The security of our digital data relies heavily on cryptography – mathematical armor that protects everything from banking transactions to military communications. But a new threat looms with the capabilities to shatter it: quantum computing.

“When you have traditional [or] classical cryptography, it’s based on values which are ultimately stored as zeros and ones – individual bits of information. With quantum computers, you’re not limited to just 0 or 1 for your values. You can have multiple values simultaneously,” explains Andy Bruce, Lead Engineer at TripleCyber.

This difference creates an advantage for certain types of calculations. To visualize this, Bruce says imagine trying to solve a complex maze:

“Using the analogy of a maze, if you want to solve multiple paths with a classical computer, you first have to try one path and come back to the beginning. Try another path, [then go] back to the beginning. Try another path, [etc.]. With a post-quantum computer, you can, in theory, try as many different paths simultaneously as you have qubits.”

Today’s security is based on mathematical problems that prove extremely difficult for classical computers to solve. For example, breaking the RSA 2048 encryption that protects most web servers would take a traditional computer about “19.8 trillion years” to crack, while a quantum computer with sufficient qubits could theoretically do it in “about eight hours.” IBM already has a chip with 1,172 qubits, and the technology continues to advance quickly, making this situation less theoretical and more of a near-term reality.

When asked which industries are most at risk from quantum computing threats, Bruce’s answer was simple:

“Basically everything. Government, financial, internet commerce, anything with login servers… anything that requires two entities to share data.”

Quantum computing threatens data in transit (data being exchanged between parties) and data at rest (stored information, like data on hard drives or in the cloud). Any system that relies on secure authentication or encrypted data is vulnerable.

“Starting in 2025, the big initiative is to implement quantum-resistant computing… we implement the best solutions that we have now so that we can get all the underlying plumbing done.”

By 2030, Bruce predicts that “99% of the internet infrastructure will be post-quantum ready.” But that means organizations must begin transitioning to post-quantum security measures.

For individuals, Andy’s advice is simple: “Keep your devices up to date. That’s the best thing in the world.”

For organizations, the task is more complex:

• Analyze existing cryptographic tools and infrastructure
• Identify systems that will need hardware or software upgrades
• Prepare for potentially larger key sizes and computational requirements
• Develop a transition strategy that includes both classical and post-quantum cryptography during the migration period

At TripleCyber, Bruce says, “As of Q1 2025, we have full support for post-quantum cryptography already built in.”

While there remain uncertainties about when quantum computers will become powerful enough to break current encryption, the industry is moving quickly. Bruce states that the question isn’t if we need quantum-resistant encryption—it’s when. And for organizations that value their data security, that “when” is now.