Quantum computing poses a serious threat to today’s asymmetric cryptography and is expected to render widely used algorithms such as RSA and ECC obsolete. By contrast, symmetric cryptography (such as AES) and hash functions, maintaining an equivalent level of security can be achieved by increasing key sizes or security parameters. 

In response to this emerging risk, the NIST standardized four post-quantum asymmetric algorithms in August 2024, specifically designed to withstand attacks from quantum computers. 

While quantum computers are not yet powerful enough to carry out such attacks, estimates vary as to when this capability will be reached, with many experts anticipating a timeframe between 2033 and 2037. 

Nevertheless, the “Harvest Now, Decrypt Later” (HNDL) threat—where attackers collect encrypted data today with the intent of decrypting it in the future using quantum computers—makes it critical to protect sensitive, long-lived data well before such machines become operational. 

2025: Regulatory Acceleration 

While 2024 marked the completion of technical standards with the publication of the NIST specifications, 2025 stands out for the acceleration of institutional and regulatory roadmaps. In recent months, several major stakeholders have released their recommendations: 

• The European Union has defined a roadmap for Member States and entities subject to NIS 2 
• G7 Finance has formally integrated the post-quantum transition into its priorities 
• The Bank for International Settlements (BIS) has raised awareness within the banking sector 
• The UK government has published its national post-quantum roadmap 

These announcements build on previously communicated timelines: the NIST released a draft targeting 2035, while the Australian Signals Directorate (ASD) set a 2030 deadline. We expect additional countries to issue similar announcements in the coming months. 

As a result, the post-quantum transition is no longer solely a technological challenge. It is becoming a regulatory and institutional imperative, comparable to past largescale digital transformations. Regardless of the exact timeline for the emergence of quantum computers capable of breaking current cryptographic algorithms, a transition is unavoidable. 

Migrating a complex IT infrastructure is far from trivial. According to a 2022 memorandum, the Biden administration estimated the cost of migrating all U.S. federal agencies at over $7 billion. Such a program spans multiple dimensions—from risk assessment to technical execution—and involves numerous intermediate steps. Dedicated solutions already exist to support and accelerate each phase of this transition. 

The Wavestone Radar: A Market Overview of Solutions 

The 2026 Wavestone Radar of post-quantum migration solutions provides a visual overview of the leading solutions available on the market to support this transition. It has been—and will continue to be—regularly updated and enriched over the coming months. Any company that believes it should be featured is encouraged to contact us. 

The objective of this radar is not to list solutions that have already completed their post-quantum transition, but rather to highlight those that actively support and accelerate the migration process. 

Radar Categories 

Quantum Key Distribution (QKD) was considered but ultimately excluded as a category. While QKD is resistant to quantum computers, it is not technically a post-quantum cryptography technology and is not recommended by regulatory bodies. 

• Inventory: Automating the identification of all cryptographic assets, including the types of cryptography used and their locations 
• Network Analysis: Detecting network traffic that relies on obsolete cryptography using network probes 
• Migration Management: Providing an end-to-end view of the post-quantum transition, often based on inventory or network analysis results 
• PQC compliant HSM / PKI / CLM: Delivering essential digital trust components for most services that are resistant to quantum attacks 
• Libraries / Embedded Services: Encrypting and signing data using versatile cryptographic libraries or cloud integrated solutions 
• Perimeter Protection: Adding an additional layer of security against quantum threats, notably through traffic encapsulation and application wrappers for critical systems 

Inventory: The Cornerstone of Any Migration 

Our initial feedback from supporting post-quantum migration programs highlights a clear reality: it is impossible to plan and budget a migration without visibility into the existing environment. Concretely, organizations need to understand : 

• Which use cases and data are involved? 
• Where is cryptography used across the information system? 
• Which algorithms are currently deployed? 

Conducting an exhaustive inventory of a complex IT infrastructure represents a significant investment. It is therefore critical to prioritize the areas where inventory tools should be deployed first, based on three key criteria: data exposure (data accessible via the internet, exchanged with partners, etc.), long-term data sensitivity and vulnerability to HNDL attacks, and the technical components used to secure this data. Without this upfront visibility—understanding which algorithms are used, for which purposes, and to protect which data-effective migration planning becomes impossible. 

However, cryptographic inventory cannot rely on a single source. Organizations must combine multiple complementary approaches: network probes enable real-time observation of traffic, code analysis identifies cryptographic usage within applications and internal developments, SaaS specific tools and interfaces with external providers reveal third-party dependencies, while existing CMDBs and reference repositories map the overall infrastructure. This multiplicity of sources creates a new strategic need for tools capable of centralizing heterogeneous information and providing a consolidated, actionable view to effectively manage migration. A trend is emerging around the CBOM (Cryptography Bill of Materials) format to standardize these inventories, although it is still too early to assess its actual adoption across the market. 

Inventory thus becomes the foundation of post-quantum migration governance. Without it, organizations are effectively navigating blind. 

Since 2024, the market for digital asset inventory solutions has experienced strong growth, driven by the emergence of highly specialized players focused exclusively on the detection, mapping, and management of IT assets (hardware, software, cryptographic certificates, etc.). These vendors stand out for their deep expertise and ability to address complex environments. 

At the same time, established players in the network and infrastructure space – such as IBM, Samsung, Cisco, and Microsoft – are leveraging their deep knowledge of IT environments to deliver robust solutions. These offerings increasingly integrate advanced network probes and cryptographic inventory capabilities, with growing attention paid to post-quantum cryptography challenges. 

CryptoAgility: A Long Term Objective of the Post-quantum Transition 

Cryptoagility is not merely a technical feature; it is a strategic capability that enables organizations to adapt to cryptographic evolutions without operational disruption. As post-quantum cryptographic (PQC) algorithms increasingly become a regulatory standard, cryptoagility allows business logic to be decoupled from the underlying cryptography, thereby facilitating updates without requiring a complete overhaul of existing infrastructures. 

To adopt a crypto agile approach, organizations must embed flexible and scalable mechanisms from the design phase, capable of adapting to cryptographic advances—whether driven by the quantum threat or by the rapid deprecation of algorithms. 

On the library side, solutions offering a modular approach are now widely available. Tools such as Open Quantum Safe (OQS), compatible with OpenSSL and BoringSSL, or liboqs (Intel), optimized for x86 architectures, enable the integration of NIST standardized post-quantum algorithms (Kyber, Dilithium, SPHINCS+). Bouncy Castle, for its part, provides a unified API for Java and C#, easing the transition between classical and post-quantum cryptography. 

However, the modular approach offered by these libraries must be integrated into a broader ecosystem of specialized tools. In this context, inventory solutions and cryptographic key and certificate lifecycle management tools play a critical role. They enable the establishment of an exhaustive mapping of the cryptographic environment, providing full visibility into all assets that need to be protected. This comprehensive view forms an essential foundation for ensuring data security and implementing truly effective risk management. 

Ultimately, crypto agility goes beyond the technical domain. It is a strategic capability that allows organizations to secure their data sustainably, reduce quantum related risks, and approach the future with greater confidence. The technological building blocks are already in place; what remains is to integrate them today into cybersecurity strategies. 

Perimeter Protection: A Rapid Mitigation Strategy 

Given the scale and complexity of post-quantum migration programs, perimeter protection (edge protection) solutions provide a pragmatic and fast acting approach to reducing exposure across critical data flows. 

These solutions enable the rapid securing of sensitive communication channels—such as VPNs, email, and file transfers – by encapsulating traffic within a post-quantum cryptographic layer, without requiring changes to the underlying applications. This makes it possible to deploy wrappers around critical applications without waiting for their full redesign or migration. 

The primary advantage of this approach lies in the significant time savings it delivers. While a comprehensive application-level migration remains necessary in the medium term and may span several years, perimeter protection offers immediate security for the most exposed assets. This strategy allows organizations to intelligently prioritize the protection of their most sensitive data, while methodically preparing for the broader, long-term migration of their IT infrastructure. 

HSMs and Certifications: A Turning Point in 2025 

In the first version of our radar, we highlighted the lack of certifications for post-quantum Hardware Security Modules (HSMs), which represented a major barrier to their deployment in production environments. 

This situation has since evolved positively. Both the ANSSI and the BSI have now issued three Common Criteria certifications for PQC compatible HSMs (from Samsung, Thales, and Infineon). These certifications mark a significant turning point and pave the way for real-world deployments under operational conditions. 

HSMs play a critical role in the digital trust chain, particularly for: 

• The secure generation and storage of PQC keys, which are significantly larger than their classical counterparts 
• Signature operations within Public Key Infrastructures (PKIs) 
• End-to-end key lifecycle management (rotation, revocation, archiving), ensuring integrity and traceability to maintain the chain of trust 

However, even when certified, these HSMs must still address challenges related to side channel attacks, given the relative immaturity of current implementations of these new algorithms. The scientific community continues to actively assess and analyze these risks. 

IoT and Embedded Systems: The Weak Link 

While the market for PQC solutions is progressing rapidly for traditional IT environments, a worrying gap is emerging for IoT and embedded systems. These devices operate under severe constraints – limited power, reduced processing capabilities, and restricted storage – which directly conflict with the requirements of post-quantum algorithms, inherently more resource intensive than their classical counterparts. 

Deploying PQC on such systems often requires dedicated processors with optimized instruction sets. However, the current hardware ecosystem remains insufficient: few dedicated PQC hardware accelerators are available on the market, and hardware development cycles typically span several years. This technical complexity is compounded by the challenge of upgrading a highly decentralized and heterogeneous device landscape, including widely deployed and hard to access connected objects, mission critical industrial systems where downtime is costly, smart cards with long renewal cycles, and legacy equipment with limited or no update capabilities. 

The risk is clear: a lasting gap could emerge between traditional IT environments, which will progressively migrate to PQC, and embedded IoT systems, which may remain vulnerable for a much longer period. Organizations must anticipate this challenge now by embedding PQC compatibility requirements into their specifications for all new deployments of embedded and connected equipment. 

A Nuanced Market Outlook 

The market has now clearly acknowledged that the post-quantum transition will necessarily begin with a systematic inventory phase and a comprehensive risk assessment, a realization that has reshaped the structure of the ecosystem. This growing awareness is reflected in several encouraging developments: the proliferation of specialized solutions for mapping cryptographic assets; the first official certifications for PQC compatible security modules, confirming their readiness for operational deployment; and the maturity of opensource libraries, now widely supported by the industry. Migration support tools further complement this landscape. In parallel, perimeter security approaches already make it possible to protect sensitive data flows without waiting for a full system overhaul. 

However, this momentum continues to face persistent challenges. Delays in the development of suitable hardware – particularly for IoT and embedded systems – remain a major obstacle, with a still limited availability of low power, PQC compatible processors. Certifications, while promising, remain limited in number and cover only part of the available technological spectrum. Finally, inventory tools, despite becoming increasingly sophisticated, have yet to fully demonstrate their ability to effectively address the complexity and heterogeneity of large enterprise IT environments. 

As a result, while the market has clearly oriented its efforts toward inventory and risk analysis as essential prerequisites for migration, technological and industrial challenges continue to slow largescale adoption. 

Cet article Radar 2026 of Post-quantum Migration Solutions  est apparu en premier sur RiskInsight.

Every year since 2020, Wavestone has identified Swiss cybersecurity startups in its eponymous radar. While AI has established itself as a cross-disciplinary subject in all fields, the 2025 Radar focuses on the use of artificial intelligence as a tool, not just as a subject to be secured, but as a technology at the very heart of the cyber response.

Several startups are using AI to automate, enhance or personalize their solutions:

Egonym uses generative AI to anonymize faces in images and videos while preserving useful traits like age and emotion — striking a rare balance between privacy and utility.

Hafnova applies real-time AI to detect, block, and report threats across critical infrastructures with high responsiveness and minimal delay.

Aurigin combats deepfake-based fraud in real time using multimodal AI that simultaneously analyzes voice, image, and text to validate identities. 

RedCarbon delivers autonomous AI agents capable of handling complex cybersecurity tasks such as threat detection, hunting, and compliance monitoring — significantly reducing analyst workload.

Baited leverages AI and OSINT to generate hyper-realistic phishing simulations, enabling organizations to test and train employees under real-world conditions.

It’s good to see AI becoming an essential defensive weapon contributing to the defense of our information systems.

Strong momentum around threat detection, response and monitoring

The second strong trend this year is the emergence or reinforcement of startups specializing in intrusion detection, suspicious behavior detection, incident response and continuous supervision.

This segment, already well established historically, is undoubtedly gaining strength with several new entries:

RedCarbon: AI agents for threat detection & automated hunting.

Swiss Security Hub: continuous monitoring of SAP systems with XDR integration.

Cyberservices : XDR platform based on the Google ecosystem.

Hafnova: real-time cyber supervision in critical sectors.

Tirreno: on-prem platform for online fraud detection with user trust scoring.

At a time when cyber-attacks continue to increase in number and complexity, preventive, contextualized and autonomous detection is and will remain key to strengthening operational resilience.

New ground explored: digital sovereignty and secure hardware

Among the notable additions, The Cosmic Dolphins stands out with its sovereign hardware approach:

The Cosmic Dolphins: Swiss smartphones with dual-zone OS (Shark Zone / Dolphin Zone), kill switch, and hardware-first approach to privacy.

Swiss innovation isn’t limited to software: mastery of the physical infrastructure is becoming an issue of trust, sovereignty and differentiation.

Key Figures

Geographical focus: undisputed predominance of Lausanne and Zurich, but other regions are gaining ground

Unsurprisingly, most startups are located around two main technological clusters: Zürich and Lausanne. This confirms an already existing trend since these two cities are hosting Swiss Federal institutes of technology (ETHZ in Zürich, EPFL in Lausanne).

These universities are providing a fertile ground for startups as they offer support in terms of infrastructure but also in terms of collaboration with students and labs. In return, intellectual property is shared between startups and universities. This model is a success for Switzerland as it allows to continuously improve the economy of these regions with a good balance between investment and research.

Nevertheless, other regions such as Geneva and Ticino are showing increasing dynamism, with several new startups emerging in this year’s edition. This points to a gradually diversifying ecosystem, supported by regional initiatives like innovation hubs and dedicated startup incubators.

Methodology

Wavestone’s Swiss Cybersecurity Startups Radar identifies new players in the Swiss cyber innovation ecosystem. Its objective: to provide a global and critical view of an ever-renewing environment.

• Startups were selected according to our eligibility criteria:
• Head office in Switzerland
• Less than 50 employees
• Less than 8 years of activity (established as of 2017)
• Business model around a specific product (software or hardware)
• Startups were identified and evaluated according to the following procedure:
• Open Source Intelligence (OSINT) data consolidation
• Evaluation in regard to above criteria
• Qualitative interviews with the startups

Cet article Cybersecurity Startups Radar: 2025, AI at the service of cybersecurity est apparu en premier sur RiskInsight.

The growing excitement about the advent of quantum computers is justified for a subject that is no longer science fiction but involves a new kind of threat.

Indeed, according to the predictions of numerous experts such as the Global Risk Institute, quantum computers should soon be capable of solving the mathematical problems underlying current cryptographic standards – which would consequently render obsolete the traditional systems protecting our communications, our finances and our critical infrastructures. 

For businesses, the urgent question is no longer whether this threat will become a reality, but when. How can we anticipate the operational and structural impact of this technological upheaval, while at the same time responding to the growing number of regulatory recommendations on the subject? What tools should be adopted to guarantee the confidentiality and integrity of data in the near future? It’s a major challenge, but solutions are being studied, such as post-quantum cryptography (PQC), which is already being widely adopted by the international community.

The quantum threat

Today, the security of information systems relies mainly on symmetric and asymmetric (or public key) cryptography and hash functions. These categories are represented by algorithms that are widely used today, in particular AES, RSA, ECC and SHA for hash functions. Massively adopted by the global community and natively integrated into many modern devices, these algorithms have proved their worth for decades in ensuring the confidentiality, authenticity and integrity of data exchanges.

The mathematical problems on which these standards are based are sufficiently complex to ensure that even today’s best supercomputers have no brute-force capability.   

The quantum computer is reshuffling the deck.

These machines are based on physical principles that are fundamentally different from today’s classical computers. Thanks to the phenomena of superposition and entanglement, a quantum processor can process different physical states simultaneously. What is often described as ‘quantum parallelism’ does not correspond to simple classical parallel computing (where several cores execute identical tasks), but to the ability to explore multiple execution paths simultaneously. For some algorithms, this approach can considerably reduce the search space and speed up processing.

A key question then arises: are there already algorithms capable of exploiting these quantum properties, and thus of overcoming current encryption standards?

In 1994, P. Shor, followed by L. Grover in 1996, introduced algorithms incorporating quantum computation processes to solve certain complex mathematical problems. The first allowed large numbers to be factored exponentially faster than a conventional algorithm, while the second optimised the search for an element in unordered sets. Until now, the characteristics of classical computers have made these algorithms impractical, but the emergence of quantum computers will radically change the situation, making them usable.

Indeed, the best supercomputer would take 1.02 x 10¹⁸ years (one trillion years) to break AES-128 by brute force and 10¹⁰ years (10 billion years) for RSA-2048 using today’s best methods. By comparison, a quantum computer running Grover’s algorithm could break AES-128 in 600 years, while Shor’s algorithm would overcome RSA-2048 in just 8 hours with a machine of 20 million qubits.

Faced with this threat, AES and symmetric cryptography, as well as SHA-256 and hash functions, remain viable by doubling the size of the keys used, but asymmetric cryptography needs to be rethought. With this in mind, post-quantum cryptography is emerging as the most promising solution.

What is post-quantum cryptography?

According to the ANSSI, ‘post-quantum cryptography (PQC) is a set of classical cryptographic algorithms including key establishment and digital signatures, which provide conjectured security against the quantum threat in addition to their classical security’.

This therefore refers to all the new asymmetric encryption algorithms capable of guaranteeing security against both traditional attacks and the new quantum attacks. The difference with those we use today lies essentially in the mathematical problems underlying the algorithms, chosen to remain complex to solve, even for a quantum computer.

Why is this solution considered the most promising?

PQC is not the only response being considered to the quantum threat, but it is widely regarded as the most viable solution by the international community. Several factors explain this interest, including

– Continuity with current systems, facilitating its adoption and gradual integration into conventional infrastructures.

– Advanced maturity, with standards already established and supported by the main cybersecurity authorities.

Continuity with current systems

How does this classical type of cryptography protect encrypted data against quantum attacks?

PQC does not imply a paradigm shift in our approach to securing infrastructures. As mentioned earlier, PQC is part of the family of asymmetric cryptography and therefore retains the same operation and objective as current public key algorithms. Its resistance to quantum attacks is ensured by the nature of the underlying mathematical problems, which are different from those used in conventional asymmetric cryptography. This structural difference also means that cryptography can be integrated more seamlessly into today’s digital infrastructures, ensuring a gradual transition to a future in which PQC completely and effectively supplants modern encryption standards.

Advanced maturity

The second major advantage of the PQC is its maturity compared with the other options considered. This year saw the publication of PQC standards by the US National Institute of Standards and Technology (NIST) in August 2024.

This process began in 2017 with 69 initial candidates, 4 of whom were selected to become the new PQC standards. None of the other solutions put forward to counter the coming threat, including quantum cryptography (based on the use of quantum properties as opposed to PQC, which can be implemented on conventional computers), have been the subject of a standardisation process.

Furthermore, national cybersecurity bodies such as ANSSI (France), BSI (Germany), NLNCSA (Netherlands), SFA (Sweden), NCSC (UK), NSA (USA), etc. all agree that CQP is the best way to protect against the quantum threat, and that the priority for businesses should be to migrate to CQP systems.

When and how can this technology be implemented?

The predictions of research bodies on the advent of the quantum threat are still fairly disparate, but all agree that quantum computers capable of executing the algorithms responsible for the future obsolescence of current cryptographic standards, known as Cryptographically Relevant Quantum Computer (CRQC), will render RSA-2048 obsolete, in particular, within the next 15 years. It is difficult to predict exactly when the quantum computer will be ready and will achieve sufficient performance for concrete use cases but cross-referencing the recommendations of organisations such as the NSA with the predictions of experts on the subject means that we can estimate the emergence of the first CRQCs between 2033 and 2037.

Harvest now, decrypt later

However, we do not have 10 years to arm ourselves against this threat. Data in transit today remains exposed to ‘harvest now, decrypt later’ attacks. These are attacks based on the interception and long-term storage of encrypted data, pending technological breakthroughs in decryption that will make it readable in the future.

The data targeted by this type of attack is mainly data in transit, as it is during transport that protocols such as TLS use asymmetric key pairs. It is at this point that the data is ‘quantum vulnerable’ and therefore interesting to intercept and store to decrypt it later. Data at rest, on the other hand, is generally encrypted using symmetrical algorithms, and requires to be exfiltrated to be captured, so it is not the target of these attacks.

The main risk of these attacks remains the violation of long-term data confidentiality. Depending on the sector, particularly financial or industrial, data can remain sensitive for long periods, so access to this information can have multiple serious consequences. It is reasonable to assume that attackers could currently recover a considerable quantity of encrypted data to decrypt it later. It is therefore imperative to start migrating to cryptographic systems that are resistant to quantum algorithms today.

Recommendations from organisations on preparation

CISA, the NSA and the American NIST, to name but a few, are urging companies to get ready now by drawing up a quantum roadmap, led by a dedicated project team, whose aim would be to plan and supervise the organisation’s migration to PQC.

The project framework will need to focus on 3 main areas:

1. Cryptographic inventory: the aim is to understand the organisation’s exposure to vulnerable cryptographic mechanisms. This involves identifying the technologies used in systems, network protocols, applications and programming libraries.
2. Risk analysis: this aims to prioritise the assets and processes to be secured first. The aim is to assess the criticality of the data being protected, and also to anticipate the length of time it will need to be protected. This analysis is based on the cryptographic inventory carried out upstream and enables efforts to be targeted where the impact of a quantum attack would be most critical.
3. Supplier responsibility: the transition to post-quantum cryptography also involves working closely with technology partners. Companies need to ensure that the solutions they use are crypto-agile: can current products be upgraded to systems that are resistant to the quantum threat, or will they need to be replaced to avoid obsolescence?

The migration strategy we recommend at Wavestone takes the main steps outlined by CISA, NSA and NIST, and adapts them to the operational realities of each company:

1. Strategic phase:
   • Understanding and raising awareness: Firstly, this involves training and informing all those involved (management, business teams, technical teams) about the impact of the quantum threat, the issues involved in post-quantum cryptography, and the main regulatory guidelines.
   • Risk assessment and initial inventory: Mapping of cryptographic uses (protocols, libraries, applications, etc.) and identification of sensitive data that must remain confidential over a long period. It is also at this stage that the company’s maturity is assessed and the most critical projects prioritised.
   • Framing the programme: On the basis of the risks identified, the overall roadmap (objectives, budget, organisation) is defined. A dedicated team – or ‘centre of excellence’ – is set up to steer the transition, coordinate the various projects and define the success indicators.

2. Quick wins
   • Before embarking on a more extensive transformation phase, we recommend the rapid launch of low-investment initiatives, such as including post-quantum clauses in contracts (with suppliers and partners). The aim is to obtain tangible returns, raise stakeholder awareness and create a positive momentum around the project.

3. Transition programme

• • Test of an initial use case: Selection of a representative use case to deploy the first post-quantum cryptographic algorithms or mechanisms under real conditions.
  • Detailed inventory (second iteration): We then need to refine the mapping of cryptographic components (PKI, key management, network protocols, encryption libraries, etc.) in order to plan the migration precisely.
  • Modernising ‘digital trust’: This involves updating infrastructures (PKI, certificate management, key rotation policies, etc.) and implementing procedures to accommodate new algorithms.
  • Migration and monitoring: Progressive deployment of post-quantum algorithms on critical systems, while maintaining service continuity. This phase is accompanied by controls, performance tests and security checks. Eventually, the entire IS is covered, guaranteeing continuity and regulatory compliance.

This roadmap, which is both pragmatic and in line with the recommendations of the relevant bodies, guarantees a controlled transition to post-quantum cryptography.

Hybridization mentioned in Europe as an important step in the transition

In a joint publication with its European counterparts BSI, NLNCSA, SNCSA and SFA, ANSSI also recommends that preparations for this transition should begin as soon as possible. Although the new PQC standards, including algorithms, implementation instructions and their use, were published by the NIST in August 2024, these bodies are not encouraging the immediate integration of these algorithms into companies’ cryptographic systems. The ANSSI has even announced that it ‘does not approve any direct replacement in the short or medium term’. The reason for this is ‘a lack of cryptanalytical hindsight on several security aspects’; despite its completed standardisation process, PQC is not yet considered mature enough to guarantee security on its own:

– Several algorithms that were finalists (and therefore considered promising) in the NIST standardisation process have been the subject of classic attacks that have been successful. The SIKE algorithm was defeated in 10 minutes, and Rainbow in a weekend.

– Dimensioning, integration of algorithms into communication protocols and the design of secure implementations are other aspects on which progress needs to be made, according to the ANSSI.

Consequently, unlike NIST, ANSSI and BSI, among others, recommend that organisations adopt hybrid systems. This concept consists of ‘combining post-quantum asymmetric algorithms with well-known and well-studied pre-quantum asymmetric cryptography’ (ANSSI). In this way, we can benefit from the effectiveness of current standards against classical attacks, and from the predicted resistance of PQC against quantum attacks.

Hybridization is possible for key encapsulation mechanisms and digital signatures. Each classical operation is replaced either by:

– successive execution

– parallel execution of the 2 algorithms, pre-quantum and quantum.

The second option can be implemented to reduce the loss of system performance. These hybrid schemes also require the players involved to support both types of algorithms.

This is a scheme where ‘the additional performance cost of a hybrid scheme remains low compared with the cost of the post-quantum scheme’. ANSSI believes that ‘this is a reasonable price to pay to guarantee pre-quantum security that is at least equivalent to that provided by current standardised pre-quantum algorithms’.

On the other side of the Atlantic, we are much more nuanced than our European counterparts on this issue. Although the benefits of hybridisation are recognised by the UK and US cybersecurity authorities, the NCSC and NIST insist on the temporary nature of this solution and do not impose hybridisation as a mandatory step before migrating completely to PQC. The NSA explicitly states that it has confidence in PQC standards and does not require the use of hybridisation models in national security systems. In summary, the decision to use these models must be taken taking into account:

– technical implementation constraints

– the increased complexity (two algorithms instead of one),

– the additional cost,

– the need to transition a second time in the future to a total PQC system, which can be a complex exercise in crypto-agility – i.e. the ability to modify one’s cryptographic infrastructure rapidly and without major upheaval in response to changing threats – for some companies.

Regulatory aspects

There are currently no European regulations setting out explicit requirements for post-quantum cryptography. However, some of the various texts on data encryption (NIS2, DORA, HDS, etc.) explicitly require state-of-the-art encryption to be applied.  In particular, DORA requires the constant updating of the cryptographic means used in relation to developments in cryptanalysis techniques. It is therefore possible to consider this as a first step in guiding organisations towards the concept of crypto-agility.

Despite the current lack of requirements, ANSSI is planning a post-quantum transition plan in 3 phases:

1. Phase 1 (in progress)

Effective post-quantum security through hybridisation remains optional and is considered by the agency to be defence in depth. The security approvals issued by ANSSI remain unchanged and only guarantee pre-quantum security.

2. Phase 2 (after 2025)

Quantum resistance becomes a security property. Post-quantum security criteria for PQC algorithms will have been defined by ANSSI and will be taken into account when issuing security visas.

3. Phase 3 (after 2030)

It is estimated that the post-quantum security assurance level will be equivalent to the current pre-quantum level. Hybridization will therefore become optional; security visas may be issued for companies using post-quantum schemes without hybridization.

In addition, depending on the context, ANSSI may decide to grant security visas only for long-term post-quantum security.

In the USA, NIST’s post-quantum transition plan is not definitive, but the obsolescence of RSA and ECC is already projected for 2030, followed by a total implementation ban in 2035; hence the announced target – aligned with the NSA – for completion of the migration to PQC in all federal systems in the same year. Depending on the requirements of different sectors, it may be necessary to make the transition more quickly, depending on the associated levels of risk.

Although 2035 seems a long way off, the full migration to post-quantum cryptography is a long process, and the initial phases of cryptographic inventory, data classification and risk analysis, in particular, require considerable time. It is therefore essential to start today to plan for a successful transition.

The advent of quantum computers is therefore no longer a distant hypothesis, but a certainty that will redefine the foundations of cybersecurity. While the precise timing (2033-2037) remains uncertain, the regulatory pressure from cybersecurity institutions is becoming clearer, and the impact on data confidentiality and integrity is unavoidable. Every day that goes by without adaptation increases the vulnerability of companies to future attacks.

And yet, solutions already exist: post-quantum cryptography, although not yet fully mature – especially when it comes to implementation – offers a promising response to this threat. Standardised and supported by the major international bodies, it represents the first step towards sustainable security in the quantum era.

However, adopting this technology is not simply a matter of technical deployment. It is a strategic transition, an exercise in crypto-agility, and an opportunity for businesses to assert their resilience in the face of technological upheaval.

The question is no longer whether your organisation will be ready when the first quantum computer capable of breaking RSA-2048 sees the light of day. The question is whether it will have anticipated this future, by arming itself now with the tools and plans needed to turn this constraint into a competitive advantage. The future of security starts today.

Contact us

Cet article Quantum computing and post-quantum cryptography: what strategy should companies adopt to deal with these issues? est apparu en premier sur RiskInsight.

Fortunately, quantum computers are not performant enough yet to conduct such attacks. Estimates vary as to when this will be a reality, though most expect it between 2033 and 2037. Furthermore, regulators have begun outlining end-of-life timelines for existing algorithms, with Australia’s ASD planning to designate them as obsolete by 2030 and the NIST drafting its own retirement schedule for 2035. We expect such announcements to pick up during the coming months from other nations.

As such, regardless of the exact date of emergence of quantum computers capable of breaking current cryptographic algorithms, a transition will be obligatory from a regulation standpoint.

Migrating a complicated IT infrastructure is no trivial feat: in a 2022 memorandum, the Biden administration expected the migration of all U.S. Federal Agencies to cost more than $7 billion. Such a complex endeavor entails a plethora of aspects from assessing risks, to executing the technical migration, with many intermediary steps. Solutions exist to accompany or accelerate those stages.

Wavestone’s 2025 Post-Quantum Migration Migrations radar offers a first visual panorama of market leading cybersecurity solutions for this migration. This radar has been and will continue to be updated in the coming months. Any company that feels it should be part of the radar is encouraged to reach out.

The goal of the radar is not to inventory solutions that completed their PQC migration, but rather solutions that help and accelerate the PQC migration.

Categories 

• Inventory: Automatically inventory the type and locations of all cryptography in use 
• Migration Management: Provide the big picture view of the post quantum transition, often based on inventory outputs 
• PQC Compliant HSM / PKI /CLM: Provide quantum resistant core trust components necessary for most company services 
• Libraries / Embedded Services: Encrypt and sign data with polyvalent libraries or directly integrated cloud solutions 
• Edge Protection: Protect against quantum computing attack by providing an extra layer of security, be it at network or application level 
• Network Analysis: Detect network flows which use obsolete cryptography with probes 

Key Market Trends 

Size disparities

The market landscape for post-quantum security solutions exhibits significant disparities in the size and maturity of players. On one end of the spectrum, tech giants and established cybersecurity firms leverage extensive resources to develop and promote robust solutions. On the other end, niche start-ups and pure players are driving rapid advancements in specialized areas. We expect this diversity to foster:

1. Innovation: Diversity in the market landscape, with contributions from both tech giants and pure players which enhances the pace and quality of innovation.
2. Fragmentation: smaller players may struggle to achieve the scale required to implement their solutions broadly
3. Partnerships: we are already witnessing how Thales and IBM are leveraging innovation in specific areas of pure players with their own resources and expertise.

As the market matures, it will be exciting to follow how its landscape evolves.

Several open-source libraries… with Big Tech support

Already, several open-source libraries propose post-quantum cryptograph. The most high-profile libraries, such as OpenSSL, are not the most advanced on this, with their own implementations currently ongoing, while Open Quantum Safe’s liboq is already ready. Nevertheless, it is a promising sight for the cybersecurity ecosystem that a topic as crucial as post-quantum security has solutions deeply rooted in open-source principles.

Yet, Big Tech companies play a pivotal role in supporting open-source libraries for post-quantum cryptography, recognizing their potential to accelerate adoption and innovation. Initiatives like Open Quantum Safe’s liboq has supporters that include Microsoft, Amazon and IBM; Bouncy Castle’s PQC was developed with Keyfactor’s sizeable participation, and Tink, Google’s open-source library offer PQC as well. However, most of the implementation has not been fully formally verified, though the process is underway.

A lack of certification for HSMs…

Hardware Security Modules (HSMs) play a crucial role in the digital trust chain, but the market for these hardware solutions is not yet ready. Initially, providers resorted to software implementations for experimental purposes while waiting for the new standard to be published by NIST. However, hardware implementations have advanced since then, even though their certification is not expected until Q3 or Q4 2025.

Furthermore, although HSMs are designed to resist tampering and reduce the risks of key exposure, they will have to face challenges related to side-channel attacks due to the still limited maturity of current implementations of these new algorithms.

And a lack of hardware for IoT, embedded devices, and smart cards

The lack of hardware is particularly problematic for connected objects (IoT), embedded devices, and smart cards, which operate under severe constraints – limited power, reduced computing capacity, and restricted storage space – thus requiring efficient algorithms and specialized dedicated hardware for cryptographic operations. Unfortunately, the current absence of dedicated processors remains a major obstacle.

Moreover, the decentralized nature of embedded devices will represent a considerable challenge to overcome, as upgrading legacy equipment will be complex and costly.

A strong market dynamism

Post-quantum security is very much an emerging topic. Yet, today’s market for solutions is extremely dynamic, Companies, governments, and institutions are mobilizing to address emerging risks, fueling a surge in innovative and specialized technological offerings. This momentum will be further accelerated by expected regulatory pressures, such as those from NIST, ASD, and ENISA, compelling organizations to adopt robust and compliant solutions.

An international and sovereign Market: digital sovereignty at stake

The quantum computing market is both global and deeply intertwined with questions of national sovereignty. Quantum computers are considered a strategic issue by the world’s leading nations, which invest hundreds of billions to ensure their sovereignty in that emergent field.

On the other hand, the market for post-quantum security is framed in a much more international prism. Companies in our radar span many nations, with the U.S. being nevertheless the uncontested leader. Moreover, international partnerships have also taken place such as Thales, which partners with IBM, CryptoNext and many more to combine their respective expertise and provide clients with advanced solutions.

A promising but incomplete market coverage

As we have covered, the market is extremely dynamic. The question remains whether the ecosystem’s needs for a post quantum transition are currently met. Currently, there is a lack of true hardware post-quantum solutions, as most of what exists is only a post-quantum layer. Nevertheless, our understanding of the market is very much that it is under development and should be more and more available this year already. Based on how we advise clients in planning and implementing their migration, the market solutions address or will address shortly most of our client’s needs.

Our evolving radar constitutes the first edition in this field. In that sense, we strongly encourage any absent company to contact us to remedy the situation. 

Cet article Radar 2025 of Post Quantum Migration Solutions est apparu en premier sur RiskInsight.

This summer marks a major breakthrough in cybersecurity with the publication of the NIST standards for post-quantum cryptography. This publication is the culmination of many years of work, the standardisation process having begun in 2016, while the mathematical research has lasted decades. 

This news has been eagerly awaited by the cyber community, because the threat is so real: a sufficiently powerful quantum computer would render all current asymmetric cryptography obsolete. This would mean the impossibility of exchanging encryption keys, as well as the possibility of digitally signing documents. In short, it would mean the end of confidentiality and integrity guarantees for communications. 

It’s difficult to describe the extent of the consequences, with secure communications on the Internet becoming near enough impossible. 

To counter this, 3 new cryptographic standards have been identified: 

• ML-KEM (CRYSTALS-Kyber), the new main standard for encryption and therefore key exchange 
• ML-DSA (CRYSTALS-Dilithium), the new main standard for digital signatures 
• SLH-DSA (Sphincs+), the backup solution for backup signatures should ML-DSA prove vulnerable.

Note that a “backup” solution for encryption, FN-DSA (FALCON), will be released in the near future. 

The standards are published, but the post-quantum efforts are not over – quite the contrary! 

Integrations begin: editors and developers in action 

Publication of the standards means that the next stage in the post-quantum security process can begin: integration of the algorithms by the major players and developers of technological solutions.  

This work has already begun, of course, and includes the integration of post-quantum algorithms into the development roadmap of Tink1, Google’s well-known cryptographic library. Also worthy of mention is the partnership between IBM and Thales2 for complete post-quantum security, from VPN to TLS to digital document signing. Finally, Microsoft3 has also indicated that efforts are now underway for a post-quantum transition of their services, from cloud to on-premise. Even Apple4 in the consumer sphere has launched the migration of iMessage to post-quantum algorithms. 

But beware, post-quantum security is not suddenly a reality. It is and will be a long process which relies, in particular, on the efforts of all IT service providers. It’s encouraging to see that market leaders are taking this subject seriously. 

It’s up to large organisations to act!  

Post-quantum security doesn’t just concern GAFAM: all major organisations need to start transitioning to this new paradigm. We recommend that you start thinking about and adopting a post-quantum security strategy now, as US agencies are obliged to do so under the Quantum Computing Cybersecurity Preparedness Act (2022).  

There are many major stages in this migration strategy, and it obviously has to cover conventional IT systems. But we mustn’t forget industrial systems and embedded systems (vehicles, trains, connected objects, remote systems, etc.). For each of these areas, the following elements need to be consolidated: 

• An inventory of data and its security shelf-life, particularly for long-lived data, in order to prioritise safeguards. 
• An inventory of cryptographic solutions used in-house, to identify their origins and responsibilities (in-house, open-source, suppliers, etc.). 
• Each use of asymmetric cryptography must be the subject of a transition plan, including a POC. Note that symmetrical AES cryptography does not require any transition, with the exception of the move to AES256 for ultra-critical data (sensitive over several decades). For legacy systems, beyond the migration of encryption systems, it may be necessary to re-encrypt part of the stored data. 
• The entire cryptographic chain will obviously have to evolve, from PKI to certificates, via the various encryption and signature systems. We’ll also need to pay close attention to performance issues, particularly in embedded environments.  
• New projects must take post-quantum security into account right from the design stage: 
  • With the inclusion of post-quantum security criteria in the evaluation of service providers.
  • All in-house projects must include the use of post-quantum asymmetric cryptography, requirements equivalent to AES256 for symmetric cryptography, and guarantees equivalent to SHA512 for hashing. 

Given the scale of the task, a complete ecosystem of suppliers is emerging to support inventorying, risk assessment (via library or source code scanning) and action plan follow-up. This is the case at Thales, IBM and Sandbox AQ.  

But beyond the tools, it will be necessary to embark on a real transformation programme, mobilising IT teams, the business lines concerned, and also purchasing if the supplier stakes are high.  

This migration is also an opportunity to think more deeply about the management of “crypto agility”, because let’s face it, these algorithms are fairly “new”, and it’s not impossible that flaws will be discovered that will require upgrades. The transformation programme should not lead to a “one-off” migration, but rather to the mastery of agile cryptography within the organisation.  

History shows that it takes 3 to 4 years to initiate and complete this type of migration. And it won’t be easy to make headway on this issue, so invisible is it to the business world. Let’s hope that regulations, particularly in Europe, will bring the subject into the spotlight! 

Risks and timelines: when to act?  

Estimates vary as to when a quantum computer will be able to “break” state-of-the-art RSA encryption. Most place it between 2030 and 2040, with a concentration of estimates around 2033-2035. The NSA requires exclusively post-quantum cryptography from its software, firmware and network equipment suppliers as early as 2030, from 2033 for certain others (e.g. O.S.) and 2035 for all its suppliers. Post-quantum cryptography should be available as early as 2025 in certain cases. 

Even if nobody knows exactly when quantum computers will be sufficiently sophisticated, not being ready by 2033 means accepting risks that will have a serious impact on the most sensitive data. 

However, another threat exists today. We are all now exposed to the risk of “Harvest Now, Decrypt Later”, which consists in the large-scale storage of Internet communications for future decryption with a quantum computer (or when encryption keys are leaked). This risk obviously concerns entities with very specific capabilities, namely state agencies or groups of attackers backed by them. Only those organisations whose data is of strategic interest to these agencies are most at risk. It’s this particularity that has prompted migrations for some specific players.  

But for all of them, given the efforts required and the risk zone by 2030, it’s in the 2025 action plan that the first phases of assessment and construction of the project plan must be planned! 

Cet article Post-quantum cryptography is here: what are the consequences and actions for large organisations?  est apparu en premier sur RiskInsight.

 Every year, since 2020, Wavestone has identified Swiss cybersecurity startups in its eponymous radar. The year 2024 marks the takeoff of AI security – a critical year, characterized by the exponential progress of AI – within the Swiss ecosystem.  

Not a day seems to go by without artificial intelligence making the headlines. While this raises fundamental societal questions, there is one issue on which all experts agree: this cutting-edge technology is associated with serious risks. Various types of attacks have already been identified, such as data poisoning where attackers manipulate data or models during training to alter the outcome of the AI; oracle attacks, which involve manipulating the tool to reveal information that compromises the models or training data ; and evasion attacks, where small input perturbations cause significant output errors. 

Switzerland, as a hub of innovation and technology, has a key role to play in securing these solutions and presents Swiss startups that aim to address these risks.  

Firstly, Calvin Risk offers a platform that allows risk management and AI compliance to be managed centrally, fulfilling the current regulations that are only set to increase, as the AI act has just been approved by the European Parliament. 

As recently seen, Generative AI comes with a host of new attacks. This crucial problem is addressed by Lakera with its security solutions for Generative AI, notably against prompt injections and model extraction. 

Finally, in contexts with strong sovereignty constraints, Clear Sky offers the deployment of an on-premises artificial assistant that guarantees that the most sensitive data – from both regulatory and strategic standpoints– do not leave the perimeter.  

Integrating new AI security technologies is crucial for a safer and more ethical future. 

Key figures

• 16 employees on average
• 153M CHF in public funding
• 42 Swiss startups
• 2021 average year of creation

Start-ups on the cyber radar in 2024

Geographical focus: A start-up ecosystem concentrated in Lausanne and Zurich, but Geneva is emerging as a challenger

Unsurprisingly, most startups are located around two main technological clusters: Zürich and Lausanne. This confirms an already existing trend since these two cities are hosting Swiss Federal institutes of technology (ETHZ in Zürich, EPFL in Lausanne). 

These universities are providing fertile ground for startups as they offer support in terms of infrastructure but also in terms of collaboration with students and labs. In return, intellectual property is shared between startups and universities. This model is a success for Switzerland 

 as it allows to continuously improve the economy of these regions with a good balance between investment and research. 

Nevertheless, Geneva registers several new start-ups in this edition, allowing it to position itself as a challenger to the polytechnic hubs. Furthermore, this dynamism is expected to strengthen, as Geneva recently launched a new start-up incubator: the Trust Village Geneva. 

Methodology 

Wavestone’s Swiss Cybersecurity Startups Radar identifies new players in the Swiss cyber innovation ecosystem. Its objective: to provide a global and critical view of an ever-renewing environment. 

Startups were selected according to our eligibility criteria: 

• Head office in Switzerland 
• Less than 50 employees 
• Less than 7 years of activity (established as of 2016) 
• Business model around a specific product (software or hardware) 

Startups were identified and evaluated according to the following procedure: 

• Open Source Intelligence (OSINT) data consolidation 
• Evaluation in regard to above criteria 
• Qualitative interviews with the startups 

Cet article Cybersecurity Startups Radar: 2024, year of AI Sec in Switzerland  est apparu en premier sur RiskInsight.