BLOG
8 steps to achieve crypto agility
Transition to post‑quantum cryptography—before the threat arrives
5-MINUTE READ
March 19, 2026
Quantum computing is no longer a sci-fi speculation or a research lab curiosity. Early adopters are already creating and using new quantum capabilities. It’s promising bold new breakthroughs in everything from accelerated drug discovery to optimized logistics and supply chains and major advances in AI capabilities.
Quantum computing is a revolutionary leap beyond classical computing. It uses principles of quantum mechanics to process information in fundamentally new ways. Whereas traditional computers handle data as binary bits, quantum computers use quantum bits, or qubits, that can exist in multiple states simultaneously. This enables quantum machines to solve certain complex problems at speeds and scales previously unimaginable.
Quantum’s cybersecurity shakeup
In addition to the opportunities quantum science will bring, it will also force us to fundamentally reshape how we secure data, systems and digital infrastructure. And it’s a double-edged sword. On the one hand, quantum brings new capabilities that can strengthen cyber defenses. For example, quantum-enhanced random number generators (QRNGs) can improve the key-generation processes, and quantum key distribution (QKD) makes key exchanges more secure, using quantum principles to detect and alert users of any eavesdropper. AI can also enhance quantum capabilities, offering the potential to detect anomalies at unprecedented speeds.
On the other hand, the ability of quantum algorithms to solve factoring problems at unprecedented speeds means anyone with access to quantum computing in the cloud will soon be able to break most of today’s public-key cryptography. In short: It will make current encryption obsolete. This puts everything from financial transactions to secure communications and digital identities at risk. When combined with AI, the quantum threat to current cryptography escalates, potentially making it easier for attackers to find vulnerabilities, simulate accurate attacks or even manipulate other AI systems. That timeline is uncertain, though imminent. Many experts predict that “Q‑day”—the point at which a cryptographically relevant quantum computer breaks today’s public‑key encryption—could arrive by 2030, with some suggesting that recent research breakthroughs are accelerating that timeline. As nations and technology leaders race to build larger and faster quantum computers, organizations that fail to act now risk exposing sensitive data, long‑term value or even their ability to operate in the years ahead.
So how do organizations prepare for this ambiguous eventuality? By making steady, strategic moves today to transition from current cryptography to new quantum-safe algorithms.
In this environment, it’s no surprise that just 15% of IT and security executives in our recent survey felt confident that their organizations had the right practices to stay safe. Adversaries are already on the move, launching “steal now, decrypt later” attacks: They’re collecting and storing encrypted data and credentials with intent to decrypt them when quantum computers mature. Any of your company’s sensitive data or system keys may be compromised down the line if you don’t transition to quantum-safe cryptography in time.
That timeline is uncertain, though imminent. Many experts predict that “Q‑day”—the point at which a cryptographically relevant quantum computer breaks today’s public‑key encryption—could arrive by 2030, with some suggesting that recent research breakthroughs are accelerating that timeline. As nations and technology leaders race to build larger and faster quantum computers, organizations that fail to act now risk exposing sensitive data, long‑term value or even their ability to operate in the years ahead.
So how do organizations prepare for this ambiguous eventuality? By making steady, strategic moves today to transition from current cryptography to new quantum-safe algorithms.
Enter post-quantum cryptography (PQC): Why leaders must act now
Post-quantum cryptography (PQC) is the next generation of encryption, designed to withstand the immense computational power of quantum computers. PQC uses advanced mathematical techniques to ensure resilience in a quantum future. Adopting these standards is not just a technical exercise; it’s an imperative for business continuity.
The National Institute of Standards and Technology (NIST) and other global regulators have set a 2030 deadline for organizations to deprecate the use of current cryptographic algorithms. This means organizations have less than four years to discover, update and secure every vulnerable encryption point across their digital landscapes.
NIST’s guidelines (NISTIR 8547), released in November 2024, have shifted the conversation from “if” to “how fast.” For the first time, NIST lays out a clear, actionable roadmap for adopting post quantum cryptography, with classical deprecation by 2030 and a full transition mandated by 2035. Preparation is no longer optional.
While some organizations are still watching from the sidelines, many are already moving—quietly, strategically and with purpose. They’re embracing “crypto agility”: the ability to rapidly switch between different cryptographic algorithms and protocols as threats or standards evolve. This flexibility ensures that security controls can be updated quickly without major system overhauls, helping organizations stay ahead of emerging risks.
For years, Accenture has been helping clients build crypto agility to thrive in a post- quantum world. Our experienced-based framework is built not on theory, but on real-world enterprise transformation. And now, with NIST’s framework providing policy alignment, the path forward is clearer than ever.
8 steps to accelerate your quantum security transition
A successful quantum security program is built on a clear, phased implementation roadmap. It should prioritize quick wins (e.g., deploying quantum-safe patches, updating vulnerability management systems and reviewing vendor PQC support), while also planning for medium and long-term initiatives like upgrading operational technology and securing high-risk connections.
Today, just 21% of companies are fully committed to crypto agility, signaling the urgency and complexity of fully addressing quantum security. Accenture’s 8-step framework guides organizations through the process. It’s designed to help organizations get ahead of this quantum shift—quickly, pragmatically and at scale.
DATA
How prepared is the average company for the quantum era?
Only 15%
of IT and security executives in our recent survey felt confident that their organizations had the right practices to stay safe.
Success depends on aligning strategy and execution at the highest levels of leadership. Collaborate with executive teams and boards to create an organization-wide roadmap and governance model. Understand the impact of quantum, quantify the effort required to shift to PQC and ensure all key stakeholders are educated on the risks, expectations and operational impact. Build the transition into existing projects and plan for funding and resources early on so you don’t run into delays in the execution phase.
Discovery is often the most time-consuming step, which is why it’s critical to start early. Begin rooting out every instance of vulnerable cryptography—especially those in unexpected places. Accenture employs and iterative approach, first using existing tools to start the inventory, then adding efficient, purpose-built tools to scan wide swaths of application and network points. It’s important to codify the output of this discovery phase as a Cryptographic Bill of Materials (CBOM), so it can become an input to your remediation stage.
Unlock quantum security faster by working hand-in-hand with your vendors and partners. Ecosystem partners will be changing encryption standards in parallel, so it’s important to map and synchronize your efforts. Identify every dependency and ensure contracts and supply chain agreements are built for quantum resilience. Verify vendor approaches as encryption protocols change. Taking a unified, industry-wide approach not only protects your operations but strengthens the security of your entire sector.
Cryptography standards and guidance will change over time and with use cases: Some may be optimized for high-speed transactions, others for downloading large files and others for interoperability. Sovereignty will also be a factor, with different geographies requiring you to use different algorithms and libraries. To support today’s standards and tomorrow’s innovations, systems must be built with robust automation and orchestration. Creating crypto-agile architectures that can adapt as standards evolve keeps your defenses strong, flexible and ready for whatever comes next.
In our experience, different brands of PQC-compliant technology are not always interoperable. To make sure your PQC implementations work in real-world conditions, stand up a controlled testbed to check and tune interoperability, spot performance issues early and finetune your cryptographic upgrades before rolling them out enterprise wide.
25%
of companies have fully created a sandbox environment to experiment with and test quantum security solutions.
Run targeted PQC pilots in controlled environments to demonstrate how new algorithms perform in live environments and monitor performance and user behavior. Learn and use insights to refine performance before deploying enterprise wide
Roll out quantum-safe solutions in phases across your enterprise and ecosystem. Integrate PQC upgrades into ongoing IT and security initiatives, so adoption stays coordinated and disruption stays low.
Treat post-quantum security as an ongoing discipline, not a one-and-done project. Put a crypto-agile orchestration layer in place so you can switch algorithms, enforce policies and stay aligned with evolving standards without disrupting systems. Automate certificate lifecycle management and governance alignment to keep defenses sharp as threats and regulations shift.
Our experience shows that success depends on three things: A strategy that goes beyond security, an architecture that includes all countermeasures and a trials program that drives real-world learning.
NIST’s new guidance validates what Accenture has been delivering to clients globally. Our 8-step approach aligns with NIST’s at every stage: from cryptographic inventory and interoperability testing to integration with security controls and continuous monitoring. This synergy should give organizations confidence. It’s more than a framework, it’s a playbook for execution.
The good news, with NIST setting clear standards and Accenture providing a practical execution playbook, enterprises have what they need to act with confidence.
So don’t wait for 2030. Start your quantum security journey today. Define your strategy. Run pilots. Scale deliberately. Because in the quantum era, resilience isn’t optional, it’s a competitive advantage.
All data is from the Accenture 2025 State of Cybersecurity research