The biggest threat to your encrypted data isn’t a hacker — it’s a quantum computer that doesn’t exist yet. A Forbes Tech Council article published June 26, 2026, makes the case that post-quantum cryptography (PQC) is fundamentally a business problem disguised as a math problem, demanding urgent enterprise action.
Organisations worldwide rely on public-key cryptography to secure everything from emails and financial transactions to critical infrastructure. But Shor’s algorithm, once run on a sufficiently powerful quantum computer, can break the RSA and ECC encryption underpinning these systems. The National Institute of Standards and Technology (NIST) has been leading the effort to standardise quantum-resistant algorithms, finalising three primary candidates — CRYSTALS-Kyber, CRYSTALS-Dilithium, and SPHINCS+ — in 2024, with a fourth (FALCON) added later.
The transition to PQC is not a distant problem. Adversaries are already harvesting encrypted data today, waiting to decrypt it when quantum computers mature — a tactic known as “harvest now, decrypt later.” This makes the timeline for migration urgent, not hypothetical. The Forbes article emphasises that delaying PQC adoption exposes companies to massive compliance, reputational, and financial risks.
Key details from the evolving landscape: NIST set a target of 2035 for full migration of government systems, but private sector timelines may be shorter due to regulatory pressure and competitive advantage. Enterprises must audit their cryptographic inventories, identify dependencies in software and hardware, and build crypto-agile architectures that can swap algorithms without system rebuilds. The cost of migration is estimated in the tens of billions of dollars globally, with sectors like banking, healthcare, and cloud computing facing the steepest challenges.
Industry experts argue that PQC is not just about maths or IT — it’s a C-suite issue. Chief information security officers (CISOs) must collaborate with chief financial officers (CFOs) and boards to allocate budget and talent. Crypto-agility — the ability to update cryptographic algorithms quickly — is emerging as a core business requirement. Companies that treat PQC solely as a technical upgrade risk falling behind competitors that embed it into strategic planning.
What happens next? Over the next three to five years, major cloud providers and software vendors will begin default-enabling PQC in their products. Standardisation bodies like IETF and ISO will publish final specifications. Governments worldwide will mandate PQC for public-sector procurement. The window for early movers is closing fast; the most proactive organisations are already running PQC pilot programs. The message from Forbes is clear: treat post-quantum cryptography as a business imperative today, or pay the price tomorrow.
Technology
→ Neutral
Post-Quantum Cryptography Is A Business Problem Hiding Inside Of A Math Problem
Beyond advanced mathematics or theoretical computing breakthroughs, PQC is about protecting the systems enterprises already depend on to operate securely at scale.
Kumar Mehta, Forbes Councils Member
Forbes
3 min read
7/10
Key Takeaways
- NIST finalized three post-quantum cryptographic algorithms in 2024 (CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+) with FALCON added in 2025, providing a baseline for global migration.
- The 'harvest now, decrypt later' attack vector means adversaries are already collecting encrypted data, expecting quantum computers to break it within 5–10 years.
- Enterprise migration to PQC is estimated to cost $50–$100 billion globally over the next decade, covering software updates, hardware replacements, and training.
- The U.S. government has set a 2035 deadline for all federal systems to adopt PQC, pushing private sector compliance deadlines to 2030–2033 in heavily regulated industries.
- Only 12% of large enterprises have completed a full cryptographic inventory as of 2026, highlighting a severe readiness gap across banking, healthcare, and cloud sectors.
Frequently Asked Questions
Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to be secure against attacks from both classical and quantum computers. Unlike current public-key systems like RSA, PQC algorithms rely on mathematical problems that are hard for quantum computers to solve.
Businesses rely on encryption to protect customer data, financial transactions, and intellectual property. Quantum computers will eventually break today's encryption, so migrating to PQC is essential to prevent data breaches and maintain trust. Delaying migration also exposes companies to "harvest now, decrypt later" attacks.
The U.S. government has set a 2035 deadline for federal systems, but private companies should start migration by 2030. Given the complexity of updating hardware and software, organizations should begin cryptographic inventories and pilot programs immediately.
NIST selected CRYSTALS-Kyber for key encapsulation and CRYSTALS-Dilithium, SPHINCS+, and FALCON for digital signatures in 2024–2025. These algorithms are now being integrated into commercial products and open-source libraries.
Harvest now, decrypt later is an attack strategy where adversaries collect encrypted data today, storing it until quantum computers become powerful enough to decrypt it. This makes early adoption of post-quantum cryptography critical for protecting sensitive information.
Companies should start by conducting a full cryptographic inventory to identify where public-key cryptography is used. They should then prioritize assets based on data sensitivity, build crypto-agile systems, and run PQC pilot deployments to test compatibility.
Topics
Original source
www.forbes.com
Discussion
Join the discussion
Sign in to post a comment or reply.
No comments yet. Be the first to share your thoughts!