Quantum Computing: What Irish Boards Need to Know Now

For years, quantum computing belonged to the realm of academic research and long term speculation. That era is over. Driven by rapid breakthroughs from industry and national labs, quantum technology is advancing far faster than predicted - and it is already reshaping conversations about competitiveness, data security, and national resilience. For Irish boards and senior leaders, quantum computing is no longer a “watching brief”. It is a strategic issue requiring immediate awareness and measured preparation.

What is quantum computing - in practical terms?

Traditional computers process information using bits -  ones or zeros. Quantum computers use qubits, which can exist in multiple states at once. This allows them to explore complex problems in ways classical computers simply cannot. Think of trying every route, combination or molecular structure simultaneously instead of sequentially.

While large scale fault tolerant quantum computers are still emerging, the pace of progress is accelerating. Quantum inspired solvers are already delivering performance benefits in logistics, finance and healthcare. And early quantum processors have demonstrated capabilities far beyond classical supercomputers for specific tasks. The implications - good and bad - will be felt long before quantum systems become mainstream.

Why quantum matters for Irish industry

Ireland’s economy is uniquely exposed -  and uniquely positioned  - when it comes to quantum technologies.

• Financial services may see breakthroughs in risk modelling, optimisation and fraud detection.
• Life sciences and pharma, core pillars of the Irish economy, could shorten drug discovery cycles via quantum accelerated molecular simulation.
• Supply chain intensive sectors - from retail to manufacturing - stand to benefit from quantum enabled optimisation.
• Critical infrastructure, including energy, transport and healthcare, will increasingly rely on cryptography and secure data flows that quantum computing will fundamentally disrupt.

These are opportunities worth harnessing -  but they sit alongside risks that boards cannot ignore.

The risks: what directors must understand and prepare for now

Quantum computing introduces a new category of strategic and systemic risk. Unlike traditional cyber threats, quantum risk is not about better hacking tools or faster malware. It is about the eventual collapse of the cryptographic foundations that underpin the modern economy.

Below are the risks that matter most for directors:

1. The confidentiality time bomb: “Harvest Now, Decrypt Later”

This is the single most important quantum risk for boards.

Malicious actors are already stealing encrypted data - including personal records, IP, financial files and government information - with the intention of decrypting it once quantum capabilities mature.

Data with long confidentiality lifetimes (health data, client records, corporate IP, sensitive legal files) is particularly vulnerable. Even if quantum capable adversaries are years away, the damage begins today.

Board implication:

Organisations must treat long life data as already compromised unless protected by quantum safe cryptography.

2. Breakdown of the digital trust model

Encryption underpins almost every digital interaction: payments, identity verification, cloud workloads, supply chain transactions, device authentication and secure government services.

Quantum computers will be capable of breaking widely used public key cryptography (such as RSA and ECC), undermining:

• secure online banking
• medical records protection
• secure communications
• digital signatures (including code signing for software updates)
• VPN and remote access security
• supply chain integrity and vendor assurance

A failure in any of these areas is not just a cyber event -  it is a governance failure.

Board implication:

Quantum risk is not a technical issue; it is a business continuity, legal, regulatory and reputational issue.

3. Regulatory and compliance exposure

Global regulatory momentum is building rapidly. The US, UK and EU are signalling timelines for mandatory adoption of post quantum cryptography. Standards bodies (such as NIST) have already finalised quantum safe algorithms, meaning expectations will shift quickly.

For sectors like finance, health, aviation, energy, critical infrastructure and telecommunications - all prominent in Ireland - a quantum readiness gap may soon constitute a compliance breach.

Board implication:

Regulators will expect boards to demonstrate active oversight, much like GDPR and NIS2.

4. Third party and supply chain risk

Most organisations rely heavily on cloud providers, software vendors, managed service partners and international supply chains. If even one critical supplier fails to transition to quantum safe controls, your organisation’s data and operations may be exposed.

Board implication:

Third party assurance must evolve to include quantum readiness, cryptographic agility and migration planning.

5. Business model disruption

Quantum computing could fundamentally reshape competitive dynamics. Early adopters may gain advantages in pricing, optimisation, R&D efficiency and product innovation. Late adopters may find themselves structurally disadvantaged.

Board implication:

Quantum is both a security risk and a strategic opportunity; boards must oversee both dimensions.

Mitigating quantum risk - what boards should do now

Boards do not need to be technical experts - but they do need to ensure action.

1. Assign executive and board level ownership
Quantum readiness should sit within risk and audit committees, with regular reporting.

2. Initiate a cryptographic inventory
Most organisations do not know where cryptography is used. This is the single biggest blocker to readiness.

3. Prioritise long life and high value data
Identify which data must remain confidential for 5, 10 or 20 years. This becomes your priority for mitigation.

4. Begin migrating to quantum safe cryptography
Use quantum safe algorithms in new systems, pilot hybrid approaches, and update security policies and supplier contracts.

5. Embed quantum risk into third party governance
Ask suppliers for their quantum readiness roadmap. Make it a contractual requirement.

6. Build leadership awareness
Boards don’t need to understand the physics - but they must understand the governance implications.

Conclusion

Quantum computing will redefine the global business landscape. For Irish organisations, it represents both a generational opportunity and a material strategic risk. Boards that act now - by understanding the threat, overseeing readiness and embedding resilience -  will protect their organisations, preserve trust and position themselves to lead in the quantum era. Those who wait risk finding themselves exposed, outpaced and unprepared.

This article is the view of the author(s) and does not necessarily reflect IoD Ireland’s policy or position.

About the Author

Leonard McAuliffe is a Partner with PwC Advisory Consulting and he leads the Cybersecurity practice. Leonard has worked in the area of Cybersecurity, Privacy and Forensics for over 25 years and has delivered complex cyber programmes to many top international and national clients. He advises boards, directors and C suite leaders on the strategic, regulatory and operational impacts of emerging cyber risks, including quantum computing, generative AI, and the evolving European regulatory landscape. Some of Leonard’s Cybersecurity areas of expertise include: Cyber Strategy, Cyber Risk and Governance, Cyber Programme Management, Security Architecture, Data Privacy, Identity and Access Management, Third Party Risk Management, Ethical Hacking, Cloud Security, AI Security and Quantum Computing.

Leonard is seen as a leader in the field of Cybersecurity and is widely published in national and international media, contributes regularly to industry discussions, and has been interviewed on TV, radio and podcasts on cybersecurity hot topics. He has served on — and been elected to — the boards of Ireland’s major cybersecurity bodies including IISF, ISSA and OWASP, and he convenes a quarterly CISO roundtable bringing together senior security leaders from across industry.

Leonard studied Business and Financial Information Systems in University College Cork and has also achieved professional certification in many globally recognised Cybersecurity qualifications such as CISSP, CISA, CISM, PCI QSA, CRISC, CEH, CBCI as well as many other technical and management professional certifications.