Preparing for Q-Day: How Organizations Can Secure Their Systems From the Quantum Cyberthreat

• Q-Day refers to the moment a quantum computer can break current encryption standards
• There is no exact timeline for Q-day, but IonQ’s Niccolo De Masi predicted that it might happen by the end of the Trump administration
• Government agencies and commercial companies have taken steps to prepare for the quantum future

Organizations around the world are racing to build a quantum computer capable of solving problems too complex for classical computing, but the technology comes with a caveat: it can also render current cybersecurity mechanisms obsolete.

As quantum computing capabilities continue to advance, cybersecurity leaders are increasingly warning about Q-day, the moment when a cryptographically relevant quantum computer becomes capable of breaking the security mechanisms currently protecting systems and data from cyberattacks.

The Potomac Officers Club has convened the foremost experts from government, industry and academia to discuss the quantum threat at the 2026 Cyber Summit on May 21. The event’s Quantum Computing and Post Quantum Cryptography — Preparing for the Next Security Disruption panel will feature speakers from the University of Alabama, the Department of Education, DEVCOM Army Research Laboratory, Corelight and Everforth ECS Federal. Limited tickets are still available here! 

What Will Happen on Q-Day?

Although the threat of quantum computing is serious, Q-day will not be disruptive, according to Palo Alto Networks. It will not cause the internet to collapse, the company added. Instead, what may happen is a loss of trust as Rivest-Shamir-Adleman crypto-system, also known as RSA, and elliptic-curve cryptography, or ECC — widely used encryption algorithms — become vulnerable.

On Q-day, a cryptographically relevant quantum computer would be able to easily and quickly solve the math problems that keep encryption algorithms secure. Palo Alto Networks said public key infrastructures, certificate authorities and digital identities will need to be replaced immediately to protect systems and data.

When Will Q-Day Arrive?

No one knows for certain when Q-day will occur because the timeline depends on breakthroughs in the development of a cryptographically relevant quantum computer. 

Q-Day Timelines

Different organizations have their own estimates. IBM, for instance, plans to build a large-scale, fault-tolerant quantum computer by 2029. At the World Economic Forum in January, Niccolo De Masi, chairman and CEO of IonQ, said Q-day may arrive within a few years. 

“People assume the Q-day was happening in 2040,” the executive told The Economic Times. “I think it is going to arrive like a freight train by the end of the current US administration.” 

Government organizations are also urging organizations to begin adopting post-quantum cryptography, or PQC.

The National Institute of Standards and Technology, the Canadian Centre for Cyber Security and the U.K. National Cyber Security Centre are targeting complete PQC migration by 2035.

New Studies

New papers published by Google and Australian startup Iceberg Quantum found that the quantum resources required to crack standard encryption are much lower than initially thought, Quantum Insider reported.

Iceberg Quantum, in a paper published on arXiv.org in February, revealed that a quantum computer with about 100,000 qubits can break RSA encryption within a week. Earlier studies predicted that it would require 20 million qubits to crack the widely used RSA. 

On the other hand, Google Quantum AI’s paper published in March showed that the cryptography that protects major cryptocurrencies, including Bitcoin and Ethereum, can be defeated with a quantum computer with 500,000 physical qubits within minutes. 

Are Organizations Ready for Q-Day?

Work to secure systems from quantum computing is underway across the public and private sectors. 

Private Sector Readiness

In March, Google set a 2029 deadline to migrate to PQC. As part of the effort, the technology company said its Android 17 mobile operating system will integrate NIST PQC standards, securing the platform continuously from the moment it boots. 

Amazon also previously issued a multi-phased strategy to migrate to PQC. The company said it has already deployed PQC to some of its key services, including Amazon CloudFront, Amazon S3 and Amazon Web Services Key Management.

However, polls have revealed that, while many professionals are aware of the quantum threat, many do not see it as an urgent priority. 

Quartz reported that a 2025 ISACA poll found that only 5 percent of organizations have established a quantum computing strategy, while 41 percent have no current plans to address the quantum computing threat. 

A previous survey by DigiCert also discovered that 69 percent of organizations recognize the cyber risks posed by quantum computing, but only 5 percent have adopted quantum-safe encryption.

Government 

The U.S. government is also fast-tracking actions to protect federal systems from the quantum threat. 

Nextgov/FCW reported in February that the White House is preparing to issue an executive order that would task several agencies to update the National Quantum Strategy, which has not been amended since a strategic overview was released in 2018. The National Quantum Strategy was developed to address the development of quantum technologies. 

Garfield Jones, who previously served as associate chief of strategic technology at the Cybersecurity and Infrastructure Security Agency, also shared at an event in 2025 that CISA, NIST, the National Security Agency and the Office of the National Cyber Director hosted a call with over 600 federal IT officials to discuss PQC adoption and integration into the acquisition process. 

“As … vendors start to adopt it, we’re starting to talk to the agencies about putting this into your acquisition documentation,” he told the audience via Federal News Network.

CISA’s Chris Butera, acting executive assistant director, will deliver a keynote address at the 2026 Cyber Summit. Do not miss this rare opportunity to hear one of the government’s top cyber leaders discuss building cyber resilience, strengthening federal cyber response and coordination, and other topics by securing your tickets today. 

How Organizations Can Start Preparing for the Quantum Future

Experts are certain that Q-day is not just a theory; it will happen, whether the world is ready or not. 

Strengthening Quantum Resilience

To prepare for a post-quantum world, McKinsey identified three critical moves organizations can make to secure their systems from next-generation threats.

• The first step to building quantum resilience within an organization is to evaluate assets and identify which are most at risk of exposure. 
• Organizations must also redesign their systems to support crypto-agility. 
• Finally, quantum readiness must become a leadership-level priority, with cross-functional teams guiding strategy, risk management and operational planning to ensure organizations can respond effectively to future quantum-related threats.

Developing a Q-Day Plan

Fortinet also wants organizations to create a Q-day response plan. According to the company, the plan should:

• Clearly define incident response roles
• Establish quantum threat detection protocols
• Develop containment strategies to isolate quantum-related breaches
• Prepare internal and external crisis communication plans
• Use CISA exercise packages to test cyber response readiness

Gain a deeper understanding of quantum risks and identify strategies for PQC migration at the 2026 Cyber Summit. The event will also explore advanced persistent threats, zero trust implementation, and artificial intelligence and automation in cyber operations. Register today to join the conversation.