What happens to your business data if today’s encryption stops working?
Cyber security is always evolving as technology develops. One area receiving more attention today is quantum computing and the possible impact it could have on modern encryption.
Many of the systems businesses use every day rely on encryption to protect information. Email platforms, secure websites, cloud services and authentication systems all use cryptography to keep communications private and data secure. It works quietly in the background, so it is rarely something businesses think about until something goes wrong.
Because of this, researchers are asking an important question. What happens if future quantum computers become powerful enough to break some of the encryption methods widely used today?
That situation may still be many years away. Even so, cyber security agencies are encouraging organisations to start thinking about how their systems may need to adapt in the future. This is where post-quantum cryptography becomes relevant.
Why Quantum Computing Matters for Cyber Security
Much of today’s secure communication relies on public key cryptography. This is what allows systems to:
- Securely exchange information
- Verify identities online
- Protect data across networks and platforms
It underpins technologies such as HTTPS, email security, cloud services, and digital certificates.
These systems are highly effective today. However, they are based on mathematical problems that are difficult for traditional computers to solve but could become much easier for powerful quantum computers.
If that happens, some of the encryption methods widely used today may no longer provide the same level of protection.
What Is Post-Quantum Cryptography?
Post-quantum cryptography refers to a new generation of encryption algorithms designed to remain secure even if powerful quantum computers become available.
These algorithms are based on mathematical problems that are believed to be difficult for both traditional computers and quantum computers to solve. The aim is to ensure that encrypted communications remain protected as computing technology continues to advance.
At present, these new cryptographic methods are being evaluated through an international process led by the National Institute of Standards and Technology (NIST). Candidate algorithms are carefully analysed and tested through several rounds before being approved as official standards.
Cyber security authorities around the world are closely monitoring this process before recommending new encryption technologies.
Current Guidance from Australian Cyber Security Authorities
According to guidance from the Australian Signals Directorate (ASD), the cryptographic technologies currently in use remain the most effective way to secure communications today.
For most organisations, this means:
- Continuing to follow established cyber security best practices
- Keeping systems updated and properly maintained
- Monitoring developments in post-quantum cryptography
- New standards are still being finalised, and any transition will happen gradually over time.
Why Businesses Should Start Thinking About This Now
Although the risk is not immediate, there are practical reasons to start preparing early. Updating encryption is not a simple change. It often affects:
- Software applications
- Network infrastructure
- Hardware devices
- Cloud platforms
These systems are interconnected, and changes typically require planning, testing, and coordination with multiple vendors.
There is also a longer-term consideration. Some researchers have raised the possibility of “harvest now, decrypt later” attacks where encrypted data is collected today and decrypted in the future when more advanced technology becomes available.
For organisations that handle sensitive or long-term data, this is an important factor to consider.
Practical Planning Steps for Organisations
While no immediate changes are required, businesses can start preparing with a few practical steps:
1. Identify where encryption is used: Map out systems that rely on encryption, such as email platforms, cloud services, applications, and network infrastructure.
2. Understand your sensitive data: Identify which data is most valuable or requires long-term protection (e.g. financial data, confidential communications, intellectual property).
3. Review dependencies on vendors: Stay informed about how your technology providers plan to support future cryptographic standards.
4. Build internal awareness: Ensure relevant teams understand that cryptographic standards will evolve over time.
5. Plan for gradual change: Future updates will likely be phased. Early awareness makes this transition easier to manage.
Looking Ahead
Quantum computing is still developing, and the timeline for its impact on encryption remains uncertain. However, the direction is clear. Cyber security standards will continue to evolve, and organisations will eventually need to adapt. At the same time, staying informed about developments such as post-quantum cryptography will make it easier to respond when changes are required.
Frequently Asked Questions
Will quantum computers break current encryption?
Researchers believe sufficiently powerful quantum computers could break some forms of public key cryptography used today. However, such computers do not currently exist.
What is post-quantum cryptography?
Post-quantum cryptography refers to encryption methods designed to remain secure even if powerful quantum computers become available.
Do small businesses need to worry about this now?
Most businesses do not need to make immediate changes. However, understanding where encryption is used within their systems can help organisations prepare for future security developments.
How long before quantum computers affect encryption?
Experts believe that large-scale quantum computers capable of breaking current encryption are still in development. However, because cryptographic transitions can take many years, governments and cyber security organisations are encouraging early planning.