Industry News for Business Leaders
CybersecurityFeatured

Q-Day Is Getting Closer: Why the Industrial Sector Needs to Prepare for Post-Quantum Cryptography

Q-Day Is Getting Closer: Why the Industrial Sector Needs to Prepare for Post-Quantum Cryptography
The world of cybersecurity is on the brink of a revolution, and not the kind anyone hoped for. For decades, experts have warned that quantum computing could one day render modern encryption obsolete, but the timeline was always vague, distant, even speculative. That changed in March 2026. And for the industrial sector, the risks are high. (iStock/Ryzhi)

The world of cybersecurity is on the brink of a revolution, and not the kind anyone hoped for. For decades, experts have warned that quantum computing could one day render modern encryption obsolete, but the timeline was always vague, distant, even speculative. That changed in March 2026. And for the industrial sector, the risks are high.

Six Years Before the 2035 Reference

On March 31, 2026, researchers from Caltech and Oratomic, a newly-founded spin-off of the institute, published a paper arguing that Shor’s algorithm, the quantum method capable of breaking the public-key encryption protecting most of the world’s digital traffic, could in theory run on a machine with just 10,000 physical qubits. To the layman, that might mean very little: to quantum experts, that was the equivalent of a red alert.

Previous estimates for the same results suggested that the number of qubits necessary to run Shor ranged in the millions. The same paper calculated that roughly 26,000 qubits could crack P-256 elliptic-curve encryption, widely used in financial and government systems, in a matter of days.

Around the same time, Google’s quantum team released its own findings, indicating a dramatic reduction in the resources needed to attack elliptic-curve cryptography, and backed the claim with a zero-knowledge proof rather than publishing the algorithm itself. Google also announced on March 25th, before the papers’ release, that it would complete its migration to post-quantum cryptography by 2029.

Cloudflare, the company whose network services power a vast portion of the Web, matched that commitment on April 7. Both dates are six years ahead of a relevant reference: the 2035 deadline the US government set for its own national security systems.

It doesn’t take a Quantum Computer to do the proverbial two plus two: some of the most technically sophisticated operators of internet infrastructure crunched new numbers and concluded, independently, that their 10-years planning horizon was no longer adequate to the advancement of quantum computing research. Q-Day, the theoretical day when a quantum computer can break the encryption systems in use today, looms closer and closer.

Why Today’s Encryption Is Vulnerable?

Most digital security relies on public-key cryptography. In very simple terms, the system is like a padlock anyone can snap shut but only one person can open. When we connect to our bank, that padlock proves we are really talking to the bank and lets the two sides agree on a secret key for the session. The security of the whole arrangement rests on mathematical problems, such as factoring enormous numbers, that would take a classical computer longer than the age of the universe to solve.

Quantum computers work quite differently. Their fundamental calculation units, the qubits, can exist in blends of 0 and 1 rather than just one or the other. Quantum algorithms exploit this to make wrong answers cancel out and right answers reinforce, which makes them way faster at certain kinds of problems, including the math that protects the padlock.

Shor’s algorithm, formulated back in 1994, is the best-known recipe for how that can happen. For three decades the threat remained theoretical, because running it at a meaningful scale was thought to require millions of qubits. Recent research has lowered that estimate to under a million, and now the Oratomic/Caltech paper has basically shaved off two additional orders of magnitudes.

The previous assumptions cracked because progress compounded on three fronts at once. Hardware improvements, better error correction, and more efficient algorithms.

Neutral-atom machines like the ones developed by Caltech and Oratomic, which trap individual atoms with lasers and use them as qubits, are scaling faster than expected.

Error correction, the process of stabilizing the physical qubits by avoiding the destruction of their “coherent” state necessary for the actual calculations, improved even more dramatically. Where superconducting architectures need roughly a thousand physical qubits to produce one reliable logical qubit, the Caltech team showed that neutral atoms may need only three or four.

The algorithms themselves have improved, as demonstrated by Google’s results. On top of that, researchers connected to Google, Caltech, and Oratomic have already been able to build a working neutral-atom computer with more than 6,100 highly coherent qubits: that’s quite close to the theoretical 10,000 threshold mentioned in the university’s paper. 

What Are the Actual Risks?

While the internet and networking giants have already taken note of the shift in timelines, other sectors might take more time to adapt: that’s a problem. For the industrial sector at large, which runs on digital trust far more than it realizes, the implications go beyond IT departments and reach the factory floor, the supply chain, and decades of accumulated IP protection. A machine manufacturer, a chemicals company, or a logistics warehouse do not look like they operate like a bank, yet they rely on the same cryptographic systems in many different ways.

Yoni Katz, lead cyber credit risk associate at financial services company Moody’s, says:

“Cryptography underpins trust across a vast number of processes. It helps companies verify that a supplier is legitimate, that software updates are authentic, that connected factory systems are secure, and that parts, documents, or counterparties are genuine.”

If Q-Day will eventually materialize, as many scientists now think it will sooner than previously thought, we could be facing a quite rare retroactive risk scenario. In a strategy known as Store Now, Decrypt Later, adversaries intercept and harvest encrypted traffic today, betting they can unlock it once a capable machine exists.

Katz sees this as a core industrial exposure:

“Sensitive IP, such as product designs, formulas, patents, or production methods, could be captured today and stored until a capable quantum computer can decrypt it in the future. For manufacturers built on long-term R&D and proprietary processes, that could massively erode competitive advantage.”

A scenario sketched by Germany’s federal cybersecurity agency. The BSI imagines a manufacturer whose confidential production plans are decrypted years after interception, until a cheaper copy of its complex machinery appears on the market.

There is a second failure mode that security engineers consider even worse: authentication. An attacker with a quantum computer would not need to steal data: it could forge the keys themselves, impersonating servers, signing malicious software updates, or minting valid access credentials. In an industrial setting, that is equivalent to an attacker holding a master key to the plant.

How the US and China Are Preparing

Luckily, the defensive technology for Post-Quantum Cryptography (PQC) already exists. In 2024, the US National Institute of Standards and Technology published its first PQC standards, based largely on lattice mathematics, problems believed to resist quantum attack. Washington’s 2035 deadline to update the federal national security systems is already an ongoing effort. Currently the White House priced it at 7.1 billion dollars to be spent over a decade for priority systems alone. Considering that the US private sector is now moving faster than its government, these numbers are probably subject to change in the near future.

China is a rather opaque player. It has invested heavily in quantum research, operates the world’s most extensive quantum communication infrastructure, and is running its own standardization process for post-quantum algorithms rather than adopting NIST’s. Its intelligence capabilities make the store-now logic a concrete risk: data flowing across networks today is already a strategic asset for whoever can store enough of it, and China is definitely a prime candidate for that. In all fairness, the same can be said of Western agencies, which is partly why experts fear that scientific transparency and open access to publications might take a backseat in the upcoming years, as Q-Day gets closer

Europe’s Stance

Europe’s approach to PQC is shared among an array of interconnected security agencies. The Union considers PQC-readiness a matter of sovereignty, and is pushing for solutions that won’t depend on the US’s NIST or other US agencies. The enforcement is driven via specific regulations and national transpositions of EU directives.

Germany’s BSI works on the hypothesis that cryptographically relevant quantum computers could exist by the early 2030s, framed not as a forecast but as a risk-management assumption. And together with partners from twenty other European states it has urged industry and critical infrastructure operators to begin migrating now.

The “Recommendation on a Coordinated Implementation Roadmap for the transition to Post-Quantum Cryptography”, published in 2024, underpins a wider roadmap updated in 2025. The EU favors hybrid deployments, pairing post-quantum and classical algorithms so that a weakness in either leaves data protected.

The readiness picture, however, needs to improve: a joint BSI and KPMG survey of German organizations published in 2022 found that only a quarter addressed the quantum threat in their risk management, and just 11 percent believed they could become quantum-safe in time.

Given the new findings from California, and a general consensus in the scientific community about a shortened quantum computing timeline, more and more risk managers might take note. That could still not translate into a proper roadmap for most companies, and that’s an issue. 

The Road to Post-Quantum Security: Technology and Risk Management

Getting to PQC, albeit inevitable for any institution or company, is a complex undertaking that has to overcome at least two sets of hurdles; one has to do with the technical aspects, the other one with financial planning and risk management.

The new algorithms use much larger keys meaning that the data exchanged in every secure connection is physically larger. That’s a meaningful burden at the scale of billions of daily exchanges taking place on the networks. Moreover, legacy hardware, from banking mainframes to satellites to controllers embedded in infrastructure, often cannot be patched and must be physically replaced.

Financial and risk management departments have their own set of issues to address. As Moody’s Yoni Katz explains:

“PQC is a defense. It will not generate ROI in the traditional sense; its value is in avoiding future losses, regulatory issues, operational disruption, or loss of trust”.

For well-capitalized firms, PQC upgrades can probably coexist with other, more proactive expenditures like AI, which has more potential to eventually become profit-generating solution. For resource-constrained companies the “pressure is more acute”, concludes Katz, because AI, broader cybersecurity spending, infrastructure, and also PQC may all compete for the same tech budget.

“PQC is more likely to take meaningful budget once regulation, customer requirements, procurement standards, or operational urgency force it onto the agenda. But that is exactly the risk of delay: companies that defer PQC may later have to fund migration on a compressed timeline, potentially redirecting money from AI or other strategic investments. In that sense, PQC may not be a broad limiter on arbitrary AI spend today, but it could become one for issuers that wait too long or lack the resources to fund both priorities in parallel.“ 

Advertisement
Advertisement
Advertisement
Advertisement
Advertisement