From Urgency to Action: Why Post-Quantum Cryptography Can’t Wait

Quantum computing is no longer just a theoretical threat looming on the distant horizon. As research accelerates and cryptographically relevant quantum computers inch closer to reality, the window to prepare is narrowing fast. The transition to post-quantum cryptography (PQC) is one of the most significant shifts the cybersecurity industry has ever faced — and the time to act is now. 

In a recent SSH Communications Security and HANDD Business Solutions webinar, the experts break down what makes PQC so urgent, why migration is complex, and how organizations can begin preparing today. Let’s find out.  

The Cryptographic Threat Is Already Here 

According to Suvi Lampila, SSH Fellow and PQC expert, the potential of quantum computers to break current encryption has been known for decades: 

“We’ve known this since the 90s — the problem was, nobody believed we’d be able to build quantum computers capable of doing this. That changed around 2019.” 

 As Suvi pointed out, the U.S. National Institute of Standards and Technology (NIST) launched its PQC standardization project back in 2015 — highlighting that governments and leading cryptographers have taken this threat seriously for years. 

Yet many organizations still view PQC as a future problem. Suvi warns this mindset is dangerous: 

“The idea of ‘post’-quantum cryptography makes it sound like something far off. But the reality is, the clock has been ticking for a while now. Some data needs to remain confidential for decades — and it’s already being harvested today, to be decrypted later.” 

PQC Migration: A Technical and Organizational Challenge  

Moving to quantum-safe encryption is not just a matter of swapping one algorithm for another. Juuso Jahnukainen, Technical Product Manager at SSH, emphasized that understanding the complexity of existing infrastructure is step one: 

“You need to know what you’ve got before you can start fixing it. Encryption can live in so many layers — centralized systems are easier to upgrade, but embedded firmware, hardware-level encryption, and hard-coded algorithms make it incredibly difficult. Sometimes, it’s even impossible without replacing the hardware.” 

The scale of the challenge is especially daunting in large organizations: 

“It’s about knowing where your web servers are, what protocols they use, and how those are configured. But PQC migration isn’t just about TLS. If you want full PQC coverage across all your systems and assets, that’s where things get really complicated.” 

Collaboration Is Critical 

No single organization can handle this migration alone. As Suvi noted: 

“This is the biggest transition we’ve ever done in cryptography. If you were involved in previous migrations — like SHA-1 to SHA-2 — those were just practice runs. This is the real thing.” 

She stressed the importance of working with technology partners, industry alliances, and government stakeholders to ensure that efforts are aligned — from standards adoption to implementation. 

What Should Organizations Do Today? 

• Start inventorying cryptographic assets — know where and how encryption is used across your systems. 

• Evaluate vendor roadmaps — are your partners planning for PQC? 

• Join industry conversations — align with standards bodies and peer organizations. 

• Act now for long-term protection — especially for data that must remain confidential for years or decades. 

Want to hear more from the experts?  

Watch the full webinar for detailed insights from Suvi Lampila, Juuso Jahnukainen, and Sam Malkin, Lead Solutions Architect at HANDD Business Solutions. Learn what steps your organization can take today to begin its post-quantum cryptography journey — and why waiting is no longer an option. 

Watch the full webinar here >>>