The global cybersecurity landscape is approaching a defining moment—one that could reshape how digital trust, privacy, and national security function for decades to come. According to leading experts speaking at Tel Aviv’s prestigious Cyberweek conference, the world has roughly three years to prepare for the disruptive arrival of large-scale quantum computing. The problem? Transitioning to quantum-safe cryptography typically takes five to ten years for most organizations.
This mismatch between technological readiness and cryptographic vulnerability is being described by experts as one of the most serious cyber threats of the modern era—possibly the most dangerous challenge of this decade.
Quantum computing promises breakthroughs in science, medicine, logistics, and artificial intelligence. But it also carries a darker consequence: the ability to break today’s most widely used encryption standards, potentially exposing decades of sensitive data in one fell swoop.
Why Quantum Computing Changes Everything About Encryption
Modern digital security depends on mathematical problems that are extremely difficult for classical computers to solve. Algorithms such as RSA and ECC protect everything from online banking and healthcare records to military communications and cloud infrastructure.
Quantum computers, however, operate on entirely different principles. Using quantum bits—or qubits—they can process enormous numbers of calculations simultaneously. Once sufficiently powerful quantum machines become available, they will be able to crack traditional encryption methods in minutes or even seconds.
This reality is no longer theoretical. Governments, technology giants, and adversarial actors are already preparing for a post-quantum world.
The Three-Year Warning That Shook Cyberweek
During one of Cyberweek’s most closely watched panels, Ben Volkow, CEO and founder of Qiz Security, issued a stark warning.
He explained that organizations typically need between five and ten years to transition their systems, applications, and infrastructure to post-quantum cryptography (PQC). Yet many estimates suggest quantum computing capable of breaking current encryption could arrive within three to five years.
This timing gap creates a dangerous exposure window—one in which sensitive information remains vulnerable while quantum-capable adversaries gain the upper hand.
Volkow described the situation as a looming crisis that organizations can no longer afford to ignore.
“Harvest Now, Decrypt Later”: A Silent Cyber Time Bomb
One of the most alarming revelations discussed at Cyberweek was the ongoing practice known as “harvest now, decrypt later.”
In this strategy, malicious actors are already collecting massive volumes of encrypted data today—financial records, government communications, healthcare data, intellectual property—with the intention of decrypting it once quantum technology becomes available.
Dan Sadot, CEO of CyberRidge, emphasized that this data harvesting is happening right now, across borders and industries.
Even information believed to be securely encrypted today could be exposed years later, creating long-term risks for individuals, corporations, and nations alike.
Legacy Systems: The Hidden Weakness Inside Major Corporations
While awareness of the quantum threat is growing, implementation remains painfully slow—especially for large organizations burdened with legacy systems.
Ido Shargil, Head of Product at AT&T Israel, explained that some enterprise systems still rely on cryptographic foundations built 30 or even 40 years ago. Updating these systems is not just a software problem; it involves hardware upgrades, compliance testing, user adaptation, and enormous operational risk.
For global corporations with millions of users and interconnected systems, even a minor cryptographic change can trigger cascading failures if not executed carefully.
Post-Quantum Cryptography: The Only Viable Defense
Post-quantum cryptography refers to encryption algorithms designed to withstand attacks from quantum computers. These algorithms are being developed and standardized today, with governments and international bodies racing to validate them before quantum computing reaches maturity.
Experts at Cyberweek emphasized that transitioning to PQC is not optional—it is inevitable.
According to Shargil, by 2027, sensitive information channels must already be protected using PQC. Full migration across most interfaces and assets will need to be completed by around 2030 to avoid catastrophic exposure.
Regulation: The Missing Catalyst for Faster Adoption
One recurring theme during the panel was the role of regulation—or lack thereof—in slowing down preparedness.
Volkow pointed out that while institutions like the Bank of Israel have issued strong guidance on building cryptographic inventories and migration roadmaps, these recommendations remain voluntary.
Many organizations hesitate to invest heavily in PQC until regulations mandate it.
Oren Butchmits, CTO at the Israel National Cyber Directorate, argued that regulation is essential not only to enforce compliance but to create certainty. When expectations are clearly defined, organizations can plan investments, timelines, and infrastructure changes with confidence.
Governments as Enablers, Not Just Enforcers
Beyond regulation, governments have another powerful tool at their disposal: scale.
Butchmits explained that governments can act as large-scale buyers and infrastructure providers, helping standardize PQC adoption across industries. This approach reduces fragmentation and ensures smaller organizations are not left behind.
One idea discussed was the potential creation of national Quantum Key Distribution (QKD) networks—secure communication frameworks that leverage quantum mechanics itself to protect data.
Such initiatives would be too complex for individual organizations but feasible at a national level.
Industries Already Feeling the Pressure
Certain sectors have begun moving faster than others. Financial institutions, defense organizations, and healthcare providers are already investing heavily in quantum-resistant security, driven by regulatory scrutiny and the extreme sensitivity of their data.
However, experts cautioned that even these early movers face long, complex transitions.
For industries slower to react, the risk is exponentially higher.
A Narrow Window to Act
The consensus among Cyberweek experts was clear: the world is running out of time.
Quantum computing is no longer a distant future problem. It is an imminent cybersecurity crisis that demands immediate action.
Organizations that delay planning, inventorying cryptographic assets, and testing PQC solutions risk becoming casualties of the largest security shift since the birth of the internet.
Turning Crisis Into Opportunity
Despite the urgency, experts emphasized that the quantum transition also presents an opportunity.
By collaborating with academia, startups, and government institutions, countries can position themselves as leaders in post-quantum security. This could unlock economic growth, technological leadership, and national resilience.
The quantum era will reward those who prepare—and punish those who hesitate.
FAQs
1. What is the quantum computing threat?
Quantum computers can break traditional encryption, exposing secure data.
2. Why is three years significant?
Experts estimate quantum decryption capabilities may arrive within this timeframe.
3. What is post-quantum cryptography (PQC)?
Encryption designed to resist quantum computer attacks.
4. What does “harvest now, decrypt later” mean?
Stealing encrypted data now to decrypt it later using quantum tools.
5. Which industries are most at risk?
Finance, healthcare, defense, and government sectors.
6. Why is migration to PQC slow?
Legacy systems, cost, complexity, and lack of regulation.
7. Are governments doing enough?
Some are issuing guidance, but stronger regulation is needed.
8. What role does regulation play?
It forces adoption and creates planning certainty.
9. Can small organizations prepare?
Yes, through standardized tools and government support.
10. Is quantum computing all bad?
No, it offers massive benefits—but demands new security models.