Remember Y2K? A fear that every computer on the planet would choke on a two-digit date rollover, and billions spent on remediation? Most people look back on it now as an overblown panic — but Y2K was a real problem that got fixed because people took it seriously enough to act.

Q-Day is the same category of threat. Except this time, the window to fix it is closing fast, and most organisations aren’t taking it seriously at all.

So what is Q-Day?

Q-Day refers to the moment when quantum computers becomes powerful enough to break the encryption that protects virtually all digital communications and stored data on the planet. We’re talking about the encryption behind your HTTPS websites, your VPNs, your banking apps, your cloud storage, your email — all of it.

The encryption methods we rely on today — RSA, elliptic curve cryptography, Diffie-Hellman key exchange — are mathematically hard to crack because even the fastest classical computers would need thousands or millions of years to factor the enormous prime numbers at their core. That’s the whole point. The difficulty is the security.

Quantum computers don’t play by the same rules. Using a property called superposition, a quantum processor can evaluate millions of possible answers simultaneously rather than testing them one by one. An algorithm called Shor’s algorithm — developed back in 1994 but waiting for hardware capable of running it — can factor those prime numbers in seconds. The mathematical fortress that protects the internet becomes, essentially, an open door.

This isn’t theoretical. Quantum computers capable of running Shor’s algorithm at meaningful scale are expected to exist within the next 5 to 10 years. Some estimates put it sooner.

“Everything’s safe, safe, safe — and then suddenly it’s not. It’s a very drastic jump.” — Michele Mosca, cofounder of evolutionQ and professor at the Institute for Quantum Computing

Why “harvest now, decrypt later” is the reason to worry today

Here’s where it gets uncomfortable. You might be thinking — okay, 5 to 10 years away, I’ll deal with it then. The problem is that adversaries almost certainly aren’t waiting.

Nation-state actors are almost certainly already collecting encrypted data right now with the explicit intention of decrypting it later, once the hardware catches up. This strategy has a name: “harvest now, decrypt later.”

“The real Q-Day may occur before the world becomes aware of it, as states or bad actors seek to use this knowledge to their strategic advantage.” — Michele Mosca, cofounder of evolutionQ and professor at the Institute for Quantum Computing

Your sensitive communications, your intellectual property, your customer data — if it’s been intercepted in encrypted form, it may be sitting in a database somewhere waiting for Q-Day to make it readable.

That means the breach, in a sense, may have already happened. The decryption just hasn’t caught up yet.

What’s actually at stake

It’s worth being concrete about what breaks when encryption breaks.

Websites & e-commerce — The HTTPS padlock that tells your browser a connection is secure? Gone. Every website transaction becomes readable in transit.

VPNs & private networks — Enterprise VPNs rely on the same public-key cryptography. Remote access, internal communications, secure tunnels — all compromised.

Banking & finance — Digital signatures, transaction authentication, interbank communications — the entire financial system’s trust layer is built on the algorithms Q-Day breaks.

Government & defence — Classified communications, national security infrastructure, intelligence networks — high-value targets and the most acutely exposed.

Data at rest — Any stored data protected by current encryption — medical records, legal documents, corporate IP — becomes retroactively vulnerable.

“The thing is, you can upgrade your software, but you can’t really upgrade your DNA.” — Catherine Mulligan, research fellow, Institute for Security Science and Technology, Imperial College London

For those of us in New Zealand and Australia, this isn’t abstract. Our financial infrastructure, government networks, and healthcare systems run on the same cryptographic standards as everyone else. We don’t get a regional exemption.

The good news: post-quantum cryptography exists

The cryptographic community has been aware of this threat for years. The US National Institute of Standards and Technology (NIST) ran a multi-year global competition to find encryption algorithms that can withstand quantum attacks — ones built on mathematical problems that even quantum computers struggle with, like lattice-based cryptography.

In 2024, NIST finalised three post-quantum cryptography (PQC) standards:

ML-KEM (formerly CRYSTALS-Kyber) — Key encapsulation. Lattice-based. Designed to replace RSA and elliptic curve for secure key exchange.

ML-DSA (formerly CRYSTALS-Dilithium) — Digital signatures. Lattice-based. Replaces current signature schemes used to verify authenticity.

SLH-DSA — Hash-based signatures. A conservative fallback using different maths — diversity protects against single points of failure.

These aren’t theoretical. They’re real standards, available now and ready to deploy.

The industry is already moving — is your business?

Major vendors aren’t waiting. Fortinet has already built support for these post-quantum standards into FortiOS 7.6.6, with more coming in future releases. When a company like Fortinet bakes PQC into its core operating system, it signals that this is a near-term operational concern, not a distant theoretical one.

Google has been rolling out post-quantum encryption across its own infrastructure. Apple added PQC to iMessage. The US government has mandated that federal agencies begin migrating by 2035 — which sounds far away until you consider how long enterprise technology transitions actually take.

The average enterprise takes 5 to 7 years to fully migrate critical cryptographic infrastructure. If Q-Day arrives in 5 years, the time to start is now — not later.

What should you actually do?

For most businesses, the starting point is a cryptographic inventory: mapping every place in your systems where encryption is used, what kind, and how exposed it would be on Q-Day. It sounds boring. It is boring. It’s also exactly what you’ll wish you’d done if you’re caught unprepared.

Beyond that, the practical priorities look something like this:

• Prioritise systems that handle data with a long shelf life — anything that needs to stay secret for 10+ years needs PQC protection now

• Engage your vendors to understand their PQC roadmaps

• Ask your IT team or security provider directly: are we post-quantum ready, and what’s the plan?

None of this is optional. It’s a matter of when, not if.

The Y2K comparison revisited

Y2K didn’t cause catastrophe because the world took it seriously. The collective, costly, unglamorous remediation effort actually worked. The lesson people drew — that it was overblown — is arguably the wrong one. The lesson should be: early action on systemic technical risk is how you avoid the catastrophe, not evidence that the risk wasn’t real.

Q-Day has that same energy. The difference is the consequences of inaction are considerably higher — and unlike Y2K, there’s no fixed date to rally around. The deadline arrives when the hardware is ready — and the hardware doesn’t care about your migration backlog.