Quantum Endgame: The Urgent Call for Post-Quantum Cryptography

The threat of quantum computing to our digital world isn’t a far-off problem; it's a rapidly approaching reality. With a 34% chance that cryptographically relevant quantum computers (CRQCs) will be developed before 2035 (as noted by a recent analysis), the time for action is now. These powerful machines have the potential to break public-key encryption standards, such as RSA 2048, in minutes, which would compromise global communications, financial systems, and national security.

The danger isn't just theoretical. Cybercriminals are already preparing for this future. They are executing “harvest now, decrypt later” attacks, collecting encrypted data today with the intent of decrypting it once quantum computers are mature enough. This practice poses significant risks, as highlighted by PwC's analysis of quantum computing cybersecurity threats. The data shows that industries relying on current cryptographic systems, particularly in financial services and IT infrastructure, are highly vulnerable.

Despite this clear and present danger, most organisations are not prepared. According to IBM's Quantum-Safe Readiness Index, the global average readiness score is just 21 out of 100. This lack of preparation is further underscored by an ISACA Quantum Computing Pulse Poll, which found that only 5% of respondents have a defined strategy to address these risks, even though 62% of them are concerned about quantum threats.

Governments are taking note. In 2022, the U.S. government passed the Quantum Computing Cybersecurity Preparedness Act, a critical step toward securing federal systems. The National Institute of Standards and Technology (NIST) has responded with a series of new post-quantum cryptography (PQC) standards designed to withstand quantum attacks. The first set of these standards was released in August 2024, with ML-KEM emerging as a widely accepted algorithm. NIST has since encouraged organisations to begin their transition as soon as possible, and in March 2025, they selected HQC as a fifth algorithm to serve as a backup to ML-KEM. This proactive approach aims to build redundancy and resilience against potential vulnerabilities.

Forward-thinking businesses are not waiting. Many have already begun implementing NIST-approved PQC solutions across their critical systems. This aligns with the World Economic Forum's view that quantum computing could “render current encryption schemes obsolete,” threatening the integrity of digital economies and eroding trust in foundational digital infrastructures.

To effectively prepare, organisations should focus on several key areas:

• Audit cryptographic assets: Identify all systems using public-key cryptography to prioritise the transition.

• Embrace crypto-agility: Build systems that can adapt to new cryptographic standards quickly.

• Diversify algorithms: Deploy multiple NIST-approved algorithms to create redundant security layers.

• Ensure end-to-end encryption: Secure the entire communication chain.

• Train technical teams: Equip security and development staff with the knowledge to implement PQC.

  
  

The cost of waiting is high. As Deloitte's Tech Trends 2025 points out, a complacent mindset is a dangerous one. The financial services sector, for example, faces a particularly acute risk. According to experts at the Hudson Institute, a quantum attack on a network like Fedwire could have a catastrophic impact, potentially worse than the 2008 financial crisis.

The time to act is now. The transition to a quantum-safe world will take significant time and effort. It is no longer a question of "if" quantum computers will break today's encryption, but "when." Organisations that fail to prepare will find themselves vulnerable, with their security and credibility severely compromised.