March 12, 2025 - Your information technology (IT) team is not a cybersecurity team. This is a topic I feel strongly about because leaders tend to lump the two together. Someone who is an expert at building networks does not necessarily know how to thwart them, nor have the toolkit nor time to remediate threats. Asking an IT team to manage cybersecurity is akin to asking an architect to also develop a plan to demolish their building and constantly hunt for saboteurs.

In the third article in our series on quantum hacking, we explain the risk level for small- to medium-sized businesses and the team they need in place. Certainly, Fortune 500 companies are targets. What about the rest?

This article and series aim is not to fearmonger — no one needs that — but we do need to all be reasonably concerned.

Read part 1 of this series, about how quantum hacking will break all known cryptography, and part 2, about how to harden your systems against it.

Mid-Sized Businesses Are Prime Cybercrime Targets

On February 19, 2025, Microsoft unveiled its new Majorana 1 chip for quantum computing. This represents one more step toward an imminent future where this technology is mass available. The discussion about its impact on your cybersecurity could not be more timely.

Nearly one in three mid-sized businesses (32%) has experienced a cyber incident or breach in the past 24 months, according to our survey of 1,000 such companies. The reason this incidence rate is so high is that mid-sized businesses occupy an awkward middle space that makes them attractive targets:

• Many of their systems are online and in the cloud
• Many are “pre-cyber professionalization” and lack security protocols

Small-to-medium businesses are moving to the cloud – whether they want to or not – as their software providers cease on-premise support. As of March 31, 2025, QuickBooks is no longer available on desktop. Cloud-based CRM and ERP systems are now the default.

This is a challenge for medium-sized businesses relying on IT to manage cybersecurity. Anything online is more susceptible to hacking, and IT teams are not keeping pace.

Most businesses in our survey had not performed any kind of cyber assessment in the past 24 months, and only 52% had an incident response plan. Just 46% have someone actively monitoring their cyber activity and security. Even for that half that do have someone monitoring, those people are probably in IT. This means they may not be up-to-date with the latest threat vectors, including quantum computing.

“You have likely come across security advice this is out of date, or that does not help prevent the most common compromises,” warned America’s Cyber Defense Agency last year. “The security landscape has changed.”

New Technology Like AI and Quantum Computing Will Increase Cybercrime

Cyberattacks have more than doubled since the pandemic, reports the IMF. While part of that is because more sensitive information is online as more work occurs remotely, it is also tied to the fact that AI has made scams and phishing attacks far easier to execute.

“As technology continues to evolve, so do cybercriminals' tactics,” says the FBI. “Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data.”

As just one example, last year, a finance worker at a multinational company wired $25 million to cybercriminals after they posed as company executives on a web conference call using a deepfake video.

It is no coincidence that these cybercriminals are targeting companies’ financial systems. Phishing and wire scams are a more direct route to money than the more complicated process of holding computer systems hostage with ransomware. Nearly one-fifth of attacks are upon financial accounts, says the IMF.

Quantum cryptography will only widen existing security gaps. Not only will the old advice no longer apply, but existing cryptography will no longer suffice. Passwords that people write down and remember will be a thing of the past. There will be a whole change management component to adapting to this new future, likely requiring outside expert advice.

Adapt Now, Before Regulations Force You To

When cybercriminals attack, it is not just your company data that is compromised. It is often also customer data, vendor data, and employee data. Governments are taking notice and increasingly fining compromised businesses — a double penalty — and greatly increasing your risk.

We see regulators enforce fines against mid-sized businesses, too. U.S. companies are now enmeshed in a web of overlapping regulations like the California Consumer Privacy Act (CCPA) and the New York Privacy Act. Anyone operating across state lines may be subject to a cascading series of fines, not just one.

As the era of quantum hacking approaches, mid-sized businesses must be ready. No business is too small to take this seriously, and it begins with knowing that cybersecurity requires more than just help from IT.

Would you like our team to run a cybersecurity assessment on your firm’s systems? Reach out to Kevin Ricci and our Cybersecurity Practice.