A new McKinsey analysis warns that organisations should no longer treat quantum cybersecurity as a distant technical issue. The article, published on 24 April 2026, describes “Q-Day” as the point at which sufficiently powerful quantum computers could threaten the cryptographic systems that protect sensitive data, digital identities, certificates, software updates and critical communications.
For organisations working with long-lived sensitive information, the risk is not only future decryption. One of the most important concerns is the so-called “harvest now, decrypt later” scenario: attackers may collect encrypted communications today and decrypt them later once quantum capabilities mature. This is especially relevant for sectors where information must remain confidential for many years, including government, defence, healthcare, finance, critical infrastructure and space research.
The post-quantum transition is already moving from theory into implementation. In August 2024, the U.S. National Institute of Standards and Technology released its first three finalised post-quantum encryption standards and encouraged system administrators to begin transitioning as soon as possible, noting that full integration will take time. The UK National Cyber Security Centre has also published a migration timeline, recommending that organisations complete discovery and planning by 2028, carry out high-priority migrations by 2031, and complete migration to post-quantum cryptography by 2035.
Why this matters for secure space communications
Space research and space-enabled services increasingly depend on secure digital infrastructure. Mission data, ground-segment systems, control channels, research outputs, identity systems and partner-to-partner communications all rely on cryptographic trust. If that trust is weakened, the impact could extend beyond data confidentiality to operational continuity, system integrity and international collaboration.
This is why quantum readiness must be approached as a strategic resilience issue, not simply as an algorithm replacement exercise. Migrating to post-quantum cryptography requires organisations to understand where cryptography is used, how long protected data must remain confidential, which systems are most exposed, and which suppliers or platforms create dependencies.
Three priorities for organisations
The McKinsey article identifies three practical moves that are highly relevant for organisations preparing for the post-quantum era: assess quantum exposure, reset architecture for crypto-agility, and elevate quantum readiness to a leadership priority.
First, organisations should build a clear inventory of cryptographic assets. This includes identifying where encryption, digital signatures, certificates and key-management mechanisms are used across applications, networks, devices, firmware, cloud services and third-party systems.
Second, systems should be designed for crypto-agility. Instead of embedding cryptography in ways that are difficult to replace, organisations should move toward architectures where algorithms and key-management methods can be updated without redesigning entire systems. This is particularly important for long-life infrastructure and specialised environments, where replacement cycles may be measured in years or decades.
Third, quantum readiness should be governed at leadership level. The migration will involve risk management, procurement, compliance, vendor coordination, operational planning and long-term investment. Technical teams cannot carry this transformation alone.
COSMOS-SECURE perspective
The COSMOS-SECURE project is aligned with this emerging need for secure, future-ready communication in space research. As the post-quantum transition accelerates, projects focused on resilient communication, secure system design and advanced cryptographic protection will play an important role in helping organisations prepare for the next generation of cybersecurity threats.
Quantum computing will create major scientific and technological opportunities. At the same time, it requires a proactive response from organisations that depend on trusted communications and long-term confidentiality. The message from industry and cybersecurity authorities is clear: waiting for quantum risk to become immediate is not a safe strategy.
Preparing now allows organisations to reduce migration complexity, protect sensitive information, and build security architectures that can adapt as standards, technologies and threats evolve.
This article was prepared by COSMOS-SECURE with reference to McKinsey’s April 2026 analysis on quantum cybersecurity readiness, as well as public guidance from NIST and the UK National Cyber Security Centre.
Source: McKinsey — Quantum is almost here. Are you and your systems ready?