CFOtech India - Technology news for CFOs & financial decision-makers
India
Flux result 3069e5f8 64d3 4f19 ae12 dac4e97e623c
#
Firewalls
#
Data Protection
#
Digital Transformation

QuSecure urges firms to start post-quantum migration now

Thu, 16th Apr 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

QuSecure says businesses should treat post-quantum cryptography migration as an immediate operational task, not a distant technology risk. It points to a cluster of 2029 targets set by Google, Cloudflare and India.

For most large organisations, the issue is no longer when a cryptographically relevant quantum computer will arrive, but how long it will take to move existing systems to post-quantum standards. That reflects a broader shift in thinking as governments, infrastructure operators and major technology groups set clearer deadlines.

Google has set a 2029 target for migrating its own infrastructure to post-quantum cryptography and has published research suggesting the quantum resources needed to break widely used cryptography may be lower than earlier estimates. Cloudflare has also moved its target for full post-quantum security to 2029, while India has set the same deadline for securing critical information infrastructure.

Taken together, these moves suggest migration planning is becoming tied to operational timetables rather than broad awareness campaigns. For companies with large estates of legacy systems, encrypted networks and compliance obligations, the challenge is likely to be how quickly they can audit, test and replace cryptographic tools without disrupting production systems.

Rebecca Krauthamer, chief executive officer and co-founder of QuSecure, said companies risk focusing too heavily on the timing of a quantum breakthrough instead of the work needed to prepare.

"Too much of the conversation is still centered on when cryptographically relevant quantum computers will fully arrive, and not enough on how long migration actually takes," Krauthamer said. "That is the real operational risk. The organizations that wait for certainty before they start will delay the one thing that will give them real clarity: hands-on experience migrating their systems."

Market divide

QuSecure sees the market beginning to split between early adopters and organisations still at the planning stage. Drawing on its work with US defence agencies and private-sector customers, it argues that execution is likely to overtake planning as the defining feature of the next phase of post-quantum migration.

Lengthy discovery exercises and road maps may give way to narrower pilot projects and phased roll-outs. Boards, senior management teams and regulators are also likely to demand visible progress rather than extensive planning documents.

That assessment reflects a familiar pattern in cyber security spending, where enterprises often struggle to turn strategic intent into deployment across complex estates. In post-quantum migration, the difficulty is greater because organisations must identify where cryptography sits across applications, networks, devices and supplier connections, many of which may not be fully documented.

Legacy constraint

QuSecure also identifies continued dependence on older infrastructure as a second pressure point. Many critical systems in finance, defence, telecoms and industrial operations cannot be removed and replaced quickly because of cost, operational risk or technical interdependence.

As a result, suppliers and customers are likely to favour migration approaches that change cryptography while leaving underlying systems in place. Non-disruptive migration is therefore likely to become the default model as more organisations begin practical deployments.

For large enterprises, the challenge is not only technical. It also has budget and governance implications, as security teams must work with operations leaders, procurement departments and external vendors to ensure upgraded cryptographic methods remain compatible with longstanding systems.

Adaptive security

QuSecure's third prediction is that crypto-agility will become a requirement rather than an optional design choice. A one-off update to encryption standards will not be enough, it argues, because both technical standards and threat models will continue to change.

That view has gained traction across the cyber security industry, where concern is growing that static defences may age quickly as quantum computing research advances and AI-related attack methods evolve. QuSecure referred to recent concern around Claude Mythos as shorthand for AI-amplified threats that move faster than fixed security responses.

Krauthamer said organisations that lead in the next stage of the market will be those that begin implementation early, not those that spend the longest preparing.

"The next few years will not be defined by awareness of quantum risk," Krauthamer said. "They will be defined by execution. The leaders will not be the ones with the thickest slide decks. They will be the ones that start the real work soon enough to finish it."

Related stories
Anthropic shifts enterprise billing to token-based pricing
CIQ launches Linux compliance platform ahead of deadlines
Companies change incentive plans faster, report finds
Temenos forum spotlights AI & banking modernisation
AI drives surge in complex software pricing models

Top stories

OpenAI launches GPT-Rosalind for life sciences research
Mirantis integrates NVIDIA Run:ai to speed AI deployment
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Mastercard & Lobster.cash team up for AI agent payments