Quantum computers are speeding towards cryptographic relevancy: The time to prepare is now.

Quantum hardware and algorithms are maturing, shrinking the projected quantum computing power required to break today’s standard encryption and putting the cryptographic systems that protect sensitive data today on a finite clock. 

IBM’s own work, alongside other new research from across the industry, presents evidence that fault-tolerant quantum computers could begin approaching cryptographic relevance by the end of the decade. Meanwhile, “harvest now, decrypt later” attacks put data largely considered secure today at risk. That reality is driving international regulations and guidance urging organizations to start the migration to post-quantum cryptography.  

The message is clear: organizations need to start their quantum‑safe journey now.

Quantum risk will materialize asymmetrically, meaning some cryptographic systems will fail earlier than others, depending on algorithm design and key size. Unlike Y2K, there won’t be a single moment when everything breaks at once; rather, quantum risk will be realized over time, spanning multiple years as different cryptographic systems become vulnerable at different times. 

For organizations, this translates to a prolonged window of risk exposure, making a programmatic transition across the entire cryptographic estate essential; not just the algorithms already known to be broken today. For most organizations, a reactive approach to fixing what’s broken will be nearly improbably, drawn out and highly disruptive to business operations. 

The good news is that defenses are advancing ahead of the risks. 

Progress has accelerated across the industry, with IBM co-authoring three of the four post-quantum cryptography algorithms published by NIST in 2024 and has been working with clients on quantum safe transformations since 2019. Over the past several years, IBM has helped elevate quantum risk awareness at the board level, assessed organizations’ exposure to related risks and developed actionable roadmaps to drive active migration and remediation programs. IBM’s contributions extend beyond individual enterprises to shaping multiple government national post‑quantum cryptography (PQC) strategies and convening industry consortia to accelerate large‑scale PQC transformation. 

This momentum is already making its way across industries as well. For example, IBM and Vodafone have been working together to explore how to apply post-quantum cryptography across Vodafone’s network infrastructure and systems. Additionally, IBM recently partnered with instant messaging platforms such as Signal and Threema to redesign core encryption protocols for a quantum-safe world. IBM’s own CIO office leverages IBM quantum safe technology to tackle challenges of discovery, visibility, remediation and modernization in managing cryptography—and stay ahead of the “harvest now, decrypt later” risk. 

Leading organizations across industries are already inventorying cryptographic assets, testing the use of post-quantum algorithms, and building crypto-agility into their environments. And while early adoption was concentrated in sectors such as telecommunications, momentum is now expanding across financial services, government, healthcare and critical infrastructure 

The standards, tooling and expertise needed to move forward exist now. 

Based on IBM’s experience working with clients for the past several years, when it comes to the journey towards quantum safe, organizations are moving at different speeds, with varying levels of readiness, affected by organizational complexity, legacy technology and evolving standards. 

However, the journey tends to follow a consistent pattern, unfolding in two broad phases. These phases are supported by a set of practical steps that help organizations move from uncertainty to execution. 

Most organizations today are in this initial phase, where the primary challenge is not choosing algorithms, but understanding their own specific challenges enough to be able to act with confidence.

At this stage, clients consistently struggle with:

• Limited visibility into where cryptography exists across applications, infrastructure, data flows and third‑party dependencies
• Assessing business and regulatory impact 
• Fragmented ownership of cryptography across security, infrastructure, application and vendor teams
• Uncertainty around timing, leading to stalled decision‑making

Phase 1 is about creating momentum without disruption, providing a defensible plan that leadership, security and technology teams can rally around.

As organizations move into execution, the nature of the challenge shifts. The question is no longer what we should do, but how do we do this without breaking the business.

IBM has developed innovative assets to breakdown the migration journey with a top-down and bottoms-up prioritization methodology that reduces complexity and drives a manageable and programmatic approach to PQC transformation.

Cryptographic change must be integrated into business‑as‑usual modernization efforts, including application updates, infrastructure refreshes, cloud migrations and vendor roadmaps, while also managing deep dependency chains and uneven industry readiness.

• Remediate: Migrate current cryptography, legacy cryptography, applications and data to post-quantum cryptography, where available, and minimize impact where remediation isn’t possible.
• Govern: Observe, monitor and manage cryptography risks across the enterprise while simplifying compliance reporting and management.  

Crypto‑agility is a foundational remediation and migration strategy for post‑quantum readiness. This transition presents an opportunity to build cryptography the right way. A crypto‑agile architecture enables organizations not only to migrate to PQC, but also to sustain a responsive capability. Crypto‑agility allows organizations to scale cryptography‑based data protection with confidence, reduce the operational costs associated with managing cryptography and meaningfully lower long‑term security risk.

Quantum computing and post‑quantum cryptography will continue to evolve. IBM is at the forefront of this innovation—advancing foundational research, and translating emerging cryptographic techniques into practical, enterprise‑ready solutions.  

Partnering with IBM provides organizations with early‑mover advantage, ongoing guidance as the technology landscape changes, and the assurance that comes from working with a leader helping define the future of quantum‑safe security.

Explore quantum safe technology

Learn more about IBM Consulting services