Post-Quantum Cryptography: Capgemini’s Cybersecurity Roadmap for the Quantum Era

The Quantum Cybersecurity Threat: Why PQC Has Become Urgent

Quantum computing has crossed a threshold that demands immediate attention from every organization handling sensitive data. The Capgemini Research Institute’s landmark report, “Future Encrypted: Post-Quantum Cryptography and the New Cybersecurity Agenda,” based on a survey of 1,000 organizations with annual revenues exceeding one billion dollars across 13 sectors and 13 countries, makes a compelling case that post-quantum cryptography is no longer a theoretical concern but an operational imperative. The quantum threat to public-key cryptography has moved from academic curiosity to boardroom priority, driven by accelerating hardware advances, error correction breakthroughs, and algorithm optimisations.

The report reveals that 70% of surveyed organizations are either actively working on or planning to implement quantum-safe solutions within the next five years. This figure signals a tectonic shift in cybersecurity strategy, reflecting growing awareness that the current cryptographic foundations protecting global commerce, communications, and critical infrastructure could become fundamentally compromised. Regulatory catalysts have amplified this urgency: the NSA has recommended deprecating RSA below 2048 bits and elliptic curve cryptography by 2030, with full disallowance expected by 2035, while the EU has issued guidance urging member states to begin post-quantum transitions by the end of 2026.

Yet awareness alone does not equal preparedness. A striking 30% of organizations report no plans to address quantum risks within five years, and only 11% of the overall sample qualify as “quantum-safe champions” with both governance maturity and execution capability. This gap between recognition and action represents the core challenge that Capgemini’s research illuminates. For organisations exploring how leading institutions approach cybersecurity transformation, our interactive library of cybersecurity analyses provides additional perspectives.

Post-Quantum Cryptography Explained: From RSA to Quantum-Safe Algorithms

Post-quantum cryptography refers to classical cryptographic algorithms specifically designed to resist attacks from both conventional and quantum computers. Today’s widely deployed public-key systems, including RSA, elliptic curve cryptography (ECC), and Diffie-Hellman key exchange, rely on mathematical problems that quantum algorithms can solve efficiently. Shor’s algorithm, running on a sufficiently powerful quantum computer known as a cryptographically relevant quantum computer (CRQC), could factor large integers and compute discrete logarithms in polynomial time, rendering these encryption methods obsolete.

The concept of Q-Day, the hypothetical date when quantum computers achieve this capability at scale, frames the urgency of the PQC transition. Capgemini’s survey found that among early adopters, 3% expect Q-Day within one to two years, 14% within two to five years, 44% within five to ten years, and 24% beyond ten years, while 16% remain uncertain. The diversity of these estimates underscores the fundamental challenge: organisations cannot predict the exact timeline but must prepare for a range of scenarios.

The mathematical underpinning of PQC algorithms differs fundamentally from traditional approaches. Lattice-based cryptography, which forms the basis of the leading NIST-selected algorithms, relies on problems such as the shortest vector problem in high-dimensional lattice structures, believed to be resistant to quantum attack. Hash-based signatures offer another quantum-resistant approach with well-understood security properties. Understanding these technical foundations is essential for security architects tasked with evaluating and implementing quantum-safe solutions across complex enterprise environments.

NIST Post-Quantum Cryptography Standards and the Global Regulatory Landscape

The standardisation landscape for post-quantum cryptography reached a watershed moment in August 2024 when NIST announced the first three PQC algorithm selections. CRYSTALS-Kyber was chosen for key encapsulation, providing quantum-safe key exchange. CRYSTALS-Dilithium was selected for digital signatures, the most critical function for authentication and integrity verification. SPHINCS+, a hash-based signature scheme, offers a conservative alternative with security based on well-understood hash function properties. These selections give organisations a concrete, vetted baseline for initiating PQC pilot programs and integration planning.

Regulatory momentum has accelerated in parallel with standardisation. The NSA’s guidance recommending deprecation of RSA and ECC by 2030, with mandatory disallowance by 2035, establishes a clear compliance timeline for organisations in the defence and intelligence supply chain. The European Union has taken an equally proactive stance, publishing a transition roadmap that calls for member states to begin PQC migration by the end of 2026, with critical infrastructure sectors required to complete transition by 2030. These regulatory signals transform PQC from a technical consideration into a compliance and governance obligation.

Beyond government regulators, industry bodies and standards organisations are building the ecosystem infrastructure required for practical PQC deployment. The Internet Engineering Task Force (IETF) is developing quantum-safe protocol specifications, while sector-specific regulators in banking, healthcare, and telecommunications are beginning to incorporate quantum risk into their supervisory frameworks. This multi-layered regulatory environment creates both pressure and support for enterprise PQC transitions. Explore how NIST’s PQC standardisation program provides the technical foundation for these global regulatory developments.

Harvest Now Decrypt Later: The Cybersecurity Risk Already Underway

Among the most alarming findings in Capgemini’s research is the scale of concern around harvest-now, decrypt-later (HNDL) attacks. Approximately 65% of organisations express concern about this attack vector, in which adversaries intercept and store encrypted data today with the explicit intention of decrypting it when quantum computing capability becomes available. This is not a future threat but a present one: the data collection is happening now, even if the decryption will occur years hence.

The implications are particularly severe for organisations handling data with long confidentiality requirements. Healthcare records that must remain protected for decades, financial data subject to regulatory retention periods, state secrets with indefinite classification horizons, and intellectual property protecting years of research investment are all vulnerable to HNDL attacks. The Capgemini report applies Mosca’s theorem to frame the urgency: if the required data confidentiality period plus the system migration time exceeds the time until Q-Day, organisations are already in a window of vulnerability.

This risk calculus fundamentally changes the economics of PQC investment. Traditional cybersecurity return-on-investment models based on preventing immediate breaches underestimate the value of PQC migration because the damage from HNDL attacks may not manifest for years. Boards and CFOs must understand that every day of delay in implementing quantum-safe encryption increases the volume of data potentially compromised by future quantum attacks. The 57% of early adopters who report preparing for Q-Day regardless of when it arrives demonstrate this strategic mindset, treating PQC investment as insurance against an uncertain but potentially catastrophic event.

Capgemini Survey: PQC Adoption Rates Across Industries

Capgemini’s survey reveals stark differences in PQC readiness across industries, reflecting varying levels of regulatory pressure, data sensitivity, and security maturity. The defence sector leads with 90% of organisations planning or adopting quantum-safe solutions, a figure driven by government mandates, classified data protection requirements, and long procurement cycles that demand forward-looking security architectures. Banking and financial services follow closely at 86%, reflecting the sector’s acute awareness of data protection obligations and the potentially catastrophic consequences of cryptographic failure in payment systems and transaction integrity.

Aerospace ranks third at 83%, consistent with the industry’s overlap with defence applications and its reliance on secure communications for safety-critical systems. Telecommunications, high technology, insurance, public sector, automotive, healthcare, utilities, and energy sectors generally show above-average adoption rates, driven by critical infrastructure designations and regulatory expectations. The healthcare sector’s engagement reflects growing awareness that patient data protection extends well beyond current regulatory compliance to encompass decades-long confidentiality requirements.

Consumer products and retail lag significantly, with adoption rates of just 48% and 49% respectively. These figures suggest that sectors with shorter data retention requirements and less regulatory pressure on encryption standards are underestimating their quantum risk exposure. However, any organisation that processes payment card data, maintains customer databases, or relies on digital authentication is vulnerable to quantum-enabled attacks. The gap between high-readiness and low-readiness sectors represents a systemic vulnerability: quantum attackers will target the weakest links in interconnected supply chains. Browse our interactive library of industry research analyses for further sector-specific cybersecurity insights.

Quantum-Safe Champions: What Leading Cybersecurity Organizations Do Differently

Only 15% of early adopters, representing 11% of the total sample, qualify as quantum-safe champions in Capgemini’s framework. These organisations distinguish themselves through a combination of governance maturity and execution capability that separates strategic preparation from reactive awareness. Understanding what champions do differently provides a roadmap for the remaining 89% of organisations still working toward quantum readiness.

Champions demonstrate several consistent characteristics. First, they maintain active board and executive leadership engagement, with 39% of early adopters overall reporting that their leadership regularly discusses quantum impacts. Champions exceed this benchmark substantially, treating PQC as a strategic risk rather than delegating it entirely to technical teams. Second, champions have established live cryptographic inventories that map their entire encryption landscape, identifying which systems use which algorithms, where keys are stored, and which data flows depend on public-key cryptography vulnerable to quantum attack.

Third, champions invest in building organisational crypto-agility: the technical and procedural capability to swap cryptographic algorithms without requiring extensive system redesigns. This involves modular architecture decisions, abstraction layers in security libraries, and procurement standards that require quantum-safe roadmaps from vendors. Fourth, champions engage actively with their supply chain, adding quantum-safe clauses to vendor contracts and participating in industry consortia to share readiness information. The 75% of early adopters who believe industry-wide collaboration is critical reflects the champions’ influence on broader ecosystem thinking. For additional analysis of European cybersecurity threat landscapes, ENISA provides complementary research.

Crypto-Agility and the Enterprise PQC Migration Roadmap

Crypto-agility, the ability to efficiently swap cryptographic algorithms without extensive system redesigns, emerges as the single most important architectural principle for the quantum transition. Capgemini’s report emphasises that PQC standards will continue to evolve as cryptanalysis advances and implementation experience grows. Organisations that design for agility today will avoid expensive retrofit cycles when algorithms are updated or when hybrid approaches need adjustment during the multi-year transition period.

A practical PQC migration roadmap follows several phases. The first phase involves discovery and assessment: building a comprehensive cryptographic inventory that catalogues every system, application, library, and hardware security module using public-key cryptography. This inventory must be live, not a one-time snapshot, updating automatically as infrastructure changes. The second phase focuses on risk prioritisation, ranking systems by the sensitivity and retention requirements of the data they protect, the feasibility of migration, and the dependencies on external systems and partners.

The third phase involves targeted pilots and proofs of concept, testing PQC algorithm implementations in controlled environments to evaluate performance impacts on throughput, bandwidth, and latency. Capgemini notes that PQC algorithms generally require larger key sizes and may affect system performance, making empirical testing essential before broad deployment. The fourth phase is phased production rollout, beginning with the highest-risk systems identified in the assessment phase and progressively extending to lower-priority systems. Throughout all phases, hybrid approaches that combine classical and quantum-safe algorithms provide defence in depth, ensuring security even if one algorithm family proves vulnerable to unexpected attacks.

Vendor Ecosystem: Cloud Providers and PQC Technology Readiness

The vendor ecosystem’s rapid adoption of PQC provides both acceleration opportunities and integration challenges for enterprise migration. Amazon Web Services has enabled Kyber-based key exchange options, allowing customers to test quantum-safe TLS connections in production environments. Cloudflare has deployed hybrid TLS key agreements across its global network and is rolling out broader PQC support, providing a reference implementation that many organisations can leverage through existing CDN and security relationships.

OpenSSL, the foundational cryptographic library underlying much of the internet’s security infrastructure, released version 3.5 in April 2025 with native PQC algorithm support. This milestone is particularly significant because OpenSSL’s ubiquity means that PQC capabilities are now available to virtually any application that uses standard TLS libraries. Apple’s announcement of PQ3 protection for iMessage demonstrates that consumer-facing applications are beginning to implement quantum-safe encryption, while Microsoft’s addition of PQC support in Windows Insider builds signals that operating system-level PQC integration is approaching general availability.

These vendor developments create a practical pathway for enterprise PQC adoption that would have been impossible just two years ago. However, organisations must navigate vendor-specific implementations, ensure interoperability across heterogeneous environments, and manage the performance implications of larger key sizes and different algorithm characteristics. Hardware security modules (HSMs), which many organisations rely on for key management, require firmware updates or replacement to support PQC algorithms, representing a significant procurement and deployment timeline that must be factored into migration plans. For deeper analysis of the NIST post-quantum cryptography project, the Computer Security Resource Center provides comprehensive technical documentation.

Building Your Post-Quantum Cybersecurity Strategy: Recommendations

Capgemini’s research concludes with actionable recommendations that provide a comprehensive framework for enterprise PQC strategy. The first priority is conducting a thorough quantum risk assessment: organisations must build and maintain a live cryptographic inventory, classify assets by sensitivity and data retention requirements, and identify long-lived secrets and data-at-rest with extended confidentiality demands. Without this foundational visibility, any migration effort will be incomplete and potentially misdirected.

Creating executive awareness and governance structures ranks as the second critical action. Boards and C-suite leaders must understand the quantum threat not as a distant technology risk but as a present strategic exposure. Regular board-level discussions on quantum impacts, dedicated PQC programme oversight, and clear accountability chains ensure that migration receives the sustained attention and resources a multi-year transformation requires. The 53% of early adopters who believe early PQC investment yields strategic benefits demonstrates the competitive advantage of proactive governance.

Organisations should prioritise their initial PQC efforts on public-key functions, specifically key exchange and digital signatures, since symmetric encryption algorithms like AES remain largely quantum-resistant with appropriate key lengths. Running targeted pilots using NIST-selected algorithms allows teams to evaluate performance impacts and integration challenges before committing to broad rollout. Designing for crypto-agility throughout this process ensures that systems can adapt as standards evolve and new algorithms are introduced.

Workforce investment and supply chain engagement complete the strategic framework. The skills gap in PQC expertise is real: organisations must fund dedicated PQC teams, upskill existing security staff, and compete for scarce cryptographic engineering talent. Simultaneously, adding quantum-safe clauses to vendor contracts, working with cloud providers on PQC roadmaps, and participating in industry consortia builds ecosystem-wide resilience. The quantum cybersecurity transition is not a solo journey but a collaborative transformation that requires coordinated action across industries, supply chains, and international borders. Discover more interactive analyses of major cybersecurity reports in the Libertify Interactive Library.