All Your Base Are Belong To Us

The cryptography that protects your business is on a 2027 clock. Here is what that means.

All your base are belong to us. No, it's not an AI written piece that has forgotten its grammar. I deliberately chose it as I think it is apt for this piece. It is actually an old gaming meme. It then became cybersecurity shorthand for total compromise. The attacker owns everything: every account, every device, every encrypted file, every signed contract.

That moment is on a clock now. The clock says 2027. That is next year.

Two months ago I wrote that the internet had quietly moved past most enterprises on post-quantum encryption. The point of that piece was the gap between the public infrastructure and the typical corporate stack. The point of this one is when that gap closes.

This is for the people accountable for the data inside Australian organisations. The boards who sign off on cyber strategy. The executives whose names go on the risk register. Plain English. No jargon. Side note after my 5th re-write: Well, I did my best because this paper by nature is technical, and I've spent hours re-writing it to appeal to as broad of an audience as possible. Please bear with me.

Why 2027

On 30 March 2026, Google's quantum research team published the most credible analysis to date of what it takes to break the cryptography sitting underneath the internet. The maths behind your bank's website, your business email, your VPN, your software updates and your CEO's digital signature. The answer is around 1,200 reliable quantum bits (what specialists call logical qubits) to break the elliptic-curve cryptography behind Bitcoin, Ethereum, modern TLS, SSH and most software signing. RSA-2048, the older standard still protecting a lot of business email and document signing, needs a bit more, around 1,700 reliable quantum bits, but lands in the same window. Once a fast-architecture machine has them, the attack itself takes nine to twenty-three minutes. On slower architectures the same attack takes hours or days. The threshold is the same. The clock on the attack is different.

That number is roughly twenty times smaller than the same researchers estimated in 2019. Every recent piece of new evidence has pulled the threshold closer, not pushed it further away. The 2019 estimate was the basis for the government deadlines that point at 2030, 2033 and 2035. Those deadlines were written under a slower set of scientific assumptions than the field now supports.

The leading commercial quantum companies have all published roadmaps to 2030. IonQ, one of the most aggressive on the published numbers, commits to 800 reliable quantum bits in 2027 and 1,600 in 2028. The 800 sits just below Google's threshold. The 1,600 lands comfortably over it. IonQ runs trapped-ion hardware, which executes the attack on a slower clock than the superconducting machines Google and IBM are building. The threshold itself is the same, but the architecture that gets there first sets the urgency for everyone. Google, IBM, Quantinuum, PsiQuantum and at least one Chinese state programme are racing parallel, building the hardware in different ways. They will not all get there at the same time. They do not need to. One of them is enough, and the first one to get there sets the public clock for everyone.

2027 is the year the field crosses into the zone where today's internet encryption stops being safe. Not the year every vendor is across. The year the danger window opens.

One point worth holding on to. Google's own paper warns that progress in this field is not gradual. Once the engineering challenges of scaling up are solved on a leading architecture, the jump from breaking a demo problem to breaking production cryptography may be months, not years. Google's exact words: “A successful public demonstration of Shor's algorithm on a 32-bit elliptic curve should not be seen as a wake-up call to adopt post-quantum cryptography as much as a potential signal that post-quantum adoption has already failed.”

Translated. The time between “quantum just did something cute in a lab” and “quantum just broke production cryptography” is short. You will almost certainly not get advance warning.

What breaks

Three things stop being secure when the threshold is crossed.

The encryption on your banking app and your business systems. The padlock icon on a website. Your staff connecting to the office from home. The email moving between offices. Most of it is protected by a kind of public-key encryption that a large enough quantum computer breaks. About 40 percent of the world's web traffic still uses the breakable version (Cloudflare Radar, 2026). Most company VPNs do. So do most remote-access keys. So does the protection underneath most business email.

The digital signatures that prove things are real. When your operating system installs an update, when a customer signs a PDF, when your browser confirms a website is genuinely your bank, all of that confidence comes from a digital signature. The signature is a piece of maths that says, this came from who it says it came from, and nothing has been changed in transit. The same maths that breaks under quantum also breaks the signatures.

Once that happens, an attacker can forge a software update that looks completely genuine. Sign a contract in your CEO's name that nobody can prove is forged. Stand up a fake banking website that your browser will tell the customer is real. Every signed PDF, every board minute, every regulatory filing and every code release between today and the day you cut over to the quantum-safe versions becomes forgeable.

Encryption hides a secret. A signature proves the truth of something. When the signatures go, the truth of every signed thing your business has produced goes with them, retrospectively. This is the part most boards have not registered.

The cryptocurrency sitting in exposed wallets. Google's paper estimates around 1.7 million Bitcoin sit in older addresses where the information needed to crack them is already public on the blockchain. The total exposed across all script types is roughly 6.9 million Bitcoin, with about 2.3 million sitting in addresses that have been dormant for more than five years. The dormant pile includes the original coins held by Bitcoin's anonymous creator, Satoshi Nakamoto. The first public sign that a working quantum computer of this size exists may not be a press release. It may be a dormant wallet quietly being emptied. The person who breaks it first has every reason to keep quiet about it.

What does not break

Two kinds of protection survive a quantum computer.

The lock on the file itself stays strong. Files sitting on a hard drive. Messaging apps. Full-disk encryption on a laptop. The maths underneath those is different from the maths a quantum computer breaks. A quantum computer makes them weaker, roughly half as strong, but the strongest versions in use today have plenty of strength to spare even after that.

The catch is how the key for the lock gets delivered. An encrypted file is only as safe as the key that locks it, and the key has to travel from one place to another somehow. If the envelope carrying the key uses the broken encryption, the envelope opens, the key falls out, and the file is read. The lock on the box is fine. The doormat the key was hidden under is the part a quantum computer knows how to find.

Most of the work for a typical large organisation is replacing those envelopes, not replacing the locks.

The harvest problem

You do not need a working quantum computer to attack tomorrow's data. You only need to copy today's encrypted traffic now and decrypt it the day the computer arrives. The phrase the industry uses is “harvest now, decrypt later”.

Think of a competitor who cannot open your locked filing cabinet today. They can still photograph it from every angle, every day, for years. The day someone hands them the key, every photograph becomes a readable file. They pick the year. They pick the document. They pick which board meeting to read in detail.

Nation-state intelligence services have been doing this at scale, against real targets, since at least the early 2020s. Against the secure traffic between websites and customers. Against the messages banks send each other to move money. Against intellectual property and source code. Against government communications. Against Bitcoin transactions. Against the cables that pass between Australia, the US and the UK under AUKUS.

The collecting is the cheap half. The reading is the half that is waiting for the hardware. When the hardware arrives in 2027, every batch already collected becomes readable next year. Merger correspondence. Pricing strategy. Customer records. Health records. Government and defence cables. The data captured under the old assumption that decryption was a decade away is the data that goes first.

There is nothing to be done about the data already taken. That window is closed. The work in front of us is stopping the bleed from this quarter forward.

What the regulators are doing

Governments have published deadlines. The science has moved faster than the deadlines.

The US government, through National Security Memorandum NSM-10 in 2022, told its federal agencies to move off the broken encryption by 2035. The National Security Agency's CNSA 2.0 suite, updated in May 2025, requires national security systems to prefer the new quantum-safe standards by 2025, require them by 2030 and use them exclusively by 2033. The European Union has set 2030 for critical infrastructure (power, water, banking, transport). The UK and Canada point at 2031 to 2035. The Australian Signals Directorate updated its Information Security Manual in September 2025. Control ISM-1917 requires all new cryptographic equipment, applications and libraries to support the quantum-safe standards by no later than 2030.

Every one of those deadlines was set on the assumption that the threat would arrive at the end of the decade. On the leading vendor roadmaps, the capability arrives in 2027. The deadlines sit on the wrong side.

There is a specific gap in the Australian rule book worth calling out. The two rules that govern how Australian banks, insurers and superannuation funds protect data, known inside the industry as CPS 234 and CPS 230, set principles rather than specific technologies. Quantum-safe encryption is not named in either of them. The Australian Signals Directorate has set a deadline that applies to government, but it does not bind the banks, insurers or superannuation funds. Any board in those industries waiting for the regulator to write that rule before starting is taking a position it cannot defend in front of its shareholders, its customers or, when this becomes public, its parliament.

The Bank for International Settlements, the global central bank for central banks, has been clearer than most national regulators. In July 2025 it ran Project Leap Phase 1 with the Bank of France and Deutsche Bundesbank, testing quantum-safe encryption between central banks. In December 2025 Project Leap Phase 2 took the same approach into a working payment system with Swift, Bank of Italy, Bank of France and Deutsche Bundesbank. The message to financial institutions from that work is short: start now. The published government deadlines are years behind it.

The expert survey

The most rigorous public survey of expert opinion on this is run every year by the Global Risk Institute. The 2025 edition, released on 9 March 2026, is the seventh year of the same survey. Twenty-six leading experts in the field were asked to put a probability on a quantum computer capable of breaking today's encryption arriving inside five, ten, fifteen and twenty years. The numbers that matter:

Inside five years, by 2031: optimistic average around 11 percent across the experts.

Inside ten years, by 2036: pessimistic average 28 percent, optimistic average 49 percent. Half the experts (13 of 26) at one in two or higher.

Inside fifteen years, by 2041: 69 percent of experts at one in two or higher.

The ten-year optimistic estimate jumped from 34 percent in 2024 to 49 percent in 2025. That is the sharpest single-year shift in the survey's seven-year history. The drivers cited by the experts are Google's Willow chip (December 2024), Quantinuum's error-correction milestone (November 2025), and the resource-estimate papers that landed in 2025 and early 2026.

The trend across seven years of the same survey is unambiguous. Every recent piece of new evidence has pulled the curve forward, not pushed it back. Treat the optimistic 49 percent by 2036 as the working number for a board, not the comforting 28 percent. Then plan for 2027, because the harvest-now-decrypt-later threat is already live and the regulators have already chosen 2030 as the design deadline.

What three things to do this quarter

Sprint, not project. The work I would put in front of an Australian board right now.

1. Inventory where encryption lives in your business. Most organisations cannot answer the question “where do we use encryption?” The honest answer covers a lot of ground. Certificates on your websites. Signatures on software releases. Encryption on web traffic, VPNs, remote-access tunnels. Codes staff use to log in from phones. Encryption inside messaging apps. The envelopes that carry keys between your systems. Any cryptocurrency holdings. Connections you use to exchange data with partners. Encryption that protects data when it leaves Australia.

The inventory does not need to be perfect to be useful. It needs to fit on one page, owned by a named executive sponsor, by the end of this quarter. Twelve weeks. Not twelve months. You cannot migrate what you cannot find.

2. Turn on hybrid quantum-safe encryption at your perimeter. In August 2024 the US standards body NIST published the first official quantum-safe encryption standards: ML-KEM for key exchange (FIPS 203), ML-DSA and SLH-DSA for signatures (FIPS 204 and 205). The major web browsers and the major cloud providers have already turned them on in hybrid mode, running the new algorithms alongside the old ones so a weakness in either does not collapse the connection. Around 60 percent of the world's web traffic is now protected this way. Most enterprise networks are not.

Switching the new standards on for your highest-value connections, the ones carrying your customer data, your finance data and your most sensitive partner traffic, is achievable this quarter for any organisation with a competent IT team and an executive who has decided this matters. This is the single highest-leverage change available to any business in the next 90 days.

3. Re-sign what matters past 2027. Every digitally signed contract, board minute, software update and regulatory filing your business produces between today and the threshold is exposed to forgery the moment 2027 arrives. Decide which signatures need to still mean something next year and beyond. Put a process in place to re-sign those documents using the quantum-safe versions of the signature standards (ML-DSA and SLH-DSA). The technology partners exist. The decision to start does not require any further evidence.

These three items form a programme that completes inside 2026 if it starts this quarter. They do not solve the whole problem. They reduce your exposure from “everything captured so far, plus everything captured from now to the threshold” down to “everything captured so far”.

The honest summary

If you read only the headlines, you might think this is years away. If you read only the dystopian commentary, you might think the sky falls tomorrow. The truth is between them, and closer to the dystopian end than the comfortable end.

The capability to break the cryptography underneath today's internet is somewhere between one and three years away on the published roadmaps of the leading vendors. IonQ's own numbers put them in striking range in 2027 and comfortably across the line in 2028. Other vendors may be slower. Some may be faster. The data you are protecting today is on that timer.

All your base are belong to us is not the right way to describe 2027 itself. It is the right way to describe what an adversary owns about your historical encrypted traffic the moment 2027 arrives.

The action is not panic. The action is compressed. Inventory this quarter. Quantum-safe encryption at the perimeter this quarter. Re-signing process this quarter. Named executive sponsor this week. Start now.

The data already captured is unrecoverable. The data captured from this quarter forward is recoverable, if you start now.

That is the window. It is open now. It closes next year.

Sources

• Babbush, Zalcman, Gidney, Broughton, Khattar, Neven, Bergamaschi, Drake, Boneh, “Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities: Resource Estimates and Mitigations,” Google Quantum AI, 30 March 2026.
• IonQ technology roadmap, ionq.com/roadmap, retrieved 18 May 2026.
• NIST Post-Quantum Cryptography Standardisation, FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA), August 2024.
• Mosca, M. and Piani, M., “2025 Quantum Threat Timeline Report,” Global Risk Institute and evolutionQ, 9 March 2026 (seventh edition).
• Acharya, R. et al. (Google Quantum AI), “Quantum error correction below the surface code threshold,” Nature, December 2024 (Willow chip result).
• Gidney, C., “How to factor 2048 bit RSA integers with less than a million noisy qubits,” Google Quantum AI, May 2025.
• Chevignard, C., Fouque, P.-A., Schrottenloher, A., “Reducing the Number of Qubits in Quantum Factoring,” CRYPTO 2025.
• Quantinuum, “Helios system: 98 entangled qubits and 48 logical qubits at break-even,” November 2025.
• IBM Quantum technology roadmap, retrieved 18 May 2026.
• NSA, “Commercial National Security Algorithm Suite 2.0 (CNSA 2.0),” updated May 2025.
• White House National Security Memorandum NSM-10, 4 May 2022.
• UK NCSC, “Timelines for migration to post-quantum cryptography,” March 2025.
• European Commission, “The EU’s plan to become a global leader in quantum by 2030,” 2 July 2025.
• Australian Signals Directorate (ASD/ACSC), “Guidelines for cryptography,” Information Security Manual control ISM-1917, revised September 2025.
• Australian Prudential Regulation Authority, “Prudential Standard CPS 234 Information Security” and “Prudential Standard CPS 230 Operational Risk Management,” in force.
• Bank for International Settlements Innovation Hub, “Project Leap Phase 1,” July 2025, and “Project Leap Phase 2: quantum-proofing payment systems,” December 2025.
• Cloudflare Radar, post-quantum adoption metrics, radar.cloudflare.com, retrieved 18 May 2026.