Attackers are already harvesting encrypted data now to decrypt later once quantum computers can break today’s encryption. If your data needs to stay confidential for 10+ years (IP, health data, contracts, critical infrastructure), you’re already on the clock.
Governments are signalling clear deadlines: phase out RSA/ECC and move to post‑quantum cryptography (PQC) by the early‑to‑mid 2030s. NIST has released the first PQC standards, and vendors are rolling out quantum‑safe options now.
Practical steps to start today:
Inventory where you use crypto (TLS, VPNs, apps, devices, suppliers). -
Prioritise systems and data with long confidentiality lifetimes. -
Design for hybrid crypto (classical + PQC) instead of one big‑bang cutover. -
Make “quantum‑ready” a requirement for new vendors and projects.
Quantum computers may be 10–15 years away, but the migration will take just as long. The question for leaders in 2026 is no longer if you’ll go quantum‑safe – it’s whether you’ll do it by design or under pressure.