May 07 2025 -- The transformation required for organisations in the UK to be ready for the threat of post-quantum computing will be “colossal”, according to the Chief Technology Officer of the National Cyber Security Centre (NCSC).  

Speaking in a keynote address on the first day of the NCSC’s flagship conference CYBERUK, Ollie Whitehouse is expected to say that preparing for a post-quantum world will take “a complex change programme that makes fixing the Millennium Bug look easy.”

The NCSC, a part of GCHQ, published guidance in March, setting clear timelines for the UK’s migration to post quantum cryptography (PQC). Whitehouse will tell an audience in Manchester that these preparations amount to “a decade-long, national-scale technology change programme to uplift the foundations of our connected systems.”

Whitehouse is expected to announce the launch of a new assured PQC consultancy scheme to offer help and expertise to organisations, helping them to offer PQC expertise to the marketplace, and ensuring that high calibre skills will be available at the scale the UK needs.

Ollie Whitehouse will also say that the age of autonomous technology is now with us, which has cyber-physical implications with real-world impact. To prepare for such a world, he will say that we must learn from the past and the market incentives to produce and consume secure technology.

He will say all organisations must better manage their technical debt whilst calling on vendors to design and sustain their products and services in a way that builds competitive advantage and unlocks sustainable, corporate value whilst being sufficiently resilient.

He will warn that not doing so risks repeating avoidable security failures that have manifested since the rise of the internet.  

Speaking to the conference, Ollie Whitehouse is expected to say:

“Science and technology continue to evolve at an ever-accelerating rate. Technology continues to diversify in terms of supply and is becoming increasingly complex. And investment in technology continues to grow with little incentive to deliver cyber resilient solutions.  

“Without radical and sustained interventions, we are at real risk of repeating the last 30 years but with far graver consequences if we do not address the fundamental market failures which have manifested.”