Today is World Quantum Readiness Day – a reminder that while quantum computers are not yet widespread, their potential to disrupt cryptography is no longer hypothetical. At AppCheck, we believe readiness starts long before an attack becomes urgent.
That is why we are introducing a new capability within our Infrastructure Scanner: Post-Quantum weakness detection for SSL/TLS services. This feature allows organisations to begin planning now for the inevitable cryptographic shift ahead.
Why this matters
Most of today’s encryption relies on the difficulty of mathematical problems like factoring large prime numbers or solving discrete logarithms. These problems are tough for classical computers – but they are exactly the kind of challenges quantum computers will excel at. Algorithms such as Shor’s would make breaking RSA or ECC a trivial task for a sufficiently powerful quantum system.
The timeline is still uncertain, with some analysts suggesting a cryptographically relevant quantum computer could arrive as soon as 2029. What is clear is that government agencies and standards bodies are preparing well in advance. NIST has already finalised its first Post-Quantum Cryptography (PQC) algorithms, and the UK’s NCSC is advising organisations to map their PQC migration strategies now.
There is also a current risk known as “harvest now, decrypt later”. Attackers are already intercepting and storing encrypted traffic today with the intention of decrypting it once quantum capability arrives. Sensitive data such as personal records, medical histories or intellectual property could be exposed in the future if organisations delay preparation.
2025 Reality Check: Momentum is Building
The shift to PQC is already underway. According to industry reports, 92% of organisations plan to increase PQC investment within the next 2–3 years, but only a small minority have completed a full PQC assessment. The US federal government expects to spend over $7 billion on its own transition by 2035, highlighting the scale of the challenge.
Adoption is still in its early stages, but forward-thinking enterprises are taking steps. Cloudflare, Google and other providers have begun offering hybrid PQC ciphers. Leading banks and technology firms are piloting Post-Quantum algorithms in test environments. The direction of travel is clear: organisations are expected to start identifying and closing cryptographic blind spots now, not in a decade’s time.
What AppCheck has introduced
From this release onwards, every AppCheck infrastructure scan will:
By surfacing these signals early, AppCheck enables customers to harden their systems in line with government guidance and industry best practice.
Practical steps organisations can take now
Getting ready for a Post-Quantum world does not mean ripping out existing crypto overnight. Instead, security teams should take measured steps:
Our view
Large-scale cryptographic transitions are never quick. Migrating to SHA-2 and deprecating SSL 3.0 each took close to a decade. The Post-Quantum transition will be broader and more complex, spanning not just websites but APIs, cloud services, and embedded devices.
AppCheck’s goal is to make this shift visible and manageable for our customers. By adding Post-Quantum detection to our Infrastructure Scanner, we give organisations the chance to start planning now, so they can move on their terms rather than in a crisis.
Quantum may not yet be a daily operational risk – but the time to prepare is today.
Run your first Post-Quantum detection scan today with AppCheck and start preparing your estate for the future.
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorised by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA)
