PQC Fast Facts
- Attackers are already stealing your encrypted data today — storing it until quantum computers arrive to crack it open, a strategy security researchers call “harvest now, decrypt later.”
- The U.S. government finalized new quantum-resistant encryption standards in August 2024 and has ordered all federal agencies to complete migration by 2035 — most small businesses haven’t heard either fact.
- A cryptographic transition takes five to 10 years to complete, and experts place Q-Day — the moment quantum computers can break today’s encryption — as early as 2030, leaving businesses that haven’t started with no margin for error.
The encryption systems that most businesses rely on today were built for a world of conventional computers. That world is ending. Quantum computers — machines that exploit the physics of subatomic particles to perform calculations that would take ordinary computers millions of years — are advancing rapidly enough that the U.S. government has ordered all federal agencies to complete a migration to new, quantum-resistant encryption standards by 2035. The private sector has no such mandate. Most small and medium-sized businesses don’t yet know the clock is running.
The threat has a name and a timeline. Cybersecurity researchers call the moment a quantum computer becomes powerful enough to break today’s standard encryption “Q-Day.” The Global Risk Institute’s Quantum Threat Timeline, one of the most widely cited assessments in the field, estimates a greater-than-50% probability that a cryptographically relevant quantum computer exists by the mid-2030s. The U.S. National Security Agency has set 2030 as a deprecation date for current encryption standards, and 2035 as the point at which their use should be prohibited entirely. In December 2025, a Google researcher published analysis suggesting the hardware requirements to crack RSA-2048 — the encryption standard protecting most internet traffic today — may be lower than previously thought, potentially compressing those timelines further.
“Looking forward, I agree with the initial public draft of the NIST internal report on the transition to post-quantum cryptography standards: vulnerable systems should be deprecated after 2030 and disallowed after 2035,” wrote Craig Gidney, the Google researcher, adding that his reasoning was not that quantum computers capable of breaking encryption would exist by then, but that “I prefer security to not be contingent on progress being slow.”
The Threat That Is Already Here
Business owners may think quantum threat sounds like a problem for 2030, but expert suggests they are misreading the situation. The danger is not only future — it is present.
Intelligence agencies and sophisticated criminal organizations are already running what security researchers call “harvest now, decrypt later” (HNDL) attacks. The strategy is straightforward: intercept and archive encrypted corporate data today, then decrypt it once quantum computers become capable of doing so. The data doesn’t need to be readable now. It just needs to be collected.
According to security firm Keyfactor, attackers — primarily nation-state actors — are currently stealing “massive amounts of encrypted data and shelving it until quantum capabilities become available.” Incidents over the past decade that security analysts believe resemble HNDL operations include the rerouting of Canadian internet traffic through China in 2016, similar interception of European mobile traffic in 2019, and the redirection of data from Google, Amazon, Facebook, and more than 200 other networks through Russia in 2020.
Small business owners might reasonably conclude their data isn’t worth the effort. That assumption has historically proven costly. A study by HP’s Wolf Security found that between 2017 and 2020, roughly one-third of nation-state cyberattacks targeted enterprise businesses, not governments. Corporate intellectual property — product designs, client lists, pricing models, proprietary formulas — is increasingly treated as a strategic target by foreign governments seeking economic advantages.
The Federal Reserve published a research paper in 2025 formalizing the HNDL risk using what cryptographers call Mosca’s Theorem: if the time required to migrate to quantum-resistant encryption, added to the time a business needs that data to remain confidential, exceeds the time before Q-Day arrives, that business is already exposed. For a law firm protecting client privilege, a healthcare provider bound by HIPAA, or an accountancy holding tax records, the shelf life of sensitive data can easily stretch a decade or more.
The implication is that the question for most businesses is not “will our encryption eventually be vulnerable?” It is “was data we transmitted last year, or last month, already collected by someone waiting for quantum computers to arrive?”
What Changed in 2024 — And Why Most Businesses Missed It
In August 2024, the National Institute of Standards and Technology (NIST) published the most consequential upgrade to encryption standards in a generation. Three new Federal Information Processing Standards (FIPS) — technical specifications for quantum-resistant encryption — were finalized after an eight-year evaluation process involving cryptographers from dozens of countries. A fourth standard is in development; a fifth algorithm was selected in March 2025 as a backup.
The three finalized standards are ML-KEM (FIPS 203), designed for general encryption and key exchange; ML-DSA (FIPS 204), for digital signatures; and SLH-DSA (FIPS 205), a signature standard based on hash functions. They are built on mathematical problems — including problems based on the geometry of high-dimensional lattices — that quantum computers are not known to be able to solve efficiently. NIST is urging organizations to begin migrating immediately.
The announcement received modest coverage in the technology press and almost none in the business press, according to cybersecurity firm AKATI Sekurity. That coverage gap, the firm wrote in April 2026, “is the real risk.”
Tech giants didn’t wait for the business press to catch up. By late 2025, more than half of human-initiated traffic on Cloudflare‘s global network was using post-quantum key exchange, according to Cloudflare’s own analysis. Google has integrated quantum-resistant algorithms across Chrome and its internal services. Apple introduced post-quantum protections for iMessage in its PQ3 protocol. Amazon Web Services offers hybrid post-quantum encryption for its load balancers. Microsoft has announced a target for full ecosystem transition by 2033.
The largest technology companies in the world are treating post-quantum migration as an urgent operational priority. Most small and medium-sized businesses have not yet had the conversation.
What Your Business Should Do Now
Migrating to quantum-resistant encryption is not a project that can be completed over a weekend. NIST estimates the transition will take five to 10 years for most organizations. That makes the timeline tighter than it appears: a business that begins planning in 2026 and completes migration by 2033 or 2034 will be finishing just as Q-Day risks peak, with little margin for error. The following steps, drawn from NIST guidance and security practitioners, provide a practical starting point.
Take inventory of your encryption. Most businesses don’t know exactly where encryption is in use — which systems, which vendors, which communications channels rely on which algorithms. Start there. Ask your IT provider or managed security service provider (MSSP) to produce a cryptographic inventory: a map of every place your organization uses RSA, elliptic curve, or Diffie-Hellman encryption. These are the standards that quantum computers will be able to break.
Prioritize key exchange. Cloudflare, in guidance published in late 2025, recommends that organizations focus first on “key agreement” protocols — the mechanisms by which two computers establish a secure channel before exchanging data. Upgrading to TLS 1.3 with ML-KEM, the primary NIST-recommended standard for this purpose, directly counters the harvest-now-decrypt-later threat. This is the highest-priority technical step for most organizations. Digital signature migration, while important, is lower urgency for now.
Identify your most sensitive data. Not all data carries equal risk. Financial records, personal health information, contracts, intellectual property, and anything with a long confidentiality shelf life should be prioritized. Data that will be irrelevant in two years presents far less HNDL risk than data that must remain confidential for a decade.
Ask vendors the right questions. Your cloud storage provider, payment processor, accounting software, email system, and customer relationship management platform all use encryption. Ask each vendor: Are your systems using NIST’s post-quantum standards? What is your migration timeline? Do you offer hybrid post-quantum TLS? The answers will reveal which partners are ahead of the curve and which represent lingering exposure.
Build for crypto agility. Cybersecurity professionals use the term “crypto agility” to describe the capacity to swap out one encryption algorithm for another without rebuilding core systems from scratch. Organizations that build or purchase systems with this flexibility built in will be able to adapt as standards evolve — and they will evolve. NIST’s selection of a fifth backup algorithm in 2025 was explicitly intended to hedge against the possibility that earlier standards prove vulnerable to future attacks. Building rigid systems around any single algorithm is a mistake.
Consult a professional. NIST maintains a free post-quantum cryptography resource page, which includes the finalized standards, migration guidance, and links to ongoing standardization efforts. The Cybersecurity and Infrastructure Security Agency (CISA) has published a Post-Quantum Cryptography Initiative with sector-specific guidance. For businesses seeking external help, MSSPs and cryptography consultants who specialize in PQC migration are an emerging and rapidly growing category of security provider.
The Cost of Waiting
Organizations that delay migration face more than a technical problem. Under U.S. law and in an increasing number of international regulatory frameworks, the failure to implement reasonable security measures can constitute negligence. When a breach eventually traces to data harvested before an organization had updated its encryption, the regulator’s question will not be whether quantum computers existed at the time the data was collected. The question, as AKATI Sekurity put it, will be: “When did you know PQC migration was necessary, and what did you do?”
The NIST standards have now been published for nearly two years. The answer, for an organization that has done nothing, will be difficult to give.
Post-quantum migration is not a discretionary IT upgrade. It is the correction of an existing liability — one that accrued with every sensitive document transmitted, every customer record stored, every financial transaction processed under encryption that a quantum computer will one day be able to break. The data is already out there. The only variable that remains under a business owner’s control is whether their systems will be standing when Q-Day arrives.
