Threatonomics

When will quantum decryption become practical?

by Emma McGowan , Senior Writer
Published

A strategic briefing for enterprise leaders

As part of Cybersecurity Awareness Month, we’re publishing this three-part series that distills a highly technical topic into strategic insights for leaders. Part 1 explained why quantum decryption poses a threat to current encryption systems. Part 2 lays out credible timelines for when the disruption may arrive. Part 3 will offer practical guidance on how organizations can begin preparing now to safeguard sensitive data, protect customer trust, and ensure compliance in a post-quantum future.

When will quantum computers become powerful enough to break today’s encryption? The answer depends on solving three major engineering challenges: building enough computing power, keeping that power stable and accurate, and running the calculations efficiently enough to crack encryption in a reasonable timeframe.

A quantum computer capable of breaking encryption—what experts call a Cryptographically Relevant Quantum Computer or CRQC—needs to maintain extraordinary precision across billions of calculations. Think of it like performing brain surgery while riding a roller coaster: The slightest vibration, temperature change, or electromagnetic interference can cause errors that ruin the entire calculation.

The error problem: Why quantum computers are so fragile

The fundamental challenge with quantum computers is that they’re incredibly error-prone. Unlike traditional computers where bits are either 0 or 1, quantum bits (qubits) exist in delicate states that are easily disrupted by environmental noise, temperature fluctuations, and even cosmic radiation.

To understand the scale of this problem, imagine you need to complete a calculation requiring trillions of steps, but each step has a chance of going wrong. One error early in the process can cascade and ruin the entire result. This is why quantum computers today can only run very short calculations before errors accumulate and make the results unreliable.

The solution: Error correction

Scientists have developed error correction techniques to address this problem, but they come at a steep cost. The most practical method currently available works like this: you take many error-prone “physical” qubits and combine them to create one reliable “logical” qubit.

Think of it like having a committee vote instead of asking one person to make a decision. If you ask 1,000 people the same question and most give the same answer, you can be pretty confident that answer is correct even if a few people got it wrong. Similarly, quantum error correction uses thousands of physical qubits to create one reliable logical qubit that you can trust.

Recent breakthroughs

In 2024, Google demonstrated an important milestone with its Willow processor, showing that adding more error correction actually reduced errors rather than creating more problems—a critical threshold that had eluded researchers for years. This proved that the approach works in principle, though we’re still far from having enough power to break encryption.

IBM has announced plans to achieve 200 reliable logical qubits by 2029, capable of performing over 100 million quantum operations. This would represent a major step toward a practical code-breaking quantum computer.

How many qubits does it take to break encryption?

Here’s where the numbers get interesting—and concerning.

To break the RSA-2048 encryption that protects most of today’s internet traffic, you need roughly 4,000 reliable logical qubits. But, remember, each logical qubit requires thousands of physical qubits to maintain accuracy through error correction.

The old estimate (2019): Researchers calculated it would take 20 million physical qubits, running for about 8 hours, to factor the massive numbers used in RSA-2048 encryption. This seemed safely decades away.

The new estimate (2025): Recent breakthroughs in quantum algorithms and error correction techniques have dramatically reduced requirements. We now know that fewer than 1 million physical qubits could do the same job in less than a week—a reduction of 95% in the hardware needed.

This is like learning that a construction project you thought would require 20,000 workers can actually be completed with 1,000 workers. It doesn’t happen overnight, but the timeline compresses significantly.

So when will Q-Day arrive?

“Q-Day” is the term used for the moment when quantum computers become powerful enough to break current public-key encryption. Based on current hardware development trajectories and recent algorithmic improvements, here’s what the timeline looks like:

Near-term (2025–2028): The experimental phase

Right now, we’re in what experts call the “Noisy Intermediate-Scale Quantum” era. Today’s largest quantum computers have over 1,000 physical qubits, but their error rates are still too high to run the complex calculations needed for code-breaking.

However, progress is accelerating:

  • Error correction experiments are succeeding
  • Early fault-tolerant systems with dozens of logical qubits may emerge by 2027
  • The gap between laboratory milestones and practical threats is narrowing

Bottom line for organizations: This is not an immediate threat, but it’s also not science fiction anymore.

Medium-term (2028–2032): The danger zone

This is when things get serious. IBM’s roadmap projects fault-tolerant quantum computers with hundreds of logical qubits by 2029. At this scale, breaking 1,024-bit RSA encryption (weaker than today’s standard) could become feasible in hours or days.

U.S. government agencies including NIST and NSA have issued warnings that Q-Day could arrive as early as 2030, particularly if a breakthrough accelerates hardware development. The recent reduction in qubit requirements makes this timeline increasingly credible.

Bottom line for organizations: Any data you want to keep confidential beyond 2035 needs protection now. Remember the “harvest-now, decrypt-later” threat from Part 1—adversaries are already collecting encrypted data with plans to decrypt it when quantum computers arrive.

Long-term (2032–2035): High probability

Industry consensus from quantum security experts places the probability of a CRQC existing by 2035 at greater than 50%. If hardware development and algorithmic optimization continue at their current pace, the standard RSA-2048 and elliptic curve cryptography protecting most internet traffic will no longer be secure within this timeframe.

Bottom line for organizations: This is the outer boundary of the timeline. Any organization with data that must remain confidential for 10+ years is at risk.

What this means for your organization

The window for preparation is narrowing faster than most organizations realize. Here are the strategic implications:

1. The threat timeline has compressed: What was once a distant theoretical risk is now a near-to-medium-term business concern that requires action.

2. Migration takes years: Upgrading cryptographic systems across an entire organization isn’t something you can do quickly. You need time to inventory systems, test new solutions, and roll out changes without disrupting operations.

3. Some data needs protection now: If you’re protecting information that must remain confidential through 2035—health records, long-term contracts, intellectual property, legal documents—that data is already at risk from harvest-now, decrypt-later attacks.

4. Competitive advantage for early movers: Organizations that begin transitioning to quantum-resistant cryptography now will maintain trust and compliance while competitors scramble to catch up.

5. Regulatory pressure is coming: Government agencies are already pushing organizations with national security or critical infrastructure roles to begin migration. Broader regulatory requirements are likely to follow.

The critical question

Given the accelerating timeline and the years required for cryptographic migration, when should your organization begin preparing? Part 3 of this series will provide practical guidance on how to assess your quantum risk exposure and develop a realistic transition plan.

The good news is that quantum-resistant cryptographic standards have already been developed and published. The challenge now is organizational: identifying what needs protection, planning the transition, and executing before Q-Day arrives.

About the Author
Emma McGowan , Senior Writer

Emma McGowan is the Senior Writer for industry-leading cyber risk company Resilience. She has been a full-time writer and editor for over 10 years, focused on technology and women’s health. Tech-fluent and highly motivated, Emma brings holistic experience leading brands in the delivery of high-quality, high-impact, multimedia digital content supported by strategy, planning, and performance analysis.

You might also like

What business leaders need to know about post-quantum cyber risk

Quantum computing is on the horizon and with it comes a seismic shift in how organizations must think about cybersecurity risk. The ability of future quantum machines to break today’s cryptographic protections–what we call quantum decryption–could undermine the trust, confidentiality, and resilience of digital business.                                                                                          As part of Cybersecurity Awareness Month, throughout October we are […]

The false promise of paying criminals to delete your data

On October 6, 2025, hackers demanded ransom from Salesforce for nearly one billion stolen customer records. The company’s response was unequivocal: no payment, no negotiation. While the refusal made headlines, the more important question is why Salesforce—and increasingly, other mature organizations—are walking away from the table when criminals offer to “suppress” stolen data. The answer […]

A CISO’s guide to winning the annual budgeting battle

It’s that time of year again. Finance has sent the email with the budget template attached. Your CFO wants preliminary numbers by next week. And you’re staring at a spreadsheet wondering how to justify the security investments your organization desperately needs when last quarter’s board meeting included the phrase “do more with less.” Welcome to […]

How brokers and CISOs can lead the charge for Cybersecurity Awareness Month 2025

October is Cybersecurity Awareness Month, and this year’s theme—”Building a Cyber Strong America“—has never been more relevant. For over two decades, this initiative led by CISA and the National Cybersecurity Alliance has spotlighted the importance of taking daily action to reduce online risks. In 2025, the focus shifts to the government entities and small-to-medium businesses […]

What the Collins Aerospace outage reveals about vendor risk

On September 19, 2025, chaos erupted at airports across Europe—but not because of weather, strikes, or mechanical failures. Collins Aerospace’s MUSE platform, the digital backbone handling passenger check-in and baggage processing from Heathrow to Dublin, went dark after a ransomware attack. Within hours, major airports including Brussels, Berlin, and Dublin were forced to revert to […]

Does Resilience use your company data to train AI?

In an era where “AI training” has become synonymous with data collection, we get this question a lot: “Does Resilience use our company data to train AI models like ChatGPT?” The short answer? No. But the full answer reveals something more interesting about how we approach cyber risk modeling and why we chose a different […]