Quantum is coming, and it’s putting today’s encryption at risk
Quantum computing isn’t a distant cyber threat, it’s a vulnerability waiting to happen for today’s encryption. A cryptographically relevant quantum computer (CRQC) will soon be capable of breaking the algorithms that secure our communications, certificates, and data.
The Australian Cyber Security Centre (ACSC warns that this shift will render common public-key encryption protocols insecure – meaning the systems we rely on for authentication and data protection could be compromised.
This includes the classical cryptographic algorithms that underpin today’s secure communications, including RSA, DH, ECDH, and ECDSA. Once that happens, the very foundations of encryption – confidentiality, integrity, and authentication – could collapse.
The key message? What’s safely encrypted today could be decrypted and compromised tomorrow.
The ACSC recommends organisations begin their Post-Quantum Cryptography (PQC) transition now, to safeguard your digital infrastructure into the future. Organisations should have migration underway by 2028 and that traditional asymmetric cryptography be fully phased out by 2030. Waiting until quantum computing becomes mainstream will simply be too late. In this article we dive deeper into the consequences of failing to act and how to shore up your resilience with Post-Quantum Cryptography, which are a new class of cryptographic algorithms resistant to both classical and quantum attacks.
Why it matters: the growing quantum threat
Current cryptography relies on mathematical problems that quantum algorithms, like Shor’s, can easily solve, making them obsolete.
A key concern is the “harvest now, decrypt later” (HNDL) scenario, where attackers collect encrypted data today with plans to decrypt it once quantum computers mature.
Consequences of failing to act
- Harvest Now, Decrypt Later: Adversaries can store encrypted data now to decrypt once CRQCs emerge.
- Compromised digital signatures: The integrity of digital signatures used in identity and transaction systems will be undermined.
- Weakened secure communications: VPNs and encrypted channels may be decrypted.
- Risk to Critical Infrastructure: Systems in power, transport, and utilities could be exposed.
- Data breaches and loss of confidentiality: Sensitive data in databases and emails could become readable to attackers.
Despite these risk factors, adoption is slow:
- Nearly 49% of organisations have not yet started implementing quantum-resistant security.
- Only 22% have moved beyond pilot stages as of October 2025.
Both NIST (US) and the NCSC (UK) recommend transitioning to PQC before 2030.
Preparing for Post-Quantum Cryptography - Building Crypto-Agility
According to CSO Online, the security community has made PQC a top priority as “Q-Day” – the point at which quantum computers can break existing encryption – approaches within the next decade.
A CRQC presents a direct risk to Australia’s cyber resilience. PQC are a new generation of cryptographic algorithms designed to withstand attacks from both traditional and quantum computers, and is the only path forward.
Crypto-agility ensures you can evolve your defenses as standards change – not react once it’s too late. The adoption of PQC supports agility and is crucial now to safeguard your digital infrastructure.
Preparing for a post-quantum world starts with understanding where and how your organisation uses encryption today. To get started, organisations should prioritise the following:
- Inventory certificates, encryption keys, and workload identities
- Identify systems protecting long-lived or sensitive data
- Build flexibility to change cryptographic standards quickly.
The LATICE Framework
The ACSC’s LATICE framework below provides a useful roadmap to prepare. These steps ensure your organisation can prepare, plan, and protect its digital infrastructure for the quantum era.
Locate
Locate & catalogue traditional asymmetric cryptography
Assess
Assess the value and sensitivity of systems and data
Triage
Triage systems using outdated algorithms
Implement
Implement post-quantum cryptographic algorithms
Communicate
Communicate with vendors and stakeholders
Educate
Educate staff on the PQC transition
The solution lens: CyberArk and Avocado
As machine identities and certificates multiply across hybrid environments, CyberArk is building PQC-ready capabilities to help organisations safeguard and manage encryption keys, workload identities, and certificates to establish crypto-agile foundations.
At Avocado, we help organisations integrate emerging security standards and identity management practices that align with ACSC guidance and CyberArk’s PQC roadmap.
From assessment to implementation, we ensure your strategy evolves to meet future encryption standards.
Don’t wait for quantum to arrive before you act. Get quantum-ready now.
Avocado and CyberArk
Avocado is an authorised CyberArk partner. We pride ourselves on delivering industry-leading identity security solution to our clients. We are a proud CyberArk partner and offer a full range of CyberArk-related services, including consultancy, licensing, implementation, management, and optimisation.
