Post-quantum cryptography

Your expert for questions

Thomas Klir
Director Cyber Security & Privacy at PwC Germany
Email

Why post-quantum is an immediate risk for your business

Quantum computers are not just a research topic for tomorrow. Attackers are already collecting encrypted data with the aim of decrypting it later – "store now, decrypt later" (SNDL). Organizations with long-term data storage are particularly at risk: financial and customer data, health information, intellectual property, government communications. When, in a few years, quantum computers are able to attack and break established methods such as RSA, this data that is being collected today will suddenly become readable.

At the same time, legislators are tightening compliance requirements for cryptography, resilience, and governance with DORA and NIS-2. Regulatory authorities expect you to know your crypto landscape, assess risks, and plan active migration paths. Waiting not only increases the technical risk, but also the regulatory risk. BaFin is also taking action, placing quantum computing and post-quantum cryptography on its 2026 agenda to define future regulatory requirements.

Our post-quantum experts help you address these threats and plan mitigating measures in a roadmap – prioritized clearly, hands-on- and practicability-oriented, and with sustainability in mind. Instead of isolated individual measures, we offer a standardized 6-step approach that takes a holistic view of your existing cryptography landscape and identifies concrete options for action.

What is behind post-quantum cryptography and “store now, decrypt later”?

Today, digital security is largely based on cryptographic methods such as RSA or elliptic curves. These algorithms are considered secure as long as attackers do not have enough computing power to crack the underlying mathematical problems using brute force attacks. Due to the way these methods work, it is not possible to solve them efficiently with classical computers. Quantum computers are changing this balance: Future quantum computers with sufficient power could break common public key methods much faster than conventional computers. Today, RSA-2048 is the recommended encryption method, as even the fastest supercomputers would take several billion years to crack it. A future quantum computer with 20 million quantum bits would only need eight hours to complete this task.

Even before these quantum computers become widely available, attackers are using a different strategy: “Store now, decrypt later” (SNDL). This involves intercepting encrypted data packets—for example, from storage media and data transfers, insecure interfaces, or compromised backups—and storing them for future use. As soon as powerful quantum computers become available, this data can be decrypted retrospectively. This is particularly critical for information with a long confidentiality period, i.e., information that will still be critical in several years' time: financial and health data, confidential contracts, IP, government communications, or customer archives. In addition, quantum computers also pose a risk to certificates and digital signatures, undermining the established trust structure. This can enable attackers to gain access to systems using forged certificates, impersonate someone else, and use forged signatures to sign malicious code and pass it off as legitimate.

Post-quantum cryptography (PQC) describes cryptographic methods that are considered resistant even to known quantum attacks. International standardization initiatives such as the National Institute of Standards and Technology (NIST) have already standardized post-quantum algorithms and protocols. The BSI has also issued corresponding recommendations. For companies, however, this means more than just replacing keys and encryption methods: Applications, infrastructures, devices, and supply chains must be prepared, migration paths defined, and governance structures adapted. This is exactly where our approach comes in: We help you create transparency at an early stage, assess risks from SNDL and regulation, and develop a roadmap that makes post-quantum security plannable – without jeopardizing your ongoing operations.

Frequently asked questions about post-quantum security