Global organized crime networks have newfound, democratized access to exponential technologies like AI and quantum – while quantum computing could break today’s cryptography by 2035. The UK and EU are urging immediate action.

The UK’s National Cyber Security Centre (NCSC) and Europol have issued urgent alerts: Organizations must prepare for a post-quantum world. Current encryption standards will be rendered obsolete with the forecasted advent of large-scale, fault-tolerant quantum computers by 2035. Quantum computing is also now mentioned – alongside AI and blockchain – as a technology that will exponentially escalate cybercrime complexity. To prevent a cybersecurity catastrophe, a transition to post-quantum cryptography (PQC) must begin now.

Why This Matters

• Massive risk exposure: Encryption protecting banking, healthcare, national defense, and more will be breakable.
• Q-Day is a “gray rhino” – A highly probable and highly impactful event or incident, but often ignored.
• Global cybercrime evolution: Europol highlights quantum, AI, and blockchain as catalysts for more sophisticated cybercriminal operations.

Key Points

• 2035 is the target for crypto vulnerability: The NCSC wants migration to PQC complete by then.
• Three-phase PQC migration: Discovery and planning must begin by 2028.
• Criminals will weaponize quantum tech: Europol sees it as enhancing the speed and reach of operations.
• Low industry readiness: Surveys show dismal PQC preparedness across sectors.
• PQC standards exist: NIST has approved three cryptographic algorithms.

For the full NCSC and Europol reports, see:

1. NCSC: Timeline for PQC Migration: Outlines the three-phase roadmap from discovery to implementation of post-quantum cryptography across UK organizations. Stresses urgency, targeting 2028 for strategy readiness.

2. EU SOCTA 2025 Report Europol identifies quantum computing, AI, and blockchain as technologies rapidly escalating cybercrime complexity. Warns of their use as proxies for state-sponsored attacks.

What Next?

Organizations should already be considering:

• Conducting full cryptographic inventory.
  • Begin quantum threat modeling immediately.
  • Map all current cryptographic dependencies by 2026.
  • Initiate vendor and tool audits for PQC readiness.
• Building and executing migration strategies; Integrate PQC planning into cybersecurity budgets by 2025.
• Investing in PQC R&D and vendor partnerships.
• Exploring government-mandated PQC compliance deadlines.
  • Adopt NIST-approved PQC algorithms ahead of formal mandates.
• Coordinating industry-wide awareness and funding programs.

Continue to monitor Q-Day developments and consider the formation of internal quantum risk working groups.

Quantum Technology and National Security: Emerging Threats, Strategic Investments, and Federal Agency Readiness

Domestic U.S. and international quantum technology infrastructure has been dramatically built out in the last seven years – since the passage of the initial Quantum Initiative Act in 2018 – with commitments to cryptography, post-quantum crypto agility, and quantum networking and computing that will continue to reshape national security and federal operations. The U.S. government, military, and allied nations continue making strategic investments to maintain this edge. The convergence of quantum technology with AI, biotechnology, and cybersecurity also presents both opportunities and threats.

In this post, we “set levels” and provide a definitive baseline analysis of major developments in the public sector quantum ecosystem (based on OODA Loop news briefs, tracking, and Original Analysis that, in some cases, pre-date the launch of the National Quantum Initiative in 2018).

This synthesis and summary of our previous analysis efforts is the foundation on which we will be basing our quantum research efforts in 2025 – in what we expect to be the continuation of an accelerated timeline of developments in the private and public sector quantum ecosystem and community of practice.