
The quantum conversation almost always sounds the same. A future computer will crack RSA, it is roughly ten years away, and someone should probably look into it. That story is true, but it is also a distraction. The risks worth losing sleep over are the ones already in motion and the ones hiding in systems nobody thinks to check. A 2025 ISACA poll of more than 2,600 professionals found that only 5 percent of organizations have a defined quantum strategy, even though 62 percent expect quantum machines to break current encryption. That gap between worry and action is the part of the story too few people are telling. Here is what is actually at stake.
Key Takeaways
- The loudest quantum warning hides several quieter risks that arrive much sooner.
- Quantum machines can forge digital signatures, letting attackers fake software updates and trusted certificates.
- Cars, medical devices, and satellites will outlive the encryption sealed inside them.
- Most companies grasp the threat yet still have no migration roadmap on paper.
- A rushed or blind migration can open fresh holes instead of closing them.
The Quantum Story Everyone Tells, and the Part They Skip
The familiar version goes like this. Shor’s algorithm, run on a powerful enough machine, factors the huge numbers behind RSA and elliptic curve cryptography, and most estimates place that machine somewhere around 2030 to 2035. All of that is correct. The trouble is what the headline leaves out. Public-key cryptography does more than keep secrets; it also proves who you are and confirms that data has not been altered. When people picture only stolen messages, they miss the attacks on identity and integrity that come with the same breakthrough. This is why understanding the quantum security risks to encryption matters far beyond the usual soundbite.
Think of it as a blind spot rather than a single threat. The spotlight sits on confidentiality, so signatures, certificates, long-life hardware, and the migration project itself sit in the dark. Each one carries real exposure, and each one is easy to overlook precisely because the public story never points at it.
| What most people picture | What is also true |
|---|---|
| Quantum breaks encryption someday | Identity and integrity break at the same moment |
| The threat is roughly a decade away | Data stolen today can be unlocked later |
| It only affects secret data in transit | It affects signatures, certificates, and devices |
| Strong ciphers keep us covered | The key exchange protecting them is the weak point |
Table 1: The quantum threat most coverage describes versus the parts it tends to skip.
Risk One: The Data You Lost Years Ago
You do not need a quantum computer to be a victim of one. Adversaries can intercept encrypted traffic today and simply store it, waiting for the hardware to catch up before they read it. The data most exposed is the data with a long shelf life: backups, legal archives, genomic records, merger plans, and classified files that stay sensitive for decades. None of this shows up as an alert, which is exactly why it goes unnoticed.
| Warning: Treat any sensitive information that is not protected with quantum-safe methods today as potentially compromised already. The theft can happen now; the reading just happens later. |
IBM puts the point bluntly, arguing that data not secured against the quantum era should be considered lost the moment it leaves your control. For finance, healthcare, and government, where records keep their value for years, reframing changes the math on what counts as urgent.
Risk Two: Forged Trust, or Sign Today and Forge Tomorrow
Here is the risk almost nobody names. A quantum machine does not only decrypt; it can also forge. The same break that exposes encrypted data also lets an attacker counterfeit the digital signatures that vouch for software updates, firmware, and website certificates. Researchers have started calling this Sign Today, Forge Tomorrow, the authentication twin of the harvesting problem.
The damage here is different in kind. A forged signature means malicious firmware that a device accepts as genuine, a fake certificate that makes a lookalike site appear trusted, or a software update that quietly carries a payload. Public key infrastructure is the spine of digital trust, and replacing root certificate authorities across the internet historically takes five to ten years. NIST has already published its first finalized set of standards for exactly this reason, including new signature algorithms, but swapping them everywhere is the slow part.
Risk Three: Devices That Will Outlive Their Encryption
Some of the most exposed systems are the ones you cannot easily patch. A connected car, a pacemaker, a satellite, or an industrial controller is built today with RSA or ECDSA baked into its hardware, and many will still be running in fifteen or twenty years. Quite a few cannot have their cryptography updated at all once they ship.
“The automotive industry, where cars are on the road for a long time.” — Joppe Bos, cryptography researcher at NXP
That observation captures the trap neatly. The device leaves the factory with a cryptographic clock already ticking, and the timeline of the product outlasts the timeline of its protection. Disciplined habits such as keeping every device patched and current help on the software side, yet firmware-level cryptography often cannot be swapped after deployment. The same worry extends to the gadgets at home, which is why basic home network security deserves more thought than it usually gets.
| Asset | Typical service life | Quantum exposure |
|---|---|---|
| Passport | Around 10 years | Long-lived identity documents |
| Connected car | 15 years or more | RSA/ECDSA often fixed in hardware |
| Medical device or implant | 10 to 20 years | Rarely re-keyed after deployment |
| Satellite | 15 to 20 years | No physical access to upgrade crypto |
| Industrial / OT controller | 20 to 30 years | Legacy systems, slow to patch |
Table 2: Many assets stay in service well past the estimated 2030 to 2035 arrival of a code-breaking machine.
Risk Four: The Migration Is Its Own Risk
The transition to new algorithms sounds like the cure, but done carelessly it becomes a risk of its own. The first problem is visibility: most organizations cannot list every place public-key cryptography lives, from forgotten servers to embedded libraries to third-party tools. You cannot replace what you cannot find, and this hidden cryptography is where migrations quietly fail.
The numbers tell the story. Even among professionals who understand the danger, very few have moved from awareness to a plan.

Figure 1: Trusted Computing Group, State of PQC Readiness (2025), survey of 1,500 security professionals.
The Trusted Computing Group surveyed 1,500 security professionals and found a striking split. Most felt confident in their grasp of the threat, yet the share with a formal plan or ready infrastructure was tiny by comparison. Compounding this, post-quantum keys and certificates are larger than today’s, which can break older systems that assumed smaller sizes, and hybrid setups that run old and new algorithms together introduce their own implementation bugs.
Why “We Use AES, We Are Fine” Misses the Point
There is a comforting line that circulates in security teams: we use AES-256, so quantum is not our problem. It is half true, which makes it dangerous. Grover’s algorithm only halves the effective strength of a symmetric cipher, so AES-256 holds up well and AES-128 merely weakens. The catch sits one layer down.
| Key point: Strong encryption is not the same as quantum-safe encryption. AES-256 may be solid, but if the key reaches you through RSA or elliptic curve key exchange, a quantum attacker can grab it at the door. |
Those strong AES keys do not appear by magic. They are exchanged at the start of a session using RSA or elliptic curve key agreement, the very algorithms Shor’s method shatters. Break the handshake and the attacker walks away with the symmetric key, no matter how robust the cipher it unlocks. Conflating the two is how organizations talk themselves into a false sense of safety.
What the Prepared Are Doing Differently
Teams that take this seriously start in a specific order:
- Build a cryptographic inventory, mapping where algorithms, keys, and certificates actually live.
- Prioritize by two clocks: how long the data must stay secret and how long the system stays in service, a balance often framed as Mosca’s inequality.
- Adopt crypto-agility, designing systems so algorithms can be replaced without a rebuild.
- Deploy hybrid modes that pair a classical algorithm with a post-quantum one during the changeover.
- Target the NIST-standardized algorithms for new work and press vendors for clear roadmaps.
| Pro tip: Before listing your algorithms, answer the business question first: what are we protecting, and how long must it stay secret? That single answer tells you where to begin. |
None of this requires a working quantum computer to justify it, which is the whole point. For readers who want the bigger picture, the future of cryptography is shifting under everyone’s feet, and even the gambling sector is wrestling with the implications of Q-Day across its digital systems.
Frequently Asked Questions
What quantum risks are people overlooking?
Most coverage fixates on broken encryption, but the quieter risks are forged digital signatures, fake certificates, long-life devices that cannot be re-keyed, and the messy migration project itself. These hit identity and integrity, not just confidentiality, and they often arrive sooner.
Can quantum computers really forge digital signatures?
Yes. The same mathematics that lets a quantum machine break RSA and ECC encryption also lets it counterfeit the signatures these schemes produce. That means fake software updates, forged firmware, and fraudulent website certificates that systems would accept as completely legitimate.
Is my data at risk before quantum computers even arrive?
It can be. Attackers harvest encrypted data now and store it until the hardware to decrypt it arrives. Anything that must stay private for a decade or more, such as health or legal records, should be treated as exposed from the moment it is captured.
Are my smart devices and car affected?
Potentially, yes. Connected cars, medical devices, satellites, and industrial controllers often ship with cryptography fixed in hardware and stay in service for fifteen years or longer. Many cannot have their algorithms updated, so they may outlive the protection built into them.
Does using AES-256 keep us safe from quantum attacks?
Not entirely. AES-256 itself resists quantum attacks well, but the keys protecting your sessions are usually exchanged with RSA or ECC methods that quantum machines can break. Crack that exchange and the strong cipher behind it no longer protects you.
The Quiet Risks Bite First
The quantum threat is not a single alarm that will sound in 2030. It is a slow erosion that has already started in the corners of your infrastructure nobody is watching: the signatures, the certificates, the devices destined to outlive their own defenses. The organizations that come through this well will be the ones that stop treating quantum as a future headline and start treating it as a present inventory. The quiet risks are the ones that bite first.
References
ISACA, Organizations Lack a Quantum Computing Roadmap, ISACA Finds, 2025 –
Trusted Computing Group, State of PQC Readiness Report, 2025 —
NIST, NIST Releases First 3 Finalized Post-Quantum Encryption Standards, 2024 —
Craig Gidney, How to Factor 2048 Bit RSA Integers With Less Than a Million Noisy Qubits, 2025 —
https://arxiv.org/abs/2505.15917
IBM Research, The Cryptography Standards That Will Keep Today’s Data and Systems Quantum Safe, 2022 —
https://research.ibm.com/blog/quantum-safe-crypto-standards-roundtable
Fact Check: All statistics and data points in this article were verified against original sources as of June 25, 2026. Sources are listed in the References section.