upgrade encryption – Quantum computing may still be years from large-scale commercial use, but security deadlines are already landing now: experts urge moving from 128-bit to 256-bit encryption, warning that migrations can take 5 to 10 years and that RSA and ECC could face officia
The clock is already ticking, even if the quantum machines are not fully ready for everyday business.
At least two dozen manufacturers are commercially offering more than 40 quantum processing units. or QPUs—the hardware for quantum computers—according to MIT’s most recent Quantum Index Report. The same report notes that the quantum-as-a-service model is widening access to quantum resources. Still, it stops short of calling quantum enterprise-ready. QPUs don’t yet meet the requirements for running large-scale commercial applications such as chemical simulations or cryptanalysis.
But security experts argue that “not yet enterprise-ready” is exactly why the risk can’t wait. Quantum computing may be arriving gradually, yet it is already strong enough—in principle—to pressure the encryption systems that businesses rely on today.
Fujitsu’s Tim Steward, principal data enterprise architect for Fujitsu and author of The PostgreSQL Field Guide, laid it out bluntly at a recent data conference: “You assume that when something is encrypted, you’re pretty much going to be safe. That’s no longer the case.”
Steward explained the math in a way that sticks. Quantum power is calculated in qubits. and every 10 qubits supports 1. 024 computations—giving an attacker 1. 024 times the power to break encryption in one swoop. He said there are already machines with up to 6,100 qubits in processing power, and that number keeps growing.
That is where the scramble starts for organizations that thought they had time.
The recommended move is immediate: The best defense is to move from 126-bit to 256-bit encryption as soon as possible. as advised by the National Institute of Standards and Technology. Steward said this shift may help protect encryption algorithms from quantum hacking for at least the next two decades. and that companies need to re-examine their encryption and security strategies with clear goals. “Be proactive. Clearly define goals for encryptions. Help your organizations recognize limitations for your encryption environment.”.
The warning isn’t only technical—it’s operational.
Anand Oswal. executive vice president of network security at Palo Alto Networks. warned in a CXOTalk hosted by Michael Krigsman that by the end of this decade. a cryptographically relevant quantum computer will be capable of breaking the encryption that underpins our global economy. Oswal also argued that governments are already shifting gears. The EU Commission has announced plans to launch a quantum-safe communication network by 2030.
Some actions have already moved beyond announcements. Oswal said CNSA 2.0 mandates issued by the US National Security Agency took effect last year. And he predicted that algorithms such as RSA and ECC will be officially deprecated—discouraged and potentially flagged by compliance tools. By 2035. Oswal said. those vulnerable cryptographic algorithms will be officially disallowed for most applications. and any system relying on them will be considered non-compliant and fundamentally insecure by the world’s largest security standards.
Oswal’s hardest line was about timing. “This problem must not be pushed off into the future,” he emphasized. “Companies might already be behind schedule when we consider the reality of migration timelines.”
Migration, he said, is notoriously difficult. Historical data from past transitions shows these can take between five and ten years for a large, complex enterprise to complete. For legacy systems—especially IoT and OT devices with embedded firmware—an upgrade might not be feasible at all.
That tension sits under nearly every quantum decision right now: businesses have limited control over when quantum capabilities become practical at scale, but they do control how quickly they modernize their defenses.
Quantum may still be too limited for the biggest commercial workloads. and IBM’s study out of the IBM Institute for Business Value suggests quantum computers are not yet at the point where they can solve problems faster than classical computers alone. That study argues that adapting operations. infrastructure. and partnerships as conditions change is a prerequisite for preparing for a quantum future.
Yet the security message lands today, not later.
The same MIT Quantum Index Report that highlights today’s limitations also points to what’s accelerating anyway: early use cases are already taking shape in modeling complex molecular interactions and pharmaceuticals. Quantum’s optimization capabilities could redefine how goods move globally in supply chain and logistics. Meanwhile. IBM’s study finds that 82% of AI-first CEOs are actively engaging partners in one or more quantum ecosystems to access complementary strengths. reduce risk. and accelerate learning. and that 46% already have a team in place to identify specific quantum use cases.
CEOs surveyed in the IBM study expect quantum’s main advantages to come from optimizing operations and accelerating complex simulations. They also expect benefits for AI and machine learning capabilities, and the possibility of new business ideas. The research lists what CEOs expect quantum to deliver most business value in: optimizing operations. logistics. or resource allocation (48%); accelerating complex simulations (45%); advancing AI and machine learning capabilities (39%); exploring entirely new business models or services (37%); enhancing cybersecurity or encryption capabilities (32%); and improving research and product development timelines (30%).
IBM’s researchers also advise business leaders to begin with a small. cross-functional exploration team with a six-month mandate to identify plausible quantum use cases. simulate value. and engage ecosystem partners. They recommend near-term technology decisions that can absorb quantum inputs: prioritizing hybrid infrastructure. portable data architectures. and AI systems that can experiment with emerging compute models without major rework.
That advice may help companies explore quantum. But for security teams, the bigger takeaway is less about exploration and more about urgency.
Quantum computing can be both years away from full-scale commercial dominance and close enough to force irreversible choices. The difference is whether organizations start migrating encryption systems now—or discover. too late. what “migration timelines” really mean when the clock stops allowing planning and starts requiring compliance.
quantum computing encryption 256-bit encryption NIST RSA ECC CNSA 2.0 EU quantum-safe network 2030 migration timelines cybersecurity
Wait so they want us to change passwords again? I can’t even keep track.
I heard quantum is like 10 years away so why are they freaking out now? Sounds like companies just trying to sell upgrades and call it “security.”
So if RSA and ECC are “in trouble” then does that mean my bank app is gonna stop working? Like, do I need to update something today or is this just for big corporations? Also 5 to 10 years migration… okay but everyone will ignore it until it’s too late.
Quantum-as-a-service is already a thing?? That’s wild. But if the quantum computers can’t do cryptanalysis yet then why are they acting like the encryption is already broken? 128 to 256 sounds like doubling effort for no reason, unless they’re just guessing quantum will magically work faster than expected.