Quantum computers will soon make cryptographic methods insecure, as data tapped now could be decrypted later. Organizations urgently need to switch to quantum-safe encryption methods. The transition requires planning, hybrid procedures, crypto agility and crypto registers. The financial and insurance sectors as well as operators of critical infrastructures must act promptly in order to be future-proof in good time.
What exactly is it about?
Many systems protect data with methods that are mathematically difficult to crack. However, in the near future, quantum computers will have the necessary computing power to overcome these protective mechanisms within a very short space of time. This means that what is considered secure today could be vulnerable tomorrow. For this reason, the National Institute of Standards and Technology (NIST) in the USA has already identified new methods that will also be suitable for secure communication in the future.
The NIST recommendations result in concrete timetables. From 2030, older methods are no longer recommended, and from 2035 they should no longer be used at all in security-relevant applications. These deadlines mark a clear turning point. The European Union is also working hard to prepare for this change. The European Union Agency for Cybersecurity (European Network and Information Security Agency – ENISA) and the European Telecommunications Standards Institute (ETSI) are already working on specifications and recommendations for companies.
ETSI recommends: “Organizations should start preparing for the transition to post-quantum cryptography immediately, especially for systems with long lifecycles and high security relevance.”
ENISA states that, depending on the complexity of the data processing systems used, the switch to post-quantum cryptography can take five to ten years. In particular, organizations with complex and highly networked IT landscapes – as is the case in the financial sector – face lengthy transformation processes.
Financial institutions exchange sensitive information with various partners: Customers, business partners, payment service providers, supervisory authorities, etc. These communication relationships require a high level of protection.
Various bodies define the communication standards, e.g. the German Banking Industry (DK) for home banking, supervisory bodies for reporting, central banks and international payment service providers such as SWIFT for payment services, etc. These standards contain specific requirements for the encryption of data.
The window of opportunity is closing faster than expected
Other countries are following suit. In Australia, the National Cyber Security Center has already assessed older procedures as not future-proof since 2023. In the UK, the National Cyber Security Centre (NCSC) recommends planning for so-called hybrid approaches now: “It should be assumed that procedures will need to be replaced over their lifetime – systems must support this replacement capability.”
A survey published by the Federal Office for Information Security (BSI) with participants from industry and public authorities shows just how serious the situation is:
- 89 percent of the organizations surveyed assume that the migration to a cryptographically future-proof infrastructure (“PQC-ready”) will take more time than many of their sensitive information needs to remain confidential.
- 75 percent expect the changeover to take five or more years.
- Over 50 percent have not yet initiated any measures.
These assessments illustrate a real and often underestimated risk: encrypted data is already being deliberately tapped and stored today in order to successfully decrypt it at a later date – for example with future quantum computers. This procedure is known as “harvest now, decrypt later”. Anyone who fails to make the switch to quantum-safe protocols in time is exposing not only future information, but also information that has already been captured and stored, to considerable risk.
The window of opportunity will begin to close in 2026. Realistically, only five to seven years are available for the complete transition to a “PQC-ready” infrastructure – including evaluation, planning, piloting, migration and auditing. Companies that do not start this transition now will probably not be able to meet the regulatory and operational requirements in time.
The graphic shows a timeline from 2025 to 2035 and illustrates the urgency of migrating to quantum-safe cryptographic protocols (“PQC-ready”). Three central statements are shown graphically:
- The majority of the organizations surveyed estimate that it will take five to seven years to migrate to quantum-safe cryptography.
- At the same time, the threat posed by quantum computers is constantly growing, as the timing of their technical breakthrough is almost impossible to predict.
- This creates a sensitive transition window in which confidential data could be at risk if protective measures are not taken early on.
The banking sector, the insurance industry and operators of critical infrastructures are particularly challenged. In its “Focus Risks 2025”, the German Federal Financial Supervisory Authority (BaFin) explicitly warns of an increasing threat from outdated encryption and calls for greater security and resilience.
What does this mean in practice?
Switching to new, secure processes takes time. Security functions are often deeply embedded in systems. They need to be identified, evaluated and replaced. This is a complex process that needs to be planned at an early stage. The earlier the planning begins, the better risks and subsequent costs can be avoided.
A tried and tested approach: so-called hybrid procedures. This combines the previous method with new, future-proof protection. This means that the system remains secure even if one of the two methods is no longer reliable one day. Microsoft, Cloudflare and OpenSSH already have such solutions in productive use.
Flexibility as a survival principle
One thing is particularly important here: cryptoagility. Those who design their systems in such a way that protection mechanisms can be replaced quickly and easily if necessary create the basis for long-term security. A central tool: a crypto register, i.e. a directory that documents which cryptographic processes are used where. The BSI expressly recommends the maintenance of such a register as a standard security measure in its IT baseline protection manual.
Increasing regulatory pressure to act
With laws such as the European Digital Operational Resilience Act (DORA) or the German IT Security Act 2.0, the pressure to operate demonstrably resilient infrastructures is increasing. International institutions such as the Bank for International Settlements (BIS) are also calling for early migration to quantum-safe communication in pilot projects with central banks. The BIS project “Leap” has successfully demonstrated the implementation of quantum-safe communication channels between central banks in its first phase and plans to involve further central banks in the next phase in order to investigate more complex IT environments and facilitate migration.
The path to the crypto future
The path to resilience against quantum computer attacks on cryptographic processes begins with an initial analysis and ends with the establishment of an ongoing process that continuously identifies and evaluates risks from the use of cryptography, introduces suitable control measures and monitors their effectiveness. Existing protection mechanisms must be recorded and implementation strategies developed so that systems can be flexibly adapted to newly emerging risk situations in the future.
The establishment of a systematic crypto register in conjunction with the use of monitoring tools that provide a daily overview of the cryptographic processes used forms the basis for this. It creates transparency and supports not only technical change, but also compliance with regulatory requirements, such as those stipulated in BSI IT-Grundschutz (Building Block CON.1, Standard Requirements A15 and A19) or DORA (Article 6 of Technical Standard EU/2024/1774).
Conclusion
Digital security is facing profound challenges in view of powerful quantum computers: Many of the previously secure cryptographic protocols could soon become vulnerable. Organizations therefore urgently need to switch to post-quantum cryptography (PQC). International and regulatory requirements, for example from NIST, the EU and the BSI, set clear deadlines for the change. Complex and security-relevant sectors such as financial service providers or operators of critical infrastructures are particularly affected. The transition to PQK requires time, planning and suitable strategies such as hybrid encryption methods, cryptoagility and a crypto register.
The establishment of a systematic crypto register in conjunction with the use of monitoring tools that provide a daily overview of the cryptographic processes used forms the basis for this. It creates transparency and supports not only technical change, but also compliance with regulatory requirements, such as those stipulated in BSI IT-Grundschutz (Building Block CON.1, Standard Requirements A15 and A19) or DORA (Article 6 of Technical Standard EU/2024/1774).
[1] NIST PQC Project: https://csrc.nist.gov/projects/post-quantum-cryptography
[2] ENISA PQC Guidelines: https://www.enisa.europa.eu/publications/algorithms-standards-and-protocols-for-post-quantum-cryptography
[3] ETSI Report on PQC: https://www.etsi.org/newsroom/news/2255-2023-01-news-etsi-publishes-report-on-post-quantum-cryptography
[4] ACSC Australia PQC Guidance: https://www.cyber.gov.au/resources-business-and-government/architecture-and-design/post-quantum-cryptography
[5] NCSC-UK blog on hybrid approaches: https://www.ncsc.gov.uk/blog-post/pqc-hybrid-approach
[6] Microsoft security blog on PQC preparation: https://www.microsoft.com/en-us/security/blog/2022/06/21/post-quantum-cryptography-how-microsoft-is-preparing-for-a-quantum-future
[7] Cloudflare Post-Quantum TLS Test: https://blog.cloudflare.com/the-tls-post-quantum-experiment
[8] OpenSSH PQC Release Notes: https://www.openssh.com/txt/release-10.0
[9] BSI basic protection module OPS.1.1.2: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium/baustein_ops_1_1_2.html
[10] BIS-Leap project for quantum-safe communication: https://www.bis.org/about/bisih/topics/cyber_security/leap.htm
[11] BSI press release on the KPMG survey: https://www.bsi.bund.de/DE/Service-Navi/Presse/Alle-Meldungen-News/Meldungen/BSI_KMPG_Quanten_230418.html
[12] Market survey on cryptography and quantum computing (BSI PDF): https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Krypto/Marktumfrage_Kryptografie_Quantencomputing.pdf
[13] BaFin focus risks 2025 – Risk from cyber incidents: https://www.bafin.de/DE/Aufsicht/Fokusrisiken/Fokusrisiken_2025/RIF_4_Cyber_Vorfaellen/RIF_4_Cyber_Vorfaellen_node.html
[14] IBM Quantum Roadmap “Condor” (1,121 qubits, 2023), “Heron”, “Starling”, goal: “fault-tolerant systems”: https://research.ibm.com/blog/ibm-quantum-roadmap-2023
[15] Microsoft on quantum risk and RSA2048, 4000 logical qubits, millions of physical qubits required: https://www.microsoft.com/en-us/security/blog/2022/11/30/the-quantum-threat-to-cryptography/
[16] NIST PQC Roundtable (2022), Estimates of the number of qubits required, timeframe and risks: https://csrc.nist.gov/Presentations/2022/post-quantum-cryptography-standards-roundtable
[17] NSA FAQ on post-quantum cryptography and HNDL “Harvest Now – Decrypt Later” explicitly named: https://media.defense.gov/2021/Sep/07/2002859013/-1/-1/0/NSA-CNS-FAQ-POST-QUANTUM.PDF
[18] ETSI Technical Report GR SAI 005 Guidance “Quantum Safe Cryptography and Security”: https://www.etsi.org/deliver/etsi_gr/SAI/001_099/005/01.01.01_60/gr_SAI005v010101p.pdf