London, March 21, 2025 – The UK’s National Cyber Security Centre (NCSC) has issued a stark warning regarding the potential risks posed by future quantum computers, urging businesses and government agencies to prepare for a transition to post-quantum cryptography (PQC) before it becomes critical.
The NCSC’s newly released guide emphasizes the urgency of identifying vulnerable systems by 2028 and prioritizing necessary upgrades by 2031, with a full transition to PQC anticipated by 2035. The agency cautioned that adversaries may already be collecting encrypted data for future decryption, making prompt action essential.
Industries that manage long-term sensitive data, including financial services and national infrastructure, are particularly at risk and must begin their planning now to mitigate exposure as quantum technology advances. The NCSC highlighted that migration to PQC represents a significant overhaul of IT and operational technology systems, which could span multiple leadership cycles within organizations.
“The total financial cost of PQC migration could be significant, so it’s essential that organizations budget accordingly, including for preparatory activities as well as the actual migration,” the NCSC stated. The emergence of quantum computing is expected to reshape the cybersecurity landscape, raising concerns about its potential applications in cyber warfare and espionage.
Experts warn that although quantum technology is still in its infancy, its implications for cybersecurity are profound. Faisal Kawoosa, founder and lead analyst at Techarc, noted that the complexity and cost of using quantum computing for cybercrimes may currently limit its use to government-supported initiatives against adversarial nations.
The NCSC’s roadmap underscores the urgency of transitioning to PQC, yet businesses may encounter significant challenges in adhering to the proposed timelines. The migration process could be complex and disruptive, necessitating comprehensive updates to encryption protocols across critical sectors.
As quantum threats become more imminent, organizations that delay migration could find themselves vulnerable to attacks leveraging quantum capabilities. However, the ongoing development of both quantum computing and PQC presents a window of opportunity for organizations to act before the risks materialize.
