In cybersecurity, there are certain risks that sound so distant and technical that most people feel comfortable ignoring them. Quantum computing used to fit snugly into that category. It was something academics debated, cryptographers worried about, and everyone else filed under “interesting, but not urgent.” That attitude is changing fast.
This month, the National Institute of Standards and Technology (NIST) announced that nine additional digital signature candidates have advanced to the third round of the Additional Digital Signatures for the PQC Standardization Process. The move builds on NIST’s earlier standardization of several quantum-resistant algorithms and provides further demonstration of how governments are treating quantum threats as a practical engineering problem, not a science-fiction thought experiment. And if governments are taking it seriously, investors are starting to do the same.
Investors Are Quietly Pricing in the Unknown
I’ve spoken with a number of contacts at large institutional firms, and one recurring theme is the perceived shift of quantum risk from the “too theoretical to model” bucket into actual investment discussions, which is a big change.
A year ago, many investors barely mentioned the possibility that a sufficiently powerful quantum computer could break modern encryption. Today, it is showing up in downside scenarios and risk committee conversations. The challenge is that no one knows how to assign an exact probability to the threat.
Is there a 2% chance of a breakthrough in the next decade? Ten percent? Fifteen? Most portfolio managers will tell you they simply do not know. But uncertainty does not mean they can ignore it. Instead, they build it into their bear case.
Their bull and base case assumptions may stay largely the same. But then they add a left-tail scenario where a quantum breakthrough disrupts digital assets, weakens cryptographic protections, or triggers messy chain splits as some networks adopt quantum-resistant upgrades and others do not. That one adjustment can materially affect portfolio construction.
Maybe a manager was willing to take a 5% position in a digital asset. Now it becomes 3%. Maybe the idea no longer passes the investment committee, maybe a few hesitant votes are enough to kill the allocation entirely. It’s subtle, but real (i.e. Chris Wood, Jefferies, Jan 2026). In my view, quantum risk is already influencing prices, even if most market participants are not talking about it openly.
This Is Not Just Crypto FUD
Whenever quantum computing comes up, some people dismiss it as fear, uncertainty, and doubt, which is a big mistake. The concern stems largely from Peter Shor and his eponymous algorithm, which showed that a sufficiently powerful quantum computer could break the cryptographic systems underpinning much of the modern internet. That includes secure communications, banking infrastructure, government systems, and yes, blockchain networks. The key issue is not whether this is theoretically possible. We’ve known that for decades. The real question is how quickly hardware catches up, and that is where things become difficult to forecast.
Quantum computing has advanced steadily, with major breakthroughs arriving every six months or so. No one can say with confidence whether the tipping point comes in two years, five years, or ten. But focusing on the exact date misses the point. The smarter observation is the remarkable urgency with which the world is responding.
The Quantum Computing Cybersecurity Preparedness Act became U.S. law in 2022, requiring federal agencies to inventory vulnerable systems and begin migration planning. After NIST standardized its first PQC algorithms in 2024, the National Security Agency and other federal bodies began rolling out timelines to transition sensitive systems over the coming years.
Other countries are moving just as aggressively. Australia has accelerated its timelines, while India is pursuing an especially ambitious schedule. These governments are not acting in concert because of hype, they are acting because they understand replacing decades of embedded cryptography is a massive undertaking.
The Real Story Is the Migration
That is what often gets overlooked. Quantum computing itself may still be developing, but the migration to quantum-resistant infrastructure is happening now. And it has to happen now because cryptography is everywhere.
It protects military systems, financial institutions, cloud platforms, mobile devices, industrial controls, and the blockchains that secure trillions of dollars in digital value. Replacing those systems is not like installing a software patch over the weekend. It will be a prolonged multi-year effort.
Every overlooked system becomes a potential entry point for hackers and adversaries. That is why NIST’s latest announcement is so significant. By advancing additional digital signature candidates, the agency is expanding the toolkit organizations will need to protect a wide range of applications.
For investors, the message is simple. Quantum risk is no longer an abstract academic concern. It is becoming a measurable factor in asset valuation, portfolio sizing, and long-term strategy. For governments, it is already a national security priority. And for the rest of us, it is a reminder that some of the most important shifts in technology happen quietly, long before they dominate headlines.
Quantum computing may not break modern cryptography tomorrow, but the institutions that matter most are behaving as though the countdown has already begun. That alone should get everyone’s attention.
About the author
Yoon Auh is a former VP at Goldman Sachs and Head Trader at Credit Suisse, Geode Capital and Magnetar Capital. An inventor of data-centric security with a portfolio of patents and research validated in defense-grade settings and NIST-validated work. His background spans deep-tech innovation, applied cryptography, and high-performance trading systems, experience that informs how we secure digital assets, protect against insider threats, and prepare for quantum-enabled attacks across financial markets and blockchain infrastructure.