Organizations now face an average of about 11 publicly-disclosed data breaches each day worldwide. The vast majority of incidents involving data stored in cloud environments, underscoring how digital transformation has outpaced traditional security controls.

An emerging risk is how rapid advances in quantum computing are accelerating concern that current encryption standards will be broken within the next few years, fueling "harvest now, decrypt later" tactics in which attackers steal and store encrypted data today in anticipation of future decryption capabilities.

Ransomware and other cloud-focused attacks are highlighted as major contributors to this surge. Security experts warn that most organizations remain underprepared for a scenario in which cybercriminals gain quantum decryption tools and can automatically unlock large volumes of sensitive information.

Source: https://www.theglobeandmail.com/investing/markets/stocks/CALX-N/pressreleases/36433159/data-breaches-hit-11-per-day-as-quantum-decryption-and-ransomware-surge-force-protection-rethink/

Commentary

The above suggests that encryption is becoming outdated. Nevertheless, until proven otherwise, encryption is a core loss prevention control.

Encryption converts readable information into an unreadable format that can only be interpreted with the correct cryptographic key, reducing the value of stolen data to an attacker who lacks that key. In practical terms, encryption functions as a compensating control for the assumption that networks, devices, and even cloud providers will eventually be breached. It ensures that a successful intrusion does not automatically equal a successful data loss event.

For organizations facing regulatory expectations and litigation risk, encryption underpins confidentiality, integrity, and nonrepudiation for sensitive data and transactions in a way that other controls, such as firewalls or access lists, cannot fully replicate.

Despite growing concern that future quantum computers may eventually break many widely-used public key algorithms, encryption remains highly relevant because modern symmetric algorithms and well-implemented key management still provide strong protection against today's attackers.

Additionally, most current breaches arise from stolen credentials, misconfigurations, and unencrypted data stores rather than from successful cryptanalytic attacks, meaning that abandoning or weakening encryption would dramatically increase incident frequency and settlement severity.

One final note on encryption - regulators and industry standards continue to treat encryption as a baseline safeguard for personal and financial information, so failure to use it can convert a security lapse into a regulatory violation and reputational crisis.

As for cloud storage and emerging quantum threats, organizations can begin by inventorying where public key cryptography is used to protect data at rest and in transit, then planning migrations to quantum safe or hybrid cryptographic schemes as vetted standards emerge.

Loss prevention strategy in this context means treating cryptography as a lifecycle issue: maintaining strong symmetric encryption such as robust AES configurations for data in cloud object stores, tightening key management, and minimizing cryptographic agility gaps so algorithms and keys can be rotated rapidly when new standards or vulnerabilities appear.

Governance teams should also incorporate quantum risk into vendor management and contract language, requiring cloud providers and critical service partners to commit to road maps for quantum resilient encryption, transparent key handling, and verifiable controls, so that long lived data such as health, financial, and child-related records are not exposed to "harvest now, decrypt later" scenarios throughout the coming decades.

The final takeaway is that encryption still has value on multiple levels and although the future may require changes, the present demands encryption.