Why Post-Quantum Cryptography Can't Wait

CYBER RISK COMMENTARY News, news analysis, and commentary on the latest trends in cybersecurity technology. Why Post-Quantum Cryptography Can't Wait Organizations have to prepare to ensure they have cryptography in place in the post-quantum world. Manju Naglapur,Senior vice-president, general manager,Unisys March 12, 2026 4 Min Read SOURCE: SAKKMESTERKE VIA ADOBE STOCK PHOTO COMMENTARY Somewhere in the world right now, a cybercriminal is trying to steal your organization's encrypted data. They can't read it yet, but the technology needed to do so is rapidly approaching. When ready, that technology will allow criminals to break even the most stringent traditional protections in a matter of minutes.   This type of attack is part of a new "harvest-now, decrypt-later" approach, and it represents one of the most insidious threats facing organizations today. Unlike traditional cyberattacks, which cause immediate and visible damage, these attacks are invisible. There's no ransomware notice, no data breach disclosure, and no emergency response. The theft happens quietly, the encrypted data is archived, and organizations may not know they were compromised until years later, when quantum computers make today's encryption obsolete. This isn't a theoretical future threat. It's happening now, requiring organizations to prioritize adopting post-quantum cryptography to protect themselves and their clients from costly breaches that put the most sensitive and private information at risk.   Related:Speakeasies to Shadow AI: Banning AI Browsers Will Fail Understand Your Risk Level Not all data faces the same risk in the harvest-now, decrypt-later landscape, meaning that not all information should receive the same level of protection. That is why enterprises need to take necessary steps to understand the sensitivity level of their data and how long it must be protected. To achieve this, organizations must take a systematic approach that starts with a comprehensive audit of all company assets, hardware, software, and supplier information. This extensive audit requires cataloging everything, from key lengths and usage patterns to departmental ownership details. Only then can leaders and security teams better identify vulnerabilities and take action to protect against future threats.   This type of protection is essential for sensitive information such as medical records, government defense secrets, diplomatic communications, and personally identifiable information, which can remain valuable for decades. On the business side, corporate intellectual property, merger and acquisition plans, and proprietary research are also likely to require protection for several years. Even future projects, such as engineering designs for products planned for the next decade, could become vulnerable.   By understanding the value and longevity of critical information, organizations can decide what to protect now. Additionally, they can take steps to ensure they remain in compliance with regulatory requirements and safeguard their own reputation against breaches. Related:More Than Dashboards: AI Decisions Must Be Provable Implementing New Protocols Against Harvest-Now Threats Understanding the threat posed by sensitive data leaks is one thing, but implementing post-quantum cryptography correctly is quite another. While it may be tempting to make widespread changes, the process begins with controlled pilots that allow for monitoring and correction. To start the process, organizations can use the National Institute of Standards and Technology's approved post-quantum cryptographic algorithms as a guide and begin with non-critical systems. Quantum-resistant algorithms often have different computational requirements than today's encryption, with some demanding more processing power, larger key sizes, or modified certificate management. Through controlled pilot programs, security teams can understand performance implications and identify compatibility issues before deploying business-critical systems. Once pilot systems demonstrate stability, organizations can implement hybrid encryption models that combine traditional and post-quantum cryptography technologies. This dual-layer approach protects against both conventional attacks and future quantum threats. Serving as a safety net, this process ensures that data remains protected now, even as post-quantum safeguards are refined over time. Related:Cyberattackers Don't Care About Good Causes The final pilot stage involves engaging the entire technology ecosystem. Security leaders must test quantum-resistant protocols across internal infrastructure, cloud environments and third-party integrations. This testing will reveal what works seamlessly, what requires updates, and what may need to change altogether. The results from this phase can serve as the roadmap for the full-scale migration, informing timelines, resource requirements, and risk mitigation strategies. But implementation is only half the equation. Ongoing protection requires continuous oversight and crypto agility. Even after deploying robust post-quantum cryptography capabilities, organizations must establish protocols to monitor and track their quantum preparedness. This means analyzing new vulnerabilities as they emerge, tracking cryptographic dependencies as systems evolve. The Cost of Waiting Despite the growing dangers a post-quantum world can bring, most organizations remain underprepared to meet the moment. In fact, only half of organizations have taken necessary actions to protect themselves, and only 14% report that their current IT infrastructure is ready to support post-quantum cryptography. With cybercriminals now actively harvesting data, waiting is not an option. The organizations that begin mapping cryptographic dependencies, piloting quantum-resistant protocols, and deploying hybrid encryption now will be best prepared to protect their data and take action if a breach occurs. Those who wait will face an impossible choice: accept that years of stolen data are now compromised, or scramble through crisis-mode migrations under pressure. The harvest of sensitive data is already underway, but businesses can prevent more from being stolen and protect new data over the coming years. The only question is whether they will choose to act. About the Author Manju Naglapur Senior vice-president, general manager, Unisys Manju Naglapur is senior vice president and general manager, Cloud, Applications & Infrastructure Solutions at Unisys. In this role, Manju leads a global business unit focused on cloud and platform transformation, application services, cybersecurity and data and content intelligence. Manju came to Unisys through leading cloud provider CompuGain™, which Unisys acquired in December 2021 to enhance the delivery of rapid, agile cloud migration, application modernization, and data value realization to its clients. Manju joined CompuGain in 2007, and from 2010-2022 he served as vice president, leading strategy, sales, business development, service delivery and portfolio and program management for the company. Manju earned an M.S. in engineering from the New Jersey Institute of Technology and a B.S. in engineering from Bangalore University. More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBER RISK Switching to Offense: US Makes Cyber Strategy Changes by Robert Lemos, Contributing Writer NOV 21, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 CYBER RISK Why Data Privacy Isn't the Same as Data Security by Chris Borkenhagen APR 10, 2025 CYBER RISK Nation-State Groups Abuse Microsoft Windows Shortcut Exploit by Alexander Culafi, Senior News Writer, Dark Reading MAR 19, 2025 Latest Articles in DR Technology IDENTITY & ACCESS MANAGEMENT SECURITY Delinea's StrongDM Acquisition Highlights the Changing Role of PAM MAR 12, 2026 ENDPOINT SECURITY Cylake Offers AI-Native Security Without Relying on Cloud Services MAR 6, 2026 THREAT INTELLIGENCE Fig Security Emerges From Stealth to Fix Broken Security Operations MAR 5, 2026 CYBER RISK Speakeasies to Shadow AI: Banning AI Browsers Will Fail MAR 3, 2026 Read More DR Technology