CISOs Urged to Initiate Post‑Quantum Crypto Migration Within 24 Months to Mitigate Future Data Decryption Threats
What Happened — A Help Net Security video featuring QuSecure SVP Garfield Jones warns that a quantum computer capable of breaking today’s public‑key encryption could appear as early as 2029, giving organizations roughly 2½ years to prepare. The briefing outlines a phased roadmap: inventory cryptographic assets, train staff, engage vendors, adopt crypto‑agile designs, pilot TLS 1.3, and harden OT/IoT/legacy systems.
Why It Matters for TPRM —
- Future quantum decryption (the “Harvest‑Now‑Decrypt‑Later” scenario) creates long‑term data exposure risk for any third‑party relationship that relies on conventional PKI.
- Vendors that cannot demonstrate crypto‑agility may become a compliance liability and a supply‑chain weak point.
- Early migration reduces the likelihood of costly retrofits and contractual penalties after a quantum breakthrough.
Who Is Affected — All industries that rely on public‑key encryption, especially FIN_SERV, HEALTH_LIFE, CLOUD_INFRA, and TECH_SAAS providers, as well as their MSP/MSSP partners.
Recommended Actions —
- Conduct a comprehensive cryptographic inventory of all third‑party services.
- Require vendors to provide roadmaps for post‑quantum algorithm adoption and TLS 1.3 support.
- Initiate workforce training on quantum‑resistant cryptography concepts.
- Pilot hybrid crypto solutions (classical + post‑quantum) in low‑risk environments.
Technical Notes — The threat stems from Shor’s algorithm running on a fault‑tolerant quantum computer, rendering RSA/ECC insecure. No specific CVE; the risk is a systemic cryptographic weakness. Data types at risk include any information protected by asymmetric encryption—PII, PHI, financial records, intellectual property, and OT command‑and‑control traffic. Source: https://www.helpnetsecurity.com/2026/06/03/post-quantum-migration-timeline-video/