Michelle Mosca was doing routine threat modeling in 2015 when she put a number on something most of her colleagues preferred to leave vague. The University of Waterloo cryptographer estimated a one-in-seven chance that quantum computers would break standard public-key encryption by 2026, rising to even odds by 2031. Her peers debated the timeline. Almost nobody debated the destination.
That distinction matters for you, right now, whether you run a small business, store sensitive files in the cloud, or just assume your banking app is doing its job.
The Real Story Behind the Headlines
Here is the debate: one camp argues quantum threats are still years away and current encryption is fine for most people today. The other camp says the attack is already underway, just in slow motion. Both sides have real data. Only one of them is accounting for what nation-states are doing while you wait.
Let me show you both arguments, then tell you exactly where I land.
Side A: Current Encryption Is Holding. Relax.
The strongest version of this argument goes like this: RSA-2048 and AES-256, the workhorses of modern encryption, would require a quantum computer with millions of stable, error-corrected qubits to crack. IBM’s current flagship, the Heron processor released in late 2023, runs at 133 qubits. Google’s Willow chip, announced in December 2024, hit 105 qubits with improved error correction. Impressive engineering. Still nowhere near the threshold for breaking meaningful encryption.
The practical argument follows: for everyday consumers, the realistic threat actors are ransomware gangs and phishing operations. None of them have quantum computers. Your encrypted WhatsApp messages, your VPN tunnel, your online banking session — all of these are protected by encryption that no currently existing machine can touch.
A 2023 report from the Ponemon Institute found that 68% of data breaches still exploited known vulnerabilities in unpatched software. Quantum attacks did not register as a leading breach vector. On a purely statistical basis, you are far more likely to be compromised by a weak password than by a quantum adversary.
Did You Know: The largest quantum computers today operate at hundreds of qubits. Breaking RSA-2048 is estimated to require between 4,000 and 20 million stable logical qubits, depending on the error-correction model used. (MIT Technology Review, 2024)
Side B: The Attack Already Started. You Just Cannot See It Yet.
Here is what keeps serious cryptographers up at night: the “harvest now, decrypt later” strategy. Nation-state actors, specifically those with the budget and motive to play a long game, are collecting encrypted data today, storing it, and planning to decrypt it once quantum capability matures. They do not need to break your encryption right now. They just need to keep your data on ice.
The NSA did not wait for the debate to settle. In 2022, it issued guidance explicitly telling defense contractors and federal agencies to begin migrating away from RSA and elliptic-curve cryptography. The agency named a specific replacement framework: NIST’s post-quantum cryptography standards, which reached final publication in August 2024. That is not a precautionary memo. That is an agency that processes classified threat intelligence telling critical infrastructure to change course immediately.
Think of it this way: imagine you kept a diary in a secret language, confident no one could read it. Then someone photographed every page and locked the photos in a vault, knowing they would eventually hire a translator. The diary entries are already gone. You just have not felt it yet.
Medical records. Legal documents. Financial data. Anything encrypted today with RSA or elliptic-curve cryptography and transmitted across a network is potentially sitting in someone’s vault right now.
Warning: If your organization stores sensitive data with a shelf life longer than five years — medical records, legal files, financial contracts — “good enough for now” encryption is not actually good enough. The threat window is already open.
Who Actually Has This Problem
This is not limited to defense contractors and intelligence agencies. Small businesses handle payroll data, client contracts, and healthcare information every day with encryption that was designed for a pre-quantum world.
Take someone like Tom Kellermann, Chief Cybersecurity Officer at Contrast Security, who testified before Congress in 2023 that small and mid-sized businesses represent the most exposed segment of the economy on post-quantum readiness, precisely because they outsource their security decisions to vendors who have not updated their standards. His core point: the businesses most likely to be holding sensitive long-term data are the least likely to know what encryption their software actually uses.
You probably do not know what encryption your accounting software uses. Most people do not.
Pro Tip: Ask your cloud storage provider one direct question: “Have you implemented or committed to NIST 2024 post-quantum cryptography standards?” Their answer — or their silence — tells you everything.
My Position: Side B Wins, But Not For the Reason You Think
I dug into the actual research so you do not have to, and here is what I found: the harvest-now-decrypt-later threat is the crux of this, and it flips the timeline entirely. The question is not when quantum computers can break encryption. The question is when the data being harvested today becomes decrypt-able. Those are two very different clocks.
The NSA migration order, the NIST final standards, Mosca’s probability framework — these are not theoretical exercises. Institutions that deal in actual classified threat assessments have already voted with their compliance budgets.
The “relax, the qubits aren’t there yet” argument is technically accurate and strategically useless. Encryption that offers no meaningful long-term protection for data collected today is not secure encryption. It is a delay.
Signal, for what it’s worth, already implemented a post-quantum encryption layer called PQXDH in September 2023. WhatsApp has made no comparable public commitment on post-quantum standards. That gap is worth noting.
Action Step: Check whether your primary messaging app has implemented post-quantum cryptography. Signal has. Most have not. This is a two-minute search that tells you something real about your current exposure.
What This Actually Means For You: 5 Steps
Step 1: Identify your sensitive data with a shelf life. Not everything needs post-quantum protection urgently. Tax records from 2019 probably do not matter. A contract signed today that governs a ten-year business relationship does.
Step 2: Audit your current tools. Does your VPN provider support post-quantum key exchange? Does your cloud backup? These are questions with findable answers. Most providers publish their encryption specs in their security documentation.
Step 3: Switch your messaging app. If you use WhatsApp for anything sensitive, switch to Signal. This is free, takes fifteen minutes, and moves you to the only major consumer messaging platform that has implemented post-quantum cryptography at the protocol level.
Step 4: Ask your vendors a direct question. Email your cloud storage provider, your VPN service, and your business software vendors and ask whether they have a post-quantum migration roadmap aligned with NIST 2024 standards. Keep the responses. If they cannot answer the question, that is a vendor risk you are now aware of.
Step 5: Store your most sensitive files with forward-looking encryption tools. Veracrypt and similar open-source tools now support AES-256 in configurations that align with NIST’s post-quantum guidance. For documents you need to protect for five or more years, exporting a second encrypted copy with a current NIST-aligned tool takes under an hour and adds a real layer of protection that your standard cloud sync almost certainly does not provide on its own.
Your Next 3 Steps
Open Signal right now and check Settings > Privacy > Advanced. If “Sealed Sender” is not enabled, turn it on. Then check that your app version is current. This takes three minutes and is the single fastest upgrade to your communication security available today.
This week, go to your primary cloud storage provider’s website, search for the words “post-quantum” or “NIST 2024” in their security documentation. If neither term appears anywhere, send their support team one sentence: “Does your platform have a post-quantum cryptography migration plan aligned with NIST’s 2024 PQC standards?” File their response.
Before the end of this month, list every category of data your household or business holds that you would still care about in 2035. Health records. Business contracts. Financial documents. That list is your post-quantum risk surface. If it is longer than one line, you have concrete work to do, and now you know exactly where to start.
