Most conversations about quantum computing fall into one of two traps: breathless hype about imminent breakthroughs, or dismissal of the technology as too distant to warrant attention. The reality for business and government leaders is more nuanced — and more urgent than many realize.
The “Harvest Now, Decrypt Later” Threat
Adversaries are collecting encrypted data today with the intention of decrypting it once quantum computing matures. This is particularly concerning for organizations holding sensitive data with a long shelf life — government records, health information, intellectual property, or financial data subject to long-term confidentiality requirements.
NIST’s Post-Quantum Cryptography Standards
NIST finalized its first set of post-quantum cryptography (PQC) standards in 2024, providing organizations with a clear migration target. The challenge now is transitioning existing systems — a process involving cryptographic inventory, vendor coordination, and careful testing.
Strategic Preparation Steps
- Build a cryptographic inventory — Know where you’re using RSA, ECC, and other vulnerable algorithms.
- Assess data longevity risk — Identify which data assets must remain confidential long enough to be at risk from future quantum decryption.
- Engage your vendors — Most cryptographic exposure is embedded in third-party software. Understand their PQC roadmaps.
- Plan for crypto-agility — Design systems to support algorithm changes without full rewrites.
- Incorporate PQC into new projects now — For greenfield systems, there’s no reason to build on algorithms that will need to be replaced.
Kiwi Futures advises organizations on both the risk and opportunity dimensions of quantum computing. Reach out if you’d like to discuss where quantum fits in your technology roadmap.