Post-quantum game plan
Protect your data by transitioning to post-quantum cryptography
For the better part of the last two years, the risks posed by quantum computing have been toward the top of everyone’s cybersecurity list.
On the one hand, quantum computing promises to deliver scientific breakthroughs and drive innovation in other industries; on the other hand, it poses a fundamental threat to digital security. As quantum systems mature, they’ll be capable of breaking the public-key cryptosystems widely used today to secure the Internet.
The danger isn’t hypothetical — and it’s not many years in the future. In fact, criminals are already harvesting encrypted data today, betting that future quantum computers will be able to decrypt it — a strategy known as “harvest now, decrypt later.” At the same time, recent advances in quantum computing mean that criminals will be able to access powerful machines even sooner than originally expected.
I recently had the opportunity to talk about these rapidly emerging threats and challenges posed by quantum computing with Scott Francis, the Americas lead for Cyber Next at Accenture, and Khalid Kark, Cloudflare’s field CIO for the Americas. We examined some of the insights and metrics highlighted in the 2025 Cloudflare Signals Report and discussed ways that organizations can formulate a plan to start transitioning to post-quantum cryptography now — before their data is exposed.
Tracking quantum threats already in motion
The US government’s National Institute of Standards and Technology (NIST) has warned that organizations should act now to avoid being caught off guard by quantum-related threats. Nation-state actors and sophisticated adversaries are already collecting encrypted traffic, intellectual property, and state secrets to decrypt later. Communications that require decade-long confidentiality (or longer) — such as healthcare records, military intelligence, and legal contracts — are especially vulnerable if they are not protected with quantum-resilient key agreements.
As Scott Francis pointed out in our recent discussion, AI could significantly accelerate the timeline for cracking the encryption that protects data. Instead of taking years, criminals could use AI to break a key in a matter of months or weeks once they have access to quantum computers — or even enough GPUs.
To protect sensitive data, organizations must start implementing post-quantum cryptography (PQC) — that is, cryptography that can effectively resist attacks from quantum computers. Government agencies and industry groups around the world are quickly establishing new PQC regulations and standards that will drive organizations forward. “There has been an explosion of regulatory change around the world,” says Francis. “Organizations that have managed to avoid post-quantum planning so far will not be able to avoid it for very long.”
Trends and gaps in post-quantum cryptography adoption
The good news is that many organizations are adopting PQC. According to an analysis of network traffic, only 3% of HTTPS traffic was encrypted using post-quantum algorithms as of early 2024. By March 2025, that number reached 38%, following Cloudflare’s rollout of hybrid post-quantum Transport Layer Security (TLS) by default, and browser support from Chrome, Edge, and Firefox. In some European countries, usage of post-quantum algorithms is above 50%. Still, adoption is uneven and immature. Most enterprise environments are early in the discovery or pilot phases.
Technology leaders also realize that PQC requires holistic change. The move to PQC affects not only TLS endpoints but also public key infrastructure (PKI), machine identities, commercial operating systems and software, open-source supply chains, hyperscaler resources, and more. Not all organizations are ready and able to start such a large-scale transformation.
“Organizations that have managed to avoid post-quantum planning so far will not be able to avoid it for very long.”
—Scott Francis, Americas Lead for Cyber Next, Accenture
Six step migration plan for post-quantum cryptography
How can you future-proof your organization against the threats that will be created by quantum computing — while also protecting data now? In chatting with Scott Francis and Khalid Kark, we all agreed that a multi-step game plan for PQC should include the following key points.
Understand why you are implementing changes.
Leaders must first clarify why a cryptographic transformation is so critical for their particular organization. Are you doing this to satisfy regulators? Are you attempting to protect data over the next 30 years? Is your business expanding to new geographies where you will need to comply with country-specific regulations?
As Scott Francis said, “You need to have a plan that’s driven by business risk — not your understanding of what technology you think you need to change. Start with the business risk and work backward to the technical inputs.”Document all places cryptography is in use.
Taking an accurate inventory of where you are using cryptography across your IT environment should be the next step. Without full visibility, you risk leaving critical systems unprotected. However, cryptographic systems are often poorly documented. You’ll need to survey everything, including embedded systems, cloud workloads, legacy applications, APIs, and IoT devices.
Employing detection and asset monitoring tools capable of identifying outdated or quantum-vulnerable cryptography will be essential. For example, extended detection and response (XDR) platforms with deep network and endpoint telemetry can help discover outdated cryptography, detect insecure fallback behavior, and then automate remediation workflows.
Once you have an accurate inventory, you can create a list of migration projects, prioritized by risk and level of effort.Make post-quantum readiness part of vendor evaluation.
Not all vendors are equal when it comes to complying with the latest regulatory standards. You’ll need to thoroughly evaluate the crypto agility of your vendors, especially security vendors that tunnel corporate network traffic. You might have to disqualify vendors that fail to support hybrid or quantum-safe encryption — particularly if you are operating in government, financial services, or defense sectors. Those vendors could become weak links that leave your organization exposed.Prioritize key agreement migrations.
Due to the harvest now, decrypt later threat, there is a clear benefit to ensuring your key agreement protocols are quantum-resistant now. Transitioning to TLS 1.3 with post-quantum ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism Standard, FIPS 203) will be an important step in securing the future confidentiality of data.Document signature migrations, but don’t prioritize them yet.
Organizations are still working to reach a consensus on the right approach for migrating to post-quantum signatures. Fortunately, these signatures primarily protect against active on-path attacks, making this migration a lower priority.Plan for crypto agility.
As the post-quantum era continues to unfold, often in unpredictable ways, organizations must be ready for continuous change. For example, geopolitical shifts are creating more protective economies and country-specific regulations. If your organization does business in multiple countries, you will need the flexibility to adhere to multiple cryptographic standards.
The goal should be crypto agility, which NIST defines as the ability to replace and adapt cryptographic algorithms without interrupting running systems. Organizations must be able to respond to change seamlessly. But of course, that can be extremely difficult, especially given the number of workloads and applications that organizations must keep continuously available.
“Start with the business risk and work backward to the technical inputs.”
—Scott Francis, Americas Lead for Cyber Next, Accenture
Moving forward into the quantum era
Most organizations are moving toward this new era like a long-overdue visit to the cryptographic dentist. And they should expect a little discomfort, some new costs, and a few surprises. But waiting only makes it worse. As Scott Francis noted in our discussion, “Compliance might be the initial lever that drives a change. But if the outcome is long-term safety for your data and your customers, then it’s worthwhile.”
The priority now shouldn’t be to replace everything overnight, but to build visibility and start the upgrade path. Those who act early will be best positioned to manage the post-quantum shift — before it becomes a crisis. Though this type of transition could appear daunting, it should feel like many modernization projects. With the right plan and tools, you can start to modify processes gradually and then implement automation to help you iterate over time.
As you prepare for the quantum era, Cloudflare offers advanced PQC capabilities to help you progress along that path. For example, TLS 1.3 with post-quantum ML-KEM protects websites and APIs against harvest now, decrypt later threats. The Cloudflare Secure Web Gateway (SWG) supports PQC, ensuring you maintain complete visibility into encrypted traffic during your PQC migration. Additionally, Zero Trust security capabilities apply post-quantum protection while the client solution enables quantum-safe tunneling for any protocol from user devices to your environments. With Cloudflare, you can protect your data today from being harvested while also preparing for the quantum future — all while reducing the complexity of cryptographic implementations.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Dive deeper into this topic.
Learn more about how to prepare for quantum computing threats in the 2025 Cloudflare Signals Report: Resilience at Scale.
Get the report!Author
Trey Guinn — @treyguinn
Field CTO, Cloudflare
Key takeaways
After reading this article, you will be able to understand:
How quantum computing poses a serious threat to data security
Why organizations must start planning now for quantum threats
How to build a comprehensive game plan to address quantum risks