The Coming Wave: Post-Quantum Cryptography and the Future of Cybersecurity

Quantum computing represents an existential threat to traditional encryption. Cryptographic standards like RSA and ECC, which form the backbone of digital security, were never built to withstand quantum-level computation. Once quantum machines reach scale, they’ll be able to break them in minutes.

Post-Quantum Cryptography (PQC) offers a drop-in, scalable alternative built to survive the quantum era. Unlike theoretical solutions like quantum key distribution (QKD), PQC is grounded in challenging mathematical problems resistant to quantum attacks, making it the most viable path forward for securing modern infrastructure.

The urgency to adopt PQC is intensifying as "harvest now, decrypt later" threats become more plausible. Adversaries are already collecting encrypted data today, betting they’ll be able to crack it once quantum computers mature, turning delayed action into a future data breach.

Incumbent security vendors and hyperscalers are gearing up for the shift, but few have announced definitive roadmaps. Companies like Palo Alto Networks and CrowdStrike are likely preparing PQC integrations behind the scenes, while NIST and NSA are actively shaping standards that will govern global adoption.

This transition will pressure legacy vendors and favor agile players. Incumbents reliant on classical cryptography may lose share unless they invest early in cryptographic agility and infrastructure upgrades, opening the door for startups like PQShield and Quantinuum to carve out meaningful market positions.

PQC is not just a technical evolution—it’s a strategic imperative. Organizations that lead in quantum resilience will earn trust, regulatory favor, and long-term competitive advantage, while laggards will face compliance risk, customer attrition, and reputational harm in the quantum era.

I’ll be structuring the article as follows:

1. History of legacy solutions
2. The introduction of post-quantum cryptography (PQC)
3. The new potential cybersecurity landscape
4. Challenges that come with adapting PQC

Legacy Solutions:

Soon after the inception of the internet, cybersecurity emerged as a critical tool to protect users and enterprises from cybercrime. Cybersecurity vendors have continuously evolved over the past 25 years to keep pace with an ever-changing threat landscape. The seesaw battle between cyber defenders and attackers is a constant chess match of adaptation and escalation. Legacy security vendors like Palo Alto Networks, CrowdStrike, IBM, and others typically focus on staying ahead, not only to safeguard customers but also to gain an edge in a fiercely competitive market. Each new wave of innovation created a turning point in this race. Now, the next major shift is emerging: the rise of quantum computing and the urgent need for post-quantum cryptography (PQC).

Today’s cybersecurity systems, like all digital technologies, are built on classical computing principles using bits. Bits are 0s and 1s, and are the foundation of both data processing and encryption. For decades, standard cryptography methods such as RSA and ECC protected our most sensitive information, including online banking credentials, enterprise communications, and national security systems. Our current systems rely on mathematical problems that are nearly impossible for traditional computers to solve efficiently. These methods served us well, but are rapidly approaching obsolescence as the emergence of quantum computers looms. 

Quantum computers, which process information using quantum bits, or qubits, pose a unique and potent threat to our established cryptographic foundation. Unlike traditional bits, qubits can exist in multiple states at once due to the principle of superposition. Superposition is a fundamental principle in quantum mechanics that states a quantum system can exist in numerous states at the same time until it is measured or observed. Superposition allows quantum machines to solve certain mathematical problems exponentially faster than any traditional computer and resolve previously intractable computations. While quantum computers present an exciting opportunity, they also pose the threat of breaking current encryption solutions. Specifically, by delivering simultaneous computation capacity, quantum computing systems can process data volumes that are unfathomable with even the most powerful classical computers available today. As the National Institute of Standards and Technology (NIST) warns, “If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use.”

To address this looming vulnerability, the cybersecurity community is turning to post-quantum cryptography (PQC). At its core, PQC is a new class of encryption algorithms specifically designed to resist the capabilities of quantum computers. These algorithms rely on mathematical problems that even quantum computers are expected to struggle with. Unlike quantum cryptography, which uses the principles of quantum mechanics to enable secure communication, PQC aims to be a drop-in replacement for current encryption methods, making it more practical to implement at scale across existing systems.

To put it simply, PQC is a proactive measure to future-proof our digital infrastructure. Today’s encryption, while effective against current threats, will be rendered vulnerable in the quantum era. Although large-scale quantum computers are yet to be realized, the concern is not hypothetical. The rise of “harvest now, decrypt later” attacks makes PQC even more important in the cybersecurity landscape. “Harvest now, decrypt later” attacks intercept encrypted data today and store it until quantum technology matures, when the sensitive information will be accessible. These threats symbolize why organizations, governments, and standards bodies are urgently working to define and deploy quantum-resistant solutions.

Without adequate preparation, quantum computing could dismantle the trust model that underpins the internet, financial systems, healthcare data, and global communications. As a result, the emergence of PQC is not just a technical upgrade, but represents a foundational shift in how we secure the digital world. Companies that adapt quickly will be better positioned to protect their customers and remain competitive, whilst those that lag may find themselves exposed in the increasingly competitive cyber environment.

Potential Landscape:

Post-Quantum Cryptography (PQC) represents a fundamental shift in the cybersecurity landscape, with the potential to disrupt nearly every existing encryption system. PQC is not just an upgrade but a reimagining of how digital systems protect sensitive data in the face of emerging quantum threats. This transition opens up a significant opportunity for cybersecurity innovation and a shift in the value and position of cybersecurity providers. Companies that can proactively integrate PQC into their systems will gain a competitive edge and ensure long-term data protection. However, this transition threatens vendors that delay or struggle with PQC adoption. A large segment of legacy solutions built on classical cryptography will be at risk for share loss in this significant technology transition.

While PQC offers a promising path forward to safeguard digital infrastructure in the quantum era, it also presents a complex, resource-intensive transition for which few organizations are fully prepared. The challenge is not just technological, but it’s also strategic. Those who act early and invest in quantum-resilient architectures will be best positioned to weather the coming wave of quantum disruption. This new threat landscape creates a significant opportunity for security to step up its game. The challenge is adapting and preparing before quantum computers begin deployment. This challenge creates a race to deliver new solutions that protect against quantum attacks and tie into the current network.

As a result of this fundamental shift, the traditional cryptographic protocols that currently safeguard sensitive data may rapidly become insufficient once quantum capabilities reach maturity. While fully functional, large-scale quantum computers are not yet available, their theoretical capabilities have already sparked a critical race across governments, enterprises, and academia to develop quantum-resistant encryption standards.

Companies reliant on traditional encryption could face substantial operational risks, including data breaches, compliance failures, and reputational damage. Cybersecurity teams must evolve rapidly, transitioning to quantum-safe algorithms, updating protocols, and re-architecting key management infrastructures, all without disrupting existing operations.

In July 2022, NIST announced the first four algorithms selected for standardization, focusing on both public-key encryption and digital signatures. These new algorithms—including CRYSTALS-Kyber and CRYSTALS-Dilithium—represent a foundation for the next generation of cryptographic defenses. However, the adoption process is complex, requiring not only technical integration but also coordination across hardware manufacturers, software providers, and regulatory bodies.

Due to its complexities, PQC opens up numerous opportunities for startups, internal R&D teams, and current cybersecurity vendors. The race is on for players, and here is what selected companies are planning:

Palo Alto Networks (PANW): As the quantum threat emerges, PANW is expected to integrate quantum-resistant encryption across its platforms, like Prisma Cloud and GlobalProtect. Although not yet public with a PQC rollout, the company is likely preparing internally to support NIST-compliant PQC algorithms and maintain its leadership in the enterprise and government markets.

CrowdStrike (CRWD): With a cloud-native design, CrowdStrike is well-positioned to adopt quantum-safe digital signatures and secure telemetry. Though they have not announced specific PQC plans, their architecture allows for rapid deployment of post-quantum updates once standards are finalized.

Fortinet: Fortinet's challenge lies in updating both software and hardware to handle PQC's larger key sizes. PQC is hard to run, and Fortinet is expected to provide firmware updates and new hardware that supports post-quantum encryption, especially for VPNs and edge devices. If they do not adapt and make these necessary updates, they could face increased pressure from customers and competitors. 

PQShield: PQShield is a startup focused entirely on embedding PQC into software, hardware, and secure messaging. It develops cryptographic IP and toolkits that align with NIST standards. They partner with chipmakers and enterprises to embed quantum-safe encryption into products and communications. PQShield could see strong tailwinds due to the increasing focus on PQC and could be an easy tuck-in acquisition for cybersecurity enterprises. 

Quantinuum: Quantinuum focuses on combining quantum research with applied enterprise security. Its Quantum Origin product creates quantum-enhanced encryption keys, which can strengthen classical and PQC systems. Currently, it partners with banks and telcos to integrate quantum-safe key generation into their existing infrastructure. Similar to PQShield, we expect Quantinuum to experience tailwinds from the growing need for quantum-enhanced encryption keys.

Other Key Players: Major cloud service providers such as AWS, Microsoft Azure, and Google Cloud are also laying the groundwork for PQC. These providers are beginning to offer experimental PQC cipher suites and are updating their Key Management Services to support both hybrid and post-quantum key exchange algorithms. Infrastructure players, including Cloudflare, are also stepping up their game by piloting PQC-enhanced TLS and providing developer tools to experiment with quantum-safe protocols. Standards bodies like NIST and the NSA are finalizing recommendations that will drive PQC implementation across regulated industries, especially in government, defense, and finance. These larger ecosystem efforts will create a top-down push that encourages (or forces) security vendors to align quickly.

Challenges: 

Despite its promise, implementing PQC comes with significant challenges, both technical and operational. Unlike classical cryptographic methods, PQC algorithms require significantly more processing power, memory, and bandwidth. Key sizes and signatures will likely be much larger than those in legacy systems, which can strain existing networks, slow down performance, and complicate integration across systems like cloud platforms and mobile applications. Moreover, these algorithms are still relatively new, and their real-world resilience is still being tested. There is a lack of standardization across vendors as each is developing its solutions internally, creating an unstable environment where organizations struggle to adopt a universally trusted solution.

Another challenge is that the migration to PQC is not as simple as flipping a switch. Security teams must carefully evaluate which parts of their infrastructure are most vulnerable to quantum threats, conduct cryptographic inventories, and plan for a phased transition, all while ensuring backward compatibility with users and systems that still rely on classical encryption. This process is labor-intensive and requires specialized knowledge, new software tooling, and potentially even hardware upgrades. Furthermore, the quantum algorithms themselves are not built "on qubits" (as quantum computers are), but they are built to resist quantum attacks; however, their complexity often makes them harder to optimize and deploy efficiently in real-world systems.

The challenge of adapting to post-quantum cryptography (PQC) naturally raises the question: are there less intensive alternatives? While PQC is specifically designed to resist attacks from quantum computers, other approaches, such as quantum key distribution (QKD) and simply increasing key sizes in existing algorithms, are also being explored. QKD, which also uses principles of quantum mechanics, securely distributes encryption keys between parties. This gives unconditional security, meaning messages remain secure regardless of future computational power. However, it also comes with significant drawbacks. QKD requires specialized quantum hardware, which is costly, and similarly cannot be easily integrated into existing infrastructure. While expensive, increasing key sizes in classical cryptography may provide short-term resistance to “harvest now, decrypt later” attacks, but it is not a sustainable long-term defense against quantum attacks. Ultimately, while these alternatives are part of the broader post-quantum discussion, PQC remains the most practical and scalable path forward for securing data in the quantum era.

At the same time, PQC presents a fertile ground for startups and cybersecurity innovators. New companies are emerging to offer PQC integration, cryptographic agility frameworks, and specialized hardware acceleration. Venture capital has begun flowing into this sector, and partnerships between academic institutions and industry players are fostering rapid advances. Those who can deliver scalable, standards-compliant, and easy-to-implement quantum-safe solutions will find themselves in high demand as organizations across the world begin to overhaul their cryptographic infrastructure.

In conclusion, the potential landscape of post-quantum cryptography is defined by a dual narrative: an urgent threat posed by the advent of quantum computing, and an unprecedented opportunity to reshape digital security for decades to come. The success of this transition will depend not just on technical innovation but also on strategic foresight, cross-sector collaboration, and a willingness to evolve before the threat materializes. Organizations that begin planning and investing today will be best positioned to protect their data, maintain trust, and thrive in the quantum era.

In the coming years, as research in quantum computing accelerates, the cybersecurity industry will face one of its most significant transformations yet. PQC is no longer a futuristic concept—it’s a necessary step to ensure the continued confidentiality, integrity, and trustworthiness of digital information in a post-quantum world.

Views expressed in these emails are ours and ours alone and don’t represent those of our previous or current employers. Public Comps provides financial and industry information regarding public software companies as part of our weekly dashboard, our blog, and emails. Such information is for general informational purposes only and should not be construed as investment advice or other professional advice.