top of page

Future-Proof Trust: Why Post-Quantum Cryptography Demands Action Today 

  • nicolaferraritest
  • Sep 22
  • 3 min read

Updated: Sep 23


The announcement that Avella is one a select group of organisations accredited under the NCSC’s Post-Quantum Cryptography (PQC) Assured Cyber Security Consultancy (ACSC) pilot is more than a milestone for us. It is a reflection of a profound shift in the global cyber landscape. 


Quantum computing, once a theoretical concept, is accelerating. Its potential to break today’s cryptographic standards is no longer in question - only its timeline is. The NCSC, alongside international peers such as NIST in the US and ENISA in the EU, has made it clear: organisations must prepare now for a cryptographic transition that will define digital trust for decades to come. 


The Quantum Risk Is Already Here 

Why the urgency? Because the threat is not about tomorrow’s decryption power. It is about “harvest now, decrypt later” attacks already underway. Adversaries can intercept and store encrypted data today, with the intention of unlocking it once quantum capabilities mature. Sensitive government, financial, healthcare, and intellectual property data are all at risk of future exposure. 


This means organisations must not wait for the first large-scale quantum computer. The window for resilience planning is already open.


What the Quantum Shift Really Means for Organisations 

Drawing on the NCSC’s white paper Next Steps in Preparing for Post-Quantum Cryptography and its published migration timelines, several critical realities stand out: 

Every organisation uses cryptography more than it thinks. From VPNs to cloud platforms, from IoT to OT systems, cryptographic dependencies are everywhere - and often undocumented. 


The timeline is demanding. Discovery and initial migration planning must be complete by 2028, priority systems migrated by 2031, and full migration by 2035. This is ambitious but necessary. 


Long-life data is most at risk. Information requiring confidentiality for decades - legal records, genomic data, state secrets - must be protected long before PQC is mainstream. 


Crypto-agility is key. No single algorithm will be the final answer. Systems must be designed for adaptability as standards evolve. 


The supply chain will make or break resilience. Most organisations rely on vendors, cloud providers, and third-party systems. Without coordinated action, resilience gaps will persist. 


What Leadership Must Do Now 

For boards, CISOs, and technology leaders, the challenge is not simply technical - it is strategic. Key actions include: 


  • Putting PQC on the Board Agenda: This is not just an IT problem but a core resilience issue with financial, reputational, and regulatory implications. 

  • Commissioning a Cryptographic Discovery Exercise: Without an accurate map of where and how cryptography is used, planning is impossible. 

  • Aligning with Refresh Cycles: Integrate PQC migration with natural technology upgrades to reduce cost and disruption. 

  • Engaging the Supply Chain Early: Demand visibility on vendor PQC roadmaps. Relying on suppliers without scrutiny will leave critical gaps. 

  • Investing in Skills and Testing: Train teams to work with PQC standards, validate implementations, and build crypto-agile systems. 


Beyond Compliance: Building Trust in the Quantum Era 

The transition to PQC is not just about compliance with NCSC or NIST timelines. It is about building and maintaining trust in the digital economy. Customers, partners, and regulators will increasingly expect demonstrable resilience. Those who act early will gain competitive advantage, lower costs, and stronger reputational capital. 


As the NCSC puts it, the question is not whether to migrate, but how quickly and effectively it can be done. 

 

At Avella, we view our recognition as one of only a select group of PQC Consultancies assured for Discovery & Migration Planning, and Advice as a responsibility as much as an achievement. The quantum threat is real, the timelines are clear, and the opportunity to lead with resilience is now. 


The organisations that act decisively today will be the ones still trusted tomorrow. 



Your security. Our passion. Future-proofed for the quantum era. 

 

bottom of page