Bob Burns | Chief Product Security Officer
More About This Author >
Bob Burns | Chief Product Security Officer
More About This Author >
Not long ago, the idea that quantum computers could one day break today’s strongest encryption felt like science fiction. Today, it's no longer about if—but when. While real-world demonstrations of quantum algorithms like Shor’s remain largely theoretical or experimental in nature, the pace of quantum hardware advancements and sustained government investment have shifted the narrative. Regulators around the world are now treating quantum risk as a near-term reality, not a distant possibility.
With mandates from bodies like NIST, NSA, and the EU calling for post-quantum cryptography (PQC) migration plans, quantum readiness has become a boardroom topic. The real question is: if quantum threats are now shaping regulation, roadmaps, and risk registers—why are so many organizations still encrypting like it’s 2015?
According to the 2025 Thales Data Threat Report, only 48% of organizations are actively assessing their encryption strategies, and just 33% trust their cloud or telco providers to manage post-quantum security. That’s alarmingly low, considering we’re entering the final decade before NIST formally recommends deprecating RSA and ECC, algorithms that underpin most of the digital trust infrastructure we rely on today.
The Coming Quantum Reckoning
The promise of Quantum Computing is that it can potentially solve problems that classical computing considers impossible. For example, it could break encryption algorithms like RSA and ECC that depend upon the complexity of solving challenges such as the factoring problem or the discrete logarithm problem. Quantum algorithms like Shor’s upend this entire equation, potentially reducing the solution time to hours or minutes.
This isn’t just an academic concern. The increase in the volume of highly sensitive datasets accessed and processed by organizations—from medical records to national infrastructure—means a significantly expanded exposure surface for data with long-term value and long-lived consequences.
A quantum adversary doesn’t need to break your encryption today to pose a threat. They can intercept and store encrypted data now—potentially by exploiting known vulnerabilities in large language models or business logic—and decrypt it years later when quantum computing capabilities mature. This strategy, known as “harvest now, decrypt later,” is especially dangerous for autonomous systems that rely on historical data: the delayed exposure of that data could compromise not only privacy but also the integrity of future decisions and actions.
In fact, 58% of organizations in the Thales report cited the future decryption of today’s data as a top concern, with 63% worried about future encryption compromise and 61% about key distribution in a quantum context.
The Lag in Crypto Agility
It’s not only that many organizations haven’t transitioned to post-quantum cryptography (PQC), but that agility was not a major consideration when building their infrastructures. Too often, encryption technologies are added onto systems years after they were architected.
Today, PQC readiness means more than swapping out an algorithm. It often requires protocol redesign, library updates, reconfiguring HSMs and TPMs, and modernizing brittle networks that can’t handle longer keys or more complex TLS handshakes. And while NIST has released cryptographic algorithm standards, the PQC compatible PKI and certificate standards are only starting to materialize.
It shows. According to the report, only 45% are working to improve their cryptographic agility, and only 40% have resilience or contingency plans. Incredibly, 2% of respondents still have no formal plans to address quantum threats at all.
NIST Has Spoken, The Clock Is Ticking
If your organization is waiting for formal guidance to act, the time has come. The U.S. National Institute of Standards and Technology (NIST) has made its position clear:
- In 2022, NIST released the first set of finalist PQC algorithms.
- In 2023, NIST released the first set of draft PQC cryptographic algorithm standards.
- In 2024, it published the final algorithm standards along with a PQC transition guide.
- The guide advises deprecating RSA and ECC by 2030, with complete discontinuation by 2035.
Ten years may sound like a comfortable horizon, but cryptographic transitions are anything but quick. The migration from SHA-1 to SHA-2 took nearly a decade. PQC is more complex, more invasive, and requires broader ecosystem alignment. Waiting until 2030 to start planning would be like beginning to build your flood defenses after the first floor is already underwater.
Trusting Providers Isn’t Enough
While major cloud providers and telecoms have begun integrating PQC into their services, 67% of organizations are not relying on them. This lack of trust might stem from performance concerns, unclear shared responsibility models, or limited visibility into provider-level cryptographic control. Either way, the takeaway is the same: crypto agility must be owned, not outsourced.
Providers cannot be expected to patch every protocol, upgrade every endpoint, and safeguard every byte of archived data, primarily when internal systems may not yet support PQC algorithms.
What Now? The Road to Readiness
Encouragingly, many organizations are beginning to take action:
- 57% are evaluating or prototyping PQC algorithms.
- 48% are assessing their encryption strategies.
- 27% are implementing quantum random number generation (QRNG), an essential component of PQC.
- And 22% are exploring quantum key distribution (QKD) as a longer-term secure communications method.
However, this still leaves nearly half the industry behind. In a world where AI, quantum computing, and autonomous systems converge, cryptographic inertia is a risk no enterprise can afford.
Here’s how to shift gears:
- Conduct a quantum risk assessment: Identify what data must remain confidential long-term, including archives and intellectual property.
- Map your cryptographic landscape: Inventory where and how encryption is used: protocols, libraries, certificates, keys.
- Prioritize cryptographic agility: Design systems supporting rapid cryptographic updates, including hybrid modes (classical + PQC). Survey the suppliers of your cryptographic technology to understand their roadmap and plan accordingly.
- Plan for interoperability: Don’t break backward compatibility prematurely—leverage hybrid-algorithm strategies where needed.
- Start now: Waiting until standards are mandated means playing catch-up. Begin evaluating PQC tools and NIST-approved algorithms immediately.
No Time For Complacency
The breakthroughs of 2024 and the pace of development suggest that Q-day could be closer than we think, and the encryption we rely on today won’t hold forever.
This isn’t a time for complacency or conservative roadmaps. This is a now problem, not a next-decade project. It’s time to stop encrypting like it’s 2015 because when quantum computers arrive, they won’t wait for your next budget cycle.
Download the full 2025 Thales Data Threat Report to explore how organizations are responding to post-quantum threats, or listen to our Thales Security Sessions Podcast Episode “Post-Quantum Cryptography - Let’s Do the Math”.