In 2026, quantum computing has moved from lab breakthroughs to early commercial pilots across China, Singapore, South Korea, and Japan, intensifying the “harvest now, decrypt later” risk for APAC enterprises. 

Sensitive data traversing cross-border networks regulated financial systems, healthcare platforms, and critical infrastructure can be intercepted today and decrypted tomorrow—exposing organizations to future compliance violations, reputational damage, and competitive loss.

Challenges are acute: legacy PKI, fragmented hybrid-cloud environments, and strict data-sovereignty rules across ASEAN, India, and Greater China make rapid overhauls expensive and operationally risky.

Risks are immediate—delayed action could render years of stored data indefensible once cryptographically relevant quantum computers scale.

Opportunities, however, are equally real. Crypto-agile architectures (a system, platform, application, or organization can rapidly adapt its cryptographic mechanisms and algorithms in response to changing threats) now allow enterprises to introduce quantum-safe communications incrementally, layering post-quantum encryption alongside existing controls without rip-and-replace projects or business disruption.

Weiling Neo, VP of Product Management at Fortinet, joins us on this PodChats for FutureCISO and explains how APAC CISOs can seize this window to adopt quantum-safe communications today—without disrupting existing security architecture.

1.       Weiling, how is quantum computing changing cryptographic risks for APAC enterprises in 2026?

2.       Why has “harvest now, decrypt later” become a board-level concern across the region?

3.       What exactly are quantum-safe communications, and why do they matter now for CISOs in Asia?

4.       What makes legacy and hybrid environments in APAC especially challenging for this transition?

5.       How can enterprises start adopting quantum-safe encryption without disrupting current security architecture?

6.       What role does crypto-agility play in protecting mixed legacy, cloud, and cross-border systems?

7.       Which industries—finance, government, healthcare, critical infrastructure—should move first?

8.       Can you outline a practical phased roadmap that balances security, compliance, and continuity?

9.       How can organizations layer quantum-safe methods alongside existing controls today?

10.   What immediate, low-disruption steps should CISOs take to become quantum-ready now?

11.   What’s in it for Fortinet along the lines of quantum-safe communications?