Will your data be safe in 2030? Quantum computers are both a new threat and an opportunity.
Will your data be safe in 2030? Quantum computers are both a new threat and an opportunity.
Current asymmetric encryption protocols (e.g., RSA, ECC), which are used today by the internet, banking, and government communications, are based on mathematical problems that are very difficult for classical computers to solve. However, quantum computers have the theoretical ability to solve these problems much faster — which poses a real threat that encrypted data obtained today could be decrypted in the future.
This scenario, known as "harvest now & decrypt later," means that attackers are collecting and archiving encrypted communications today, knowing that one day, when a sufficiently powerful quantum machine is built, they will be able to decrypt them.
Why is this being discussed right now? There are two reasons:
- The development of quantum computers is progressing (although it is unclear when exactly Quantum Day will occur)
- The consequences are long-term—some data must remain secret for decades
Global institutions are therefore calling for timely preparation and a coordinated transition to PQC (post-quantum cryptography) – algorithms that are resistant to quantum attacks. The World Economic Forum, for example, has issued recommendations and roadmaps for the transition to a quantum-secure economy.
When does the threat become real?
Estimates vary. It could be a matter of years or decades. It depends on breakthrough technologies and research funding. Governments and security agencies are therefore warning that even if a breakthrough is not in sight, organizations should start planning their migration now. The UK's National Cyber Security Centre (NCSC) and other institutions are proposing preparation phases with targets for the early 30s.
What is already happening in practice?
Large companies have begun experimenting, and some have deployed hybrid solutions—Google, for example, has begun testing post-quantum elements for internal communications and is working to implement standards selected by the US National Institute of Standards and Technology (NIST) to smoothly transition to new algorithms. This shows that the transition is technically possible, but not trivial.
In the Czech Republic, the National Cyber and Information Security Agency (NÚKIB) is setting an example by deploying PQC algorithms on its new portal.
It is certainly worth mentioning that we already have our first quantum computer in the Czech Republic. In September 2025, the first quantum computer in our country was launched in Ostrava. It operates at the IT4Innovations National Supercomputing Center at VŠB – Technical University of Ostrava. The computer, which cost approximately CZK 125 million, was named VLQ.
What are the main challenges of the transition?
- Compatibility and performance: PQC schemes often generate larger keys and signatures, which can increase the load on networks and devices
- Standardization and trust: With the exception of a few candidates accepted by NIST, further verification and real-world deployment testing is needed
- Migration of hundreds of systems: Identifying all systems that use cryptography (TLS, VPN, PKI, IoT) and gradually updating them is logistically challenging
- Implementation errors: Even the right algorithm is useless if the implementation is flawed—which is why audits, testing, and achieving "crypto-agility" are essential (the ability to quickly change algorithms)
What should organizations start doing today?
- Take inventory of the cryptography you use: Map out where and what algorithms you use
- Categorize data based on how long it needs to be protected: Determine what needs to remain secret for 5, 10, or 30 years—this will determine migration priority
- Test hybrid deployments: Implement PQC in pilot scenarios (hybrid combination of classic + PQC) and monitor performance and interoperability
- Introduce crypto-agility: Design systems so that cryptographic algorithms can be replaced without major interventions
- Invest in education and planning: IT, security, and management teams must understand the risks and have resources allocated for gradual migration
"Harvest now & decrypt later" is not just a theory — it is a practical business model for actors who believe that the future discovery of data value will justify the investment in its theft today. The transition to post-quantum cryptography is therefore a matter of risk prioritization and planning: it is not an immediate massive restart, but a controlled process of inventory, pilots, standardization, and gradual migration. Organizations that start early will minimize the risk of having to deal with costly consequences in the form of sensitive data leaks, regulatory sanctions, or loss of reputation and trust.