What is post-quantum cryptography (PQC), and why should organisations care?

Information security depends heavily on encryption. Encryption protects data by using mathematical problems so complex that today’s computers would take years — if ever — to solve them. Quantum computers, however, are expected to be far more powerful, making it much easier to crack these problems. This poses a serious threat to the protection of sensitive company data. Will quantum computers break encryption in no time? While some methods (such as symmetric key encryption) may remain effective, many commonly used techniques for securing data and verifying identities will become vulnerable.

To address this risk, we need encryption that can withstand both today’s and tomorrow’s attacks. These are called post-quantum cryptographic (PQC) algorithms.

Upgrading to PQC is a major task. Implementing it across systems can take 10 to 20 years, as organisations must integrate new algorithms into a wide range of products and services. In the payments industry, for example, PQC could impact everything from stored financial records to the chips in credit cards and the hardware in payment terminals.

‍There is a lot of talk about “Harvest Now, Decrypt Later.” What does it mean, and why does it matter?

It is an alarming development: adversaries are collecting sensitive, encrypted information now and storing it until future technology allows them to break the encryption. This creates a delayed but very real security risk.

Quantum computers are not yet widely available and remain in the early stages of development. They do not operate reliably at scale and are currently used primarily for research, education, and specialised industrial experiments.

However, attackers are already stealing encrypted data, anticipating that they will be able to decrypt it once sufficiently powerful quantum computers emerge. This threat is known as “Harvest Now, Decrypt Later.”

For any organisation handling sensitive customer data, the urgency is clear — the race to develop and adopt quantum-resistant security measures has already begun. Waiting is not an option.

‍Where should organisations start?

Preparing for the post-quantum era begins in the boardroom. Before any code is rewritten or new cryptographic standards are adopted, the most critical first step is securing the attention and commitment of leadership. This means clearly and convincingly articulating the quantum threat to the board and executive team.

Leadership must understand that advanced quantum computers are expected to break the encryption methods currently used to protect sensitive customer data. The uncertainty around when fault-tolerant quantum computers will become a reality only strengthens the case for early, proactive action — including the allocation of sufficient budget and resources to begin planning today.

Once senior leadership is on board, how should the working team be structured?

The transition to PQC is a complex, organisation-wide effort — not just an ITor cybersecurity project. Its impact spans technical, operational, legal, and customer-facing functions, requiring cross-functional collaboration from the start.

A dedicated PQC task force or steering committee should lead the effort, with representatives from IT, Security, Risk Management, Compliance, Legal, Product Development, and — critically — business unit leaders who understand customer needs and day-to-day operations.

Examples: Consider involving Data Protection (DP) stakeholders early in the process. DP teams support data minimisation and robust deletion practices — both of which reduce the volume of data that needs protection. This aligns with your objectives. DPs are also motivated to show that state-of-the-art technical and organisational measures (TOMs) are in place, making them a natural ally in the transition to PQC. In addition, DP’s processing activity register can help identify sensitive data and how it is used across the organisation — a valuable resource for prioritising your efforts.

Assembling the right team is only the first step — clear governance is essential. Define the roles and responsibilities of both individual members and the committee. Managing the transition to PQC at scale requires clarity. Keep accountability and reporting lines simple and well-defined to ensure focus and momentum.

The team is in place. What should their first tasks be?

You will need to build an inventory of every location where cryptography is used across the enterprise.

The first phase — discovery — involves identifying every application, system, and hardware component that relies on cryptography. This includes software securing internal and external communications (such as Transport Layer Security (TLS), Virtual Private Network (VPNs), and Application Programming Interfaces (APIs), hardware security modules (HSMs) protecting critical keys, encryption used for data at rest and in transit, and cryptographic functions embedded in devices like point-of-sale (POS) terminals and other connected infrastructure. A thorough approach is essential; any overlooked cryptographic component could become a vulnerability later.

Once cryptographic assets have been identified, the next step is a detailed analysis of each one. This involves documenting the specific algorithms in use — for example, Rivest–Shamir–Adleman (RSA), Elliptic Curve Cryptography (ECC), or Advanced Encryption Standard (AES) — along with key parameters such as key lengths. Itis also important to understand the purpose of each implementation: Is it encrypting data for confidentiality, digitally signing information for authenticity and integrity, or securing key exchanges?

In addition,the inventory should record:

- What data is being protected

- Any dependencies on other systems or processed

- A clearly defined owner responsible for each cryptographic instance

This mapping provides the critical baseline needed to assess quantum vulnerabilities and prioritise the components that must be upgraded.

‍With the inventory of cryptographic assets in hand, where should the assessment begin?

I recommend starting with a hierarchy of risks. Not all cryptographic implementations present the same level of urgency or potential risk.

A methodical risk assessment enables an organisation to identify its most significant vulnerabilities and prioritise what will be a complex, multi-year migration effort.

Each cryptographic instance identified in the inventory should be evaluated through several key lenses:

 - Vulnerability to Quantum Attacks: The most immediate filter is whether the cryptographic method relies on algorithms known to be vulnerable to quantum computing. This includes commonly used public-key algorithms such as RSA, ECC, and Diffie-Hellman (DH) key exchange. Identifying these is the first step in triaging risk.

- Data Sensitivity and Lifespan: This is where the “harvest now, decrypt later” threat becomes critical. How sensitive is the data being protected, and for how long must it remain confidential? High-priority risks include long-lived data — such as personal identification, intellectual property, or financial records — that is currently protected by encryption vulnerable to future quantum attacks. Short-lived data— most QR codes, temporary Application Programming Interface (API keys), and session tokens — represents a lower priority for immediate PQC adoption.

- System Criticality: How essential is the system or application to the organisation’s core operations? A failure or compromise in a critical system, such as a payment processing platform for payment service providers, would have immediate and severe consequences — far more so than anon-essential internal tool. The more mission-critical the system, the higher the priority for remediation.

- Ease of Migration: Practicality also matters. How difficult will it be to replace or update the cryptographic implementation? For example, upgrading server-based encryption might be straightforward, while replacing cryptography embedded in millions of deployed Point-of-Sales devices could involve costly hardware refreshes and significant engineering effort.

You recommend building a migration roadmap. What should that include?

The migration roadmap should be a comprehensive, phased, and long-term strategic plan — not a static document. It should translate insights from the cryptographic inventory and risk assessment into a sequence of actionable steps.

It should be divided into manageable phases, each with clearly defined milestones and realistic timelines.

For each phase and project, estimate the required resources. This includes not only budgets for new technologies and external vendors but also the allocation of internal personnel.

Be sure to identify dependencies between interconnected systems and processes. For example, upgrading a central authentication service may affect all applications that rely on it.

You mentioned that the transformation process can take several years, and some companies will fail. What is your key advice for avoiding failure?

The usual rules of the road for transformation projects apply: track progress and ensure that the right person is accountable for meeting milestones. In the case of PQC, consider setting targets for the percentage of critical systems migrated, as well as for the successful completion of interoperability tests with new PQC standards.

A key factor to understand — and to avoid frustration — is that the landscape is still evolving. Post-quantum cryptography standards, such as those from NIST,¹ are still maturing. New research continues to emerge, and best practices will keep evolving. For this reason, the roadmap must be designed to support iterative updates. It should include regular review cycles and mechanisms to incorporate new information, adjust timelines, and refine strategies as the field progresses.

Maximilian Weber is the Chief Information Security Officer at Belvo and a strategic consultant.