how long must the data and credentials we hold today remain confidential? The answer determines urgency. Data that must stay sensitive for a decade or more needs quantum-resistant protection now.
Boards and C-suites should set checkpoints for quantum preparedness that explicitly include identity infrastructure, not just encryption libraries. This means auditing authentication systems for cryptographic dependencies, adopting National Institute of Standards and Technology (NIST) post-quantum cryptography standards, and investing in identity security platforms capable of real-time risk scoring and dynamic entitlement management. Singapore’s Quantum Readiness Index offers a practical starting framework for organisations in the region.
The Future Belongs to Those Who Prepare Now
The post-quantum cryptography market is projected to grow at nearly 40% annually between 2025 and 2030. The momentum is real, and so is the urgency. Organisations that act now to implement an identity security architecture that is dynamic, context-aware, and resilient by design, will be the ones best positioned to navigate what comes next.
