Your encryption isn’t broken yet. But somewhere, right now, someone may be storing your traffic for the day it will be. The question for 2026: “Is your organization going to migrate on its own terms or someone else’s?”
The Attack That’s Already in Progress
Most security teams think of threats in terms of immediate exploitation: a payload drops, an alert fires, a playbook kicks off. The quantum threat operates on a fundamentally different clock, and it definitely doesn’t wait for your EDR to catch up.
The attack vector is called harvest now, decrypt later (HNDL). Nation-state actors are intercepting and archiving encrypted traffic today. Things like TLS sessions, VPN tunnels, encrypted email, etc. with no intention of decrypting it immediately. They are building libraries of ciphertext, waiting patiently for the day a cryptographically relevant quantum computer (CRQC) arrives to open them. The 2022 U.S. National Security Memorandum NSM-10 confirmed adversaries are already operating this way.
The uncomfortable truth: If your organization handles data with 10+ years of strategic, regulatory, or competitive sensitivity, think patient records, M&A negotiations, government contracts, intellectual property, that data is already a target. Its current encryption buys you nothing against an adversary willing to wait.
|
>5% of IT security budgets heading to quantum readiness |
2030 CNSA 2.0 hard deadline for NSS systems |
3 NIST PQC standards finalized Aug 2024 |
~15yr typical data sensitivity window in healthcare & finance |
What NIST’s Finalized Standards Mean for Your Stack
In August 2024, NIST published three finalized post-quantum standards: FIPS 203 (ML-KEM / CRYSTALS-Kyber — key encapsulation), FIPS 204 (ML-DSA / CRYSTALS-Dilithium — digital signatures), and FIPS 205 (SLH-DSA / SPHINCS+ — hash-based signature fallback). A fourth standard, FIPS 206, based on FALCON, is in progress. The “wait and see what NIST finalizes” era is over. The standards are published. The clock is running.
For CISOs: think SHA-1 deprecation, multiplied by an order of magnitude in complexity. SHA-1 migration took years and exposed blind spots in certificate inventories. Post-quantum migration touches every key exchange in your infrastructure (including keys baked into firmware, IoT devices, HSMs, and third-party SaaS). Plan accordingly.
Cryptographic Agility: The Only Architecture That Survives This
Security architects who lived through MD5-to-SHA-1, SHA-1-to-SHA-2, or TLS 1.0/1.1 deprecation know the pattern: organizations that handled it cleanly had abstraction layers between application logic and cryptographic primitives. Everyone else had cryptography baked directly into protocol stacks and firmware, and they paid for it.
Cryptographic agility is the property that makes algorithm replacement a configuration-and-testing problem instead of a re-engineering crisis. Practically: your systems can negotiate or be reconfigured to use a new algorithm without touching business logic. Your key management infrastructure supports multiple algorithm families in parallel. Your certificate tooling can issue hybrid certificates, (both classical plus post-quantum), for the transition period where both peer sets exist.
For CISOs: The ROI framing is simple: every dollar building agility now buys optionality. If a vulnerability surfaces in ML-KEM, (unlikely, but possible), an agile system pivots to SLH-DSA without a crisis. A non-agile system hands you one.
“Every dollar spent building agility into your infrastructure now is a dollar that buys optionality. A non-agile system doesn’t give you a fallback, it gives you a crisis.”
What Your Vendors Aren’t Telling You (And What to Ask)
The PQC vendor ecosystem is fractured. The big cloud providers (AWS, Azure, Google Cloud) have deployed or announced hybrid PQC support. OpenSSL and BoringSSL have functional implementations. Signal and Apple iMessage have already shipped PQC in production.
Then there’s everything else: your SIEM, your EDR, your VPN concentrators, your identity provider, your PAM system. The operational tooling most enterprises actually run presents a much patchier picture. Any vendor touching TLS termination, key material, or binary signing has a PQC obligation, but clearly not all of them have acknowledged it.
Five questions that belong in your next vendor renewal or RFP:
Vendors that can’t answer these with specificity are liabilities in your migration plan. This matters doubly for mid-market organizations relying on MSSPs: your MSSP’s tooling is your cryptographic posture, whether or not you’ve audited it.
The Mid-Market Reality: Fewer Resources, Same Exposure
Quantum readiness discussions tend to fixate on federal agencies and Fortune 500 security teams. But mid-market companies carry much of the same exposure with a fraction of the internal capacity and, statistically, more shadow IT, undocumented certificate deployments, and fragmented vendor relationships to untangle.
A regional healthcare group, a financial institution running legacy core banking, a defense subcontractor handling controlled unclassified information, all operate under the same compliance obligations as their larger peers. The inventory is harder; the stakes are the same.
The practical answer is sequencing. You cannot do everything at once. The cryptography inventory described below forces prioritization, it gives you an evidence-based starting point instead of either paralysis or the loudest vendor pitch. A mid-market company that finishes an inventory and migrates its two highest-impact systems in 2026 is vastly better positioned than a large enterprise still socializing a study through committees in 2028.
Resolution #5: Start Quantum Readiness Now, With a Funded Roadmap
Quantum security spending is heading past 5% of IT security budgets. Organizations that act now build controlled, sequenced capability. Organizations that wait buy themselves an emergency remediation program, compliance gaps, and the organizational chaos of a forced migration. The math is not subtle.
Treat this as a migration program, not a project. Four phases: Discover → Prioritize → Modernize → Validate. Cryptographic agility is the foundation; the inventory is the first deliverable; the pilot migration is how you prove the process. Then repeat the cycle annually.
|
Phase 01 Discover |
Phase 02 Prioritize |
Phase 03 Modernize |
Phase 04 Validate |
|
Enumerate every system, app, device, and third-party touching cryptographic material. Certificate logs, network scanning, and agent-based tooling all contribute. Expect surprises. |
Score systems by data sensitivity, algorithm exposure (RSA/ECDH vs. symmetric), regulatory obligation, and change complexity. CNSA 2.0 timelines are your external forcing function. |
Implement PQC and crypto-agile patterns on prioritized systems. Hybrid approaches bridge the gap while peer support matures. HSM/KMS upgrades often gate everything else. |
Cryptographic testing, interoperability checks, audit evidence. Update monitoring to detect algorithm downgrade attempts. Re-enter Phase 01 on a 12-month cycle. |
TL; DR, - What you need to do before the window closes:
|
The clock started when NIST finalized those first three standards. It arguably started earlier, when adversaries began archiving encrypted traffic. What is certain is that 2026 is a year when doing nothing carries a measurable cost, in compliance exposure, in data risk, and in the organizational debt you’re accumulating for a future forced migration.
The organizations that will look back on this as a well-managed transition are the ones making inventory calls and vendor appointments this quarter. The question is whether yours is among them.