4 min Reading Time

Google announced in March 2026 the dawn of the fault-tolerant quantum computing era. Experts estimate the “Q-Day” – the moment quantum computers can break today’s encryption – at between 2030 and 2035. Attackers are already harvesting encrypted data to decrypt it later using quantum computers. CIOs who fail to build a cryptographic inventory now risk exposing sensitive business data within five years.

TL;DR

Why Post-Quantum Belongs on the CIO Agenda – Now

Post-quantum cryptography sounds like a futuristic topic. In reality, it’s an urgent present-day issue masquerading as tomorrow’s challenge. Its name? Harvest Now, Decrypt Later (HNDL). State and criminal actors are already hoovering up vast volumes of encrypted traffic, proprietary research, patent applications, diplomatic cables – and archiving them. As soon as capable quantum computers become available, they’ll crack that data retrospectively.

For companies holding data that remains sensitive five, ten, or even twenty years from now, the risk window has already opened. Pharmaceutical R&D data, M&A strategies, pending patents, long-term contracts – all information currently protected by RSA or ECC, yet still confidential a decade from now, is potentially compromised.

Google declared in March 2026 the arrival of the fault-tolerant quantum computing era. That doesn’t mean RSA will fall tomorrow – but it does mean technological progress is accelerating faster than anticipated. Experts peg Q-Day – the moment quantum computers can break current encryption – at 2030-2035. Migrating the cryptographic infrastructure of a large enterprise takes 5 to 15 years. To be secure by 2030, you must start in 2026.

“Migrating to post-quantum cryptography requires, first and foremost, a complete inventory of all cryptographic dependencies. Without such an inventory, prioritized transition is impossible.”
NIST IR 8547, Transition to Post-Quantum Cryptography Standards (2024)

The NIST Standards: What’s Available Today

The U.S. National Institute of Standards and Technology (NIST) released its final Post-Quantum Cryptography standards in August 2024. Three algorithms form the core: FIPS 203 (ML-KEM, based on CRYSTALS-Kyber) for key encapsulation, FIPS 204 (ML-DSA, based on CRYSTALS-Dilithium) for digital signatures and FIPS 205 (SLH-DSA, based on SPHINCS+) as a signature-based backup standard.

For CIOs, this means: the technical foundation exists. These algorithms are standardized, available in open-source libraries, and already being implemented by major cloud providers and hardware vendors. Google, Apple, and Signal have integrated quantum-resistant encryption into their products. The excuse – “no production-ready alternatives exist” – no longer holds.

What remains is the migration challenge. These new algorithms differ from RSA or ECC: larger keys, bigger signatures, and sometimes higher computational overhead. Infrastructure, protocols, and applications all require adaptation. A full migration at a large enterprise is a multi-year initiative demanding early planning.

Cryptographic Discovery: The First Step

Before any enterprise can migrate, it must know where cryptography is used. This sounds trivial – but it isn’t. A typical large enterprise runs hundreds of systems relying on cryptographic methods: TLS certificates for web servers and APIs, VPN connections, email encryption, database encryption, code signing, smartcard authentication, hardware security modules (HSMs), and embedded crypto in third-party software.

Most organizations lack a complete inventory of their cryptographic dependencies. NIST identifies this as the single biggest barrier to successful migration. As a first step, CIOs should create a Cryptographic Bill of Materials (CBOM): a comprehensive list of all systems using cryptography, the algorithms they employ, and each system’s criticality.

This step can be partially automated using specialized discovery tools. Vendors including IBM, Entrust, and PQShield offer solutions for cryptographic inventory. For a mid-sized enterprise, manual effort typically ranges from two to four months. Without this inventory, prioritized migration is impossible.

The Roadmap: From Inventory to Migration

Phase 1 (Months 1-3): Discovery. Build a cryptographic inventory. Identify all systems with cryptographic dependencies. Assess criticality: Which data has a lifespan exceeding 10 years? These systems demand top migration priority.

Phase 2 (Months 4-6): Piloting. Test hybrid encryption in non-critical systems. Hybrid schemes combine classical and post-quantum algorithms, protecting against both classical and quantum threats – and reducing risk from algorithmic missteps.

Phase 3 (Months 7-18): Migrate Critical Systems. Prioritize systems handling long-lived data: archival encryption, long-term certificates, VPN infrastructure. Follow with TLS certificates and API encryption. Every migration must be rigorously tested and documented.

Phase 4 (Ongoing): Monitoring & Adaptation. Post-quantum cryptography is an evolving field. New algorithms will be standardized; existing ones may prove vulnerable. Continuous monitoring of the cryptographic landscape is essential. CIOs should establish a dedicated role – or team – for cryptographic governance.

What CIOs Must Decide – Now

The question is no longer whether, but when – and how fast. NIST standards are published. HNDL is real. And migration timelines are routinely underestimated. CIOs who begin discovery today gain the runway needed for an orderly, low-risk transition. Those who wait will face time pressure – either as Q-Day approaches or when regulators mandate action.

For DACH-region enterprises, another layer applies: The BSI (Federal Office for Information Security) has defined NIS2 obligations regarding technical measures to ensure confidentiality. It’s only a matter of time before PQC readiness becomes part of those requirements. Proactive action is cheaper – and safer – than reactive firefighting.

Frequently Asked Questions

Header Image Source: cottonbro studio / Pexels