The cryptographic systems that protect enterprise data today were built on a foundational assumption: that certain mathematical problems are computationally impossible to solve in any practical timeframe. RSA encryption, elliptic curve cryptography, and the key exchange protocols that secure every TLS connection across the internet all depend on this assumption. Quantum computing threatens to overturn it.
For enterprise security leaders, understanding what quantum computing means for cryptography, what is already being done to address the threat, and what their organizations need to do now is no longer optional. The transition to quantum-safe cryptography is the largest cryptographic migration in the history of computing, and the organizations that begin planning today will be in a substantially better position than those that wait.
What Makes Quantum Computing a Cryptographic Threat
Classical computers process information in binary, evaluating one possibility at a time through sequential calculation. Quantum computers use quantum bits, or qubits, which can exist in multiple states simultaneously through a property called superposition. This allows quantum computers to evaluate many possible solutions to a mathematical problem in parallel rather than sequentially.
The cryptographic relevance of this capability lies in a quantum algorithm developed by mathematician Peter Shor in 1994. Shor’s algorithm can solve the prime factorization problem, the mathematical foundation of RSA encryption, and the discrete logarithm problem, the foundation of elliptic curve cryptography, in a fraction of the time required by classical computers. When quantum hardware reaches sufficient scale to run Shor’s algorithm against real-world key sizes, the encryption protecting the majority of enterprise communications, transactions, and data at rest will be breakable.
The quantum computing security and cryptography challenge organizations face is therefore not hypothetical. It is a near-term planning imperative whose timeline is uncertain but whose direction is not.
The Harvest Now, Decrypt Later Threat
One of the most consequential dimensions of quantum risk is that it is already materializing, even before cryptographically relevant quantum computers exist. Nation-state threat actors and sophisticated criminal organizations are currently capturing encrypted enterprise data with the explicit intention of storing it until quantum decryption becomes viable. This strategy, known as harvest now, decrypt later, means that data encrypted today using current standards may be exposed to decryption within the lifespan of a quantum computer’s development.
For organizations holding data whose sensitivity extends over years or decades, including healthcare records, intellectual property, financial transaction histories, government communications, and legal documents, this threat is immediate and concrete. Every day that encrypted data is transmitted using quantum-vulnerable cryptographic standards extends the window of exposure.
This urgency has driven governments and standards bodies to accelerate the development and deployment of quantum-resistant cryptographic algorithms before cryptographically capable quantum computers arrive.
See also: How Automation Technology Saves Time
NIST and the Post-Quantum Cryptography Standards
The United States National Institute of Standards and Technology spent eight years evaluating post-quantum cryptographic algorithms submitted by cryptographers from around the world. In August 2024, NIST finalized its first set of post-quantum cryptography standards, marking what experts describe as a pivotal moment in the history of cybersecurity.
The finalized standards center on lattice-based cryptographic approaches. The primary algorithms include ML-KEM, based on the CRYSTALS-Kyber framework, for general key encapsulation and encryption, and ML-DSA, based on CRYSTALS-Dilithium, along with SLH-DSA, based on SPHINCS+, for digital signatures. These algorithms are designed to be computationally hard for both classical and quantum computers and are built to run on existing network infrastructure and hardware, unlike quantum key distribution approaches that require specialized physical infrastructure.
As detailed in MIT Technology Review’s examination of post-quantum cryptography standards, the finalization of these algorithms follows years of intensive cryptanalysis in which several earlier candidates were broken. The first NIST finalists that failed, including an algorithm called SIKE, were broken through mathematical attacks rather than quantum computation, underscoring that the security of post-quantum algorithms cannot be assumed and must be continuously tested. The surviving algorithms represent the current best state of knowledge for quantum-resistant cryptography, but the discipline continues to evolve.
The US federal government has mandated adoption of these NIST standards by 2035 for federal entities, with organizations working with federal agencies expected to follow suit. As noted in TechRepublic’s coverage of the NIST quantum cryptography migration mandate, cryptography experts characterized this as the first step in the largest cryptographic migration in history and a pivotal moment for the security of digital infrastructure globally.
Why Enterprise Cryptography Is Particularly at Risk
Enterprise environments present unique challenges in the transition to quantum-safe cryptography. Most large organizations have cryptography embedded across a sprawling and poorly inventoried set of systems, applications, protocols, and integrations. RSA and elliptic curve cryptography are used in TLS connections that secure web traffic, VPN tunnels, certificate authorities, code signing pipelines, API authentication, database encryption, and dozens of other functions that are rarely audited as a unified portfolio.
The practical challenge of migrating all of these systems to post-quantum cryptographic standards simultaneously is significant. Many systems, particularly legacy infrastructure, embedded devices, and operational technology components, may not support the newer algorithms or may require hardware replacement rather than simple software updates. The computational overhead of post-quantum algorithms is also higher than current cryptographic schemes in some implementations, which has performance implications for latency-sensitive systems.
These challenges make early planning essential. Organizations that wait until post-quantum cryptography is mandated by their regulatory environment or contractual relationships will face compressed migration timelines under compliance pressure, which is a substantially more costly and risky path than a structured, phased transition.
Building a Quantum-Safe Cryptography Program
Transitioning to quantum-safe cryptography is a multi-year program that requires coordination across security, IT architecture, application development, procurement, and executive leadership. The foundational first step is cryptographic inventory: identifying every system, application, protocol, and integration that uses cryptographic functions, and specifically documenting which algorithms and key sizes are in use.
This inventory is the prerequisite for everything that follows. Without it, organizations cannot prioritize migration, assess exposure to the harvest now, decrypt later threat, or evaluate vendor readiness. Many enterprises discover during this process that their cryptographic posture is significantly more complex than anticipated, with cryptographic functions embedded in third-party software, cloud services, IoT devices, and legacy applications that are not under direct IT control.
The next phase is risk-based prioritization. Not all cryptographic assets carry equal sensitivity or the same exposure to long-term decryption risk. Data that will be sensitive for decades, such as biometric identifiers, financial records, and classified information, should be prioritized for migration. Systems that are difficult or expensive to update, such as embedded industrial controllers, should be identified early so that procurement and replacement cycles can be aligned with migration timelines.
Cryptographic agility is the architectural principle that should guide the design of new systems. A cryptographically agile system is one that can swap out its underlying cryptographic algorithms without requiring redesign of the application or infrastructure around it. Building this flexibility into new systems now avoids the problem of creating additional technical debt that will need to be addressed in the next migration cycle.
The operational dimension of the program includes validating that vendors, cloud providers, and technology partners are committed to post-quantum cryptographic support, updating certificate authorities and public key infrastructure to support new algorithm types, and establishing monitoring practices that can detect cryptographic anomalies in the environment.
The Relationship Between Quantum Security and Cryptographic Agility
Quantum security does not end with the migration to NIST-approved post-quantum algorithms. The history of cryptography includes repeated instances in which algorithms believed to be secure were later broken, sometimes by mathematical advances unrelated to the attack they were originally designed to resist. The SIKE algorithm that was broken during the NIST evaluation process is a recent example of exactly this pattern.
Cryptographic agility, the organizational and technical capacity to update cryptographic algorithms quickly when required, is therefore as important a long-term security property as any specific algorithm choice. Organizations that build cryptographic agility into their systems architecture and governance processes will be better positioned to respond to future discoveries, whether those discoveries come from advances in quantum computing, classical cryptanalysis, or entirely new attack methodologies.
This principle is also reflected in NIST’s own approach to post-quantum standardization, which continues to evaluate additional candidate algorithms and has already selected HQC as an additional encryption option in 2025. The post-quantum cryptographic landscape is expected to continue evolving as both quantum hardware capabilities and cryptanalytic techniques advance.
Frequently Asked Questions
When will quantum computers be able to break current encryption?
The timeline for cryptographically relevant quantum computers remains uncertain. Current quantum hardware is not capable of executing Shor’s algorithm against real-world key sizes, which would require quantum computers with millions of stable logical qubits. Estimates from researchers range from a decade to significantly longer, and some experts note that unexpected breakthroughs could compress those timelines substantially. The uncertainty is precisely why preparation should begin now rather than waiting for a clearer timeline, particularly given the harvest now, decrypt later threat that makes current encrypted data vulnerable regardless of when quantum decryption becomes viable.
What is the difference between post-quantum cryptography and quantum key distribution?
What is the difference between post-quantum cryptography and quantum key distribution?
Post-quantum cryptography refers to classical mathematical algorithms designed to resist quantum attacks, running on conventional hardware and integrated into existing protocols and infrastructure. Quantum key distribution uses the physical properties of quantum particles to establish cryptographic keys in a way that is theoretically immune to eavesdropping by any computing system. Post-quantum cryptography is the approach that most organizations will implement because it does not require specialized quantum networking hardware. Quantum key distribution is currently limited to specific high-security environments due to the cost and infrastructure requirements of quantum optical networking.
How should an enterprise begin its post-quantum cryptography migration?
How should an enterprise begin its post-quantum cryptography migration?
The first practical step is a comprehensive cryptographic inventory that documents every system, application, protocol, and third-party integration using cryptographic functions, along with the specific algorithms and key sizes in use. This inventory enables risk-based prioritization of migration efforts, starting with the highest-sensitivity data and the systems that are most difficult to update. Organizations should also assess the cryptographic readiness of their major technology vendors and cloud providers, since many dependencies on external systems cannot be migrated unilaterally. Establishing a multi-year migration roadmap with executive sponsorship is essential for driving the sustained organizational effort that this transition requires.
