Activities which organisations must carry out to migrate safely to post-quantum cryptography in the coming years.

The EU Member States, supported by the Commission, issued a roadmap and timeline to start using a more complex form of cybersecurity, the so-called post-quantum cryptography (PQC).

Achieving a comprehensive cryptographic inventory often requires combining multiple tools and methodologies. Each solution...

Unbreakable Encryption Alert: NIST Wants Your Opinion! Boost your data safety before quantum hackers win. Deadline: June 25, 2025. Act now!

Quantum computing’s ability to break today’s encryption may still be years away—but security leaders can’t afford to wait. Forrester’s The Future of Quantum Security makes it clear: the transition to quantum-safe cryptography must start now. Related: Quantum standards come of … (more…)

It is no secret that the technology of quantum computing is undergoing a massive transformation - one which promises to redefine the very foundations of digital security worldwide. Quantum computing, once thought to be nothing more than a theoretical construct, is now beginning to gain practical application in the world of computing.  A quantum computer, unlike classical computers that process information as binary bits of zeros or ones, is a device that enables calculations to be performed at a scale and speed previously deemed impossible by quantum mechanics, leveraging the complex principles of quantum mechanics.  In spite of their immense capabilities, this same power poses an unprecedented threat to the digital safeguards underpinning today's connected world, since conventional systems would have to solve problems that would otherwise require centuries to solve.   The science of cryptography at the heart of this looming challenge is the science of protecting sensitive data through encryption and ensuring its confidentiality and integrity. Although cryptography remains resilient to today's cyber threats, experts believe that a sufficiently advanced quantum computer could render these defences obsolete.  Governments around the world have begun taking decisive measures in recognition of the importance of this threat. In 2024, the U.S. National Institute of Standards and Technology (NIST) released three standards on postquantum cryptography (PQC) for protecting against quantum-enabled threats in establishing a critical benchmark for global security compliance.  Currently, additional algorithms are being evaluated to enhance post-quantum encryption capabilities even further. In response to this lead, the National Cyber Security Centre of the United Kingdom has urged high-risk systems to adopt PQC by 2030, with full adoption by 2035, based on the current timeline.  As a result, European governments are developing complementary national strategies that are aligned closely with NIST's framework, while nations in the Asia-Pacific region are putting together quantum-safe roadmaps of their own. Despite this, experts warn that these transitions will not happen as fast as they should. In the near future, quantum computers capable of compromising existing encryption may emerge years before most organisations have implemented quantum-resistant systems. Consequently, the race to secure the digital future has already begun. The rise of quantum computing is a significant technological development that has far-reaching consequences that extend far beyond the realm of technological advancement.  Although it has undeniable transformative potential - enabling breakthroughs in sectors such as healthcare, finance, logistics, and materials science - it has at the same time introduced one of the most challenging cybersecurity challenges of the modern era, a threat that is not easily ignored. Researchers warn that as quantum research continues to progress, the cryptographic systems safeguarding global digital infrastructure may become susceptible to attack.  A quantum computer that has sufficient computational power may render public key cryptography ineffective, rendering secure online transactions, confidential communications, and data protection virtually obsolete.  By having the capability to decrypt information that was once considered impenetrable, these hackers could undermine the trust and security frameworks that have shaped the digital economy so far. The magnitude of this threat has caused business leaders and information technology leaders to take action more urgently.  Due to the accelerated pace of quantum advancement, organisations have an urgent need to reevaluate, redesign, and future-proof their cybersecurity strategies before the technology reaches critical maturity in the future.  It is not just a matter of adopting new standards when trying to move towards quantum-safe encryption; it is also a matter of reimagining the entire architecture of data security in the long run. In addition to the promise of quantum computing to propel humanity into a new era of computational capability, it is also necessary to develop resilience and foresight in parallel. There will be disruptions that are brought about by the digital age, not only going to redefine innovation, but they will also test the readiness of institutions across the globe to secure the next frontier of the digital age. The use of cryptography is a vital aspect of digital trust in modern companies. It secures communication across global networks, protects financial transactions, safeguards intellectual property, and secures all communications across global networks.  Nevertheless, moving from existing cryptographic frameworks into quantum-resistant systems is much more than just an upgrade in technology; it means that a fundamental change has been made to the design of the digital trust landscape itself. With the advent of quantum computing, adversaries have already begun using "harvest now, decrypt later" tactics, a strategy which collects encrypted data now with the expectation that once quantum computing reaches maturity, they will be able to decrypt it.  It has been shown that sensitive data with long retention periods, such as medical records, financial archives, or classified government information, can be particularly vulnerable to retrospective exposure as soon as quantum capabilities become feasible on a commercial scale. Waiting for a definitive quantum event to occur before taking action may prove to be perilous in a shifting environment.  Taking proactive measures is crucial to ensuring operational resilience, regulatory compliance, as well as the protection of critical data assets over the long term. An important part of this preparedness is a concept known as crypto agility—the ability to move seamlessly between cryptographic algorithms without interrupting business operations.  Crypto agility has become increasingly important for organisations operating within complex and interconnected digital ecosystems rather than merely an option for technical convenience. Using the platform, enterprises are able to keep their systems and vendors connected, maintain robust security in the face of evolving threats, respond to algorithmic vulnerabilities quickly, comply with global standards and remain interoperable despite diverse systems and vendors. There is no doubt that crypto agility forms the foundation of a quantum-secure future—and is an essential attribute that all organisations must possess for them to navigate the coming era of quantum disruption confidently and safely. As a result of the transition from quantum cryptography to post-quantum cryptography (PQC), it is no longer merely a theoretical exercise, but now an operational necessity.  Today, almost every digital system relies heavily on cryptographic mechanisms to ensure the security of software, protect sensitive data, and authenticate transactions in order to ensure that security is maintained. When quantum computing capabilities become available to malicious actors, these foundational security measures could become ineffective, resulting in the vulnerability of critical data around the world to attack and hacking.  Whether or not quantum computing will occur is not the question, but when. As with most emerging technologies, quantum computing will probably begin as a highly specialised, expensive, and limited capability available to only a few researchers and advanced enterprises at first. Over the course of time, as innovation accelerates and competition increases, accessibility will grow, and costs will fall, which will enable a broader adoption of the technology, including by threat actors.  A parallel can be drawn to the evolution of artificial intelligence. The majority of advanced AI systems were confined mainly to academic or industrial research environments before generative AI models like ChatGPT became widely available in recent years. Within a few years, however, the democratisation of these capabilities led to increased innovation, but it also increased the likelihood of malicious actors gaining access to powerful new tools that could be used against them.  The same trajectory is forecast for quantum computing, except with stakes that are exponentially higher than before. The ability to break existing encryption protocols will no longer be limited to nation-states or elite research groups as a result of the commoditization process, but will likely become the property of cybercriminals and rogue actors around the globe as soon as it becomes commoditised.  In today's fast-paced digital era, adapting to a secure quantum framework is not simply a question of technological evolution, but of long-term survival-especially in the face of catastrophic cyber threats that are convergent at an astonishing rate. A transition to post-quantum cryptography (PQC), or post-quantum encryption, is expected to be seamless through regular software updates for users whose digital infrastructure includes common browsers, applications, and operating systems.  As a result, there should be no disruption or awareness on the part of users as far as they are concerned. The gradual process of integrating PQC algorithms has already started, as emerging algorithms are being integrated alongside traditional public key cryptography in order to ensure compatibility during this transition period.  As a precautionary measure, system owners are advised to follow the National Cyber Security Centre's (NCSC's) guidelines to keep their devices and software updated, ensuring readiness once the full implementation of the PQC standards has taken place. While enterprise system operators ought to engage proactively with technology vendors to determine what their PQC adoption timelines are and how they intend to integrate it into their systems, it is important that they engage proactively.  In organisations with tailored IT or operational technology systems, risk and system owners will need to decide which PQC algorithms best align with the unique architecture and security requirements of these systems. PQC upgrades must be planned now, ideally as part of a broader lifecycle management and infrastructure refresh effort. This shift has been marked by global initiatives, including the publication of ML-KEM, ML-DSA, and SLH-DSA algorithms by NIST in 2024.  It marks the beginning of a critical shift in the development of quantum-resistant cryptographic systems that will define the next generation of cybersecurity. In the recent surge of scanning activity, it is yet another reminder that cyber threats are continually evolving, and that maintaining vigilance, visibility, and speed in the fight against them is essential.  Eventually, as reconnaissance efforts become more sophisticated and automated, organisations will not only have to depend on vendor patches but also be proactive in integrating threat intelligence, continuously monitoring, and managing attack surfaces as a result of the technological advancements.  The key to improving network resilience today is to take a layered approach, which includes hardening endpoints, setting up strict access controls, deploying timely updates, and utilising behaviour analytics-based intelligent anomaly detection to monitor the network infrastructure for anomalies from time to time.  Further, security teams should take an active role in safeguarding the entire network against attacks that can interfere with any of the exposed interfaces by creating zero-trust architectures that verify every connection that is made to the network. Besides conducting regular penetration tests, active participation in information-sharing communities can help further detect early warning signs before adversaries gain traction. Attackers are playing the long game, as shown by the numerous attacks on Palo Alto Networks and Cisco infrastructure that they are scanning, waiting, and striking when they become complacent. Consistency is the key to a defender's edge, so they need to make sure they know what is happening and keep themselves updated.

Given the practical challenges, organizations may need to begin their quantum-readiness journey with a risk-driven approach rather than a theoretically perfect one. The essence of this strategy is to ...

With careful planning, the transition to post-quantum cryptography can significantly improve security and risk management for the present and future.

Security teams are scrambling to devise technology that keeps data secure in an era of virtually unlimited compute power.

IBM's Quantum Safe platform aims to protect organizations from future quantum threats to classical cryptography.

For a few years now, the cybersecurity community has had its own version of Y2K, the calendar change that threatened to take down global IT infrastructure.

As quantum computing advances, organizations must adopt future-proof security strategies to safeguard data against emerging threats.

Quantum readiness is not an exercise in science fiction – it’s a very practical program that yields benefits immediately...

While PQC offers a viable path to quantum readiness, it also presents significant PQC challenges that must be understood and addressed...

Organizations must adopt quantum-safe strategies for cryptographic resilience, ensure agility and implement defense-in-depth frameworks to safeguard global cybersecurity.

Broadcom has added quantum-secure algorithms to its latest Fibre Channel card to encrypt traffic and detect ransomware in real time.

At IBM Research, we’re inventing what’s next in AI, quantum computing, and hybrid cloud to shape the world ahead.

Rik Turner, Chief Analyst at Omdia, explores cybersecurity trends, post-quantum readiness, and how AI is reshaping enterprise defense.