Kyndryl launches quantum-safe security risk assessment

Kyndryl has launched a new security assessment service that targets cryptographic risks from emerging quantum computing technologies.

The Quantum Safe Assessment service examines an organisation’s existing encryption across its IT estate. It then sets out a phased plan for migration to quantum-resistant protection using post-quantum cryptography.

The company is one of the largest IT infrastructure services providers by revenue. It works with large enterprises on managed services, consulting and modernisation projects.

The new service focuses on what many security specialists describe as the “Y2Q” risk. This is the point at which powerful quantum computers could break today’s common encryption methods. These methods protect data in transit and at rest across corporate systems, cloud services and public networks.

Kyndryl said the service analyses cryptographic risk exposure across all major systems. This includes mainframes, cloud platforms, payment systems and customer databases. It also reviews third-party interfaces, which often contain sensitive data and shared keys.

Regulators and standards bodies are working on post-quantum cryptography standards. Many organisations are still in early stages of assessing their current exposure.

“Quantum computing security readiness is no longer a future concern - it is a strategic imperative,” said Kris Lovejoy, Global Security & Resiliency Leader, Kyndryl. “Traditional encryption methods are increasingly at risk of being broken by advanced quantum systems, posing a significant threat to data security, regulatory compliance and business continuity. Through our Quantum Safe Assessment service, we help customers identify vulnerabilities and build scalable strategies for quantum-safe security so they can operate confidently in the post-quantum era.”

The service starts with an inventory of encryption across the business. This process creates what Kyndryl calls a cryptographic bill of materials. It lists where and how encryption is in use across applications, networks, systems and data layers.

The assessment then ranks business services by their sensitivity and exposure to potential quantum attacks. It prioritises areas that hold important or regulated data. It also highlights systems that would be hard to upgrade or replace quickly.

Kyndryl then draws up a transformation roadmap. This sets out a staged migration from current encryption methods to quantum-resistant standards as they are adopted. It also outlines steps for crypto agility, where organisations can switch encryption methods as threats and standards evolve.

The company integrates the Quantum Safe Assessment with its existing Zero Trust Adoption Framework. Zero trust designs security architectures that treat every user, device and connection as untrusted by default. The integration extends this approach into identity, endpoint, network and data protection in a post-quantum context.

Kyndryl said its consultants can move from assessment into design and implementation work. This includes creating policies, processes and technical designs for quantum-safe security. It also includes ongoing management of cryptographic assets and controls.

Industry researchers and national agencies have warned about “harvest now, decrypt later” attacks. In these scenarios, attackers collect encrypted data today for decryption once quantum systems mature. This risk applies in sectors that store data for long periods, including finance, healthcare and government.

Kyndryl’s own research points to a gap between the scale of the risk and executive attention. The 2025 Kyndryl Readiness Report found that only four percent of leaders view quantum as the technology most likely to affect their business in the next three years.

The company said this low level of concern sits alongside growing regulatory focus on long-term data protection. Some organisations face rules that require protection of data for years or decades.

Quantum-safe migration projects are often complex. They cut across legacy systems, cloud platforms, operational technology and partner ecosystems. They also span internal teams such as security, infrastructure, applications and compliance.

Suppliers such as Kyndryl are building service lines around assessment and planning for this shift. These draw on cryptography expertise, security architecture and large-scale transformation experience.

The Quantum Safe Assessment targets customers at different stages of preparation. Some organisations are at the discovery phase and do not have a full inventory of their encryption. Others have pilot projects under way but lack a strategy for wider deployment.

Post-quantum cryptography standards remain in development but are at advanced stages in several jurisdictions. Vendors are starting to build support for PQC into hardware, operating systems, databases and network products.

Kyndryl positions the new service as a way for organisations to begin structured planning without waiting for full standardisation across the market.

“Traditional encryption methods are increasingly at risk of being broken by advanced quantum systems, posing a significant threat to data security, regulatory compliance and business continuity,” said Lovejoy.