C-Suite Readiness for Post-Quantum Cryptography and Emerging Quantum Risk
Enterprise security leaders are split on how urgently to prepare for post-quantum cryptography (PQC) as quantum computing remains an uncertain but potentially disruptive threat to widely used public-key algorithms such as RSA. Some CIOs and CISOs characterize quantum as a low near-term priority due to unclear timelines, while others argue preparation is unavoidable and should begin now as a business risk decision rather than a purely technical one.
In healthcare specifically, a PwC survey of 381 global healthcare executives (May–July 2025) found organizations are cutting cybersecurity budgets under financial pressure even as threats intensify, with data protection the top spending driver but only 35% reporting data risk controls across the full data lifecycle (vs. 44% cross-industry). Healthcare leaders cited cloud-related threats, quantum computing risks, and attacks on connected products as areas of lowest preparedness; in pharma/life sciences, more than half reported they have not started quantum-resistant measures, and only 7% plan to allocate budget toward quantum readiness in 2026—highlighting a gap between acknowledged quantum risk and funded mitigation.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
10 events from the most recent confirmed update back to the earliest known activity.
Coinbase forms advisory board on quantum-risk mitigation
Coinbase established an advisory board to assess quantum-computing risks to crypto systems and help guide mitigation strategy. The move reflects growing concern within the digital-asset industry that quantum threats require active planning rather than being treated as purely theoretical.
Google adds Android 17 ML-DSA support and plans Play signing migration
Google announced Android 17 support for the NIST-aligned ML-DSA post-quantum digital signature algorithm. It also said it plans to migrate Play Store and developer app-signing systems to quantum-resistant standards as part of its accelerated 2029 post-quantum timeline.
Google sets 2029 Q-Day readiness target and urges PQC adoption
Google announced it is targeting 2029 for its own readiness for 'Q Day' and called on the broader industry to replace or augment RSA and elliptic-curve cryptography with post-quantum cryptography. The company framed the move as an effort to increase urgency as estimates for the resources needed to break current public-key systems continue to fall.
EUROCRYPT paper lowers logical-qubit estimate for breaking ECC
Researchers from INRIA Rennes presented a EUROCRYPT 2026 paper describing a new quantum algorithm for the elliptic curve discrete logarithm problem that significantly reduces logical-qubit requirements versus prior work. The paper estimated breaking P-256 would require 1,193 logical qubits instead of 2,124, reinforcing urgency around post-quantum migration and harvest-now-decrypt-later exposure.
PwC survey finds healthcare cutting cyber budgets despite rising threats
PwC reported that global healthcare organizations are reducing cybersecurity budgets under financial pressure while facing intensifying threats. The survey found weak preparedness for cloud threats, quantum risks, and connected-product attacks, with healthcare lagging in end-to-end data risk controls.
Organizations begin post-quantum migration planning amid 'harvest now, decrypt later' risk
Government, finance, and defense organizations are described as early adopters starting post-quantum planning, including asset discovery, threat modeling, prioritization of long-lived sensitive data, and efforts to build crypto agility. Experts warn that migrations can take 5–10 years, making delay risky even before cryptographically relevant quantum computers arrive.
NIST publishes post-quantum cryptography guidance and migration timelines
NIST issued post-quantum cryptography guidance and timelines that began pressuring organizations, especially government entities, to plan migrations away from vulnerable public-key algorithms. The references cite this as a key forcing function for enterprise quantum-readiness efforts.
VPN providers begin rolling out post-quantum encryption
In 2025, some commercial VPN providers, including NordVPN, ExpressVPN, and Mullvad, began deploying post-quantum encryption for VPN traffic. The rollout remained limited, with support largely confined to WireGuard or Lightway while many providers and OpenVPN users still lacked protection against harvest-now-decrypt-later risks.
NIST finalizes first PQC standards and later selects HQC as backup
NIST finalized its first three post-quantum cryptography standards in August 2024, marking a major standardization milestone for migration efforts. In March 2025, it selected HQC as a backup standard, further expanding the approved post-quantum toolkit.
Ethereum begins long-term post-quantum migration planning
Ethereum is described as having started preparing for post-quantum cryptography in 2018, with foundation-led work including dedicated teams, devnets, and hard-fork roadmap milestones. The effort is contrasted with Bitcoin's lack of a coherent, broadly supported migration roadmap.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
19 references tracked. Mallory keeps watching after this page renders.
Cryptographers bet on quantum computing’s impact on encryption | brief | SC Media
scworld.com
Open sourceA Cryptography Engineer’s Perspective on Quantum Computing Timelines
words.filippo.io
Open sourcePost-Quantum VPN Encryption Arrived in 2025. Most Providers Still Don't Have It - Ruby-Doc.org
ruby-doc.org
Open sourceHarvest Now, Decrypt Later: The Quiet Crisis in Post-Quantum Cryptography - Center for Cyber Diplomacy and International Security
cybercenter.space
Open sourceQuantum’s Uncertain Arrival Leaves CIOs With a Strategic Choice
govinfosecurity.com
Open sourceQuantum’s Uncertain Arrival Leaves CIOs With a Strategic Choice
bankinfosecurity.com
Open sourceGoogle sets 2029 for quantum apocalypse - SDxCentral
sdxcentral.com
Open sourceQuantum and the cloud: Science fiction turned security strategy | Sysdig
webflow.sysdig.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Enterprise Readiness for Post-Quantum Cryptography
Security leaders are increasingly concerned about the impact of quantum computing on existing cryptographic systems, as quantum-inspired algorithms and quantum-ready software begin to appear in enterprise and defense environments. While most organizations are not yet running quantum computers, quantum software is being integrated into mission-critical workflows, often without security teams' full awareness. This integration poses new challenges for visibility, validation, and compliance, requiring CISOs and security operations teams to adapt their approaches to risk management and technology vetting. Despite growing awareness of the quantum threat, a recent survey by the Trusted Computing Group (TCG) reveals that 91% of businesses lack a formal roadmap for migrating to quantum-safe algorithms. Although many security professionals express confidence in their understanding of quantum risks, actual technical preparation remains limited, with most organizations' cryptographic libraries and hardware security modules not yet ready for post-quantum standards. The gap between perceived readiness and actual progress suggests that enterprises may be underestimating the complexity and timeline required to achieve true post-quantum security.
Mar 21, 2026
Growing Concern Over Quantum Computing Threats to Cryptography and Post-Quantum Migration
Concerns about **quantum computing** undermining today’s cryptography are influencing both market behavior and policy planning. A Jefferies strategist reportedly removed a 10% **Bitcoin** allocation from a model portfolio, citing the risk that future quantum advances could eventually compromise cryptographic protections underpinning cryptocurrencies (e.g., long-term concerns around breaking schemes associated with Bitcoin’s security model, which relies on `SHA-256` hashing and public-key cryptography for ownership control). The decision reflects broader investor anxiety that a surprise cryptographic break could rapidly erode confidence and value across crypto markets. In parallel, the **G7 Cyber Expert Group** published a roadmap calling for the financial sector to complete **post-quantum cryptography (PQC)** implementation by **2034**, emphasizing early-stage quantum risk awareness, sensitive data and critical system mapping, and building detailed inventories that include third-party dependencies. The roadmap recommends beginning migration activities in the 2026–2029 window, progressing to quantum-resistant solutions through 2034, and prioritizing **cryptographic agility** so organizations can adapt as standards and threats evolve. Separate reporting on a **58% increase in ransomware victims in 2025** describes a fragmented ransomware ecosystem and sector targeting trends, but it is not directly tied to quantum-driven cryptographic risk or PQC migration planning.
Apr 14, 2026
Quantum Computing Threats Prompt Urgent Shift to Post-Quantum Cryptography
Cybersecurity leaders are raising alarms about the accelerating timeline for quantum computing to break current public encryption methods, a milestone known as Q-Day. Experts warn that Q-Day could arrive as soon as 2030, threatening to undermine the core trust mechanisms of the internet, including HTTPS, digital certificates, and public-key infrastructure. In response, governments and industries are developing plans to transition to post-quantum cryptography (PQC), but concerns remain that critical sectors such as banking, healthcare, and government may not be fully prepared in time. One of the earliest operational changes in anticipation of quantum threats is the reduction of SSL/TLS certificate lifespans to 47 days. This move, aligned with evolving browser requirements and NIST guidance, is designed to improve crypto agility and security hygiene, helping organizations adapt to a future where static cryptography is no longer viable. Security executives emphasize the need for urgent action, drawing parallels to the unpreparedness seen during the rapid adoption of AI, and stress that building operational readiness for PQC is now a strategic imperative for digital trust and business continuity.
Apr 17, 2026