Quantum Computing and Cybersecurity: Risks Every Business Needs to Know in 2026

Quantum computing threatens cybersecurity by breaking the public-key encryption that secures most of the internet. RSA and elliptic curve cryptography, used in TLS, HTTPS, payment APIs, and crypto wallets, are directly vulnerable through Shor's algorithm. Financial services, crypto businesses, and healthcare face the highest exposure. A cryptanalytically capable quantum computer could arrive between 2029 and 2035. Start a cryptographic inventory now and migrate to NIST's post-quantum standards before that window closes.

Introduction

In August 2024, NIST finalized three post-quantum cryptography (PQC) standards: ML-KEM, ML-DSA, and SLH-DSA — the approved replacements for RSA and elliptic curve cryptography (ECC). These are published federal standards with FIPS numbers assigned.

In May 2025, a Google Quantum AI researcher published a paper showing RSA-2048 could be broken using fewer than one million physical qubits in under a week. It is a 20-fold reduction from the 2019 estimate of 20 million qubits. In early 2026, Google set an internal 2029 deadline to complete its own post-quantum migration. That same month, a follow-up paper showed Bitcoin and Ethereum's elliptic curve signatures could be broken with fewer than 500,000 qubits.

Cloudflare deployed post-quantum key exchange across its global network in 2023. IBM has been running quantum-safe pilots with financial institutions since the same year. For these organizations, post-quantum migration is an active engineering project.

Most businesses have not started. So, the split between what infrastructure providers are doing and what their customers are doing is where the quantum computing and cybersecurity risk lives in 2026.

In This Guide

• How quantum computers break current encryption, and which specific algorithms are affected
• The encryption risk table: what fails first and what holds up
• Which industries and business types face the highest quantum cybersecurity threats
• What NIST, Google, IBM, and Cloudflare are already doing
• How quantum computing affects crypto payment infrastructure directly
• A practical, numbered checklist of what to do right now
• FAQ on quantum computing security

How Quantum Computers Threaten Cybersecurity

Classical computers process data as bits, either 0 or 1. Quantum computers use qubits, which exploit superposition and entanglement to represent multiple states simultaneously. This lets certain problems scale exponentially faster than any classical processor can handle.

Two algorithms define the quantum computing cybersecurity threat:

Shor's algorithm breaks RSA and ECC — the cryptographic foundation of TLS, HTTPS, digital signatures, and crypto wallets. Any system whose security depends on the difficulty of factoring large numbers or computing discrete logarithms becomes solvable with a large enough quantum computer.

Grover's algorithm halves the effective key length of symmetric encryption. AES-256 loses half its resistance, becoming equivalent to AES-128. That remains usable, but it is not zero impact, so organizations running AES-128 should move to AES-256 now.

In May 2025, Google Quantum AI reduced the estimated qubit requirement to break RSA-2048 from 20 million to under one million physical qubits, with a runtime under one week. Current machines operate at 100 to 1,000 qubits with error rates still far above what a cryptanalytic attack requires, which is why the realistic transition window sits between 2029 to 2035.

Which Encryption Is at Risk? (And Which Isn't)

The table below is the most direct reference for vendor conversations and internal risk assessments.

TLS secures every HTTPS connection, API call, and payment transaction, and it uses RSA or ECC in its handshake. Both fall in the high-risk column. Storage encryption and blockchain hashing retain adequate security margins. NIST's approved post-quantum algorithms carry no known quantum risk by design.

Which Businesses Are Most Exposed?

Not every organization faces equal quantum cybersecurity threats. Exposure depends on how heavily a business relies on RSA or ECC to protect high-value, long-lived data.

Financial services and fintech. Payment processing, banking APIs, transaction signing, and interbank settlement all run on RSA and ECC. Transaction records and authentication credentials are precisely the type of long-lived, high-value data that adversaries target for collect-now, decrypt-later operations.

Crypto businesses. Wallets, exchanges, and payment infrastructure depend on cryptographic signing and key management, which are among the areas affected by future post-quantum migration. In March 2026, Google Quantum AI published research showing ECDLP-256, the discrete logarithm problem underlying Ethereum and Bitcoin's signature scheme, could be solved with fewer than 500,000 physical qubits. That is a roughly 20-fold reduction from the prior best estimate.

Healthcare. Encrypted patient records, HIPAA-compliant data exchanges, and clinical research data are secured with RSA-based protocols. Patient records have retention windows measured in decades, making them a primary target for harvest-now-decrypt-later collection.

Legal, government, and defense. PKI infrastructure, digitally signed contracts, and classified communications rest on RSA and ECC. Compromise of signing keys undermines the chain of trust for every document signed under those keys.

SaaS and cloud platforms. API authentication, SSL certificates, and OAuth tokens are built on public-key cryptography. An exposed key at the infrastructure layer creates downstream exposure across every customer of that platform.

What Are Google, IBM, Cloudflare, and NIST Already Doing?

NIST finalized three post-quantum cryptography standards in August 2024: ML-KEM (FIPS 203) for key encapsulation, ML-DSA (FIPS 204) for digital signatures, and SLH-DSA (FIPS 205) for hash-based signatures. These are the current baseline for quantum-secure systems. NIST's internal guidance recommends deprecating RSA and ECC after 2030 and disallowing them after 2035.

Google migrated Chrome to X25519Kyber768 hybrid key exchange in 2023, adding quantum-resistant protection to millions of browser sessions by default. In early 2026, Google announced an internal 2029 deadline to complete its own PQC migration across infrastructure. The same team published the May 2025 paper that halved the estimated cost of breaking RSA-2048. So the risk is growing faster than many outside organizations have planned for.

IBM runs an active Quantum Safe program offering cryptographic inventory tooling, migration planning frameworks, and quantum-safe pilots with financial institutions.

Cloudflare deployed post-quantum key agreement across its global network in 2023. Every HTTPS connection terminating at Cloudflare now uses a hybrid key exchange with quantum-resistant properties by default.

CISA (US) published a PQC product categories list in January 2026 under Executive Order 14306 (June 2025), directing federal agencies to acquire PQC-capable products across cloud, networking, and endpoint security. Federal TLS 1.3 adoption is mandated by January 2030.

Harvest Now, Decrypt Later: The Risk That's Already Active

“Harvest now, decrypt later” (HNDL) does not require a quantum computer to be dangerous. It only requires collection infrastructure, which nation-state actors and advanced persistent threat groups have operated for years.

The strategy is to intercept and store encrypted traffic today, then decrypt it once a capable quantum computer exists. Stored ciphertext does not expire. Data collected in 2026 is just as readable in 2031, assuming the keys can eventually be broken.

Meanwhile, anything with a long useful life is under risk. For example, these are private keys and authentication credentials, multi-year contracts and M&A communications, patient record, proprietary research. Every TLS session negotiated with RSA key exchange generates data that, if intercepted, could be decrypted retroactively.

For payment businesses, this affects transaction logs, customer authentication tokens, and API credentials stored in RSA-encrypted databases represent exactly the class of data HNDL operations prioritize.

That way, data encrypted today must remain secure until Q-Day, and for most sensitive categories, that timeline extends well into the 2030s. Unfortunately, most of that data will not survive with current encryption standards intact.

How Quantum Computing Affects Crypto Payment Gateways

Crypto payment gateways are part of the payment infrastructure that should prepare early for post-quantum migration. The risk is connected not only to blockchains themselves, but also to payment APIs, data storage, merchant integrations, and dependence on external providers.

The payment infrastructure used today will require migration before Q-Day. The key factors are the merchant’s own systems, as well as whether the payment provider has a roadmap, technical partnerships, and a clear view of how cryptographic standards are changing.

Businesses looking for a crypto payment gateway can use PassimPay to process payments in 74 cryptocurrencies, including networks with active quantum safety research and cryptographic upgrade roadmaps. Choosing a provider that tracks cryptographic infrastructure developments reduces the migration burden on the merchant side.

What Businesses Should Do Right Now: A Practical Checklist

These six steps represent the minimum viable response to quantum computing and security risk for any organization relying on RSA or ECC today.

1. Run a cryptographic inventory. Map every system, API integration, vendor connection, and data store using RSA, ECDSA, or Diffie-Hellman key exchange. You cannot prioritize what you have not mapped. This is the mandatory first step in any PQC transition plan.
2. Prioritize long-lived sensitive data. Any information that must remain confidential for 10 or more years, such as authentication credentials, customer records, API keys, financial records, contracts, should be flagged immediately for re-encryption or migration planning.
3. Begin testing NIST PQC standards. ML-KEM, ML-DSA, and SLH-DSA are the approved replacements for RSA and ECC. Most major TLS libraries now support ML-KEM. Start integration testing in non-critical environments before moving to production systems.
4. Audit vendors for quantum roadmaps. TLS providers, cloud platforms, CDNs, and payment processors should be able to describe their PQC migration timeline.
5. Enable hybrid key exchange where supported. X25519Kyber768 is already available in Chrome, Cloudflare, and major TLS libraries. Hybrid key exchange adds post-quantum protection to connections without breaking compatibility with systems that do not yet support full PQC.
6. Start in 2026, not 2029. Organizations that begin quantum computing and security migration now have a 3–5 year window to complete it under normal operating conditions. Those who wait for Q-Day will migrate under simultaneous technical urgency, regulatory pressure, and constrained vendor availability.

FAQ

What is quantum computing's threat to cybersecurity?

Quantum computing threatens cybersecurity by solving the mathematical problems that make public-key encryption secure. Shor's algorithm can factor large integers and compute discrete logarithms exponentially faster than classical computers, which breaks RSA and ECC directly. These two algorithms underlie TLS, HTTPS, digital signatures, payment APIs, and crypto wallets. A large enough quantum computer renders all of them vulnerable to decryption or forgery.

How does quantum computing affect cybersecurity?

Quantum computing and cybersecurity intersect at the level of public-key infrastructure. RSA and ECC, the two dominant systems in use globally, are mathematically solvable by Shor's algorithm. So, any system using them for key exchange or signing becomes vulnerable once a sufficiently large quantum computer exists. The transition to post-quantum cryptography is the mitigation path. NIST finalized three replacement algorithms in August 2024.

What is quantum cyber security?

Quantum cyber security covers both the threats quantum computers pose to existing encryption and the defensive responses to those threats. It includes post-quantum cryptography (designing algorithms a quantum computer cannot break), quantum key distribution (using quantum physics for provably secure key exchange), and the organizational practice of migrating cryptographic systems before a cryptanalytically relevant quantum computer exists.

Which encryption algorithms are quantum-safe?

The three NIST-approved quantum-safe algorithms are ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205), finalized in August 2024. AES-256 and SHA-256/SHA-3 retain adequate security margins under Grover's algorithm to remain viable. RSA, ECC, and Diffie-Hellman are not quantum-safe and require replacement before Q-Day.

When will quantum computers be a real cybersecurity threat?

The realistic window for a cryptanalytically relevant quantum computer, one capable of breaking RSA-2048, is 2029 to 2035, based on current hardware trajectories and the pace of algorithmic improvement. Google's May 2025 paper reduced the qubit estimate from 20 million to under one million. NIST's published guidance recommends treating 2030 as the deprecation horizon for vulnerable cryptographic systems.

What is post-quantum cryptography?

Post-quantum cryptography (PQC) is the design and standardization of cryptographic algorithms that remain secure against both classical and quantum computers. Unlike RSA and ECC, which rely on problems quantum computers solve efficiently, PQC algorithms are based on mathematical problems, like primarily lattice problems and hash functions, believed to resist quantum attack. NIST finalized the first three PQC standards in August 2024 under FIPS 203, 204, and 205.

What is “harvest now, decrypt later”?

“Harvest now, decrypt later” (HNDL) is an attack strategy where adversaries intercept and store encrypted data today, intending to decrypt it once quantum computers become capable enough. Nation-state actors with large-scale collection infrastructure are already executing this approach. Long-lived sensitive data is most at risk because it will still be valuable when decryption becomes feasible.

Is AES-256 quantum-safe?

AES-256 retains adequate security in a post-quantum environment. Grover's algorithm halves the effective key length of symmetric encryption, reducing AES-256 to the equivalent of AES-128 in resistance. AES-128 still requires approximately 2¹²⁸ operations to brute-force — computationally infeasible for any foreseeable quantum system. Organizations using AES-128 today should migrate to AES-256 as a precaution, but AES-256 is not broken and does not require replacement.

What are the NIST post-quantum cryptography standards?

NIST finalized three post-quantum cryptography standards in August 2024. ML-KEM (FIPS 203), based on CRYSTALS-Kyber, handles key encapsulation, establishing encrypted communication channels. ML-DSA (FIPS 204), based on CRYSTALS-Dilithium, provides digital signatures. SLH-DSA (FIPS 205), based on SPHINCS+, offers a conservative hash-based signature alternative. These replace RSA and ECC across TLS, authentication, and document signing applications.

How should businesses prepare for quantum cybersecurity risks?

Quantum computing and security preparedness starts with a cryptographic inventory: mapping every system, vendor, and integration using RSA, ECC, or Diffie-Hellman. From there, prioritize long-lived sensitive data for early re-encryption, begin testing ML-KEM and ML-DSA in non-production environments, audit vendors for PQC migration roadmaps, and enable X25519Kyber768 hybrid key exchange where available. Starting in 2026 gives organizations 3–5 years to complete migration before the NIST 2030 deprecation deadline.

Final Thoughts

Quantum computing and cybersecurity risk is not a future concern sitting safely beyond the planning horizon. The migration window is open now, as NIST has published the standards, and Google, Cloudflare, and IBM are actively migrating. The qubit estimates to break RSA and ECC have dropped by 20 times in six years.

Businesses that start quantum computing security migration in 2026 have time to complete it methodically. Payment infrastructure carries specific exposure, so choose providers with quantum awareness and active vendor roadmaps.

Explore PassimPay's crypto payment infrastructure: passimpay.io