Post-Quantum Cryptography: What SMBs Need to Know Before 2030

Quantum computers capable of breaking RSA and elliptic-curve encryption don’t exist yet, but the timeline for when they will is shrinking. NIST finalized its first post-quantum cryptography (PQC) standards in August 2024, and federal agencies are already required to begin transitioning. If your business handles sensitive data, works with government contracts, or carries cyber insurance, this shift will affect you sooner than you might expect.

Why Post-Quantum Cryptography Matters for SMBs

Every encrypted connection your business relies on, from email and VPNs to cloud storage and online payments, uses algorithms like RSA-2048 or ECDSA. These are secure against classical computers, but a sufficiently powerful quantum computer running Shor’s algorithm could break them in hours. The consensus among cryptography researchers and agencies like NIST and NSA is that large-scale quantum computers capable of this are plausible within the next decade.

The more immediate threat is “harvest now, decrypt later.” Nation-state adversaries and well-funded criminal groups are already intercepting and storing encrypted data with the expectation that quantum decryption will become available. If someone captures your encrypted client records, financial data, or intellectual property today, they can simply wait. Data that needs to stay confidential for five or more years is already at risk under this model.

This isn’t theoretical speculation. The NSA’s Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) sets hard deadlines for federal systems and defense contractors to adopt quantum-resistant algorithms. Organizations working toward CMMC compliance or holding federal contracts should expect these requirements to flow down to them.

What NIST Standardized and Why It Matters

In August 2024, NIST published three finalized post-quantum cryptographic standards after an eight-year evaluation process involving submissions from researchers worldwide:

• ML-KEM (based on CRYSTALS-Kyber) for key encapsulation, the mechanism that secures the initial handshake in TLS connections, VPNs, and other encrypted channels. This replaces the key exchange portion of RSA and Diffie-Hellman.
• ML-DSA (based on CRYSTALS-Dilithium) for digital signatures, used in code signing, certificate authorities, and document authentication.
• SLH-DSA (based on SPHINCS+) as a hash-based signature backup, providing a second option built on different mathematical foundations in case lattice-based schemes face unexpected attacks.

A fourth standard, FN-DSA (based on Falcon), was still in the finalization pipeline for scenarios requiring compact signatures.

These aren’t experimental proposals. They’re finalized NIST standards (FIPS 203, 204, and 205) with the same authority as the AES and SHA standards your systems already use. Major vendors including Microsoft, Google, Apple, and Cloudflare began integrating ML-KEM into their products and infrastructure before the standards were even finalized. Chrome and Firefox already support hybrid TLS handshakes that combine X25519 with ML-KEM-768, meaning some of your web traffic is already using post-quantum key exchange without any action on your part.

The Transition Timeline Is Longer Than You Think

Migrating to post-quantum cryptography isn’t a single patch or update. It’s a multi-year infrastructure transition that touches every system using encryption. For context, the migration from SHA-1 to SHA-2 took over a decade, and that was a relatively straightforward algorithm swap within the same category of cryptography.

The PQC transition involves larger key sizes (ML-KEM public keys are roughly 800 bytes compared to 32 bytes for X25519), different performance characteristics, and changes to protocols at every layer of the stack. Some embedded systems, IoT devices, and legacy applications may not support the new algorithms at all and will need hardware replacement.

NIST’s own guidance recommends that organizations begin planning now, even though full migration deadlines for the private sector haven’t been mandated. The NSA’s CNSA 2.0 timeline requires quantum-resistant algorithms for national security systems by 2030 for web browsing and cloud services, with firmware and operating system signing following by 2033. Defense contractors in the CMMC pipeline should treat these as hard deadlines.

For SMBs outside the defense industrial base, the pressure will come from three directions: cyber insurance carriers updating their requirements, compliance frameworks adding PQC provisions, and your own vendors and partners requiring quantum-safe connections.

What Your Business Should Do Now

You don’t need to panic-migrate your entire infrastructure this quarter. But you do need to start three workstreams that will take time to complete.

First, build a cryptographic inventory. You can’t migrate what you can’t find. Document every system, application, and connection that uses encryption. This includes TLS certificates, VPN configurations, disk encryption, email encryption (S/MIME or PGP), database encryption, code signing certificates, and any API integrations that use encrypted tokens. Many organizations discover they have far more cryptographic dependencies than they expected. Your IT consulting partner can help with this discovery process.

Second, classify your data by sensitivity and lifespan. Data that must remain confidential for 10+ years (client records, financial data, healthcare information, intellectual property, legal documents) faces the most immediate harvest-now-decrypt-later risk. This data should be prioritized for protection using quantum-resistant encryption as it becomes available in the products you already use.

Third, start testing vendor readiness. Ask your cloud providers, SaaS vendors, VPN appliance manufacturers, and certificate authorities about their PQC roadmaps. Microsoft Azure and Google Cloud already support hybrid post-quantum TLS for some services. Your next firewall or VPN appliance purchase should include PQC support on the requirements list. When renewing data protection contracts or security tools, ask specifically about post-quantum algorithm support.

Practical Steps You Can Take This Year

Beyond planning, there are concrete actions available right now:

• Enable hybrid PQC in browsers. Chrome, Edge, and Firefox support X25519+ML-KEM-768 hybrid key exchange by default. Verify it’s enabled and not disabled by group policy.
• Update your TLS libraries. If you run any web-facing services, ensure OpenSSL 3.x or a current TLS library is in use. These include PQC algorithm support that can be enabled as your infrastructure is ready.
• Review certificate authority plans. When your TLS certificates come up for renewal, check whether your CA offers hybrid or PQC-ready certificates. This won’t be universal yet, but the landscape is changing quickly.
• Include PQC in your next risk assessment. Add quantum computing threats to your cybersecurity risk assessment framework. This gives your leadership team visibility into the timeline and helps prioritize budget allocation.
• Watch your compliance obligations. If you hold CMMC, FedRAMP, or ITAR certifications, monitor the updated CNSA 2.0 requirements. HIPAA and PCI DSS haven’t mandated PQC yet, but both frameworks reference “appropriate encryption,” and that definition will evolve.

The Bottom Line for SMBs

Post-quantum cryptography is not an emergency for most SMBs today, but it is a planning requirement. The organizations that start building their cryptographic inventories and testing vendor readiness now will avoid the scramble when compliance mandates and insurance requirements catch up. The ones that wait until migration is mandatory will face compressed timelines, higher costs, and the unsettling possibility that their most sensitive data was already harvested years earlier.

The good news: you don’t need to do this alone, and you don’t need to do it all at once. Start with the inventory. Prioritize your most sensitive data. Build PQC readiness into your next technology refresh cycle. And keep zero-trust architecture principles in place, because strong access controls and segmentation reduce your exposure regardless of which encryption algorithms you use.