Governments, cloud services, infrastructure firms, and enterprise security practitioners are ramping up investments. For enterprise security executives, the debate is not about the importance of post-quantum cryptography.

The challenge lies in determining the speed at which organizations can implement cryptographic visibility, migration strategies, and resilience before quantum risk exposure becomes untenable from an operational perspective.

“Harvest Now, Decrypt Later” Threat Models Remain Prominent

One of the most prominent risks related to the dangers of quantum technology from an enterprise perspective revolves around the long-term threat exposure of encrypted data.

Attackers are thought to be harvesting encrypted data at the moment in anticipation of having this data decrypted using future quantum systems.

The following industry verticals will likely be most impacted by the aforementioned risk model:

• finance sector
• healthcare organizations
• defense industry
• intellectual property holders
• authentication mechanisms
• government agencies

This type of risk is most prevalent in industries which have stringent data confidentiality mandates spanning decades into the future.

Gaps in Enterprise Cryptography Visibility Persist

One of the most consistent topics discussed throughout Black Hat USA and DEF CON 2025 was one of the most basic problems.

IBM estimates that large-scale enterprise cryptographic migration programs could require between 5–8 years due to legacy infrastructure complexity and operational dependencies.2

Enterprises generally do not have full visibility into the existence of cryptography within their organization.

The problem is significant because without proper visibility, organizations are unable to modernize their cryptographic environment.

Visibility gaps typically occur within:

• legacy applications
• cloud environments
• PKI environments
• embedded devices
• OT networks
• certificate infrastructures
• external software dependencies

Visibility of cryptography within the enterprise has become an important first step towards enterprise quantum readiness.

Hybrid Crypto Programs Launched by Cloud Providers

Infrastructure giants keep pushing post-quantum readiness plans forward.

Google has added hybrid crypto programs in areas like:

• Google Chrome browser
• TLS framework
• Cloud KMS service
• enterprise networking systems

AWS is similarly expanding support for hybrid quantum-safe key exchange across its cloud computing environment.

Market Impact Is Substantial

Deloitte warns that cryptography is deeply embedded across enterprise infrastructure, making future migration significantly more complex than most organizations currently estimate.3

With the two largest cloud providers signaling readiness for post-quantum migration, it’s clear that enterprises will need to get ahead of the curve in crypto readiness well before major quantum disruption hits.

Regulatory Roundup

NIST Pushes Enterprises Toward Action With New Standards

The publication of NIST standards FIPS 203, 204, and 205 has drastically increased urgency among security leaders to plan for PQC migration.

Organizations are increasingly prioritizing:

• migration timelines
• crypto-agility strategies
• interop testing
• infrastructure upgrades
• deployment planning

Standardization increasingly alleviates uncertainties in planning.

Regulatory Pressure Set to Grow in Key Industries

Industry experts believe compliance mandates and procurement standards will drive PQC implementation in enterprises over the next few years.

Key areas under increased regulatory scrutiny are:

• infrastructure resiliency
• future-proofs encryption
• secure by design
• software supply chain security
• data security in the long run
• cryptographic upgrades

The financial services, healthcare, telecommunication, aerospace, defense, and energy industries are likely to be most affected.

Emerging Trend Watch 

Hybrid Cryptography Becomes the New Enterprise Norm

Most enterprises have not implemented quantum-resistant cryptographic solutions yet.

Instead, hybrid cryptography schemes are fast becoming the favored path forward.

Some examples of these hybrids are:

• ECC/ML-KEM key exchange
• traditional signatures and ML-DSA signature validation
• hybrid TLS implementations

Enterprises prefer hybrid cryptography schemes because of their ability to help them:

• minimize disruption
• ensure greater testing interoperability
• evolve gradually
• test infrastructure suitability
• prevent abrupt replacement

Experts predict that hybrid cryptography deployments may continue being commonplace among enterprises up until 2028.

Cloud and Infrastructure Watch

Complexity of Hybrid Infrastructure Is Changing the Approach to PQC Transition

PQC transition planning has become much more challenging in hybrid and multi-cloud scenarios.

Enterprise systems now operate in environments made up of:

• Public cloud infrastructures
• Private clouds
• SaaS environments
• Edge computing
• Operational technology networks
• Containers

The problem of maintaining compatibility in the face of such complexity is a huge challenge in cryptographic modernization.

Companies need a migration strategy that maintains compatibility within highly complex infrastructure environments.

Complexity of Infrastructure Modernization Likely to Be The Biggest Obstacle

While the biggest obstacle for enterprises might end up being the complexity of infrastructure rather than quantum computers.

Cryptography is embedded into:

• IAM solutions
• DevSecOps processes
• cloud platforms
• PKI systems
• operating technologies
• embedded devices
• HSM infrastructures
• applications

A large migration project will likely entail multi-year planning efforts. Many security experts understand that PQ readiness should essentially be considered an effort to modernize infrastructure.

What CISOs Should Monitor

• Imminent Enterprise Focus Areas
• initiatives for cryptographic discovery
• assessments for crypto-agility
• Pilot programs for hybrid cryptography
• modernization of certificates
• testing cloud-native PQC
• reviews of infrastructure interoperability
• migration roadmaps
• management of third-party cryptography

Critical Enterprise Reality

Being quantum-ready is no longer an issue for the future of cybersecurity alone. This is becoming an extended period of challenge within enterprise infrastructure directly related to trust, resilience, and cryptographic continuity.

Enterprise Intelligence Outlook

Post-quantum security is moving into a new stage of operational enterprise planning.

Modernization of the cloud, expansion of hybrid infrastructures, deployment of AI-based systems, need for long-term data security, and increasing geopolitical cyber risks are creating increased urgency around cryptographic resiliency.

Adversaries will increasingly leverage long-term cryptographic vulnerabilities instead of only seeking immediate avenues for exploitation.

From an enterprise security leadership perspective, the challenge is not anymore to determine if there is going to be quantum disruption within enterprise ecosystems at some point.

Rather, it is about how fast companies can modernize their cryptographic ecosystems while ensuring continuity in distributed infrastructures.

Cryptographic resiliency is emerging as one of the key cybersecurity concerns for today’s enterprise economy.

References

1. Gartner (2025) Gartner Forecasts Worldwide End-User Spending on Information Security to Total $213 Billion in 2025. Available at: Gartner (Accessed: 18 May 2026).
2. IBM (2025) What is Quantum-Safe Cryptography? Available at: IBM (Accessed: 18 May 2026).
3. Deloitte (2021) Crypto-Agility and Quantum Computing. Available at: Deloitte (Accessed: 18 May 2026).