The time to prepare for PQC is now. While estimates differ on when the day a quantum device capable of breaking most of today’s widely-used forms of encryption methods becomes a reality, it’s vital that steps are taken to protect sensitive data against these across all sectors.
Organisations like the National Institute of Standards and Technology (NIST) in the USA and the National Cyber Security Centre (NCSC) in the United Kingdom are driving these efforts, approving post quantum cryptography (PQC) standards and finalising roadmaps for full migration to these. However, industry migration will be a lengthy process, and there are some hurdles to overcome before this can be achieved.
The current threat landscape
According to the recent State of PQC Readiness report, 76% of security professionals across the USA and Europe are confident in their understanding of quantum threats. The implications of quantum devices are well understood: commonplace asymmetric security measures like Rivest-Shamir-Adleman (RSA) will be broken with ease if attackers use Shor’s algorithm, while Grover’s algorithm can be used to grind down symmetric measures.
There’s also the threat of ‘harvest now, decrypt later’ attacks, in which threat actors collect and store the encrypted data of today in order to decrypt it in the future when quantum devices become available.
But understanding these threats and mitigating them is another matter. The same report found that 91% of security professionals do not have any formal PQC roadmap in place, despite the guidance provided by NIST and NCSC. Additionally, when asked about their expectations regarding when they will implement at least one PQC algorithm in place, 55% of the same professionals believed this would happen in 2026.
This belief may be premature. It’s true that we are already seeing businesses offer ‘PQC-ready’ solutions, but the issue is that algorithms cannot be fully integrated to protect everything. While implementing algorithms for smaller tasks, such as firmware signing, is feasible, a full migration to secure every aspect of a company’s computing infrastructure is unlikely to occur for at least another five years.
Prioritising measures
The disconnect between awareness and action is also demonstrated in the fact 81% of professionals do not feel their assets are ready for PQC migration. While crypto-libraries and hardware security models form the backbone of data protection, they are currently vulnerable to quantum attacks should a device be realised in the near future.
These assets are typically embedded in legacy systems, which means retrofitting them for PQC isn’t just a patch, but a complete overhaul of security measures like key storage and generation. This is especially challenging for business with tight IT budgets amid the ongoing cybersecurity skills shortage. In 2025, there was a skills and talent shortfall of approximately 4.8 million, meaning that many security teams lack the specialist knowledge to adequately plan and action migration processes.
However, that’s not to say that steps are not being taken by businesses. Compliance readiness assessments, risk exposure modelling, and the inventorying of legacy cryptographic assets are all underway, with an interesting split emerging: professionals within the USA and the United Kingdom are placing more emphasis on compliance-focused actions, while in Germany, PQC activities are being explored in a more uniform approach. This may be because IT budgets in Germany are often smaller than those in the USA and the United Kingdom, making a more measured approach to prioritisation fiscally prudent.
Maximising shrinking budgets
The topic of available budgets is a contentious one. In 2025, the average cybersecurity budget grew by only 4% – half the growth seen in 2024 – as economic uncertainties have driven businesses to prioritise other areas of their operations. This is in spite of the growing volume and complexity of cyber-attacks, and the hidden threat of ‘harvest now, decrypt later’.
The findings from the State of PQC Readiness report indicate that the majority of businesses plan to invest some of their available budget for PQC measures over the next two years, with 58% of those surveyed saying the value of this investment will fall between 6-10%. As budgets continue to be squeezed, even putting this much aside is a positive sign.
It’s not all rosy, though. 4% of those surveyed in the USA and the United Kingdom advised they will not use any of their available budget for PQC measures – despite many of them believing that at least one algorithm will be implemented by 2026. The hope is that this will change as migration pressures increase in the coming years.
The causes for concern
Nevertheless, the migration process itself is keeping some businesses awake at night. Integration and compatibility, current costs and budgetary restraints, as well as the complexity of migration processes and current staff shortages, are all weighing heavily on the minds of security professionals.
According to the State of PQC Readiness report, the responses from within the United Kingdom highlighted significant concerns regarding cost, training and compatibility with legacy systems. Professionals also raised issues surrounding management buy-in, and a lack of internal guidance on how to carry out the migration process – a situation worsened by the lack of trained employees.
In Germany, fears are instead focused on timeline pressures, migration complexity, and – again – the lack of talent available. There are even concerns over the safety of the new PQC algorithms, alongside multi-cloud coordination and critical asset identification. For respondents within the USA, integration complexity was again raised as an issue, with broader concerns over job stability, family, and the impact PQC might have on their careers were also raised.
Setting the standard
These concerns may be eased as international standards bodies like the Trusted Computing Group (TCG) begin to action their own PQC strategies. Many of these organisations are now updating their specifications to prepare for quantum devices, leveraging the collective insights of their member bases, and are set to play a crucial role in migration efforts going forward.
Industry migration will take some time, and there remains some external dependencies and complexities within the specification chain for these organisations. For example, standards bodies are themselves dependent on the relevant algorithms and parameter sets being published by NIST and NCSC. However, TCG’s foresight in this area was demonstrated in 2013, when algorithmic agility was implemented during the initial transition to TPM 2.0.
For standards bodies, the focus will remain on cryptographic agility going forward, keeping a keen eye on the latest developments from regulators to ensure the latest PQC measures are incorporated within their standards.
Looking ahead
Overall, security professionals definitely appear to be confident in their understanding of quantum threats – references to specific attacks like ‘harvest now, decrypt later’ do indicate an awareness of what is happening, and what’s to come. Yet, it’s tricky to look beyond the lack of finalised roadmaps that can help overcome these issues, as well as the fears over already-stretched security budgets and the expertise to implement algorithms and solutions once readily available.
We would suggest that the prediction that at least one algorithm being implemented by the end of 2026 be the benchmark we measure to assess progression. If other businesses see their competitors adopting PQC measures, it may drive them to do so themselves. We just hope the confidence within the industry will be justified over the next twelve months and beyond.
About the author:
Thorsten Stremlau is a Systems Principal Architect at NVIDIA. Known for innovation and driving key industry security initiatives, has been part of TCG for over 20 years and is currently the co-chair of the Marketing Work Group at the Trusted Computing Group.
