“We do hear of HNDL attacks, where conventionally encrypted content is no longer discarded but retained by criminals, who are seeing the (quantum) developments as an opportunity for their nefarious activities within 2-3 years,” Gartner’s Willemsen said. “When criminals see opportunity around the corner, the quantum-based decryption risks are no longer theoretical; they are real.”
Vendors increasingly argue that action cannot wait for fully capable quantum computers. Cisco warns that organizations holding long-lived sensitive data should already be moving beyond assessments. “Assessment is urgent, but active replacement is now imperative,” Chisolm said.
Cloudflare echoes the timeline concern while pointing to official guidance. “The National Institute of Standards and Technology (NIST) recommends organizations achieve full post-quantum readiness by 2030,” Rath noted. “Given the complexity of updating infrastructure at scale, we recommend that enterprises begin planning the replacement process now to reduce stress, costs, and friction.”
NIST also finalized multiple post-quantum cryptographic algorithms, giving vendors and enterprises targets for migration and reducing uncertainty. As organizations prepare for hybrid PQC deployments, combining classical and quantum-resistant algorithms, vendors are racing to ensure their offerings support evolving standards.
