The Quantum Threat Isn't Coming. It's Already Counting Down.

Let me start with a number that should make every CISO uncomfortable: 21.

That's the largest number ever factored by a quantum computer using Shor's algorithm. Yes, you read that correctly. Twenty-one. As in 3 × 7. The kind of math problem a fourth-grader solves before recess.

Not exactly the stuff of cybersecurity nightmares, right?

The Comfort Zone Is a Trap

Here's where most people—including smart people, security professionals who should know better—get dangerously comfortable.

RSA-2048, the encryption standard protecting most of the internet right now, relies on factoring a 617-digit number. Your bank uses it. Your VPN uses it. Every TLS handshake establishing a "secure" connection uses some variant of it.

The gap between 21 and 617 digits seems impossibly large. Laughably large. "We have decades to figure this out" large.

I've sat in conference rooms where this exact argument gets made. The math gets thrown around. The reassurances flow freely. "Quantum computers are still in their infancy," they say. "We'll see it coming," they promise.

They're wrong.

Not because the math is wrong, but because they're measuring the wrong thing entirely. They're staring at the gap between 21 and 617 digits like it's a fortress wall, when really it's a fuse that's already been lit.

History Doesn't Care About Your Comfort Level

December 17, 1903: The Wright brothers flew 120 feet at Kitty Hawk, North Carolina. Barely airborne. A flight shorter than the wingspan of a modern 747. Contemporary scientists had published proofs explaining why heavier-than-air flight was impossible. The gap between that wobbly first flight and anything practically useful seemed insurmountable.

Sixty-six years later—within a single human lifetime—we landed on the moon.

The gap between "barely airborne" and "lunar orbit" seemed impossibly large too. Yet every engineering problem that stood in the way got solved. Not through magic. Not through some discontinuous leap in physics. Through persistent, methodical engineering.

That's the pattern people miss when they look at quantum computing.

They see the current state—factoring 21, struggling with error rates, requiring near-absolute-zero temperatures—and they extrapolate linearly. They assume progress will be slow, steady, predictable. That we'll have plenty of warning before anything serious happens.

But breakthroughs don't work that way. They never have.

What Actually Matters (And What Doesn't)

Progress in quantum computing isn't about the size of numbers getting incrementally bigger. It's not like we're going to factor 35, then 77, then 143, slowly marching toward that 617-digit target while everyone watches and prepares.

The real progress is happening in three areas that matter:

Error correction. Quantum bits are fragile. They decohere. They lose their quantum properties when you look at them wrong. Early quantum computers had error rates that made them essentially useless for anything serious. But error correction techniques are improving rapidly. Logical qubits built from multiple physical qubits can maintain coherence. The math works. Now it's about implementation.

Qubit coherence time. How long can you keep a qubit in a quantum state before it collapses? Every year, that number gets longer. It's not making headlines, but it's the foundation everything else is built on.

Engineering problems. Reducing the number of qubits needed. Improving gate fidelity. Better cooling systems. More efficient algorithms. None of these are moonshots. They're engineering problems, and engineering problems get solved.

The Goalposts Are Sprinting Toward Us

Here's the number that should truly terrify you: In 2019, the estimated number of qubits required to break RSA-2048 was approximately 20 million.

By May 2025—just six years later—that estimate dropped to under 1 million qubits.

Read that again. The requirements didn't drop by 10%. Not by half. They dropped by 95%.

The goalposts aren't just moving. They're accelerating toward us while most organizations are still trying to figure out where the starting line is.

This isn't speculation. This is published research. Researchers are finding more efficient implementations of Shor's algorithm. They're discovering shortcuts in the quantum circuits needed. They're optimizing the error correction overhead.

Every paper published, every optimization discovered, every engineering improvement made—the number drops further.

When RSA-512 Falls, Everything Changes

Right now, we can't break RSA-512 with quantum computers. But we will. Probably within the next few years. Maybe sooner.

And when that happens, the conversation shifts entirely.

Because the jump from RSA-512 to RSA-2048 isn't some fundamental barrier. It's not a different kind of problem. It's the same problem, just bigger. And once you've solved the engineering challenges for 512-bit keys, scaling to 2048 becomes a question of resources, not breakthroughs.

That's when "theoretical threat" becomes "engineering timeline."

And engineering timelines are predictable. They're measurable. They have budgets and project plans and delivery dates. That's not reassuring—that's terrifying. Because it means the uncertainty disappears, and organizations will suddenly realize they're out of time.

The Countdown Started Years Ago

Here's what keeps me up at night: The threat isn't theoretical anymore. It's already real for any data that needs to remain secure beyond the next decade.

Adversaries are already harvesting encrypted data today—your data, your customers' data, your organization's secrets—and storing it. They can't decrypt it now. But they don't need to. They're betting on being able to decrypt it in five years. Or ten.

It's called "harvest now, decrypt later," and it's not a future threat. It's happening right now, at scale.

That encrypted session from 2024? Still needs to be secure in 2034. Will it be? Not if it's using RSA-2048 and nothing else.

The Gap Is Not a Moat

The distance between factoring 21 and factoring a 617-digit number isn't a protective moat around your encrypted data. It's not a comfortable buffer zone where you can wait and see what happens.

It's a countdown.

And unlike a countdown you can see—unlike Y2K where we knew the exact date and could prepare—this countdown doesn't have a visible clock. It ends when someone announces they've done it, or more likely, when we discover that someone did it years ago and didn't tell anyone.

The time to prepare isn't when RSA-512 falls. It isn't when the first 1-million-qubit computer comes online. It isn't when NIST finishes standardizing post-quantum cryptography (though they're already done with that, by the way).

The time to prepare is now.

Because the gap between "barely factoring 21" and "breaking the internet's encryption" isn't impossibly large. It's just engineering. And engineering problems get solved faster than anyone expects—especially when nation-states are funding the research.

The quantum threat isn't coming. It's already counting down.

The only question is whether you'll be ready when it reaches zero.