Q-Day is the hypothetical future date when quantum computers become powerful enough to break standard RSA and ECC encryption algorithms, rendering most current digital security measures obsolete.

When will quantum computers break encryption?

Estimates vary, but most experts and government agencies (including the ASD) point to the early-to-mid 2030s. The Australian Signals Directorate has set a deadline of 2030 to cease using traditional encryption.

What is 'Harvest Now, Decrypt Later'?

It is a cyberattack strategy where hackers steal encrypted data today (which they can't read yet) and store it, waiting for powerful quantum computers to become available in the future to decrypt and read it.

What can businesses do to prepare?

Start by auditing your cryptographic assets (knowing what encryption you use and where). Then, begin planning a migration to Post-Quantum Cryptography (PQC) standards like CRYSTALS-Kyber, as recommended by NIST.

Do current browsers support quantum-safe encryption?

Yes, mostly. Google Chrome and Firefox have already enabled hybrid post-quantum key exchange by default. Safari (on iOS/macOS) is lagging behind but is expected to add support in future OS updates.

Q-Day Is Coming: What I'm Telling Every Client About Encryption

Three months ago, a client asked me a question I couldn't answer: "When should we actually worry about quantum computers breaking our encryption?"

I've been building websites for 20 years. I've weathered every security scare from SQL injection to ransomware. But this one's different. I spent a week diving into post-quantum cryptography research, and what I found genuinely worried me.

Right now, somewhere in the world, attackers are quietly harvesting your encrypted data. They can't read it yet. But they're betting that within a decade, quantum computers will crack it wide open.

Make no mistake: this is happening today, and Australian businesses need to wake up fast.

Our own Australian Signals Directorate isn't mincing words. They've set a hard deadline: cease using traditional encryption algorithms by the end of 2030. That sounds like ages away, but here's the catch. The migration to quantum-resistant cryptography is more complex than Y2K, and most Australian organisations haven't even started planning.

The Quantum Threat Isn't Coming. It's Already Here

You've probably heard about quantum computers. They're the next-generation machines that'll revolutionise medicine, optimise logistics, and maybe even solve climate change. Brilliant stuff. But there's a darker side nobody likes to talk about.

These same machines will destroy every encryption system protecting your business right now.

RSA-2048, the encryption standard safeguarding everything from online banking to healthcare records, could be cracked by quantum computers as early as 2030. That's according to research from PostQuantum showing major convergence on cryptographically relevant quantum computing capability by 2030-2032[^1]. Some experts are more optimistic (or pessimistic, depending on your perspective). A Google Quantum AI researcher recently suggested that quantum computers with fewer than a million noisy qubits could crack RSA-2048 in under a week[^2].

Gartner predicts traditional encryption will become increasingly unsafe through the late 2020s and potentially fully breakable by the mid-2030s[^3]. Financial institutions face regulatory pressure to transition away from RSA-2048, with NIST's transition roadmap setting 2030 as the deprecation date and 2035 as the disallowance deadline[^4]. (When I show these timelines to clients, the reaction is always the same: "That's ages away." It's not. It's terrifyingly close.)

But here's what should really keep you up at night. The threat doesn't start when quantum computers arrive. It started years ago.

"Harvest Now, Decrypt Later" Is Already Happening

Attackers aren't waiting. They're using a strategy called "harvest now, decrypt later" (HNDL). The concept is simple and terrifying. Steal encrypted data today, store it safely, then wait for quantum computers to mature enough to decrypt it[^5].

Who's doing this? Nation-state actors, primarily. Countries with the resources to build or access quantum computers are systematically collecting encrypted communications, intellectual property, healthcare records, and financial data[^6]. They're betting that data valuable today will still be valuable in 5-10 years when quantum computers can unlock it.

Think about what you've transmitted over encrypted channels in the past five years. Product designs. Merger negotiations. Customer databases. Health records. Financial statements. All of it could be sitting in an adversary's data warehouse right now, waiting for Q-Day.

The really clever bit? You'll never know it's been collected. HNDL attacks leave no trace because there's no immediate exploitation. No ransomware demands. No corrupted files. Just quiet collection[^7].

For Australian businesses, particularly those in healthcare, defence, finance, and technology, this is existential. Research from ISACA's 2025 Quantum Computing Pulse Poll found that 62% of cybersecurity professionals are concerned about quantum threats, yet only 5% of organisations consider it a high priority[^8]. (I'm including myself in that complacent majority until recently. This research was a wake-up call.)

That's not just complacency. It's dangerous.

What Makes Post-Quantum Cryptography Different?

Post-quantum cryptography (PQC) uses mathematical problems that even quantum computers can't solve efficiently. Instead of relying on factoring large prime numbers (which quantum computers excel at), PQC algorithms use lattice-based mathematics, hash functions, and other quantum-resistant approaches[^9].

In August 2024, the US National Institute of Standards and Technology (NIST) finalised the first three PQC standards[^10]:

ML-KEM (FIPS 203): Based on CRYSTALS-Kyber, this handles encryption and key exchange. It's fast, uses small encryption keys, and is designed as the primary standard for general encryption.
ML-DSA (FIPS 204): Derived from CRYSTALS-Dilithium, this covers digital signatures for authentication and verification.
SLH-DSA (FIPS 205): Based on SPHINCS+, this serves as a backup to ML-DSA using a completely different mathematical approach (stateless hash-based signatures).

In March 2025, NIST added a fourth algorithm, HQC (Hamming Quasi-Cyclic), as a backup for ML-KEM. This provides cryptographic diversity, so if one algorithm is compromised, others remain secure[^11].

These aren't theoretical anymore. They're production-ready standards that browsers and infrastructure providers are already implementing.

Browsers Are Leading the Charge

Google Chrome enabled post-quantum cryptography by default in version 124 (April 2024)[^12]. According to F5 Labs research, Chrome accounts for 59% of all PQC connections, with 93% of those coming from version 131 or later[^13].

Mozilla Firefox followed suit, enabling PQC by default for desktop and Android. F5 Labs reports that about 85% of Firefox traffic now comes from PQC-capable versions[^14].

Apple Safari? That's where things get messy. As of late 2025, iOS doesn't yet support PQC ciphers, which means no iPhone or iPad user can benefit from quantum-safe encryption through their browser[^15]. Apple announced at WWDC25 that iOS 26 will add X25519MLKEM768 support, but until that rolls out, this remains a massive gap considering Apple's market dominance in Australia. (I'm writing this on a MacBook. Every secure connection I make through Safari is quantum-vulnerable. That realisation stings a bit.)

The browsers use a hybrid approach called X25519Kyber768 (or X25519MLKEM768). This combines traditional elliptic curve cryptography with quantum-resistant algorithms. If either one fails, the other still protects the connection[^16].

Here's why that matters. You can't just flip a switch and go 100% post-quantum overnight. Systems need backwards compatibility. Hybrid cryptography provides that safety net while the ecosystem transitions.

The Migration Timeline Australia Can't Ignore

The Australian Cyber Security Centre (ACSC) has published clear milestones for PQC transition[^17]:

By end of 2026: Have a detailed transition plan accounting for security priorities, data sensitivity, and system complexity.
By end of 2028: Begin implementing PQC algorithms for the most critical and sensitive systems.
By end of 2030: Complete full transition to post-quantum cryptography.

Treat this as a mandate, not a suggestion. Australian organisations that ignore it are gambling with their future.

Updated ISM guidance from the ASD specifically recommends phasing out RSA, DH, ECDH, and ECDSA algorithms after 2030[^18]. If you're still using these for long-term data protection, you're already behind.

Let's be honest about the complexity here. This isn't just updating a few certificates. It's a complete overhaul of cryptographic infrastructure touching every system, application, and device that handles sensitive data.

Industry analysts suggest large financial institutions will need several years for full transition, with some estimates ranging from 8-10 years[^19]. If you're not a bank with massive IT budgets, you're looking at a similarly challenging timeline, maybe worse. (Most of my clients are SMEs. When I explain this timeline, I can see the concern set in. I get it.)

The Real Cost of Delay

Transitioning to PQC isn't cheap. You're looking at substantial investment in hardware, software, and expertise. High implementation costs particularly affect SMEs, creating a slower adoption curve despite the urgent need[^20].

Market size tells the story: post-quantum cryptography was valued at US$1.68 billion in 2025 and is projected to hit US$29.95 billion by 2034[^21]. That explosive growth tells you two things. First, massive investment is flowing into quantum-safe solutions. Second, organisations everywhere are waking up to the threat.

But here's the thing. Delaying migration gets exponentially more expensive. Every system you deploy today using classical cryptography is technical debt you'll need to unwind later. Better to build crypto-agility now than retrofit everything in a panic when Q-Day looms larger.

I wish I had better news for clients asking about costs. The truth is, there's no cheap way out of this. We're all going to pay, either now in controlled migration costs or later in emergency retrofits and potential breaches.

DigiCert recommends a four-step process[^22]:

Inventory: Map every cryptographic asset in your organisation.
Prioritise: Focus on long-life assets and high-value data first.
Test: Run PQC algorithms in non-production environments before deployment.
Become crypto-agile: Build systems that can swap algorithms quickly when needed.

That fourth step is crucial. Technology evolves. Vulnerabilities emerge. You need infrastructure flexible enough to adapt without ripping everything apart each time.

What Australian Businesses Should Do Now

Don't wait for perfect solutions. Start planning today.

For Healthcare Organisations: You're a prime target. Patient data holds value for decades. If attackers harvest it today, they can decrypt it in 2035 and still find plenty of use for it. The Australian healthcare sector has seen a massive rise in cyberattacks[^23], and quantum threats add another layer of vulnerability. Prioritise PQC for electronic health records, medical device communications, and telemedicine platforms.

For Financial Services: Regulatory pressure is mounting. Industry bodies and security researchers are recommending financial institutions complete PQC migration by the mid-2030s[^24], but that timeline assumes you start immediately. Transaction data, customer records, and internal communications need quantum-safe protection now. Begin with customer-facing systems and work inward.

For Government and Defence: The ASD's guidance applies most directly to you. National security data demands the highest protection levels. Any "harvest now, decrypt later" attack on classified information could compromise operations for years. Fast-track your PQC roadmap.

For Everyone Else: Think about your data's shelf life. If information you're protecting today still matters in 2035, it needs PQC now. This includes intellectual property, long-term contracts, strategic plans, and sensitive customer data.

Canberra has invested $18.4 million in Quantum Australia, projected to drive $5.9 billion in economic impact by 2045[^25]. This shows quantum technology is a national priority, both for opportunity and threat mitigation. (That $18.4 million sounds impressive until you realise how much we'll collectively need to spend on PQC migration. It's a start, but it's not going to cover everyone's transition costs.)

The Hybrid Approach Buys Time (But Not Much)

Most organisations are implementing hybrid cryptography as a bridge strategy. This pairs classical encryption (like RSA or ECC) with post-quantum algorithms[^26]. If either one fails, the other holds the line.

TLS 1.3 with hybrid post-quantum encryption has achieved broad industry deployment[^27]. It's the safest bet for organisations migrating now because it maintains backward compatibility while adding quantum resistance.

But hybrid solutions aren't the end goal. They're a stepping stone. The German BSI (Federal Office for Information Security) strongly advocates for hybrid cryptographic approaches, particularly during the transition period, with ongoing hybrid use recommended for high-security applications[^28].

As browser support matures and hardware catches up, pure PQC implementations will become the standard. Plan for that future now.

Looking Past the Hype

Let's cut through some of the noise. Yes, quantum computers will break RSA. But nobody's doing it this year or probably next year. Some sceptics argue there's less than 50% chance quantum computers will crack RSA-2048 before 2050[^29].

That's cold comfort if they're wrong.

We're talking immense technical challenges here. As one sceptic argued in a NIST forum discussion, quantum computers may need several orders of magnitude more qubits while maintaining or improving error rates[^29]. Building a fault-tolerant quantum computer capable of breaking modern encryption requires a major national or corporate project[^30].

But consider the downside risk. If quantum computers arrive sooner than expected and you haven't prepared, the damage is catastrophic and irreversible. If they arrive later and you've already migrated, the worst that happens is you've future-proofed your security a bit earlier than necessary.

That's not a hard choice.

The Bottom Line for Australian Business

Q-Day is coming. We don't know exactly when, but the consensus points to sometime in the 2030s. For data stolen today, that's well within the useful lifetime for attackers.

The ACSC has given Australian organisations a clear deadline: 2030. That's 5 years to inventory your cryptographic assets, test PQC implementations, and roll out quantum-resistant infrastructure across your entire operation.

Most organisations haven't started. Don't be one of them.

This isn't about being an early adopter or chasing the latest tech trend. It's about fundamental security hygiene in an era where the rules are changing. The encryption that's protected your business for the past 20 years won't protect it for the next 20.

Start with a cryptographic inventory. Identify where you're using RSA, ECC, and other quantum-vulnerable algorithms. Prioritise based on data sensitivity and asset lifetime. Test hybrid solutions in non-production environments. Build relationships with vendors who understand PQC.

Most importantly, make this a board-level conversation. Quantum threats aren't an IT problem. They're a business risk that demands strategic planning and adequate resourcing.

The quantum threat is evolving faster than the solutions, and even the experts are working with incomplete information. If the scope of this challenge feels paralysing, that's the correct response to a genuinely unprecedented situation.

What I do know is this: waiting isn't a strategy. The organisations that start planning now will navigate this transition with time to spare. The ones that wait for certainty will find themselves scrambling in 2029 when Q-Day feels imminent rather than theoretical.

The race against Q-Day is on. And the only way to lose is not to run.

Key Takeaways

Q-Day predictions: Quantum computers could break RSA-2048 encryption between 2029-2035, with some estimates as early as 2030.
Harvest now, decrypt later: Attackers are already collecting encrypted data to decrypt when quantum computers mature.
NIST standards: Four PQC algorithms (ML-KEM, ML-DSA, SLH-DSA, HQC) are production-ready and being deployed now.
Browser support: Chrome and Firefox have enabled PQC by default; Safari lags significantly.
Australian deadline: ACSC mandates full PQC transition by end of 2030, with planning completed by 2026.
Migration complexity: Banks estimate 8-10 years for full transition; most organisations are similarly challenged.
Hybrid approach: Combining classical and quantum-resistant encryption provides transition pathway and backwards compatibility.
High-risk sectors: Healthcare, finance, defence, and government face elevated threats from long-term data value.
Crypto-agility: Build systems that can quickly swap encryption algorithms as technology and threats evolve.