Quantum computing is no longer just an academic idea, it’s moving into the business and technology world at a rapid pace. While industries like healthcare, logistics, and finance see it as a driver of innovation, the cybersecurity community views it as an existential threat: Cryptographic systems are vital to protect the confidentiality and authenticity of data. Quantum computing will be a threat to many of the cryptographic algorithms used to achieve these protection goals. Cryptographic algorithms that have protected us for decades may soon be broken.
The implications are clear: data encrypted today could be stolen and stored by attackers, only to be decrypted in the near future once quantum computing reaches maturity. This is the attack model known as “Harvest now, decrypt later.”
Algorithms like RSA and ECC, the foundations of internet security, email protection, and banking transactions could collapse in seconds once quantum computing becomes commercially viable.
The Real Risk: Harvest Now, Decrypt Later
The danger is immediate. Adversaries may already be collecting encrypted data today and simply wait for quantum capabilities to evolve. Legal documents, medical records, source code, and even state secrets could all be exposed years later-with devastating consequences. Governments, regulators, and industry bodies are already demanding action. Preparing for the quantum era is no longer optional, but a business imperative.
Where Are the Main Threats?
Breaking Encryption – Critical systems like VPNs, PKI, and TLS could lose all effectiveness
Regulatory Exposure – Regulators such as the EU (GDPR, NIS2) and Israeli authorities are signaling that failing to prepare for the post-quantum era will be considered a compliance failure
Supply Chain Risk – Even if your organization prepares, a single unprepared vendor can put the entire system at risk
Loss of Trust – Organizations that fail to act will face immediate reputational damage, fines, and sanctions
What Does Regulation Say
In August 2024, the U.S. National Institute of Standards and Technology (NIST) released its first finalized post-quantum cryptography standards
In 2024, the European Union published its Coordinated Implementation Roadmap for the Transition to Post-Quantum Cryptography, setting timelines for all Member States
In Israel, the National Cyber Directorate has issued early guidance encouraging organizations to prepare, while the banking regulator has already instructed financial institutions to begin mapping and planning for the post-quantum era.
The common thread: this is no longer optional-it’s a mandatory shift.
How Should Organizations Prepare?
Map critical cryptography – Identify where encryption underpins communication, backups, and identity systems.
Evaluate PQC algorithms – Begin integrating post-quantum solutions alongside existing encryption. Identify non-compatible systems to evaluate other security layers on them.
Strengthen the supply chain – Demand “Quantum Readiness” from every technology vendor.
Invest in culture and training – Ensure employees and leaders understand why traditional encryption will not be enough.
Track regulations continuously – Stay one step ahead of evolving requirements.
What are the top shared priorities of NIST, the EU and Israel in preparing for the quantum era:
Cryptographic Asset Mapping – All three determine asset mapping as the foundation for any transition plan. Without knowing what’s encrypted, where, and how, you can’t protect it.
Awareness and Governance at the Board / Executive Level – Leadership accountability is emphasized across all jurisdictions.
Vendor and Supply Chain Readiness – The supply chain is considered a direct vector of risk, so vendor management is integral to readiness.
A few months ago, two of Israel’s most critical organizations – a major government ministry and a leading financial group – approached us with a crucial question:
Are our encryption systems and infrastructures truly ready for the future?
Through a comprehensive assessment of their information systems and cybersecurity infrastructures, we uncovered critical gaps – sensitive databases left unencrypted, outdated TLS 1.1 protocols, and third-party connections relying on static tokens. The insight was clear: their systems were built to protect yesterday, not tomorrow.
As part of the broader business process, we encountered a significant challenge – several core systems were unsupported and incompatible with modern security standards.
To address this, we conducted a full mapping of unsupported systems, prioritized them by criticality, and successfully upgraded them in a remarkably short time through close collaboration with internal IT teams.
This collaboration paved the way for introducing new processes and advanced encryption frameworks, ensuring seamless integration without disrupting critical operations.
In systems where post-quantum (PQC) algorithms were not yet implemented, we used AES-256 encryption as the fallback, upgrading all communication protocols to TLS 1.3, reinforcing third-party integrations through daily-rotated tokens managed via AWS KMS, and launching a strategic transition toward Post-Quantum Cryptography (PQC).
Today, these two institutions stand among the first in Israel to implement quantum-ready cybersecurity architectures. Beyond the technology, the project’s success was driven by business insight, architectural innovation, and strong cross-team collaboration – proving that when strategy and technology move together, security becomes not just protection, but a true business advantage
Bottom Line
Quantum computing is coming and the only real question is whether we’ll be ready. Organizations that start preparing today can turn risk into opportunity: building stronger encryption, reinforcing customer trust, and aligning with regulatory requirements.
At Cyght, we guide organizations through the post-quantum journey, from initial risk mapping to PQC adoption and quantum-resilient security architectures, enabling innovation while ensuring long-term security and resilience.
Ron Shalom is a seasoned CISO and cybersecurity advisor with experience spanning Israel’s defense sector, global enterprises, and startups. He has led cyber resilience programs, advised boards, and guided companies through regulatory compliance and security transformation. Ron is the director of the security department in Cyght.
Shay Nachum, CEO of Cyght, winner of the Israel Defense Award, Cyber warfare expert and Startups Investor.
