• Quantum risk will become cybersecurity's top priority as quantum computers mature, enabling attackers to decrypt previously captured encrypted data.
• The clock is steadily ticking, with NIST set to retire vulnerable cipher suites by 2030.
• Inventorying critical data and building quantum resistance into architecture upgrades as standards are being finalized can proactively secure compliance. 

Resilient security boils down to preparedness for the unknown. You may not be able to predict every shift, but you can prepare for the ones already taking shape. The cybersecurity community has long known that quantum computing would one day challenge today’s cryptographic foundation. What’s surprising is how quickly that “one day” is turning into today.  

Quantum systems haven’t cracked modern encryption yet, but it’s already started to shift the security conversation. 6 in 10 (62%) technology and cybersecurity professionals worry that quantum computing will break today’s internet encryption, yet only 5% say their organizations have a defined quantum computing strategy.

Enterprises, regulators, and nation-states alike recognize that the race is on, but many are still figuring out where to start.

Why quantum changes the game 

The exact timeline for practical quantum computing remains uncertain, but the threat isn’t. Adversaries are already intercepting encrypted traffic and storing it with the full intention of using quantum computers in the future to decrypt it. This “harvest now, decrypt later” tactic is already influencing how nations approach the security of their data at rest or in motion. Despite 63% of cybersecurity professionals recognizing quantum will increase security risks, 37% have not discussed quantum computing at all. 

Data at rest is at an especially high risk since it needs to be protected for much longer than data in motion. Retention requirements make this particularly dangerous. For example, U.S. HIPPA laws require healthcare information to be stored for seven years, while nuclear safety records must be kept for 50 years. If organizations don’t modernize their encryption ahead of quantum advances, decades of sensitive data become prime targets, with potentially disastrous consequences if compromised. 

Governments and standards bodies are well aware of this risk and are moving fast to tighten encryption regulations that support long-term resilience. 

What post-quantum cryptography brings to the security table 

The National Institute of Standards and Technology’s (NIST’s) transition to post-quantum cryptography (PQC) standards introduce new classes of algorithms—lattice-based, code-based, and multivariate—designed to withstand both classical and quantum attacks. Unlike traditional cryptography, these algorithms go a step further to build encryption on mathematical problems that are resistant to quantum decryption.  

The use of these algorithms address two essential needs:

• Ensuring sensitive information remains secure even as quantum computer capabilities advance.
• Preserving trust in the integrity of digital communication, transactions, and services well into the future.

Even if quantum computing has a ways to go, industry preparation is on its way. One study shows 42% of top 100 websites support PQC, with the numbers dropping significantly for less high-profile sites. 

Some ways organizations are future-proofing their security include: 

• More secure web browsing. Major players like Chrome, Edge, and Firefox have quietly rolled out support for PQC-capable protocols for a groundwork in quantum-safe browsing.
• Steady shifts in global traffic. Around 34% of internet traffic is already PQC-compliant, with both endpoints supporting the new ciphers.
• Regulatory momentum. NIST published three new cipher suites, while organizations like Internet Engineering Task Force (IETF) and International Telecommunication Union (ITU) are working on post-quantum key exchange mechanisms.
• Potential key advancements. Making browser-server handshakes quantum-resistant cuts off one of the most powerful tactics bad actors rely on, closing the door on future attacks.

Authentication and other layers will still need more work, but the updated roadmap to future-proof security is set. 

These deadlines are much closer than they appear

The NIST’s transition to PQC compliance has set clear milestones to address the risks head on. 

• 2030 → RSA, ECC, and other vulnerable cipher suites will be retired.
• 2035 → US Government to fully transition to a Quantum-Resistant System . 

These dates may sound distant, but cryptographic transitions are anything but quick. Hybrid environments, legacy systems, and regulatory scrutiny can all slow the process, especially for large enterprises. And there’s no telling exactly how soon quantum computers will break encryptions; it could be three years or six months from now. Organizations that wait for the final standards to settle may find themselves racing against the clock, or worse, already compromised. 

What security leaders can do now

The race has already begun—there’s no need to wait to get moving. Acting now can help set up your organization with the space it needs to ramp up protections without the pressure of a last-minute scramble as adversaries quietly move ahead.

Here’s how you can help your business stay ahead of quantum threats: 

• Inventory and prioritize securing sensitive data, identifying high-value targets
• Integrate PQC into upcoming infrastructure refreshes rather than bolting it on later
• Stay agile with cryptographic strategies that can adapt to emerging standards

Quantum readiness is less about speculation and more about disciplined, future-forward planning. 

Don’t wait for the finish line to appear

At Symantec and Carbon Black, we’ve always invested in the future of cybersecurity, driving relentless innovation across endpoint, cloud, and network security for organizations of every size. As pioneers in DLP, EDR, and application control, our solutions are designed in line with evolving standards bodies from bodies like IETF and ITU to keep pace, even amongst global cryptographic shifts.

And as proud, proactive members of the cybersecurity community, we’re advancing endpoint and workload protections to anticipate shifts in attacker behaviors. That includes modernizing our solutions to support PQC-compliant ciphers that ensure business continuity, so we can continue to deliver the value our customers derive from our solutions. When it comes to the “harvest now, decrypt later” problem, we’re raising flags now, so our partners and organizations worldwide can strengthen their defenses before quantum threats mature. 

Two legendary brands dedicated to keeping your security ahead of the curve, we’re focused on what your organization needs most: resilience against tomorrow’s breakthroughs, built on visibility today.

To hear more about how enterprises are preparing for post-quantum cryptography compliance, watch me break it down at the RSAC™ 2025 Conference.