Businesses Should Pay Attention to Rise of Post‑quantum Cryptography

In this interview, the spokesperson of Data Privacy Week 2026 and Chief Information Security Officer at TeKnowledge, Eric Schifflers, speaks on why Businesses should be paying attention to the rise of Post‑quantum Cryptography, data privacy, data handling, information security, cybersecurity, enterprise readiness. Excerpts

Why is Data Privacy Week still highly relevant in 2026, especially for businesses operating in emerging and complex digital markets like Africa?

Data Privacy Week remains highly relevant in 2026 because the volume, speed, and value of personal data have only increased—especially markets like Africa, where digital adoption is accelerating faster than regulatory and institutional maturity. The Data Privacy Week creates a shared focal point for raising awareness, reinforcing internal policies, and engaging customers, partners, and regulators on how data is collected, processed, and protected.

From your perspective as a global CISO, how has the conversation around data privacy evolved over the last few years from compliance to business resilience?

Up until a few years ago, data privacy was often treated as a legal or compliance function, focusing on policy documentation, simply satisfying requirements, and passing audits. Today, boards and executives around the world increasingly see data privacy as a strategic risk. Data breaches, regulatory fines, and reputational damage have made it clear that poor privacy practices can directly impact revenue, customer trust, and operational continuity. This evolution has led organizations to integrate privacy into incident response, third‑party risk management, and cyber‑resilience planning.

What are the most common mistakes organisations still make when it comes to handling customer and employee data?

One of the most common mistakes organisations make is treating data protection as a purely technical or process‑driven exercise, while underestimating the human element. They tend to invest heavily in encryption, access controls, and automated workflows, but fail to embed data privacy and security awareness into everyday behaviour across the workforce. Another frequent mistake is treating privacy as a one‑time activity or project rather than an ongoing discipline. Organizations conduct initial training, create policies, and run awareness campaigns, but then fail to reinforce those messages or adapt them to new threats, technologies, or business models. This leads to gaps in understanding, especially when new tools such as GenAI apps are introduced without clear privacy guidance.

How should businesses be thinking about data ownership and responsibility in an era of cloud computing, AI, and cross-border data flows?

In an era of cloud computing and AI, businesses must move away from thinking of data as a by‑product and instead treat it as a strategic asset with clearly defined ownership and responsibility. The key is to anchor this mindset in strong data governance, data classification and labelling, and explicit data‑ownership responsibilities. Additionally, Data Classification and Labelling are essential to ensure that appropriate controls are applied as needed. Not all data is created equal, and some datasets are highly sensitive (such as PII, health, or financial information) while others are less critical. By classifying data at the source and applying clear labels, businesses can automate access controls, encryption, retention policies, and monitoring, especially when data moves across borders or is used to train AI models.

What role does leadership play in embedding responsible data handling practices across an organization and not just within IT teams?

Leadership plays a decisive role in embedding responsible data handling practices across an organization because tone and behaviour at the top shape culture far more than any policy or tool. When executives lead by example by handling data with care, respecting privacy, and consistently following the same rules they expect from others, they send a powerful message that data responsibility is a business‑wide priority, not just an IT or compliance issue. Responsible data handling should be framed as an enabler, not a burden. Leaders can do this by clearly linking data practices to customer trust, brand reputation, and business resilience. When employees see that protecting data directly supports the company’s ability to innovate, comply with regulations, and retain customers, they are more likely to view it as part of their everyday role rather than an extra hurdle.

Cyber threats are becoming more sophisticated. What are the biggest information security risks facing enterprises today?

One of the biggest information security risks organizations are facing are increasingly tied to where data is stored and processed, not just to perimeter defences. Cyber threats have become more sophisticated and automated, and AI has given attackers powerful capabilities to discover and exploit weaknesses in how data is handled across environments. Many organizations operate with fragmented visibility across on‑premises systems, multiple cloud platforms, third‑party services, and collaboration tools. As a result, they may not know which systems contain customer PII, financial records, or intellectual property, or how that data moves between environments. In an AI‑driven threat landscape, attackers can quickly scan for misconfigurations, weak access controls, or unprotected data stores. If an organization cannot see where its data lives and how it is being processed, it cannot protect it effectively. That is why modern security programs must treat data‑location and data‑flow visibility as a core capability, not an afterthought.

What makes TeKnowledge’s approach to information security different from traditional managed services or advisory firms?

TeKnowledge provides expert technology services.  partnering with enterprises, governments, and tech companies to help them on their journey to become AI-first. We operate across four continents from 16 hubs, with over 4,000 experts delivering 24/7 operations to support our clients when they need us most. We are a global Microsoft partner, we deliver enterprise support worldwide, improve customer experience, while also empowering governments and financial institutions—from a leading national cyber agency in the Middle East to ministries and banks across LATAM and in Africa , we are partners to some of Nigeria’s leading financial institutions in skilling their digital workforce, increasing their tech talent pool and providing end-to-end support from strategy to deployment and ongoing optimisation in their AI-first vision.Unlike traditional managed services or advisory firms, our model integrates deep engineering capability, global scalability, and trusted partnerships with a human-centric approach that enables people within organisations to adopt a positive behavioural change towards data protection.

With regulations like NDPR, GDPR, and other global frameworks, how should organisations approach compliance without treating it as a box-ticking exercise?

Organisations should treat data‑protection regulations like NDPR and GDPR, not as isolated compliance tasks, but as a continuous risk‑management and business‑enablement journey. In our case, achieving ISO/IEC 27701 certification has been central to that approach: it provides a structured, auditable framework that aligns with GDPR and NDPR requirements while embedding privacy into our processes, not just our documentation. By adopting ISO 27701, we’ve turned compliance into an operational discipline. It forces us to map data flows, define lawful bases, implement privacy‑by‑design, and maintain robust records of processing activities—core requirements that regulators look for.

If there’s one mindset shift you would encourage organisations to adopt this Data Privacy Week, what would it be?

If there’s one mindset shift, I would encourage organizations to adopt it is this: “never settle”. Information security and data privacy are not static checkpoints; they are continuous disciplines that must evolve alongside the threat landscape and the regulatory environment. Organizations should move away from thinking in terms of “we are compliant” or “we passed the audit” and instead adopt a posture of constant improvement. New technologies, new attack techniques, and new regulations will keep emerging, and yesterday’s controls may not be sufficient tomorrow. This means regularly reassessing risks, updating policies, refreshing training, and testing incident‑response capabilities. By embracing a mindset of continuous adaptation, organizations position themselves not just to meet today’s requirements, but to anticipate tomorrow’s challenges.

Looking to the future, what emerging trends in cybersecurity and data protection should businesses be paying attention to now?

One of the most critical emerging trends businesses should be paying attention to is the rise of Post‑quantum cryptography (PQC). As quantum computing advances, traditional encryption algorithms that currently protect most of today’s data could eventually be broken, exposing sensitive information that is intercepted or stored today. Organizations need to start thinking about this now, even if large‑scale quantum attacks are not imminent. The risk is not only future‑facing; data that is encrypted today using current standards may still be valuable years from now, and if it is harvested now, it could be decrypted later once quantum‑resistant algorithms are broken or quantum computers mature. In short, post‑quantum cryptography is no longer a theoretical concern; it is an emerging reality that organizations must factor into their long‑term security and data‑protection strategies. Starting the conversation and the planning now will help ensure that today’s encrypted data remains protected in a future quantum‑enabled world.