Quantum computing has been floating around tech headlines for years, often accompanies by phrases like “the future” or “still decades away.” But if you’ve been paying attention to the noise coming out of governments and standards bodies lately, you’ll notice that people are starting to treat it like a now problem. And if you’re in cyber security, I’d imagine that would catch your attention.

What’s the Deal With Quantum?

In short, quantum computers won’t replace everything we use today, but they will be able to do certain things exponentially faster. One of those things is breaking encryption. And that has major implications for cyber.

Most of the cryptography that keeps the internet safe, from HTTPS connections to banking systems to secure email, relies on the fact that some mathematical problems are so hard they’d take even the fastest computers millions of years to solve.

Quantum computers? Not so much. Once they reach a certain size and stability (which experts are saying could be within the next 5–10 years), they could break those systems in days or even hours.

Why It Matters Now

You might be thinking: “Cool, I’ll deal with this in 2030.” But attackers won’t wait.

The term to know here is “Harvest Now, Decrypt Later.” It’s exactly what it sounds like. Threat actors are already intercepting and storing encrypted data today, with the expectation that they’ll be able to crack it once quantum catches up. This is especially concerning for:

• Governments
• Financial services
• Healthcare providers
• Anyone handling intellectual property or sensitive personal data

If that data has a long shelf life, it’s vulnerable, even if it’s safe today.

What Are People Doing About It?

Governments and standards bodies are taking it seriously. In 2022, the U.S. National Institute of Standards and Technology (NIST) announced its first group of post-quantum cryptographic algorithms. In 2024, the NSA updated its Commercial National Security Algorithm (CNSA) suite to include quantum-resistant protocols.

The EU and UK are making similar moves, and major vendors (Microsoft, AWS, Cloudflare) are starting to test and implement quantum-safe encryption in some of their services.

What Should You Be Doing?

If you’re not working in national security or cryptography research, this might still feel a bit abstract. But you don’t have to solve quantum, you just have to prepare.

Here’s where to start:

• Take inventory of where and how your systems rely on cryptography. SSL certificates, VPNs, internal key management, customer data... all of it.
• Ask your suppliers what their plan is. They should be able to tell you how they’re preparing for quantum. If they can’t, that’s a red flag.
• Plan for migration. When the time comes to switch algorithms, it won’t be a quick patch. Start thinking now about how you’ll phase in quantum-safe encryption without breaking systems or interrupting service.
• Stay in the loop, NIST is your go-to for cryptography standards. Following their post-quantum updates (and the timelines around adoption) will help you stay ahead.

Final Word

Quantum computing isn’t knocking on the door just yet, but it is on the way, and your data might already be in the crosshairs. The people taking this seriously aren’t theorists or cryptographers anymore. They’re CISOs, compliance teams, and tech leaders asking a simple question: If we had to shift tomorrow, could we?