- 11
- March
Quantum Computing is a next-generation computing technology that leverages quantum mechanics principles. It can solve certain mathematical problems millions of times faster than conventional computers. The problem is that the encryption systems protecting data in ERP systems today were designed on the assumption that classical computers cannot crack them within a human lifetime — but a Quantum Computer could potentially break these within hours.
In summary: What is Quantum Computing and why should you be concerned?
- Quantum Computing = Computers using Qubits instead of Bits, enabling exponentially faster solutions to complex problems
- Impact = Encryption systems ERP currently uses (RSA, ECC) could potentially be cracked within hours
- Timeline = Researchers estimate sufficiently powerful Quantum Computers will arrive within 5–15 years, but the threat has already begun
- Action Required = Start planning the transition to Post-Quantum Cryptography (PQC) now
Key Timeline: From Quantum to Cybersecurity Threat
To understand why this issue is closer than it appears, here is a timeline of key related events:
| Year | Key Event | Impact |
|---|---|---|
| 1994 | Peter Shor invents Shor's Algorithm | Proved that Quantum Computers can break RSA encryption in polynomial time |
| 2019 | Google announces Quantum Supremacy with Sycamore 53-Qubit | Solved a problem that would take a supercomputer 10,000 years in just 200 seconds |
| 2022 | NIST announces first Post-Quantum Cryptography standards | CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+ selected as PQC standards |
| 2024 | NIST publishes FIPS 203, 204, 205 (official PQC standards) | Officially marked the beginning of the Post-Quantum Encryption era |
| 2025-2026 | FBI + NIST coordinate Quantum Security transition / Multiple governments begin PQC Pilots | Organizations that are unprepared will face Compliance and Supply Chain risks |
| 2030+ | Cryptographically Relevant Quantum Computers (CRQC) expected to be operational | RSA-2048 and ECC will be breakable in practice; previously intercepted data will be exposed |
Quantum Threats to ERP Systems: Why You Should Be Concerned Today
ERP systems store an organization's most critical data — from financial data and employee records to customer information and trade secrets. All of this is protected by encryption that Quantum Computers could potentially break:
| Current Encryption System | Used in ERP for | Quantum Risk |
|---|---|---|
| RSA-2048 | TLS/SSL encryption for Client-Server communication, Digital Signatures | Very high — Shor's Algorithm can break it in polynomial time |
| ECC (Elliptic Curve) | Authentication, Two-Factor Authentication (2FA), Digital Certificates | Very high — Broken by Modified Shor's Algorithm |
| AES-256 | Database encryption, Backup file encryption | Medium — Grover's Algorithm halves its strength (equivalent to 128-bit) |
| SHA-256 | Password hashing, Data integrity auditing | Medium — Grover's Algorithm speeds up Collision searches |
Warning: "Harvest Now, Decrypt Later" — A Threat That Has Already Begun
Hackers and some nation-state intelligence agencies are employing the "Harvest Now, Decrypt Later" (HNDL) strategy — intercepting and storing encrypted data now, even though it cannot be decrypted today. Once Quantum Computers are ready, all that stored data will be decrypted.
This means financial data, HR records, and customer information transmitted over networks today could be readable within 5–10 years. If your organization handles data that must remain confidential for longer, you must start preparing now.
Comparison: Traditional Encryption vs Post-Quantum Cryptography
Post-Quantum Cryptography (PQC) is a new generation of encryption designed to withstand attacks from Quantum Computers:
| Comparison Criteria | Traditional (RSA/ECC) | Post-Quantum (PQC) |
|---|---|---|
| Security against Classical Computers | High security | High security |
| Security against Quantum Computers | Not secure | Secure |
| Mathematical Principles | Integer Factorization, Discrete Logarithm | Lattice-based, Hash-based, Code-based |
| Key Size | RSA: 2048-4096 bit, ECC: 256-521 bit | 2–10x larger (Kyber: ~1.5 KB) |
| Speed | Fast, optimized over decades | Slightly slower, but continuously improving |
| Standards | NIST, ISO — used for decades | NIST FIPS 203/204/205 (published 2024) |
| Software Readiness | Supported on all platforms | Beginning support in OpenSSL 3.x, Chrome, Signal |
Impact on Each ERP Module
The quantum threat does not only affect "the IT department" — it impacts every part of an organization that uses ERP:
1. Finance & Accounting Module
- Financial transaction data — Fund transfers and bank account information, if intercepted today, could be decrypted in the future
- Financial statements — Balance sheets and income statements transmitted via API or email could lose confidentiality
- Digital signatures — Documents signed with RSA/ECC could potentially be forged retroactively
2. Human Resources & Payroll Module
- Personal data — National ID numbers, salary information, and medical history must remain confidential throughout an employee's career
- Payroll data — Bank account numbers and salary amounts; a breach would impact every employee
3. Procurement & Supply Chain Module
- Contract pricing — Agreed prices with suppliers are trade secrets
- Vendor information — Payment terms and credit terms; if competitors obtain this, it creates a competitive disadvantage
- Production plans — Demand forecast and production plan data transmitted over networks could be intercepted
Key Statistics
- Nearly 50% of organizations worldwide have not yet integrated Quantum Security into their Cybersecurity strategy
- 56% of mid-sized organizations are not yet prepared to handle Quantum threats
- Investment in Quantum Security is expected to exceed 5% of the IT Security budget in the near future
- Multiple governments have started PQC Pilot Programs, which will become mandatory requirements in the future
Saeree ERP and Quantum Threat Preparedness
To be straightforward — as of today, no ERP system on the market has fully transitioned to Post-Quantum Cryptography, because PQC standards were only officially published in 2024 and the industry is still in a transition period.
What Saeree ERP already does — forming an important foundation for the transition to PQC:
| Current Practice | Details | How it Helps with Quantum Readiness |
|---|---|---|
| PostgreSQL as Database | Uses PostgreSQL, an open-source database with regular security patch updates | When PostgreSQL supports PQC, upgrades can be applied immediately |
| TLS Encryption | Client-Server communication encrypted with TLS | TLS 1.3 is beginning to support Hybrid PQC, allowing Cipher Suite changes |
| Role-Based Access Control | Defines access rights by role, reducing the scope of potentially affected data | Even if encryption is compromised, data layering still helps limit damage |
| Audit Trail | Records every data change in the system | Helps detect abnormal access retroactively |
What Saeree ERP is monitoring:
- NIST PQC Standards — Tracking FIPS 203/204/205 standards and the migration roadmaps of OpenSSL and PostgreSQL
- Hybrid Encryption — A "Hybrid" approach using both Traditional and PQC simultaneously for compatibility during the transition period
- Crypto Agility — Designing systems to change algorithms easily without requiring a full rewrite
How Organizations Should Start Preparing — Quantum-Readiness Checklist
You don't need to change your encryption today, but you must start planning today:
- Conduct a Cryptographic Inventory — Survey what encryption your organization uses and where (ERP, Email, VPN, API, Database)
- Assess Data Shelf Life — Which data must remain confidential for more than 10 years? (Financial data, personal information, trade secrets)
- Identify HNDL Risk Points — Where in your internet-transmitted data could interception occur?
- Track Vendor Roadmaps — Ask vendors about their PQC migration plans
- Budget Planning — Allocate a portion of the IT Security budget for PQC Migration
- Test Hybrid Encryption — Begin testing PQC in non-critical systems first
- Train the IT Team — Ensure your IT team understands the basics of Quantum Computing and PQC
For guidance on building a Disaster Recovery Plan that covers emerging threats including Quantum Threats, see our article on DR Planning for ERP systems.
Who Should Start Preparing? — Urgency Assessment Table
| Organization Type | Urgency | Reason |
|---|---|---|
| Government Agencies / State Enterprises | Very high | Store citizen data that must remain confidential indefinitely + are primary targets of Nation-state Attacks |
| Financial Institutions / Banks | Very high | High-value transaction data + strict Compliance Requirements |
| Hospitals / Healthcare | High | Health data must remain confidential for patients' lifetimes + PDPA requirements |
| Manufacturing Companies / Factories | Medium | Have trade secrets (formulas, cost prices) but shorter data shelf life |
| General SMEs | Start monitoring | Not yet primary HNDL targets, but should choose vendors with a PQC Roadmap |
"The question is not if quantum computers will break current encryption, but when. Organizations that wait until quantum computers arrive to start their migration will be too late — the data they're transmitting today is already at risk."
- NIST Post-Quantum Cryptography Standardization
Conclusion
Quantum Computing is not a distant future threat — it is a risk that organizations must start planning for today, especially those storing critical data in ERP systems. The "Harvest Now, Decrypt Later" attack strategy means data transmitted over networks today could be readable in the future.
What you can do now: start a Cryptographic Inventory, assess Data Shelf Life, track PQC standards from NIST, and choose vendors with a clear roadmap. You don't need to change everything today — but you must start planning today.
For more guidance on ERP security, including setting up two-factor authentication and digital signatures, see our related articles.
