The Quantum Clock Is Ticking: Why Security Leaders Must Act by 2026
Why it matters: Quantum computers will eventually break the cryptography protecting most of today’s secure communications, software updates, and digital identities. National security agencies have set concrete deadlines: organisations should have migration plans by 2026, critical systems protected by 2030, and legacy cryptography retired by 2035. The threat is not hypothetical; it is a planning assumption with official timelines.
The Threat Is Real, and It Has a Schedule
For decades, RSA and similar public-key cryptography have underpinned secure internet communications, software signing, and identity verification. A sufficiently powerful quantum computer could break these schemes in hours rather than the billions of years classical computers would require [1].
How likely is this? Annual surveys of quantum computing progress now estimate a 19 to 34 per cent probability that quantum computers will break asymmetric cryptography within relevant planning horizons [1]. For any security-conscious organisation, those odds are far too high to ignore.
Recent progress reinforces this urgency. Researchers have demonstrated 448 caesium atoms being manipulated by lasers as quantum bits, and multiple technological approaches are advancing simultaneously [1]. To run the attacks that would break cryptography, quantum computers will need roughly a million such qubits working together with robust error correction. That goal remains some years away, but progress in recent weeks has been impressive across different hardware approaches [1].
Three Deadlines Every Organisation Should Know
The UK National Cyber Security Centre, EU bodies, US agencies, and NIST have converged on a remarkably consistent set of milestones [1]:
By the end of 2026: Organisations should have a plan in place. The EU recommendation is that enterprises should be “prepared” by this date, meaning they understand their exposure and have a roadmap [1].
By the end of 2030: Highest-priority migrations should be complete. Critical infrastructure, high-risk use cases, and code-signing for software and firmware should be fully quantum-resistant [1].
By 2035: RSA and similar asymmetric cryptography will be considered obsolete. NIST’s draft plans indicate “no security value” from these components after that point [1].
Past cryptographic transitions, from DES and SHA-1, took many years to complete [1]. A decade sounds generous until you factor in the complexity of enterprise technology estates.
Why “Later” Is Already Too Late for Some Data
One threat does not require waiting for quantum computers to arrive. “Harvest now, decrypt later” attacks involve adversaries capturing encrypted traffic today and storing it until quantum decryption becomes feasible [1].
If your organisation handles data that will remain sensitive for ten, twenty, or thirty years (think healthcare records, government communications, intellectual property, or financial data), that information is effectively at risk now. The encryption protecting it in transit today could be broken retrospectively.
Protections already exist: TLS 1.3 includes quantum-safe cipher suites that can be enabled [1]. For critical connections, particularly large data pipes between data centres, organisations should be configuring policies that prefer these newer options.
What Is Post-Quantum Cryptography?
The solution does not require quantum computers. It requires new mathematics.
Post-quantum cryptography (also called quantum-safe cryptography) uses algorithms that resist both classical and quantum attacks [1]. NIST has now published standards for these algorithms, developed over a decade of academic, industry, and government collaboration [1].
The leading schemes are lattice-based. Where RSA’s security rests on the difficulty of factoring large numbers, lattice-based cryptography relies on the difficulty of solving a matrix equation when a small error has been added [1]. This “learning with errors” problem is believed to be hard for both classical and quantum computers.
An accessible way to understand this: AI systems essentially perform matrix-vector multiplications as their basic operation. If you add a small error to that operation, it becomes extremely difficult to reverse it and recover the original inputs [1].
The new standards include key encapsulation mechanisms (KEMs) and digital signature schemes such as ML-DSA [1]. These will gradually replace RSA across the digital ecosystem.
The Engineering Reality: Larger Keys, New Constraints
Post-quantum cryptography is not a drop-in replacement. The mathematics that makes these algorithms secure also makes them bulkier.
RSA-2048 public keys are on the order of a few hundred bytes. Post-quantum equivalents range from one to five kilobytes [1]. That increase ripples through protocols, storage systems, and performance budgets.
For organisations running constrained devices, embedded systems, or legacy protocols designed around smaller key sizes, this is not a software patch. It is a re-engineering project.
Analysis: A Test of Organisational Agility
The quantum transition is not merely a technical challenge. It is a test of whether organisations can manage foundational infrastructure change proactively.
Previous cryptographic transitions have been painful. Many systems still run outdated TLS versions or deprecated hash functions years after official retirement dates. Quantum-safe migration is larger in scope and has firmer deadlines.
Organisations that delay will face several compounding problems:
First, they may find themselves dependent on systems that cannot be upgraded, requiring expensive replacements under time pressure.
Second, they may lack the internal expertise to evaluate vendor claims or prioritise migration work.
Third, they may face regulatory and compliance pressure as supervisory bodies incorporate quantum-safe requirements into sector-specific guidance.
The organisations best positioned are those that treat this as a governance issue now, not a technical issue for later.
Risks and Constraints
Timeline uncertainty: Quantum computing progress is difficult to predict. The threat could materialise earlier or later than current estimates suggest.
Algorithm confidence: Post-quantum algorithms are newer than RSA and have undergone less real-world scrutiny. While NIST’s selection process was rigorous, cryptographic weaknesses sometimes emerge after deployment.
Interoperability: Hybrid schemes and new algorithms must work across diverse technology ecosystems. Coordination between vendors, standards bodies, and enterprises will be essential.
Resource constraints: Smaller organisations may lack the expertise or budget to conduct thorough cryptographic inventories and migration planning.
False urgency versus real urgency: Vendors may overstate the threat to drive sales. Security leaders must distinguish between genuine risk and marketing.
What to Do Next
For boards and executives: Ensure quantum-safe migration is on your risk register. Ask your CISO when critical systems will be protected and whether vendor roadmaps align with 2030 deadlines.
For CISOs and security leaders: Begin a cryptographic inventory. Identify systems where cryptography is embedded in hardware or firmware and cannot be updated. These are your highest priorities.
For IT and operations teams: Engage vendors of critical systems to understand their post-quantum plans. Enable quantum-safe options in TLS where available, particularly for high-value data flows.
For all organisations: Do not wait for the threat to become imminent. The window for comfortable migration is closing.
Disclaimer: This article represents analysis based on publicly available information as of December 2025. Timelines and technical details are subject to change as standards evolve and quantum computing progresses.
References
[1] Charles, T. “Protecting Critical Data and Assets Against Quantum Computing Threats.” Presentation, November 2024