A PYMNTS Company

The Clock Is Ticking on Today’s Data Encryption 

By  |  March 24, 2026

Your company’s most sensitive data may be locked up tight today. But within a decade, the locks themselves could be the problem. That is the increasingly urgent warning from cybersecurity experts, regulators, and now lawyers: quantum computing is advancing fast enough that the encryption methods protecting most of the world’s digital data will eventually be cracked.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    A new analysis from Summit Law Group lays out the threat in stark terms and offers a practical roadmap for businesses and their legal advisors who need to start preparing now, not later.

    The core concern is straightforward. Most digital encryption today relies on math problems so complex that even the world’s fastest computers can’t solve them in any reasonable amount of time. Quantum computers work differently. They use the principles of quantum physics to process information in ways that could, in theory, blow through those same math problems in seconds. The two most widely used encryption systems, known as RSA and ECC, are particularly exposed.

    No quantum computer capable of doing this exists yet, but the timeline is getting shorter. IBM, a leader in the field, has set a goal of building a 100,000-qubit quantum system by 2033. Many experts believe that level of computing power would be enough to break today’s standard encryption. That potential turning point even has a name: Q-Day.

    WHAT’S NEXT IN TECHREG

    What makes this especially alarming is a tactic known as “harvest now, decrypt later” that is already being used by bad actors today. Hackers and hostile governments are believed to be collecting encrypted data right now — even though they can’t read it yet — betting that quantum computers will eventually give them the keys. As Summit Law Group put it, “bad actors are not waiting for Q Day, so lawyers and businesses should not wait either.”

    Read more: The AI Paradox of Data-Driven Competition

    For companies, that means acting before the threat becomes real. The firm recommends that businesses start by taking stock of their current encryption setup, identifying which systems rely on vulnerable methods and which hold the most sensitive data. From there, the priority is shifting toward newer “quantum-resistant” encryption standards recently finalized by the National Institute of Standards and Technology (NIST).

    The legal implications are significant, too. Most state data-breach notification laws currently include a protection for companies whose stolen data was encrypted at the time of the breach. The idea is that encrypted data is unreadable, so harm is limited. Quantum computing could quietly undermine that logic. Summit Law Group warns that lawyers should watch closely for regulatory changes that could affect how those laws work in practice.

    What comes next? The law firm’s guidance calls for businesses to build out full migration plans, update vendor contracts to require quantum-resistant standards, and develop what’s called “crypto agility,” the ability to swap out encryption systems quickly as the technology landscape shifts. Reassessing cyber insurance coverage is also on the list. The bottom line, according to Summit, is that waiting for Q-Day to arrive before acting will almost certainly be too late.