Quantum Computing Just Went From "Someday" to "Which Quarter"

There's a moment in every technology shift when the language changes. When executives stop asking "if" and start asking "when." When "someday" becomes a date on a roadmap.

We just hit that moment with quantum computing.

And if you're still treating this as a distant science project, you've already missed the memo.

The Timeline Just Collapsed

Five years ago, if you asked when we'd see "useful quantum," the answer was always the same: 10 years away. It was the perpetual horizon—close enough to sound real, far enough to ignore.

Ask the same question at CES 2026? The answer is 2-3 years.

That's not a prediction. That's not hype from a vendor trying to hit their number. This is concrete, calendar-based reality:

The Department of Energy's Genesis Mission has committed to fault-tolerant quantum computing by 2028. Not a prototype. Not a lab demo. Fault-tolerant quantum—the kind that actually works consistently enough to matter.

IBM's public roadmap puts their fault-tolerant systems online by 2029. IBM doesn't publish roadmaps for vaporware. They publish them when the engineering is real.

At least two utility-scale quantum systems are expected to be operational by 2028. Utility-scale means they're not behind glass in a research lab. They're running workloads that matter.

This is the shift everyone talks about but rarely sees in real-time. The language moved from "someday" to "which quarter." When Fortune 500 companies start blocking out fiscal year budgets for quantum preparation, the revolution isn't coming—it's here.

The Defense Actually Showed Up Early (For Once)

Here's where it gets interesting. And by interesting, I mean almost unprecedented in the history of cybersecurity.

The defensive side has good news that most people completely missed.

NIST finalized post-quantum cryptography standards in August 2024. Read that again. The standards exist before the threat fully materialized. In security, that almost never happens. We're usually five years behind, patching yesterday's crisis while tomorrow's threat spins up.

Not this time.

And it's not just standards gathering dust on a government website. Real companies are deploying them right now:

• Apple integrated post-quantum cryptography into iMessage

• Signal rolled out quantum-resistant protocols

• Chrome is implementing these standards at scale

This is the rare case where we saw the asteroid coming and actually built the deflection system before impact. The standards exist. The implementations are live. The playbook is written.

So we're good, right?

Not even close.

The Uncomfortable Math That Nobody Wants to Do

Here's where most executives get uncomfortable. Because the math is simple, brutal, and impossible to ignore once you see it.

If your data needs to stay confidential for 10 years, and migration takes 3 years, and quantum arrives in 4 years... you're already behind.

Let me break that down.

You've got data today that can't be exposed for a decade. Customer information. Intellectual property. Strategic plans. Regulated health or financial data. The kind of stuff that would tank your stock price or land you in front of Congress if it leaked.

Migrating your entire cryptographic infrastructure to post-quantum standards isn't a weekend project. It's a three-year effort minimum—probably longer if you're running legacy systems or complex environments. Discovery, testing, implementation, validation. It stacks up fast.

And quantum computers capable of breaking your current encryption are arriving in four years. Maybe five if we're lucky.

Do the math: 10-year confidentiality requirement - 3-year migration = you needed to start 7 years before quantum arrives.

We're currently sitting at T-minus 4 years.

You're not behind schedule. You're behind the starting line.

The Question Boards Are Still Asking

Walk into most boardrooms today, and they're asking: "When should we start thinking about this?"

It's the wrong question with the wrong tense.

The answer was last year. The second-best answer is today.

This isn't about being an early adopter or chasing the bleeding edge. This is about basic risk mathematics. The threat timeline and the preparation timeline have crossed. You're not preparing for the future—you're catching up to the present.

Here's what that means practically:

You need to inventory every system using cryptography (spoiler: it's all of them). You need to identify which data has long-term confidentiality requirements. You need to map dependencies. You need to test post-quantum algorithms in your environment. You need to build migration runbooks. You need to train teams.

None of that happens in a quarter. Most of it doesn't happen in a year.

Why This Time Is Different

Every few years, security vendors declare the next existential threat. Y2K. Cybergeddon. The Cloud. AI. Most of them are either overblown or arrive on a timeline measured in decades, not years.

Quantum is different for one simple reason: both sides are on published schedules.

The offense has committed dates. The defense has shipping code. This isn't theoretical. It's not a research paper. It's production systems and government programs with congressional funding.

The gap between "research breakthrough" and "production threat" has collapsed. We're watching it happen in real-time, with press releases and roadmaps.

What Actually Matters Now

Stop waiting for permission. Stop waiting for "the right time." Stop treating this as someone else's problem.

If you're responsible for security, risk, or technology strategy:

Start the inventory. You can't protect what you don't know you have.

Identify your long-lived secrets. What data absolutely cannot leak for the next decade?

Build the migration plan. Even if you don't execute immediately, know what execution looks like.

Engage the business. This isn't an IT project. It's an enterprise risk that needs executive attention and budget.

The standards exist. The tools are shipping. The timeline is public.

The only variable left is whether you move now or explain later why you didn't.

Which quarter are you starting?