How far away is Q-Day?
This is probably the most widely asked quantum-related question outside of “How far away is fault-tolerant quantum computing?”
While we are starting to reach some consensus on the latter question (2-4 years, you say?), an answer to the former question is more elusive. Q-Day is a general future marker for a time when cryptographically-relevant quantum computers (CRQCs) will be able to break public key encryption. What we do know is that fault-toler quantum computers (FTQCs) will precede CRQCs by at least a little because it will take an FTQC to run Shor’s Algorithm, the theoretical (but demonstrated and verified in small-scale tests) integer factoring algorithm that could be used to be bust current encryption standards.
The unfortunate reality is that encrypted data being stolen today could be held and broken open eight or 10 years from now when CRQCs are ready to get cracking.
Therefore, the real question to ask is not “How far away is Q-Day?” but “Are we ready to embrace quantum-safe security now?”
The recent Citi Institute Quantum Threat: The Trillion-Dollar Security Race is On, looks at how rapidly the quantum threat could increase in the years to come, how much a major quantum attack could cost, and how institutions are preparing to protect themselves.
Ronit Ghose, Global Head, Future of Finance, Citi Institute, and report contributor Rebecca Krauthamer, co-founder and CEO of QuSecure answered questions about the report for Quantum News Nexus.
QNN: As we get closer to the arrival of CRQCs, is the corporate enterprise world starting to take the quantum threat seriously?
GHOSE: We are watching quantum move from curiosity to operational risk management. As we highlight in the report, for the first time in 2025, we saw boards of organizations in the most at-risk sectors begin to prioritize quantum-safe migration programs and consider the budgets to back them up. Regulators are already pushing institutions to plan, and for highly regulated sectors it will not be optional even before there is a single universal mandate date.
KRAUTHAMER: I am seeing this shift from interesting technology to a boardroom issue because the standards exist now, and the hard part is implementation at scale. The winners are treating quantum readiness like a program, not a patch, and piloting early rather than getting stuck in planning or completionist discovery and inventory exercises.
QNN: What would you say to an organization that might say that it’s really hard to prepare for something when you don’t know how long you have to get ready?
GHOSE: The biggest misconception is that Q-Day is a single date. In practice it is a risk curve: data intercepted today can be decrypted later, so late movers may only realize the relevance after their long-lived data has already been harvested.
KRAUTHAMER: Q-Day is often framed as a future cliff, but from a risk standpoint it is already here because harvest-now, decrypt-later is happening today. The companies that wait for a headline moment will be the ones who discover their exposure when it is too late to unwind it.
QNN: Which companies or industries are doing a good job of getting ready, and which sectors need to make quantum-safe security more of a priority?
GHOSE: We would highlight readiness by capability, not brand: inventory where vulnerable crypto lives, prioritize high-value and long-lived data, enable hybrid modes, migrate in phases, then sustain continuous key management. That five-point execution discipline is what good looks like. As is highlighted in the SEC’s Post-Quantum Financial Infrastructure Framework, the organizations that are piloting early and often rather than waiting for full completion of strategic planning and inventory, are the ones for whom this migration will end up being the most painless.
Sectors that should treat this as urgent include financial services, telecom, healthcare, and critical infrastructure because the exposure is systemic and contagion-like. IoT is a special case because billions of devices are deployed, often have a lifespan of a decade or more, and can be more challenging to update.
KRAUTHAMER: The leaders are the ones designing new systems around NIST-aligned post-quantum standards and building cryptoagility so they can swap algorithms without a rewrite every time standards mature. That is the difference between a plan and a press release.
The laggards are where hardware is long-lived and hard to update, such as IoT at scale, industrial control environments, and anything with decades-long replacement cycles. If you cannot rotate keys and update software easily, you need a quantum-safe overlay now while you migrate.
The US government is also doing a good job of proactively mandating and migrating, with the first deadline coming at the end of this year. There can be no new acquisitions in national security after January 1, 2027, that do not support CNSA 2.0, which includes post-quantum cryptography.
As you can see in the report as well, the financial sector is doing a relatively good job. The sectors that need to pay the most attention are the public and financial sectors, for the myriad of reasons listed in the Citi Report. This also includes any other sectors that form the pillars of our society, such as the energy sector, Telecommunications, Pharmaceuticals & Healthcare, and other critical infrastructure.
QNN: Do you think we will know when some party–a government or corporation or some other type of organization–has a CRQC in its possession?
KRAUTHAMER: It is completely plausible the real Q-Day arrives before the world becomes aware of it. If a state actor or sophisticated adversary gets there first, they have incentives to use that advantage quietly rather than announce it publicly. So, you do not build your security strategy around whether IBM or Google posts a milestone blog. You build it around the fact that PQC is deployable today, and the data you cannot afford to expose later can be harvested now.
GHOSE: Even if leading quantum firms are transparent about progress, that does not guarantee the first cryptographically-relevant capability is public. The report explicitly flags the possibility that awareness may lag reality. This is why institutions should focus on implementation rather than prediction. The standards exist, timelines are forming, and the economic downside of being late can be enormous. (Citi’s report references the Hudson Institute estimate that indirect impact (GDP-at-risk) from a single-day quantum attack on one top-five U.S. bank’s access to the Fedwire settlement system could be in the range of $2 trillion to $3.3 trillion.)
Image by freepik.
Quantum News Nexus is a site from freelance writer and editor Dan O’Shea that covers quantum computing, quantum sensing, quantum networking, quantum-safe security, and more. You can find him on X @QuantumNewsGuy and doshea14@gmail.com.
Quantum News Nexus 
Leave a comment