In cybersecurity today, the battleground is no longer defined by isolated threats. It is shaped instead by the collision of four transformative technologies: cloud, 5G, AI and quantum computing, each powerful on its own but exponentially more dangerous when converging.
That is the central message from Kevin O’Leary (ASEAN practice leader for security and resiliency, and network and edge) and Conal Hickey (vice president for strategic markets, and security and resiliency leader) from Kyndryl, in an interview with Deeptech Times on the sidelines of GovWare 2025 in Singapore.
“People have been looking at these risks in isolation,” O’Leary noted. “But when you consider how vulnerabilities across cloud, 5G, AI and quantum can be converted into a single attack, the destructive potential becomes enormous.”
The result is a paradigm shift where cyber defence can no longer rely on siloed approaches to IT, OT, networking, or data. As Hickey cautioned, cybercrime already costs the world US$10.5 trillion, a figure expected to reach US$20 trillion by 2030, surpassing the combined value of the global illegal drug trade.
AI: The most immediate risk and the most powerful defence
Among the converging technologies, O’Leary identified AI as the most active security battlefield today: both as a weapon and a shield.
AI-generated phishing and impersonation attacks have already reached levels where even security-trained teams struggle to detect fabrication.
“Phishing emails that were once easy to spot are now so well crafted that even experienced humans struggle to tell them apart, written exactly in the style of a CEO without ever accessing their real email account,” said O’Leary.
Meanwhile, deepfakes have moved from novelty to operational attack elements, especially when combined with social engineering.
Yet he highlighted that AI is equally critical in defence: capable of identifying AI-generated anomalies, correlating signals across environments, and responding at machine speed.
While AI is revolutionising threat detection and autonomous response, it also introduces profound questions of trust, transparency and governance.
“There is no mature company in AI,” O’Leary said. “We’re all learning as we go. Regulations evolve slower than the technology, and a guardrail that works today may be outdated in six months.”
Quantum: A present-day problem, not a future illusion
If AI is today’s challenge, then quantum is tomorrow’s existential one. O’Leary stressed that any organisation using encryption today is exposed, which is essentially every organisation.
“Any place where encryption is relied upon to protect information is vulnerable once quantum decryption becomes real. And even if you’re not targeted, most attacks are opportunistic. Your data could still be harvested and decrypted later,” he said.
“Anywhere there is encryption being used, the risk applies,” Hickey chimed in. “Financial institutions are investing heavily because the stakes are enormous. J.P. Morgan alone manages several trillion dollars of transactions daily.”
Quantum-resilient preparation today requires two priorities:
Post-quantum cryptography (PQC): Enterprises should build an inventory of every encryption method within their environment and determine how quickly they can be upgraded.
Quantum key distribution (QKD): A secure transport mechanism that protects sensitive information in transit, preventing harvested data from being decrypted later.
Yet, quantum risk is not limited to banking. Hickey highlighted the opportunistic nature of cybercrime: “Ransomware today hits wherever value can be extracted – hotels, convention centres, retail chains. If someone uses quantum to shut off the air-conditioning in this venue, they could extort money within minutes.”
5G and the illusion of closed-network safety
Contrary to early fears, 5G public networks have been less catastrophic than expected due to spectrum-sharing strategies. However, O’Leary warned that industrial and private 5G deployments now represent a major hidden risk, particularly where they intersect with OT environments such as manufacturing plants, airports and convention centres.
“Manufacturers see these networks as closed and therefore protected. But once OT and IT converge, attackers can leverage 5G as a pathway,” he said.
Peripheral devices, from security cameras to catering POS terminals, remain glaring security blind spots and recurring initial-access vectors.
Baseline architecture for the hyper-converged era
Rather than waiting for new technologies to mature, O’Leary said organisations must act now using existing tools, starting with zero trust as foundational architecture.
“Zero trust isn’t a buzzword. It’s about how you manage identity, segment your environment and treat domains as untrusted by default. It’s the most effective control we have today against agentic AI and supply chain risk,” he said.
One of the most urgent near-term concerns is the rise of agentic AI, capable of autonomous decision making deep inside a network. Instead of downloading malware payloads, AI may compile malicious code on the spot, bypassing traditional controls.
“That’s why zero trust becomes essential,” O’Leary added. “Agentic AI will behave like a trusted identity. The permissions you give it are the permissions it will use. You must examine every transaction and every usage, not just authenticate once and walk away.”
“We tell clients, start by knowing the most important things in your business. If you’re a hospital, it’s patient records and operating theatre scheduling. If you’re a bank, it’s your payments stack and trading floor. Protect the critical business processes first.” Hickey said.
A new governance model
Cyber resilience today is no longer about preventing attacks. It is about operating through them.
O’Leary framed the new defence posture into three imperatives: protect, detect, recover – encompassing zero trust identity and network segmentation, AI-powered detection capable of sniffing out low and slow threats, and resilience planning to return to minimum viable operation fast (in minutes, not weeks).
Notwithstanding, the human layer remains a decisive factor. “Technology is only as good as the people interacting with it,” Hickey emphasised. Kyndryl works with training partners such as Immersive Labs to operationalise security culture and prepare executive teams for real-world crisis response.
The convergence of cloud, 5G, AI and quantum is not a distant scenario. It is already reshaping the threat landscape. Organisations must shift from buying tools to designing resilience, from protecting data to protecting business-critical processes, and from training people as a compliance requirement to empowering them as front-line defenders.
