Introduction

The race to develop quantum computers is well underway, offering both immense promise and substantial risks. Unlike classical computers, which process information as either a 1 or a 0, quantum computers leverage qubits that can exist as a 1, a 0, or both simultaneously through a property called superposition. This allows quantum computers to explore many possibilities simultaneously, rather than sequentially, drastically reducing calculation durations. While this paves the way for breakthroughs in fields like medicine, materials science, and optimization, it also poses serious challenges to modern cybersecurity.

Current cryptographic protocols, including RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography), are widely recognized as industry standards for securing digital assets and communications. These protocols rely on the computational difficulty of specific mathematical problems to ensure data integrity and confidentiality. However, the advent of a “Cryptographically Relevant Quantum Computer” (CRQC) — capable of executing quantum algorithms such as Shor’s algorithm — poses a significant threat by breaking these encryption methods and thereby compromising much of today’s encrypted data. And although current quantum computers still face major challenges such as decoherence and scalability to name a few, we will show that the prevailing consensus that it is “a question of when and not if” should not be dismissed lightly, especially in light of recent breakthroughs and the vulnerabilities inherent in pre-quantum encrypted data.

1. A Pressing Structural Shift in Cybersecurity

The rise of quantum computing introduces significant risks to modern cybersecurity, which can be categorized into two main threats: a future catastrophic event where robust security systems become vulnerable overnight, and a more immediate threat where data may be stored for future exploitation.

a. Future threat

Our first scenario concerns the moment a sufficiently advanced and stable quantum computer, a CRQC becomes operational. Such a breakthrough would be akin to a paradigm shift, instantly rendering our current standard encryption protocols (like RSA and ECC) obsolete.

To illustrate the stakes, breaking RSA-2048 or ECC-256, encryption standards deemed secure by today’s classical computers, would take millions if not billions of years of computational effort. On the other hand, a CRQC running Shor’s algorithm could break these protocols in less than an hour.

This scenario, though currently in the realm of speculation, highlights the major disruption that quantum computing could bring once its technical blockers, such as decoherence and scalability, are overcome.

b. The timeline

Experts estimate that CRQCs could emerge within 15 to 30 years, though some suggest it might happen sooner. The probabilities, as reported by the Global Risk Institute’s 2024 Quantum Assessment, are as follows:

• Within 10 years, there is a 5%–35% chance of a CRQC. 5% representing the most pessimistic experts and 35% the most optimistic.
• Within 20 years, the probabilities of a CRQC being functional goes beyond the 50% and reaches 80% for the more optimistic experts.

And while this timeline may seem long, it needs to be contrasted with certain critical factors. For one, the complexity of transitioning to quantum-safe systems:

• Long Migrations: Updating cryptographic standards and migrating legacy systems may require years.
• Hasty Transitions: Rushing implementation introduces vulnerabilities exploitable by classical attacks.
• Resource Constraints: Small businesses and developing nations may struggle to allocate resources for such a transition.

Furthermore, sudden breakthroughs in quantum error correction, qubit stability, or other quantum computing milestones could dramatically shorten the timeline. As demonstrated by the rapid advancements in AI (with ChatGPT’s debut in November 2022 acting as a tipping point), technological progress often arrives faster than expected. For instance, Google’s recent breakthrough on their “Willow” quantum chip, which significantly reduces error rates as the system scales, hints that the CRQC era might be closer than we think and was not taken into account by the experts of the graph shown above.

And if this was not enough, another angle remains a concern which could leverage potential quantum vulnerabilities today and abuse them at a future date...

c. A Potential Immediate Threat?

Data breaches and theft occur today on a regular basis, and while stolen data is often encrypted, this offers protection. However, nothing prevents these bad actors from storing this encrypted data with the intent of decrypting them at a later date when quantum technology matures. This theory has been coined “Harvest Now, Decrypt Later” (HNDL) attacks.

Such attacks are particularly concerning for data that retains its sensitivity over time, such as government secrets, personal financial records, or proprietary business data. The practicality of HNDL lies in its simplicity: intercepting and storing encrypted communications today is inexpensive, but future advancements in quantum computing could make breaking that encryption surprisingly easy. Moreover, as geopolitical and corporate competition intensifies, the value of decrypted information decades later — such as trade secrets or diplomatic communications — could far outweigh the investment in current interception efforts.

This delayed yet inevitable threat forces us to confront a paradox: while encryption standards like RSA and ECC may seem robust today, they represent a ticking time bomb in the hands of bad actors preparing for the quantum era. This angle has already been identified as a threat and major institutions such as the NSA which released guidelines back in 2022, issuing comprehensive measures to address these risks.

2. How Can We Assess Our Preparedness?

Preparing for the quantum era requires proactive migration to quantum-proof infrastructure — a process that is both time-intensive and challenging. For industries with complex systems and widespread horizontal integration, such as finance, healthcare, and government, transitioning securely can be particularly daunting. Nonetheless, early preparation is essential to mitigate risks.

a. Using Mosca’s Inequality

To Assess how prepared an organization is to a post-quantum threat, Mosca’s Inequality offers a simple yet powerful framework. It highlights the interplay between three critical factors:

• Shelf-life Time: the number of years the information requires protection
• Migration Time: the number of years needed to migrate the system properly and safely to a quantum-safe solution
• Threat Timeline: the number of years before the relevant threat actors will be able to break the quantum-vulnerable systems.

This framework states that:

T_shelf-life + T_migration > T_threat

This means the combined time required to protect data for its useful life and transition to quantum-safe infrastructure must exceed the estimated time until a CRQC becomes a reality. If this condition is not met, organizations will face vulnerabilities. To illustrate, and adding the data we provided in 1.b, consider the Bitcoin blockchain which is designed to provide long-term security for wallets and transactions using ECC. Suppose a major holder (e.g., a cryptocurrency exchange) needs to secure assets for 10+ years:

• Shelf-life Time (T_shelf-life): 10+ years (time assets must remain secure).
• Migration Time (T_migration): 1–3 years (this is arbitrary but we assume that it could migrate to transition to quantum-safe blockchains overnight).
• Threat Timeline (T_threat): Initially 20 years but reduced to 10-15 years due to breakthroughs.

We obtain 11–13 years > 10–15 years. These numbers show that in a case such as this, the most important variable is T_Migration because the migration time is irrelevant to the T_shelf-life and technological breakthroughs could happen at a slower or faster rate. For this reason and given that system-wide transitions are neither quick nor trivial, shifting one’s mindset and preparing early seems to be the better and safer solution.

b. Migration Challenges in Key Industries

Certain sectors, such as banking and healthcare, have historically been slow to modernize their core infrastructures, including outdated data storage and communication systems, making them prime targets for hackers.

According to the American Hospital Association, there were at least 384 cyberattacks on healthcare organizations in 2024 — averaging more than one attack per day. This alarming figure follows 2023, which was dubbed “the worst year ever for breaches in healthcare”. These systems often rely on legacy technologies — from decades-old mainframes to entrenched ERP systems — where encryption updates are complex and disruptive. The interdependence of financial and healthcare systems, combined with their scale, makes a hurried, last-minute transition especially risky. Without deliberate, phased planning now, these sectors may find themselves cornered into rushed changes, increasing their vulnerability and potentially causing widespread service disruptions.

Also, cryptocurrencies, particularly Bitcoin, face unique challenges in the post-quantum era due to their reliance on elliptic curve cryptography (ECC). A CRQC could exploit ECC to derive private keys from public addresses, enabling attackers to forge transactions, steal funds, and disrupt the blockchain’s integrity. Moreover, Bitcoin’s decentralized nature and the community’s governance structure often value stability and consensus over rapid changes, as history has shown with forks like Bitcoin Cash and Bitcoin SV. These forks highlight the reluctance within the community to implement sweeping updates, especially when they affect core functionalities. This resistance to change could delay the adoption of post-quantum cryptographic algorithms, leaving the network exposed during a critical period.

c. The Cost of Waiting

Our global digital economy relies on encryption for trust and stability. Without it:

• Financial Systems: Banks, payment processors, and trading platforms could face massive fraud, halted transactions, and cascading financial instability if their communications are compromised. For example, a breach in interbank systems like SWIFT could disrupt international trade and capital flows.
• National Security: Classified government data, military communications, and diplomatic transmissions could be laid bare, threatening national interests and global alliances. Moreover, critical infrastructure, including power grids and healthcare systems, could become prime targets, escalating the impact of cyberattacks.
• Blockchain and Cryptocurrencies: Public-key cryptography underpins blockchain consensus and cryptocurrencies like Bitcoin. The implications extend beyond cryptocurrencies to decentralized applications (dApps) and smart contracts, potentially destabilizing entire industries reliant on blockchain technology.

The economic and reputational damage of delayed action far outweighs the upfront costs of adopting quantum-safe measures. Early adopters will gain a competitive advantage by showing readiness in the face of emerging threats.

We must also highlight the responsibility of not only institutions and governments but also everyday users. By demanding quantum-safe solutions and taking proactive steps to secure their own information, individuals can help foster a broader culture of resilience against quantum-era threats. Protecting our digital infrastructure is not just about safeguarding financial and institutional integrity — it is about ensuring that everyone who depends on these systems remains secure in an increasingly uncertain future.

Conclusion

In this article, we examined the risks quantum computing poses to current encryption standards like RSA and ECC. We highlighted both the long-term risks of advanced quantum computers and the immediate dangers of “Harvest Now, Decrypt Later” attacks. By examining the timelines for quantum advancements and the difficulties of migrating to quantum-safe systems, we stressed the necessity for organizations to proactively adopt post-quantum cryptography measures.

This underscores the need to address quantum vulnerabilities in current institutions and blockchain protocols:

1. Adopt Quantum-Safe Standards: Familiarize and start implementing post-quantum cryptography now to ensure data security for years to come.
2. Invest in Agility: Adopt or design systems that can adapt quickly to new cryptographic standards as they evolve.
3. Monitor Developments: Stay informed about quantum advancements to adjust strategies accordingly.

So given the progress we’re seeing and the rising awareness of a post-quantum era, what pivotal event or breakthrough could serve as the trigger to get industries on the boat and take action against this inevitable but uncertain threat?

I hope you enjoyed the article! Let’s connect on Twitter or LinkedIn.