Engineer News Network The ultimate online news and information resource for today’s engineer
Quantum computers will soon be able to break today’s encryption – while many organisations will take years to upgrade to new security standards. A recent survey by MHP, among 1,060 IT experts in Germany and the US shows: the window of opportunity is closing – including for German companies. Companies therefore face a strategic dilemma:
The most critical point is the ‘Q-Day’ – the moment when quantum computers can compromise existing encryption. The threat is already present through the ‘store now, decrypt later’ scenario: data is intercepted and stored today to be decrypted later. This makes it more important than ever for companies and organisations to engage with post-quantum cryptography (PQC) and to make their products and systems quantum-resistant.
Quantum threat turns concrete: US ahead in automation
More attention is being paid to PQC in companies than the public debate suggests. Around 86.6 percent of organisations in Germany are getting to grips with the subject of post-quantum cryptography – with measures ranging from strategic planning and pilot projects to active migration. Furthermore, 14.3% even state that they have already migrated their critical systems to quantum-resistant encryption.
Dr Jan Wehinger, Partner at MHP: “This development cannot be halted, which makes it all more important to focus even more on the subject of PQC. The impact of quantum computing on cybersecurity is real and not some distant future scenario.”
It is a similar picture in the US, where 87.3 percent of companies are dealing with PQC and 15.4% of them have already taken corresponding security measures. Just 9.8% of German and 8.9% of US organisations are yet to undertake any kind of activities in this area.
There are differences when it comes to making an inventory of cryptographic assets and their locations. Among German companies, 41.7% only keep manual lists of critical systems, while 32.7 % keep automatic lists. The US is much further ahead in this respect, with just 30.1% still manually managing their lists and 50.% using automated inventories.
The awareness is there – but not the time
Companies are aware of the urgency and impact of quantum computers. In Germany, 45.3% expect Q-Day to come within the next five years – by 2031 – while in the US the figure is as high as 55.2%. Another 39% in Germany and 33.5% in the US expect it within the next 10 years – by 2036.
At the same time, almost all companies surveyed say they have considerable quantities of sensitive data that need to be backed up for ten or more years – so if Q-Day comes within the next five years, as assumed by most respondents, some of this data will already be compromised.
The estimated time needed to complete the technical migration to PQC is particularly critical. At 53.4%, more than half of German companies expect it to take two to five years, while 27.5% even think it will take five to 10 years. The picture is almost identical in the US, with 51.8% expecting to achieve it in two to five years and 21.8% in five to 10 years. Those who are yet to do anything at all or are still in the planning phase could be left behind in the future.
Complex legacy systems the main factor in slow implementation
Several factors are slowing down or preventing companies from making the transition to PQC. Prime among them are complex legacy systems, cited by 33.8% of respondents in Germany and 35% in the US. They are hampering companies in many places and are difficult to overcome. There is no significant difference here in the sectors surveyed. In second place in Germany is a lack of budget or resources, cited by 19.6% of companies, while 21.5% of respondents in the US point to a lack of internal cryptography expertise. Insufficient awareness of the urgency of the situation is the factor in second-last place, cited by 13.8% of respondents in Germany and 11.3% in the USA.
“Those who manage to bring their legacy systems under control can also make the transition to PQC in a timely manner – but they shouldn’t lose any more time,” explained Christian Zgardea, Partner at MHP. “There is nothing to lose. Even aside from the issue of PQC, it is worth keeping your own systems under control at all times and preventing things getting out of hand.”
The full survey can be found here: How well prepared companies are for the end of classical encryption
Key data used in the survey
The survey was conducted online from February 5 to 16, 2026. In Germany and the US, 1,060 IT experts from companies with at least 500 employees were surveyed. The results are representative and have been evaluated using quotas, taking into account a statistical margin of error of 4.3 percentage points.
MHP Consulting is a Porsche-owned global consulting firm that specialises in strategy, digital transformation, and performance improvement across various industries, including automotive, manufacturing, and technology.
