Most encryption used today relies on mathematical problems that classical computers cannot solve in any practical timeframe. Quantum computers will change that. Their architecture allows them to process certain calculations, including the ones underpinning widely used encryption standards like RSA and elliptic curve cryptography, exponentially faster than anything available today.
When a sufficiently powerful quantum computer arrives, encrypted data that was considered secure becomes readable.
Attackers can capture encrypted traffic today and store it, betting that a future quantum computer will make it readable. The technique is known as “harvest now, decrypt later,” and it means sensitive data transmitted over encrypted channels today, whether financial records, government communications, or intellectual property, could be exposed years from now without the victim ever knowing it was intercepted.
Yaroslav Rosomakho, Zscaler’s chief scientist, told Expert Insights this that should concern security leaders right now. “Communication that we use today could potentially be intercepted by actors passively,” he said, “and they would be able in the future to replay that communication through a quantum computer and get whatever confidential data was in there. This part is imminent.”
The concern is already widespread. In Zscaler’s December 2025 survey through of 1,750 IT leaders, six in 10 said data stolen today could pose a material risk to their business in the future, even if it is only decrypted years from now. Yet 57% had not factored post-quantum cryptography (PQC) into their security strategy.
Two problems, not one
Quantum migration is not a single project. It splits into two problems with different urgency levels and different levels of difficulty.
The first is key exchange, the mechanism that protects data while it moves across networks. This is where harvest-now-decrypt-later applies, and it is the more urgent of the two. The good news is that the standards are already mature and shipping. Modern browsers including Chrome, Firefox, and Safari already support post-quantum key exchange algorithms. Organizations can begin migrating today.
The second is digital signatures, the cryptography behind certificates and identity tokens. There is no harvest-now risk here because a signature on an expired certificate has no future value to an attacker. But the migration itself is significantly harder. Signature changes touch certificates, PKI infrastructure, identity systems, and in many cases physical hardware. Planning needs to start now even though the deadline is less immediate.
Why deferring is a mistake
The instinct to wait is understandable but wrong. Many organizations treat quantum as a future problem, something to address once the technology materializes. But the migration itself takes years, and starting late turns a managed transition into a crisis.
Organizations that delay risk what Rosomakho described as a “fire drill,” replacing signatures, PKI, and equipment all at once, at high cost and major disruption. There is also a regulatory dimension. Compliance requirements around post-quantum readiness are tightening, and organizations that have not started will face both operational and legal exposure.
A common misconception slows things further. Defending against quantum computers does not require quantum computers. Post-quantum cryptographic algorithms run on existing hardware. “They are performed by regular computers,” Rosomakho said. “They just use a different mathematical foundation.” Waiting for quantum hardware to exist before acting gets the sequence backward.
What to do now
The starting point is visibility. Organizations need to understand where they run legacy applications and appliances, and where their communications rely on cryptographic stacks that do not support post-quantum algorithms. Without that audit, prioritization is impossible.
From there, the approach is triage. Identify the channels carrying data that must stay confidential for years, the communications that cannot be exposed under any circumstances, and migrate those first. Tackle harvest-now-decrypt-later protection first since the standards are ready and the migration is relatively straightforward. Begin planning the signature migration in parallel.
The longer-term goal is crypto agility: the ability to swap one algorithm for another without rebuilding infrastructure. Today’s chosen algorithms may themselves need replacing if a flaw emerges later. As Rosomakho advises “In the cryptographic world, exciting is a very bad word. We really want boring, because exciting means there is a chance there is a flaw we don’t yet know about.”
The cost of doing nothing
The risks of inaction are threefold. The first is future loss of confidentiality through harvest-now-decrypt-later, where data captured today is read once quantum computers mature. The second is operational, as organizations that delay face a compressed, disruptive migration under pressure. The third is regulatory, as compliance frameworks increasingly expect quantum readiness and non-compliance carries financial and legal consequences.
The core message for security leaders is straightforward: the credible threat may be years away, but the window to act without panic is open now and it will not stay open indefinitely.
