Delaying Post-Quantum Cryptography Migration Could Cost Billions More, New Analysis Warns
The U.S. federal government faces a $7.1 billion bill to migrate civilian systems to post-quantum cryptography by 2035, and a new analysis published May 15 shows that organizations delaying their own transitions will pay significantly more as timelines compress and specialized talent gets scarce. With recent research suggesting cryptographically relevant quantum computers could arrive as early as 2028, the financial pressure on both public and private sectors is mounting fast.
The Scale of the Problem
The $7.1 billion federal estimate, drawn from a White House report, covers only civilian information systems. It excludes the Department of Defense and intelligence agencies. A meaningful portion of that cost comes from systems where cryptographic functions sit in firmware or specialized hardware that cannot be patched with a software update. Those components need full replacement.
For private organizations, the numbers vary widely. Industry planning assumptions suggest migration takes 5 to 7 years for small organizations, 8 to 12 years for mid-sized enterprises, and 12 to 15 years or more for large distributed environments. Post-quantum migration is harder than previous cryptographic upgrades because it involves hybrid implementations during the transition period and dependencies that cut across entire supply chains.
Why Waiting Makes It Worse
Organizations that start now can negotiate better vendor terms and build internal expertise through pilot projects. Organizations that wait face a different reality: tighter deadlines and fewer available consultants and integrators.
Google has set an internal deadline of 2029 for completing its transition. Cloudflare has indicated a similar target. Gartner projects that current cryptographic algorithms will be unsafe to use by that same year. So these aren’t distant deadlines.
There’s also a threat that operates on a different clock. State-level adversaries are already collecting encrypted data with the expectation that future quantum computers will decrypt it. Financial data and intellectual property that needs to stay confidential for decades is vulnerable today. Every month of delay extends the window during which that data sits exposed.
Previous cryptographic transitions, like the move from SHA-1 to SHA-2, took years longer than planned. Post-quantum migration touches a broader range of systems, including embedded devices and long-lifecycle infrastructure that organizations often don’t fully inventory until they begin the process.
Migration costs go up the longer organizations wait, and the timeline for when quantum threats become real keeps shrinking.