Quantum computing, data sovereignty, and legacy networks are no longer separate issues but are becoming a unified source of pressure on enterprise infrastructure. This is the main conclusion of Kyndryl’s new Security and Networks Snapshot 2025–2026, included in their Readiness Report, which warns of an increasingly evident misalignment between where companies are investing and how prepared their technological foundation truly is to withstand emerging risks in the midst of the AI era.
The report, based on responses from 3,700 business and technology leaders across 21 countries, paints a concerning picture: organizations are investing in next-generation technologies, but many are still struggling to address three basic fronts simultaneously. On one hand, quantum risk is advancing faster than preparedness. On another, digital sovereignty and regulatory constraints are forcing architecture redesigns. Additionally, a significant portion of critical networks that underpin future capabilities are aging or nearing end of life.
For Kyndryl, the problem isn’t just technological but also strategic. The company argues that many firms continue to address these challenges in isolation, treating post-quantum cryptography, data localization, and network modernization as separate projects. Their thesis is the opposite: when handled in silos, operational blind spots appear, resilience is weakened, and the ability to scale AI-supported business operations is limited.
Quantum threat is on the table but not yet a top priority
One of the most striking data points in the report is the contrast between investment and perception. 62% of organizations report investing in quantum technologies, yet only 4% of leaders believe quantum computing will have the greatest short-term impact. Moreover, 20% fear these investments won’t yield a short-term return. For Kyndryl, this disconnect can be dangerous because it diminishes the urgency with which the transition to post-quantum cryptography is being addressed.
This risk isn’t theoretical. In August 2024, NIST approved the first three official standards for post-quantum cryptography and is maintaining an open transition toward new quantum-resistant algorithms. These standards can already be implemented to protect everything from emails to e-commerce transactions. In other words, the issue has moved beyond academia: the standard exists and the transition has begun.
Therefore, Kyndryl emphasizes the ongoing threat of “harvest now, decrypt later,” even if it’s not explicitly mentioned throughout the report. The concern is clear: data encrypted today with vulnerable algorithms could be captured now and decrypted in the future when quantum computing matures sufficiently. This scenario shifts post-quantum preparedness from a long-term issue to an immediate security and strategic priority.
Data sovereignty shifts from a bonus to a design requirement
The second major focus of the report is digital sovereignty. Kyndryl highlights that 84% of leaders state that sovereignty and data repatriation regulations have gained importance over the past year, while 86% see increasingly critical the regulatory alignment of cloud providers. This snapshot reflects a broader reality: governments are tightening demands around data localization, access, and control, forcing organizations to rethink architecture and relations with technology providers.
In Europe, this movement is closely linked to the NIS2 Directive. The European Commission recalls that this regulation establishes a common legal framework for cybersecurity across 18 critical sectors in the EU, strengthening risk management, governance, and cooperation obligations. Although NIS2 doesn’t mandate absolute data localization, it encourages many organizations to review their architecture, supply chains, and reliance on cloud and technology providers.
Kyndryl interprets this evolution as a paradigm shift. Data sovereignty is no longer an added compliance layer but a structural design requirement. It directly impacts where data resides, how applications are distributed, which providers are selected, and the company’s ability to maintain technical and legal control over its digital assets. In a more fragmented geopolitical environment, this issue cannot be resolved merely through contracts; it requires real redesign.
Legacy networks threaten the move to AI
The third area highlighted by Kyndryl may seem less prominent at first glance, but it’s equally critical. The report states that 25% of mission-critical networks, storage systems, and servers are at end-of-life, and 20% of leaders identify networks as one of the main barriers to scaling recent technological investments. Furthermore, only 37% believe their network infrastructure is prepared to handle future risks.
This warning is especially relevant because AI depends on continuous, fast, and high-quality data flows. If the network doesn’t support this, the value of investments in models, automation, or analytics diminishes. Kyndryl emphasizes that networks—traditionally viewed as invisible infrastructure—are becoming central to enterprise performance. It’s not just a lofty statement: if connectivity is weak, fragmented, or outdated, AI cannot scale effectively, regardless of how advanced the upper layers appear.
The conclusion of the report is that modernization must be integrated; otherwise, it won’t be sufficient. Companies that proactively prepare for quantum risks, design architectures with sovereignty in mind, and upgrade networks to support AI workloads will be better positioned to reduce exposure, accelerate innovation, and build long-term resilience. In short, the gap Kyndryl identifies isn’t only between advanced and lagging companies but also between those connecting these challenges holistically and those treating them as isolated pieces.
Frequently Asked Questions
What has Kyndryl detected in its 2025–2026 report?
Kyndryl identifies a gap between investment in next-generation infrastructure and the actual readiness of companies to jointly manage quantum risk, data sovereignty, and aging networks.
Why is quantum computing already a concern for businesses?
Because the transition to post-quantum cryptography has already begun, with NIST approving the first official standards in 2024. The risk is that data protected today with vulnerable cryptography could be decrypted in the future.
What role does data sovereignty play in this warning?
Kyndryl argues that digital sovereignty is shifting from a compliance afterthought to a fundamental architectural requirement, driven by stricter regulations and geopolitical tensions.
What issues do legacy networks face with AI?
According to the report, a significant portion of critical infrastructure is outdated, and many organizations recognize that their networks are now a barrier to scaling technological and AI investments because these rely on continuous, high-quality data flows.