26.02.2026
4 min read

Google announced in March 2026 the dawn of the fault-tolerant quantum computing era. Experts estimate the “Q-Day” – the moment quantum computers can break today’s encryption – at between 2030 and 2035. Attackers are already harvesting encrypted data to decrypt it later using quantum computers. CIOs who fail to build a cryptographic inventory now risk exposing sensitive business data within five years.

TL;DR

  • 🔐 NIST standards are final: Since August 2024, finalized Post-Quantum Cryptography (PQC) standards (FIPS 203, 204, 205) have been published. The technical foundation for migration is in place.
  • ⚠️ Harvest Now, Decrypt Later: Adversaries are mass-collecting encrypted communications, trade secrets, patent filings, diplomatic correspondence – and storing them. Once powerful quantum computers arrive, they’ll decrypt this data retroactively. Data with long lifespans is vulnerable today.
  • 📊 Fewer than 5% prepared: Less than 5% of enterprises have formal PQC transition plans.
  • 🔍 Cryptographic inventory as first step: CIOs must know exactly where – and how – cryptographic algorithms are deployed across their organization. Most don’t.
  • 📅 Timeline 2030: Experts project Q-Day – the point at which quantum computers can break current encryption – at 2030-2035.

Why Post-Quantum Belongs on the CIO Agenda – Now

Post-quantum cryptography sounds like a futuristic topic. In reality, it’s an urgent present-day issue masquerading as tomorrow’s challenge. Its name? Harvest Now, Decrypt Later (HNDL). State and criminal actors are already hoovering up vast volumes of encrypted traffic, proprietary research, patent applications, diplomatic cables – and archiving them. As soon as capable quantum computers become available, they’ll crack that data retrospectively.

For companies holding data that remains sensitive five, ten, or even twenty years from now, the risk window has already opened. Pharmaceutical R&D data, M&A strategies, pending patents, long-term contracts – all information currently protected by RSA or ECC, yet still confidential a decade from now, is potentially compromised.

Google declared in March 2026 the arrival of the fault-tolerant quantum computing era. That doesn’t mean RSA will fall tomorrow – but it does mean technological progress is accelerating faster than anticipated. Experts peg Q-Day – the moment quantum computers can break current encryption – at 2030-2035. Migrating the cryptographic infrastructure of a large enterprise takes 5 to 15 years. To be secure by 2030, you must start in 2026.

“Migrating to post-quantum cryptography requires, first and foremost, a complete inventory of all cryptographic dependencies. Without such an inventory, prioritized transition is impossible.”
NIST IR 8547, Transition to Post-Quantum Cryptography Standards (2024)

The NIST Standards: What’s Available Today

The U.S. National Institute of Standards and Technology (NIST) released its final Post-Quantum Cryptography standards in August 2024. Three algorithms form the core: FIPS 203 (ML-KEM, based on CRYSTALS-Kyber) for key encapsulation, FIPS 204 (ML-DSA, based on CRYSTALS-Dilithium) for digital signatures and FIPS 205 (SLH-DSA, based on SPHINCS+) as a signature-based backup standard.

For CIOs, this means: the technical foundation exists. These algorithms are standardized, available in open-source libraries, and already being implemented by major cloud providers and hardware vendors. Google, Apple, and Signal have integrated quantum-resistant encryption into their products. The excuse – “no production-ready alternatives exist” – no longer holds.

What remains is the migration challenge. These new algorithms differ from RSA or ECC: larger keys, bigger signatures, and sometimes higher computational overhead. Infrastructure, protocols, and applications all require adaptation. A full migration at a large enterprise is a multi-year initiative demanding early planning.

Cryptographic Discovery: The First Step

Before any enterprise can migrate, it must know where cryptography is used. This sounds trivial – but it isn’t. A typical large enterprise runs hundreds of systems relying on cryptographic methods: TLS certificates for web servers and APIs, VPN connections, email encryption, database encryption, code signing, smartcard authentication, hardware security modules (HSMs), and embedded crypto in third-party software.

Most organizations lack a complete inventory of their cryptographic dependencies. NIST identifies this as the single biggest barrier to successful migration. As a first step, CIOs should create a Cryptographic Bill of Materials (CBOM): a comprehensive list of all systems using cryptography, the algorithms they employ, and each system’s criticality.

This step can be partially automated using specialized discovery tools. Vendors including IBM, Entrust, and PQShield offer solutions for cryptographic inventory. For a mid-sized enterprise, manual effort typically ranges from two to four months. Without this inventory, prioritized migration is impossible.

< 5 %
of enterprises have formal Post-Quantum Cryptography transition plans
Source: Quantum Computing Market Analyses, 2025

The Roadmap: From Inventory to Migration

Phase 1 (Months 1-3): Discovery. Build a cryptographic inventory. Identify all systems with cryptographic dependencies. Assess criticality: Which data has a lifespan exceeding 10 years? These systems demand top migration priority.

Phase 2 (Months 4-6): Piloting. Test hybrid encryption in non-critical systems. Hybrid schemes combine classical and post-quantum algorithms, protecting against both classical and quantum threats – and reducing risk from algorithmic missteps.

Phase 3 (Months 7-18): Migrate Critical Systems. Prioritize systems handling long-lived data: archival encryption, long-term certificates, VPN infrastructure. Follow with TLS certificates and API encryption. Every migration must be rigorously tested and documented.

Phase 4 (Ongoing): Monitoring & Adaptation. Post-quantum cryptography is an evolving field. New algorithms will be standardized; existing ones may prove vulnerable. Continuous monitoring of the cryptographic landscape is essential. CIOs should establish a dedicated role – or team – for cryptographic governance.

What CIOs Must Decide – Now

The question is no longer whether, but when – and how fast. NIST standards are published. HNDL is real. And migration timelines are routinely underestimated. CIOs who begin discovery today gain the runway needed for an orderly, low-risk transition. Those who wait will face time pressure – either as Q-Day approaches or when regulators mandate action.

For DACH-region enterprises, another layer applies: The BSI (Federal Office for Information Security) has defined NIS2 obligations regarding technical measures to ensure confidentiality. It’s only a matter of time before PQC readiness becomes part of those requirements. Proactive action is cheaper – and safer – than reactive firefighting.

Frequently Asked Questions

When will current encryption be broken by quantum computers?

Experts estimate Q-Day at 2030-2035. Uncertainty remains high – but the Harvest Now, Decrypt Later threat makes early preparation essential, regardless of the precise timeline.

What is a Cryptographic Bill of Materials (CBOM)?

A CBOM is a complete inventory of all cryptographic algorithms, protocols, and dependencies across an enterprise’s IT infrastructure. It’s the foundational prerequisite for a prioritized migration to post-quantum cryptography.

Which algorithms will replace RSA and ECC?

NIST has finalized three standards: ML-KEM (FIPS 203) for key encapsulation, ML-DSA (FIPS 204) for digital signatures, and SLH-DSA (FIPS 205) as a signature-based fallback. All rely on mathematical problems believed to resist attacks – even by quantum computers.

How long does migration take?

For large enterprises, full migration takes 5 to 15 years – including inventory (3 months), piloting (3 months), migrating critical systems (12 months), and completing remaining work. Smaller enterprises can achieve full migration in 5 to 7 years.

Do I need to act now – or can I wait?

Waiting is risky. Harvest Now, Decrypt Later means data intercepted today could be decrypted tomorrow. At minimum, cryptographic discovery should begin in 2026 to secure the necessary lead time for migration.

Header Image Source: cottonbro studio / Pexels

Share this article:

Also available in

More Articles

01.07.2026

The Chief AI Officer is here. The problem remains.

Eva Mickler

7 min read 76 percent of corporations now have a Chief AI Officer-up from just over a quarter a year ...

Read Article
29.06.2026

The Billion-Dollar Gamble of the Hyperscalers and Their Cloud Tab

Bernhard Liebl

6 min read The major cloud providers are investing the equivalent of around €580 billion in data centres ...

Read Article
28.06.2026

Sovereign Cloud: When the Premium Price Truly Pays Off

Eva Mickler

6 min read More and more CIOs in Western Europe want to expand their local cloud usage. At first glance, ...

Read Article
26.06.2026

IT Budget 2026: The End of the 70/30 Rule

Eva Mickler

7 min read 70 percent for operations, 30 percent for innovation: many IT budgets still hinge on this ...

Read Article
25.06.2026

The AI writes the code. Who is liable for it?

Eva Mickler

7 min read By 2026, artificial intelligence will be writing an ever-growing slice of corporate code-industry ...

Read Article
24.06.2026

VMware under Broadcom: The Exit Plan as a Lever

Bernhard Liebl

7 Min. read time A VMware bill of 500,000 euros a year turns into two million under Broadcom. Such jumps ...

Read Article
A magazine by Evernine Media GmbH