The post-quantum cryptography (PQC) market size is expected to reach $1.88 billion by 2029, up from $302.5 million in 2024, with a compound annual growth rate of 44.2%, according to Research and Markets.
Also known as quantum-proof cryptography, quantum-safe cryptography or quantum-resistant cryptography, PQC is a field of cryptography that uses complex mathematics to protect data and systems from quantum computing attacks. These encryption algorithms are designed to secure data against attacks from both classical computers (the computers of today) and the quantum computers of tomorrow.
As the CEO of an encrypted messaging solutions provider, security—and security risks—are always top of mind for me. As I see it, the rapid growth of the PQC market reflects the importance of protecting data from quantum computing attacks. Quantum computers will have the capability to break current encryption methods, including asymmetric cryptography, which is widely used in software, firmware and devices. Gartner predicted that “by 2029, advances in quantum computing will make asymmetric cryptography unsafe and by 2034 fully breakable.”
Even though the quantum computing era has not yet begun, cybercriminals are wasting no time preparing for it with “harvest-now, decrypt-later” attacks, which involve bad actors stealing encrypted data in anticipation of the day when quantum computers can decrypt it. They are mining data from messaging apps, collaboration tools and other systems, putting sensitive business data at risk of exposure and exploitation. A poll by Deloitte of more than 400 organizations considering quantum computing benefits found that 50.2% believe they’re at risk for harvest-now, decrypt-later attacks.
Understanding Quantum Risks
Quantum computers solve complex problems much faster than classical computers, making traditional cryptography algorithms vulnerable to quantum attacks. As one article explained, a conventional computer needs 300 trillion years to break RSA-2048 prime number factor encryption. A 4,099-qubit quantum computer would need only 10 seconds to crack the same RSA key.
While the speed of quantum computing holds promise for delivering major advancements in the areas of healthcare, scientific research, artificial intelligence and more, it also presents cybersecurity risks for enterprises. Adopting PQC can help enterprises prepare for a quantum future. It could help protect data and systems from quantum attacks, future-proof security, assist organizations with remaining compliant with regulations, protect intellectual property, maintain customer trust and support organizational resilience.
Failing to be proactive when it comes to quantum computing could open the door to quantum computing attacks that result in data breaches, which can bring significant fines, lawsuits and reputational damage.
The Current State Of PQC
Cryptographic algorithms that secure both quantum and classical computers exist today. The U.S. Department of Commerce’s National Institute of Standards and Technology released three finalized post-quantum encryption standards designed to withstand cyberattacks from a quantum computer. One of these standards is a general encryption tool designed to secure a wide range of electronic information, while the other two are designed to secure digital signatures.
These standards took eight years to develop and are ready for immediate use; they contain the encryption algorithms’ computer code, instructions for how to implement them and their intended uses. NIST is encouraging computer system administrators to “begin transitioning to the new standards as soon as possible.”
Enterprise Readiness
Estimates of when “Q-Day”—the day when quantum computers are powerful enough to crack current encryption protocols—will arrive vary. According to a McKinsey poll, 72% of tech executives, investors and quantum computing academics believe that “a fully fault-tolerant quantum computer” will be here by 2035, while 28% think this won’t happen until at least 2040.
As the post-quantum future looms, many organizations are lagging when it comes to implementing PQC standards. A report by Entrust found that 61% of respondents are planning to adopt PQC within the next five years, but only 41% are currently preparing for this shift. Moreover, less than 20% of enterprises assess their technology solution providers’ support for quantum-resistant cryptography, according to Metrigy’s Workplace Collaboration and Contact Center Security and Compliance 2024 study, which surveyed 338 organizations.
Enterprises can protect their data and stay ahead of quantum threats with the right tools and strategies in place. Here’s what I recommend:
• Evaluate and inventory your current cryptographic infrastructure.
• Prioritize a PQC transition of infrastructure based on risk. Companies can consider exploring tools that support post-quantum cryptography.
• Monitor regulatory developments to maintain compliance.
Quantum computing is coming. Integrating post-quantum cryptography can help businesses protect the security and privacy of sensitive data now and in the future.