Is post-quantum cryptography the next Y2K?

The Y2K phenomenon: A brief refresher

For younger IT professionals, Y2K might be ancient history. In the late 1990s, organizations worldwide scrambled to address the Millennium Bug, a simple but pervasive problem where systems using two-digit year formats -- i.e., 99 for 1999 -- would potentially fail when the calendar rolled to 00 (2000), which many systems might interpret as 1900.

The potential consequences were dire: banking systems failing, air traffic control disruptions, power grid collapses and more. Organizations spent billions globally on remediation efforts, updating code and systems to handle the date transition properly. IT asset management companies made small fortunes identifying which machines were or were not Y2K-ready. When January 1, 2000, arrived, very few major incidents occurred, leading some to question whether the threat was overblown, while others pointed to the massive preparation as precisely why disaster was averted.

Post-quantum cryptography: The new challenge

Today's upcoming challenge centers on quantum computing. Unlike classical computers that use bits --0s and 1s -- quantum computers use quantum bits or qubits that can exist in multiple states simultaneously until observed. This property enables quantum computers to solve certain mathematical problems exponentially faster than classical computers, including the equations used to make public-key encryption difficult to break.

The Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC) algorithms, which protect everything from online banking to secure communications, would be vulnerable to a sufficiently powerful quantum computer running Shor's algorithm. This quantum algorithm finds the prime factors of a large number much faster than any known classical algorithm. Anything relying on public-key cryptography would be vulnerable.

While today's quantum computers aren't yet capable of breaking these cryptosystems, the threat is real enough that NIST has been working since 2016 to standardize quantum-resistant algorithms.

In August 2024, NIST published three critical Federal Information Processing Standards (FIPS) for post-quantum cryptography:

• FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) based on CRYSTALS-Kyber algorithm.
• FIPS 204: Module-Lattice-Based Digital Signature Algorithm (ML-DSA) based on CRYSTALS-Dilithium.
• FIPS 205: Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) based on SPHINCS+.

In March 2025, NIST selected HQC (Hamming Quasi-Cyclic) as an additional algorithm for standardization, further expanding the quantum-resistant toolkit.

Similarities between Y2K and PQC

The parallels between Y2K and the post-quantum transition are striking:

• Both represent foreseeable technological threats requiring proactive preparation. Organizations have advance warning and can take steps now to mitigate future risks.
• Both involve updating critical systems across virtually all industries. No sector is immune -- banking, healthcare, government, telecommunications and more all rely on cryptography that needs updating.
• Both require significant investment before the threat materializes. Organizations must allocate resources to address a problem that hasn't yet caused any damage.
• Both have potentially catastrophic consequences if ignored. Y2K could have disrupted critical infrastructure; similarly, quantum attacks could compromise sensitive data, financial systems and national security.
• Both involve explaining complex technical challenges to nontechnical stakeholders. This includes talking to executives and boards that control budgets about PQC remediation efforts.

Key differences between Y2K and PQC

Despite these similarities, post-quantum cryptography presents unique challenges that set it apart from Y2K:

• Y2K had a fixed deadline -- January 1, 2000. Organizations knew exactly when the threat would arrive. In contrast, no one knows precisely when a cryptographically relevant quantum computer will exist. Estimates range from five to 20-plus years, creating uncertainty about how urgently organizations should respond.
• Y2K could be simulated by changing system clocks. Organizations could test their remediation efforts. PQC is impossible to fully test against quantum attacks because sufficiently powerful quantum computers don't yet exist. Everyone is preparing for a threat that no one can fully simulate.
• Y2K affected visible system outputs -- dates would be wrong. PQC involves invisible cryptographic protections; a successful quantum attack wouldn't necessarily leave obvious evidence, potentially enabling attackers to silently access sensitive data.
• Y2K was largely a code fix -- updating date handling. PQC requires fundamental cryptographic changes, including larger key sizes, different mathematical approaches and potentially significant performance impacts.

Industry leaders addressing PQC now

The genesis of this article was a conversation I had with Michael Fasulo of Commvault, a cyber-resilience vendor. We discussed how and why Commvault is embedding PQC into its latest products in an effort to help its clients get ahead of the looming problem.

Other major technology vendors are already investing heavily in quantum-safe products:

• IBM established its Quantum Safe program focused on developing post-quantum cryptography services. It's implementing quantum-safe TLS on the IBM Quantum Platform and contributing to open source projects to advance PQC adoption.
• Microsoft integrated PQC into its SymCrypt library and participated in NIST's standardization process.
• Google Cloud announced a PQC roadmap for its Cloud Key Management System and contributes to open source implementations of quantum-resistant algorithms.
• Other major players, including AWS, Cisco and Dell, are also developing quantum-safe products and services.
• Specialized cybersecurity vendors, such as Thales, Entrust and QuSecure, are focusing specifically on quantum-resistant cryptographic services for enterprise customers.

NIST PQC standards

NIST's multiyear standardization process serves as the foundation for the post-quantum transition. The recently published standards provide organizations with officially vetted algorithms they can begin implementing.

These standards use different mathematical approaches, primarily lattice-based and hash-based cryptography, which we believe resist quantum attacks. In March of 2025, NIST selected HQC, which uses code-based cryptography, as a backup algorithm, to provide additional options and redundancy in case vulnerabilities are discovered in the primary algorithms.

While the standards are now published, full implementation across the digital ecosystem will take years. Organizations should begin planning now, even as the standards continue to evolve and mature.

Preparing for the post-quantum future

Organizations can take several practical steps now:

• Develop crypto-agility -- the ability to quickly swap cryptographic algorithms without major system overhauls. This provides flexibility as the quantum threat evolves.
• Create an inventory of cryptographic assets to understand where vulnerable algorithms are used throughout an organization.
• Prioritize systems based on risk, focusing first on those protecting long-lived sensitive data that could be valuable even years from now. Malicious actors are conducting "harvest now, decrypt later" attacks, which involve exfiltrating data for when they can potentially decrypt it.
• Consider a hybrid approach of current cryptographic standards alongside quantum-safe ones, as not every attacker will have access to a quantum computer.
• Stay informed about NIST standards and vendor implementations, as this field rapidly evolves.

Is PQC the next Y2K?

While post-quantum cryptography shares important similarities with Y2K -- it's a foreseeable technological challenge requiring proactive preparation -- the uncertain timeline and inability to fully test quantum-safe algorithms, tools and services make it a fundamentally different kind of problem.

But the lessons of Y2K still apply: Early preparation is key, technical challenges must be clearly communicated to decision-makers, and industry-wide cooperation improves outcomes.

Unlike Y2K's fixed deadline, the post-quantum transition requires a more flexible, risk-based approach. The publication of NIST standards marks not the end but the beginning of a multiyear journey toward quantum-safe security.

Organizations should begin planning to position themselves to navigate this transition smoothly, avoiding a last-minute scramble when quantum computers and their potentially encryption-destroying power finally arrive.

Jon Brown is a senior analyst at Enterprise Strategy Group, now part of Omdia, where he researches IT operations and sustainability in IT. Jon has more than 20 years of experience in IT product management and is a frequent speaker at industry events.

Enterprise Strategy Group is part of Omdia. Its analysts have business relationships with technology vendors.