General Tech

How Quantum Computing Will Impact Cybersecurity in Australia

Quantum computing could eventually break current encryption methods used across banking, government and digital communications in Australia. To counter this, Australia is shifting toward post-quantum cryptography that is designed to stay secure even against quantum-powered attacks.

Matthew Giannelis
Matthew Giannelis

What Is the Quantum Threat to Australian Cybersecurity?

Quantum computing threatens cybersecurity by breaking asymmetric encryption, the technology that protects almost every sensitive data transmission in Australia today.

Contents

A sufficiently powerful quantum machine, formally called a Cryptographically Relevant Quantum Computer (CRQC), would be capable of cracking RSA, Diffie-Hellman, and Elliptic Curve cryptography.

These are the algorithms underpinning TLS, VPNs, digital signatures, and public key infrastructure across banking, government, healthcare, and critical infrastructure.

A CRQC does not yet exist. But the Australian Cyber Security Centre confirms that advances in quantum computing are narrowing the preparation window, and early action is now critical.

What Is a “Harvest Now, Decrypt Later” Attack?

A harvest now, decrypt later attack is when a threat actor captures and stores encrypted data today, intending to decrypt it once a quantum computer becomes capable of breaking the encryption. This means Australian organisations are potentially being targeted right now, years before quantum decryption is possible.

Data with long-term confidentiality requirements, including health records, financial data, legal documents, and national security information, is at the highest risk.

Organisations that transmit sensitive data using current public key encryption cannot assume that data is safe indefinitely.

87% of global security leaders surveyed in 2026 are concerned about harvest now, decrypt later attacks. 35% identify encrypted traffic as their single biggest breach risk.

What Has the Australian Government Done About Quantum Cybersecurity?

In February 2026, the Australian Cyber Security Centre released formal guidance on the cybersecurity implications of quantum computing.

The guidance targets SMEs, large enterprises, critical infrastructure operators, and government bodies that rely on cryptography, cloud services, or high-performance computing.

The Australian Signals Directorate’s Information Security Manual sets a binding compliance roadmap for all Australian organisations:

  • By end of 2026: Organisations must have a documented, refined transition plan for post-quantum cryptography, accounting for security goals, risk tolerance, data sensitivity, and system dependencies.

  • By end of 2028: Implementation of post-quantum cryptographic algorithms must begin, starting with the most critical and high-risk systems.

  • By end of 2030: Full transition to post-quantum cryptography must be complete. Traditional asymmetric cryptography must not be used beyond this point.

The 2026 milestone is a current obligation, not a future one.

Which Encryption Algorithms Will Be Phased Out in Australia?

The Australian Signals Directorate has directed organisations to cease using the following cryptographic algorithms by 2030:

  • RSA (Rivest-Shamir-Adleman)
  • DH (Diffie-Hellman)
  • ECDH (Elliptic Curve Diffie-Hellman)
  • ECDSA (Elliptic Curve Digital Signature Algorithm)

The ASD-mandated replacement standard is ML-KEM-1024. ML-KEM-768 is acceptable until 2030. These standards align with algorithms finalised by NIST (the US National Institute of Standards and Technology), which published post-quantum cryptographic standards in 2024.

Why Is 2030 a Tighter Deadline Than It Appears?

Most enterprise environments require 18 to 24 months to replace foundational cryptographic components under normal conditions.

Organisations with legacy infrastructure, third-party vendor dependencies, or complex supply chains will need more time. A transition plan developed in late 2026 that targets implementation by 2028 leaves almost no buffer for delays.

McKinsey estimates approximately 5,000 quantum computers will be in operation globally by 2030, enough that some state-sponsored and financially motivated threat actors will have access to quantum capabilities.

Australia’s Five Eyes membership makes it a priority target for adversaries who reach quantum capability first.

Which Australian Sectors Face the Highest Quantum Cybersecurity Risk?

  • Financial services hold decades of client data transmitted using encryption a future CRQC could break. Superannuation funds and banks face the highest exposure from harvest now, decrypt later attacks given the long-term confidentiality requirements of financial records.
  • Government and critical infrastructure are explicitly named in ACSC guidance as priority recipients of the quantum risk framework. Energy, water, transport, and telecommunications operators are particularly exposed because of the long service life of industrial control systems that cannot be easily updated.
  • Healthcare holds sensitive personal data with long retention requirements, making it a high-value target for data harvesting now and decryption later.
  • Small and medium businesses are included by name in the ACSC’s February 2026 guidance, particularly those using cloud services, SaaS platforms, or third-party cryptographic systems, since their exposure depends on the security posture of vendors and platforms they rely on.

What Should Australian Organisations Do About Quantum Cybersecurity in 2026?

Complete a cryptographic inventory. Identify every system, application, API, and vendor relationship that depends on asymmetric encryption. This is the foundational step the ASD transition plan requires.

Assess data longevity risk. Any data that must remain confidential for five or more years is already at risk from harvest now, decrypt later attacks using today’s encryption.

Build a PQC transition plan by December 2026. This is the ASD’s current deadline. The plan should document which systems will be migrated, in what order, by what date, and which post-quantum algorithms will replace existing cryptography.

Treat post-quantum cryptography as an additional layer. Organisations aligned to the ACSC Essential Eight do not need to abandon existing controls. MFA, network segmentation, endpoint protection, and backup infrastructure remain essential. PQC is a cryptographic upgrade built on top of that foundation.

Develop internal quantum expertise or engage specialist advisory support. The ACSC identifies shortages of specialised expertise as a key supply-side risk to successful PQC transition.

Is Australia a Quantum Computing Leader?

Australia is both a target of quantum-enabled cyber threats and an active participant in global quantum development.

The federal government’s National Quantum Strategy positions Australia as a research and development partner to the United States. Australian universities, including UNSW Sydney, have produced world-leading quantum hardware research.

This dual role makes Australia’s cybersecurity posture in the quantum era more consequential than most comparable nations. Australia’s proximity to US quantum programs also makes it a higher-priority target for adversaries seeking intelligence about quantum capabilities.

Key Facts: Quantum Computing and Australian Cybersecurity in 2026

  • The ACSC released formal quantum cybersecurity guidance in February 2026
  • The ASD mandates a completed PQC transition plan from all Australian organisations by end of 2026
  • Full transition to post-quantum cryptography is required by end of 2030
  • RSA, Diffie-Hellman, ECDH, and ECDSA must be phased out by 2030
  • ML-KEM-1024 is Australia’s mandated post-quantum encryption standard
  • Harvest now, decrypt later attacks mean data transmitted today is already a target
  • McKinsey projects 5,000 quantum computers in operation globally by 2030
  • Enterprise cryptographic migrations typically take 18 to 24 months minimum
  • 87% of global security leaders are concerned about quantum-enabled decryption of stored data
ByMatthew Giannelis
Follow:
Secondary editor and executive officer at Tech Business News. An IT support engineer for 20 years he's also an advocate for cyber security and anti-spam laws.
Previous Article What Is The Best AI Tool For Customer Service In Australia?
Next Article AI Search Engines Are Replacing Traditional Google Searches in 2026 Why AI Search Engines Are Replacing Traditional Google Searches in 2026
Leave a Comment

Leave a Reply

How Quantum Computing Will Impact Cybersecurity in Australia in 2026

Tech Articles

How the World’s Data Centres Are Quietly Burning the Planet

Data centres are burning the planet, with a growing environmental…

Australia's Heavy Vehicle EV Charging Market

Australia’s Heavy Vehicle EV Charging Market: A Critical Infrastructure Gap Being Filled

Australia’s heavy EV market is accelerating, but charging is the…

The Growing Crisis of Space junk and Debris

Space Junk Is Becoming One of the Biggest Threats to Modern Spaceflight

More than 33,000 tracked objects now orbit Earth at speeds…

Recent News