In 2025, the conversation around post-quantum cryptography (PQC) focused on accelerating adoption and the need for deeper discovery of encryption to improve security pre- and post-PQC migration.
The picture in 2026 is starting to reshape, though. Government and standards bodies are pushing organizations toward PQC migration now and not later, and providers are accelerating timelines for PQC deployment, with some warning that PQC spending could compete with AI investment.
US government issues executive orders targeting quantum readiness
Recently, the U.S. White House issued two executive orders: ‘Securing the Nation Against Advanced Cryptographic Attacks’ and ‘Ushering in the Next Frontier of Quantum Innovation.’
Both of these EOs aim to enhance the U.S. position in the quantum era by pairing long-term technology investment with urgent cybersecurity safeguards.
They’re meant to accelerate quantum research, infrastructure, and workforce development while preparing federal systems for attacks involving cryptographic security.
Policy updates signal importance of quantum moving forward
Henry Young, Business Software Alliance senior director of policy, said the orders will update the National Quantum Strategy, establish federal agency roadmaps, expand public-private partnerships, reconstitute the National Quantum Initiative Advisory Committee, and update the timelines for government agencies to upgrade to PQC by 2030.
“The most significant change I have seen is that the debate is largely over. A year ago, many organizations were still trying to determine whether quantum computing represented a near-term operational concern or a future technology issue,” Brian Cunningham, EVP of Strategy and Growth at QuSecure, told Channel Insider.
“Today, boards, CISOs, and government leaders increasingly recognize that the challenge is not understanding the risk. The challenge is understanding their exposure and building a credible path forward. Customers are asking fewer questions about quantum timelines and more questions about execution. They want to know where their cryptography exists, which systems are most vulnerable, and how they can begin modernizing without disrupting critical operations.”
Why awareness alone will not be enough
Cunningham adds that this shift mirrors the national security landscape: awareness is important, but awareness alone does not reduce risk.
He explains that organizations making the most progress are treating PQC modernization as an operational readiness effort.
“They are conducting discovery, prioritizing high-value assets, and establishing measurable migration plans,” says Cunningham.
“What separates leaders from laggards today is not concern about quantum, rather it is visibility into their cryptographic environment and the discipline to act before deadlines force action.”
PQC migration as a budget line item
Recently, Moody’s Ratings, a credit rating giant, has warned that organizations may be underestimating how quickly quantum computing could threaten current encryption standards.
The U.S.’s National Institute of Standards and Technology (NIST) initially tapped 2035 as the year to fully transition to post-quantum algorithms across government and high-security national systems
Tech giants Google and Cloudflare have moved their targets to 2029.
Financial risks come as AI and IT spending also increase
Moody’s report frames quantum computing as a long-term risk to the operational and financial stability of banks, exchanges, custodians, and tokenization platforms as digital assets move into mainstream financial markets.
Citi Institute was cited by Moody, which reported that quantum-enabled disruption of critical payment infrastructure could generate $2 trillion to $3 trillion in indirect economic losses.
Moody also notes that if companies fully understand the risks, PQC budgets could compete with existing AI and IT budgets. This is partly because AI investments offer revenue growth opportunities and productivity improvements, whereas PQC migration doesn’t generate additional revenue or deliver tangible benefits to customers.
The credit rating organization predicts that PQC migration could account for 2.5 percent of annual IT budgets now, but delaying until 2030 could mean spending twice as much trying to catch up.
What channel leaders should track
As the PQC conversation takes a new shape, there are a few research themes that channel leaders should consider, as customers no longer ask whether PQC migration is necessary, but instead ask how to execute it.
Crypto agility is becoming a core service opportunity. Research and guidance from NIST and industry groups consistently emphasize that organizations must first understand where cryptography exists across environments before replacing it.
Cryptographic inventories, dependency mapping, and migration planning are foundational activities.
There are a number of channel opportunities, including discovery & assessment, advisory services, security operations, infrastructure projects, and managed services.
Financial services industry becomes an early case study
Additionally, financial services is becoming a leader in quantum readiness.
When looking at banking and payment infrastructure, long-sustained sensitive data and regulatory pressures make quantum risk particularly relevant.
“The financial sector understands that trust is its most valuable asset. Financial institutions protect information that must remain secure for decades, and many recognize that adversaries are already collecting encrypted data with the expectation that future capabilities will allow decryption,” said Cunningham.
“As a result, leading banks are approaching post-quantum security with a level of rigor that extends beyond compliance. They are investing in cryptographic inventories, measuring risk exposure, and building migration plans tied to business priorities rather than technology milestones.”
According to Cunningham, other industries should heed the discipline of the financial sector.
“The lesson to be garnered from Banking is that visibility must come before remediation,” Cunningham posits. “The most successful financial institutions are not attempting massive rip-and-replace efforts. They are identifying critical systems, reducing uncertainty, and creating flexibility through cryptographic agility.”
He adds: “Whether you operate in healthcare, telecommunications, energy, or government, the same principle applies. You cannot manage what you cannot see, and you cannot modernize what you do not understand.”
Major vendors and ecosystem players to watch
In this new era of quantum planning, the quantum-safe ecosystem is broadening beyond pure-play quantum firms and is increasingly including cybersecurity, networking, cloud, and consulting providers.
There is growing participation by PQC vendors, cloud platforms, consultancies, and security providers in response to government mandates and enterprise demand.
Among the notable ecosystem categories to keep an eye on are:
- Microsoft recently highlighted progress in quantum computing through its Majorana 2 ship program. It noted that the latest advances deliver qubits that are significantly more accurate.
- Google Cloud and Cloudflare accelerating PQC timelines and positioning themselves in deployment leadership.
- Palo Alto Networks providing quantum-safe security offerings to meet quantum mandates with real-time visibility and edge-to-cloud protection.
- Accenture is highlighting quantum security consulting initiatives.
- Specialized PQC providers, such as PQShield, focus on migration tooling and quantum-safe architectures.
Overall, standards are largely established, government pressure is increasing, vendors are expanding partner ecosystems, and the market is moving toward assessment, migration, validation, and managed services.
Channel partners can build quantum readiness into existing services
MSPs, MSSPs, VARs, and integrators should view quantum readiness as an emerging opportunity in cybersecurity services, comparable to other tech evolutions over the past decade.
“There are certainly parallels to the early days of cloud adoption and zero trust. In each case, organizations initially viewed the challenge as a technology project. Over time, the leaders realized it was an operational transformation. I believe the same will happen with post-quantum security,” said Cunningham.
“Success over the next three to five years will belong to organizations that establish continuous visibility into their cryptographic environment, have the ability to adapt as standards evolve, and make cryptographic modernization part of normal operations rather than a one-time event.”
Organizations should already be preparing for quantum readiness
Becoming quantum-ready should already be a discussion for teams within organizations. Delaying could be costly – financially, operationally, and in terms of trust with customers and partners.
“I do not see quantum readiness as a compliance exercise, and waiting for complete certainty before taking action is a costly error,” warns Cunningham.
Quantum readiness is not about predicting the arrival of a cryptographically relevant quantum computer, but rather about building resilience before you are forced to respond under pressure, Cunningham explains.
“In my experience across national security and enterprise technology, the organizations that perform best are those that reduce uncertainty early and preserve freedom of action,” said Cunningham. “The organizations that start now will have options. The organizations that delay will inherit compressed timelines, greater costs, and fewer choices.”





