
*Cryptomathic - originally published 16 May 2023; Updated 20 May 2025*
Quantum computers offer transformational power for complex computational problems in industries such as finance, pharmaceuticals, and automotive. They also pose the risk of breaking the cryptography that secures many common digital activities, such as online banking or simply browsing the internet (Yes, that green lock in your address bar means you can trust the connection – for now).
There is a current risk of Harvest Now, Decrypt Later (HNDL) attacks being used by attackers to steal encrypted sensitive information with long shelf-lives, such as personal health, confidential product data, or financial records. The attackers can hold onto the information until a quantum computer with enough power becomes available to break its encryption. If this occurs before the data's expiration, it could lead to significant breaches in the future.
It is, therefore, vital for us to begin preparing for migration to post-quantum cryptographic algorithms now before bad actors get the chance to steal sensitive data that might be used later on. To do this, organizations must upgrade their processes, systems, hardware, software, and services so that when it becomes necessary to switch over to post-quantum cryptography, there will not be any disruption of service.
Doing this work now will provide organizations with much-needed peace of mind that their digital platforms are protected from future attack vectors. Starting the process early and working through it as a change-management initiative will likely yield better results than procrastinating and eventually having to treat it as a crisis.
Post-quantum cryptography and pre-emptive measures
To address the potential cybersecurity threats posed by quantum computers, organizations will need to adopt quantum-safe cryptography, also known as post-quantum cryptography (PQC). The National Institute of Standards and Technology (NIST) finalized the first set of PQC standards on 13 August 2024 (FIPS 203 ML-KEM/Kyber, FIPS 204 ML-DSA/Dilithium, FIPS 205 SLH-DSA/SPHINCS+) and selected HQC as an additional Key-Encapsulation Mechanism on 11 March 2025. Other approaches such as quantum key distribution are also being standardized by organizations such as the European Telecommunications Standards Institute (ETSI).
The National Institute of Standards and Technology (NIST) is currently working on its , while other encryption methods such as quantum key distribution are also being standardized by organizations such as the European Telecommunications Standards Institute (ETSI).
Standards bodies (ANSI X9, IETF, ETSI, ISO, and others) are now aligning their specifications to the 2024-25 NIST selections, and conformance test suites are expected in late 2025. The process of transitioning to new cryptographic standards will still be lengthy (potentially many years) due to their deep integration into complex systems with dependencies from third parties in the supply chain.
However, leaders can take pre-emptive measures before initiating the significant task of migrating to PQC:
Appoint a Quantum Risk Owner:
- Designating a responsible party within your organization to manage quantum risk is crucial. Empowering them with the necessary resources and authority will facilitate preparatory measures and serve as a valuable initial measure in comprehending your quantum risk exposure and assessment.
Evaluate the potential risks related to quantum computing:
- Determine the level of reliance your organization has on vulnerable cryptography. Analyze the organization's ability to effectively manage this risk exposure. The findings can inform future actions and enhance awareness within the organization.
Implement and practice crypto-agility:
- Crypto-agility means that organizations can quickly change their cryptography protocols—without having to go through complex application changes each and every time—when new attacks are identified, allowing them to stay ahead of potential threats.
Know what needs protection and the tools necessary to ensure it:
- Managing inventories of sensitive assets and security tools can be challenging for organizations. Understanding how cryptography is used and its purpose can help address quantum risk more effectively.
Emphasize the importance of cyber-hygiene practices:
- In modern organizations, cryptography is just one of many protection mechanisms available for cybersecurity. To minimize risk, it is important for organizations to ensure the effectiveness of other security measures (e.g. protecting other layers of the stack) and that they complement cryptographic solutions.
Download "Preparing For The Rise Of Quantum Computing With A Cryptographic Agility Strategy"
Regulatory momentum (2024-25 snapshot)
- OMB Memo M-23-02 – requires U.S. federal agencies to inventory cryptography and submit PQC transition plans (due annually).
- NSA CNSA 2.0 – mandates use of ML-KEM (Kyber) and ML-DSA (Dilithium) for national-security systems starting 2025, with cut-off dates for classical algorithms.
- NIST IR 8547 – provides enterprise migration guidance and timelines targeting completion of critical transitions by ~2030.
Three approaches to PQC migration
As cryptography is deeply embedded as a security measure in systems across organizations, the scope of migrating to PQC will require a broad transition with multiple dependencies. Hence, it is crucial to commence the process as soon as possible.
Effective implementation of a quantum-cyber strategy requires clear leadership and direction from the board, along with consistent monitoring of key performance indicators to measure progress.
Most organizations will probably use one of the following three PQC migration approaches, with the first approach being compatible with either of the other two.
Implementing hybrid-post quantum solutions
Many organizations may find managing a parallel implementation feasible if they possess enough resources. There are several cryptographic algorithms that are publicly available and have been reviewed, which could be potentially quantum-safe. These solutions can be employed by organizations today in conjunction with classical cryptography, thereby augmenting their effectiveness.
There are two benefits to using this approach. Firstly, it allows organizations to experiment with implementing quantum-resistant cryptography without much difficulty. This helps them prepare for the eventual complete migration. Secondly, combining quantum-resistant and classical cryptography provides an additional layer of defense that can protect against current and future threats.
Download "Achieving Real-World Crypto-Agility".
Adopting a phased approach
Organizations with complex infrastructure or limited resources may undergo a phased transition, including the migration of system groups to quantum-secure cryptography with interim evaluation periods to incorporate lessons learned into subsequent phases.
Phase-based migrations enable the distribution of milestones and investments, potentially aiding leaders in gaining support for the migration across affected business departments by minimizing the downtime of affected systems. Additionally, continuous adoption of lessons learned and industry insights can lead to improvement in the quality of the migration.
Complete migration in a single transition
Organizations with smaller infrastructure or limited communication needs, particularly emerging ones, may opt for a complete overhaul to achieve quantum security with existing knowledge and experience. This strategy is relevant for early-stage projects or new capability deployments without a lot of legacy systems.
A complete "big-bang" approach may offer immediate protection against HNDL attacks, which can be beneficial for organizations handling valuable data and at risk of such attacks. However, difficulties may occur during the implementation process as a result of inadequate preparation and insufficient ongoing education, which could potentially affect the long-term effectiveness of the solution.
In summary
Regardless of the chosen migration approach, it is important for organizations to take action now and embrace the changes—and challenges—coming along with the quantum era in order to benefit from it.
With PQC standards now _finalized_ and regulatory deadlines fast approaching, organizations should define their migration path—hybrid, phased, or big-bang. It is a good idea to start the dialogue with their vendor ecosystem at this time as they will likely need to identify and leverage external partnerships to prepare their organization. Ultimately, they should strive to develop a strategy that is tailored to their specific needs—there is hardly going to be a “one-size-fits-all” solution.
It is a good idea to start the dialogue with their vendor ecosystem at this time as they will likely need to identify and leverage external partnerships to prepare their organization. Ultimately, they should strive to develop a strategy that is tailored to their specific needs – there is hardly going to be a “one-size fits all” solution.
Ultimately, they should strive to develop a strategy that is tailored to their specific needs—there is hardly going to be a “one-size-fits-all” solution.
Cryptomathic is an industry leader in cryptographic key management and crypto-agility solutions. Download the eBook on Post Quantum Computing and Crypto Agility or contact us to discuss your needs.