The quantum revolution is not a hypothesis of the distant future. In 2025, the world of information technology is on the cusp of one of the biggest changes since the invention of the Internet: the introduction of quantum computing into real-world practice.
In a previous article focusing on quantum technologies, we discussed how quantum computing is undermining current encryption methods that protect critical data of businesses, banks and governments. Now we’ll assess how to prepare for their mass deployment, what standards are evolving, and what’s at risk for organizations that neglect this transformation.
Quantum computing is fundamentally changing the rules of cybersecurity. Experts from the US National Institute of Standards and Technology (NIST) and the UK’s National Cyber Security Centre (NCSC UK) warn that current cryptography and common asymmetric and symmetric ciphers will not withstand attacks from quantum computing sooner than many expect.
NIST is leading the process of standardising post-quantum cryptographic algorithms to replace current public key algorithms vulnerable to quantum attacks, while NCSC UK is providing recommendations to UK organisations on preparing for the migration to post-quantum cryptography. The key is to amplify the migration plan to these new standards today, even though quantum computers are not yet massively deployed.
The strategy “He who prepares, survives” is doubly true here.
In 2025, IT professionals are thus facing one of the biggest technological changes since the Internet era: the mass deployment of quantum computing in practice.
Quantum computing is thus no longer just science fiction, but is becoming a reality. Recent advances in qubit counting, quantum error correction and the stability of quantum chips suggest that the technology is no longer the preserve of laboratories or start-ups. Experts warn that traditional cybersecurity cannot withstand quantum attacks, so it is imperative to start its systematic transformation immediately.
Transition to new cryptographic standards in practice
According to Europol, regulators across Europe, the United Kingdom, the United States and Singapore have already adopted key regulations targeting the quantum threat. Yet in a survey of 200 financial sector leaders, up to 86 percent of organisations admitted they are not prepared for post-quantum cybersecurity. 84 percent of those surveyed expect to need to implement quantum-resilient solutions within the next two to five years.
Ciphers that don’t resist are a quantum threat
Most of today’s cryptographic protocols – especially RSA (factorization of large numbers) and ECC (the discrete logarithm problem on elliptic curves) – are designed to withstand attacks on classical computers.
However, quantum algorithms, particularly Shore’s algorithm, solve these problems exponentially faster, fundamentally undermining the security of existing systems. As early as March 2025, the National Institute of Standards and Technology urged organisations to switch to quantum-resistant encryption algorithms as soon as possible.
In 2024, NIST officially approved a set of post-quantum encryption algorithms, including the primary ML-KEM standard, designed to protect sensitive data, ranging from internet traffic to medical or financial records, from potential attacks by future quantum computers.
This spring initiative is now complemented by the selection of a backup HQC algorithm to provide a second line of defense for universal data encryption in both ongoing communications and storage.
Both algorithms are the result of more than eight years of NIST research to create cryptography that is resistant to the computational power of quantum machines.
How to migrate to post-quantum encryption?
The migration to post-quantum encryption should be phased, following the recommendations of leading regulatory authorities.
In March 2025, the UK NCSC released a three-phase plan to recrystallise critical systems to post-quantum standards by 2035. At the same time, NIST, in its 12/2024 IR 8547 report, recommends phasing out traditional vulnerable algorithms like RSA, and gradually replacing them with proven PQC schemes. For example, CRYSTALS-Kyber or Dilithium for asymmetric encryption and HQC as an additional layer of protection.
The common goal of these initiatives is to ensure that organisations start systematically planning and implementing new cryptographic protocols today to minimise the risk of quantum attacks in the years to come.
Silent compromise of sensitive data
The quantum threat isn’t just about immediately cracking today’s encryptors – there’s also the risk that attackers may intercept and archive your sensitive communications (medical records, financial statements, government reports) today with the intention of being able to decrypt them when fully functional quantum computers are deployed in the future.
This attack model, known as “store now, decrypt later”, poses a particular risk in industries where data is stored for decades.
Similar organisations are therefore advised to take the following steps:
- Inventory long-term cryptographic assets:
Identify vulnerable protocols and data whose confidentiality must be guaranteed decades from now. - Pilot deployment of post-quantum algorithms:
Test new encryption schemes (e.g. CRYSTALS-Kyber, Dilithium, HQC) in internal systems and evaluate their performance and security. - Preparing your crypto-agile infrastructure:
Re-architect your IT architecture to support the rapid exchange of cryptographic methods as recommended by the March 2025 TQI and other regulators. - Migration Plan:
Propose a vision for a phased transition to post-quantum ciphers in mission-critical systems to minimize the period of concurrent operation of both traditional and new algorithms.
Performance and implementation challenges of post-quantum cryptography
According to a March analysis by the international organisation NIST, the implementation of algorithms such as CRYSTALS-Kyber and Dilithium in common TLS communications increases both the volume of data transferred and the CPU load. Their deployment will therefore require optimisation of protocols and a new approach to managing encryption communications, especially in mobile and IoT devices.
The future of cybersecurity will not only be defined by the development of new ciphers, but more importantly by the ability of organisations to adapt to the changing technological environment. Quantum computing is fundamentally changing the rules of the game, but it also presents both a challenge and an impetus to modernise infrastructures and security architectures.
Organizations that start planning, testing and deploying post-quantum solutions today will not only secure their sensitive data, but also gain a strategic advantage in the times when quantum reality becomes the new standard.
