At the Forbes CIO Summit, QuSecure’s Garfield Jones outlines why CIOs must act now on quantum threats

This week at the Forbes CIO Summit, QuSecure’s new SVP of Research and Technology Strategy Garfield Jones joined technology leaders from Lockheed Martin and Asana to discuss one of the most pressing and most misunderstood transformations facing enterprises today: the rise of quantum technologies.

Though only two weeks into his new private-sector role after 31 years in government, Jones delivered one of the clearest, most urgent messages of the event: Quantum threats aren’t science fiction. Post-quantum readiness is a rapidly approaching shift that will redefine cybersecurity, national infrastructure, and enterprise risk..

Jones, an avowed fan of vintage Westerns, framed the rise of quantum in terms of “the good, the bad, and the ugly.” Here’s how he approached it.

The Good: Quantum networking, sensing, and optimization

Jones highlighted that there are truly promising capabilities emerging from quantum technologies. Advances in quantum networking, quantum sensing, and quantum-enhanced optimization could vastly improve precision GPS, accelerate materials modeling, and unlock sophisticated decision-making tools. For CIOs building future-forward organizations, these are areas of strategic opportunity.

The Bad: A direct threat to today’s encryption

But Jones did not sugarcoat the downside. A cryptographically relevant quantum computer will soon be able to break virtually all current public-key encryption. That’s the day that the industry refers to as “Q-Day.” We don’t know when exactly it will happen, but we do know it’s coming much sooner than originally anticipated..

“All the encryption you’re using on your phone right now? Someone will be able to see it,” he warned.

This isn’t theoretical. As Jones emphasized, adversaries are already harvesting encrypted data today so that they can decrypt it later when quantum technology is available. And with financial regulators, national security agencies, and global standards bodies issuing deadlines for post-quantum migration, CIOs cannot afford to treat post-quantum cryptography (PQC) as tomorrow’s problem.

“If you’ve got a train coming at you,” Jones said, “you don’t wait until the last minute to move.”

The Ugly: Risks to critical infrastructure

Jones went further, pointing out that quantum doesn’t just threaten the confidentiality of data or bank account balances. It threatens operational technology like water treatment facilities, power grids, IoT systems, and transportation networks. He referenced major outages like the Cloudflare incident that had taken down major systems just that morning as a small preview of how disruptive cryptographic failure could be across critical infrastructure.

This is the layer of risk few organizations have fully accounted for. And it’s why Jones urged CIOs to pilot quantum-safe tools now, not after guidance evolves into mandates or after an adversary has already exploited outdated cryptography.

A clear call to CIOs: Start pilots now

Throughout the conversation, Jones’ guidance to CIOs was consistent:

• Shift from awareness to action. Quantum risk is accelerating faster than most organizations’ migration timelines.
• Pilot post-quantum and crypto-agility tools immediately. “Start looking at this as a ‘now’ problem versus kicking it down the road.”
• Focus on crypto-agility. Threats to encryption and standards evolve. Your cryptography must be able to evolve, too. Thanks to the fast-moving nature of quantum and AI technology, forthcoming cybersecurity migrations will not (and cannot) look like the expensive, unwieldy one-off migrations of the past.
• Understand the financial impact. Jones cited the Hudson Institute’s modeling: a quantum attack on just one major financial institution could trigger $2 trillion in losses.

These are very clear indicators of what’s at stake, and Jones’ perspective is shaped by three decades inside the U.S. government working on national intelligence, cyber operations, and cryptographic modernization. His arrival at QuSecure reflects the company’s deepening role as the bridge between government-scale quantum preparedness and enterprise adoption.

His “good, bad, and ugly” framework resonated across the Forbes stage because it captures what CIOs need most right now: clarity.

Quantum innovation will unlock extraordinary capabilities. But without immediate steps toward post-quantum security – including discovery, inventory, remediation, and crypto-agility – the risks will outpace the opportunities.

QuSecure’s mission: Fix the foundation before Q-Day

QuSecure was founded on a simple principle: The arrival of quantum computing presents a once-in-a-century opportunity to rebuild the foundation of data security the right way.

Jones’ insights at the Forbes CIO Summit reinforce what global standards bodies, industry regulators, and national cybersecurity agencies have already made clear. And that’s an urgent call that the migration must begin now. But there’s good news: With platforms like QuSecure’s QuProtect R3™ , organizations no longer need years of budget, headcount, and cryptography expertise to get started. They simply need the will to begin.