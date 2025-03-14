Late last year, a group of Chinese researchers successfully cracked RSA encryption, one of the oldest and most common methods used to secure data stored by countless banks, healthcare organizations, and government agencies around the world.

Their weapon of choice? A D-Wave quantum computer.

While cryptographically relevant quantum computers (CRQCs) are not yet accessible to the average cybercriminal, this event marks an unwelcome milestone in the quantum roadmap—one that poses a major cybersecurity threat for industries handling sensitive data, financial information, or intellectual property, such as healthcare, banking, energy, aviation, and automotive.

The study published about this event also rings the alarm bells about the urgency of this issue, as researchers raise the possibility of a "harvest now, decrypt later" scenario, where attackers steal encrypted data with the intention of decrypting it once commercial quantum computing becomes viable in the next 10-15 years.

This looming threat has initiated a global race toward post-quantum cryptography (PQC)—cryptographic algorithms designed to be secure against attacks from quantum computers. But while many organizations accept the need to act swiftly with new technology, transitioning to PQC can be a lengthy, costly, and complex process that could take years to complete.

In this blog, we explore how and why organizations must begin the transition to quantum-resistant cryptographic methods and the challenges they must overcome to ensure their data remains protected even in the face of advancing and evolving threats.

Understanding the post-quantum decryption threat

Cryptography—the use of codes and algorithms to protect and obscure sensitive data and other information—has long been the bedrock of digital security, ensuring confidentiality, integrity and authenticity in our communications. Traditional cryptographic methods, such as RSA and elliptic curve cryptography (ECC), have provided robust security based on the computational difficulty of mathematical problems like factoring large numbers or the discrete logarithm.

These cryptography methods are what has kept our online banking accounts, digital health records, government secrets, and intellectual property safe and secure… until now.

With the help of quantum computing, these traditional cryptography codes, which would have taken thousands of years to crack with a conventional computer, could potentially be broken in a matter of seconds. This is because quantum computers utilize quantum bits, or qubits, that can exist in multiple states simultaneously and can be entangled, allowing for parallel computation on an unprecedented scale.

Embracing post-quantum solutions ensures that sensitive customer data, as well as IP and government secrets, remains protected even in the face of advanced quantum computing threats. It is also a critical consideration for organizations developing long-lifecycle products—such as those in automotive, aviation, and energy—which must ensure that digital components, like chips and hardware, can be updated with stronger security protocols as they become available. This is crucial to preventing catastrophic breaches that could compromise critical infrastructure, including power grids and air traffic control systems, as well as essential assets like planes and automobiles.

Embracing post-quantum solutions: Overcoming challenges to PQC

The transition to PQC is not a simple software update. It's a complex migration involving hardware, software and protocol changes across entire ecosystems. There are key challenges that organizations must overcome, technically, financially and culturally, to enable this shift. This requires a comprehensive approach that not only tackles known challenges but also anticipates future needs.

Technical challenges

As companies begin the shift to PQC, organizations must address the age-old challenge of legacy system compatibility. Outdated applications and infrastructure components may struggle to support new cryptographic algorithms, creating insurmountable interoperability issues. For those systems that can support more advanced encryption methods, performance overhead may remain an issue since these tools may introduce computational demands that surpass the system’s capabilities.

Financial challenges



​Transitioning to PQC also presents significant financial challenges for organizations, as program costs easily stretch into the millions. (For context, the U.S. federal government's migration to PQC between 2025 and 2035 is estimated to cost approximately $7.1 billion.) The high price tag associated with this transition may require companies to reevaluate and reallocate their IT budgets.

Cultural challenges

Finally, organizations cannot overlook the significant cultural challenges PQC presents. As with any new process or technology implementation, employees will need to learn how new PQC protocols work and adjust their workflows accordingly.

The good news is that in many cases, companies need not go it alone nor start from scratch to address these issues. The National Institute of Standards and Technology (NIST) has been actively working on PQC since 2017, with the first public key algorithms standardized in 2024. This long-term effort, which involves international collaboration, shows the global recognition of the need for PQC and provides a framework for implementation.