Quantum risk to quantum readiness: A PQC roadmap | Computer Weekly

Quantum risk to quantum readiness: A PQC roadmap | Computer Weekly

Briefly

"No one knows exactly when quantum computing will arrive, but accelerating progress is prompting security and IT leaders to recognise the potential risks. With near-weekly breakthroughs in large-scale quantum computing, and with regulators and large cyber security players treating the issue as urgent, quantum-driven threats are now starting to appear on boardroom agendas. So how do organisations begin implementing post-quantum cryptography (PQC)? In this article, I'll outline a roadmap to post-quantum readiness and highlight the most common pitfalls senior decision makers encounter along the way."

"Firstly, don't wait to be told. Bodies such as NIST, NCSC, ANSSI, BSI and the NSA have already set the direction for post-quantum cryptography. As RSA and ECC are phased out, formal PQC mandates are in place and critical infrastructure will be first in line. Quantum-safe protection shouldn't be treated as a compliance checkbox but as a built-in product feature that strengthens long-term security. As customers increasingly explore quantum-ready solutions, the market is signalling that readiness is becoming a strategic advantage, not just an obligation."

"Assess your infrastructure by vendor. Organisations need to assess their vendor ecosystem now, identifying where post-quantum vulnerabilities exist, and how PQC will fit into the existing architecture. Procurement should be used as a lever to make PQC the default requirement across browsers, datacentres, email systems and critical services - particularly as large-scale providers are already moving in this direction, with Cloudflare estimating that around 50% of global web traffic on its network is now PQC-secure."