Only a Small Minority Are Genuinely Prepared’: Inside Telecom’s Post-Quantum Readiness Gap

As the telecom industry prepares for a future shaped by quantum computing, operators face a more immediate challenge: replacing cryptographic systems embedded across networks, SIMs, and billions of connected devices before existing security standards become obsolete.

The telecommunications industry has spent the past decade investing heavily in 5G networks, edge computing, private wireless infrastructure, and the Internet of Things. Yet another transformation is already looming — one that could prove even more complex than rolling out a new generation of mobile technology. The transition to post-quantum cryptography (PQC), the next generation of encryption designed to withstand attacks from future quantum computers, is emerging as one of the industry’s most significant long-term security challenges.

The urgency increased sharply in August 2024, when the U.S. National Institute of Standards and Technology (NIST) finalized its first three post-quantum cryptography standards — FIPS 203, 204, and 205 — covering key encapsulation and digital signature schemes. Rather than framing the standards as a roadmap for future planning, NIST urged system administrators to begin transitioning immediately, a signal that the migration window is already open.

While practical quantum computers capable of breaking today’s widely used encryption do not yet exist, cybersecurity experts increasingly warn that organizations cannot afford to wait. The reason lies in a growing concern known as the “Harvest Now, Decrypt Later” threat. Adversaries can collect encrypted data today and store it until quantum computing capabilities mature enough to decrypt it in the future. For industries handling sensitive information with long confidentiality requirements — governments, financial institutions, critical infrastructure operators, and telecoms — the clock has already started. For telecom operators, however, the challenge extends far beyond replacing a few encryption algorithms.

Why Telecom Faces a Bigger Problem Than Most Industries

Unlike software companies that can update security protocols through cloud deployments, telecom operators manage vast and highly distributed infrastructures: SIM cards, eSIM platforms, authentication systems, network equipment, provisioning systems, roaming platforms, and billions of connected devices. Many of these assets were designed for operational lifecycles measured in decades rather than years. This is particularly acute in sectors such as utilities, industrial automation, transportation, and smart city deployments, where connected devices such as smart meters often remain in the field for 10 to 15 years or more after installation. For specialized industrial and infrastructure systems, that figure can extend further still.

As a result, telecom operators face a challenge that few other industries share. They must protect future communications while continuing to support extensive legacy infrastructure that was never designed with a post-quantum world in mind. The scale of the task has led many industry observers to describe this transition as one of the most significant security migrations in telecom history.

The Real Challenge Is Crypto Agility

While discussions around quantum security often focus on new cryptographic algorithms, the bigger issue for telecom operators may be crypto agility — an organization’s ability to replace or update cryptographic mechanisms without requiring major infrastructure redesigns or service disruptions. In theory, crypto agility allows operators to adapt quickly as security standards evolve. In practice, many networks remain deeply dependent on legacy technologies and fragmented systems that make rapid, coordinated transitions extremely difficult.

Speaking with AsiaTechDaily, Rahul Tandon, Senior Vice President of Connectivity Services (India) at IDEMIA Secure Transactions, offered a candid assessment of the industry’s readiness.

“Only a small minority of operators are genuinely prepared to transition cryptographic standards without major impact,” he said.

Tandon’s view carries weight. IDEMIA Secure Transactions has been at the forefront of the quantum-safe transition in telecom — the company launched the world’s first quantum-safe 5G SIM in 2021 and unveiled the first commercial crypto-agility solution the following year, designed to allow its technologies to adapt in real time to emerging quantum threats. The company has also partnered with Telefónica on post-quantum eSIM deployments for IoT devices in smart utility networks.

According to Tandon, many operators continue to rely on extensive installed bases of SIMs, secure elements, provisioning systems, and long-life IoT devices that make large-scale cryptographic migrations particularly challenging.

“Crypto agility is a real objective, but not yet an operational reality for most of the industry,” he told AsiaTechDaily.

As a result, migration is unlikely to happen through a single industry-wide shift. Instead, it will occur gradually through hybrid environments where classical and post-quantum cryptographic systems coexist for years. This reality is increasingly reflected in industry roadmaps: rather than pursuing abrupt replacements, operators and vendors are focusing on crypto-agile architectures capable of supporting multiple cryptographic standards simultaneously while minimizing disruption to live networks.

Why Waiting for 6G May Be Too Late

For some telecom executives, there may be a temptation to align post-quantum migration with the eventual rollout of 6G networks, which are expected to begin commercial deployment around 2030. Cybersecurity specialists increasingly argue that such a timeline exposes organizations to unnecessary and avoidable risk. The concern is straightforward: sensitive data intercepted today may retain its value for many years. By the time 6G infrastructure is in place, some of that data may already be vulnerable if adversaries have been systematically harvesting encrypted communications in anticipation of quantum decryption capabilities.

Tandon was direct on this point.

“The ‘Harvest Now, Decrypt Later’ risk means operators cannot tie the post-quantum timeline to the 6G rollout expected around 2030,” he told AsiaTechDaily.

This perspective is gaining traction across the industry. Governments, standards bodies, and technology providers are increasingly urging organizations to begin inventorying cryptographic assets, identifying vulnerable systems, and establishing migration strategies now — not when quantum computers become operational threats. For telecom operators, the first step may be less about deploying new technologies and more about understanding exactly where cryptography is embedded across their infrastructure. Without that visibility, planning a credible migration becomes significantly harder.

Asia’s Window of Opportunity

While the post-quantum transition presents substantial operational and financial challenges, it may also open strategic opportunities — particularly across Asia-Pacific. Unlike some mature markets where network infrastructure is deeply entrenched, many countries across the region continue to expand 5G coverage, deploy private wireless networks, and invest heavily in industrial IoT and smart city initiatives.

This ongoing investment cycle gives operators an opportunity that more mature markets may not have: the ability to integrate post-quantum readiness into current deployments rather than retrofitting security controls onto aging infrastructure later. The region’s rapid digitalization is creating increasingly complex network environments. Enterprises are connecting factories, utilities are modernizing grid infrastructure, governments are deploying digital services at scale, and cities are integrating connected technologies into public systems.

Each new deployment expands the population of devices and systems that may eventually require post-quantum protection — and represents a decision point where building in crypto agility now is far cheaper than engineering it in retrospect. The challenge for operators will be balancing immediate commercial priorities against security investments whose full value may not be realized for years. That calculus is rarely straightforward in competitive, margin-pressured markets.

From Security Requirement to Competitive Advantage

The industry’s response to post-quantum security may ultimately extend beyond risk mitigation. Historically, telecom operators have competed on coverage, network performance, reliability, and price. Increasingly, security and digital trust are becoming differentiating factors as enterprises, governments, and critical infrastructure operators demand stronger and more demonstrable protections.

This creates a potential opening for operators willing to move early. Post-quantum security capabilities, secure IoT connectivity, and advanced identity protections could become part of a broader enterprise security services portfolio — particularly for operators serving regulated industries such as finance, healthcare, energy, and government.

For operators facing slowing growth in traditional connectivity markets, trusted digital infrastructure may represent a new and defensible avenue for value creation. Whether that opportunity materializes at scale will depend largely on how effectively operators navigate the transition itself.

The telecom industry’s post-quantum challenge is no longer a question of if quantum computing will eventually threaten existing encryption standards. That debate has largely been resolved. The more pressing question is whether operators can identify, modernize, and future-proof the cryptographic foundations already embedded across their networks — and whether they can do so before the threat window closes.

For most providers, that transition will not be defined by a single breakthrough technology or a one-time upgrade. It will involve years of cryptographic asset discovery, standards alignment, infrastructure assessment, and gradual migration across highly complex, deeply distributed systems. The industry’s next major transformation may not be 6G. It may be the sustained, unglamorous work of ensuring that the security foundations of today’s networks remain trustworthy in a world where quantum computing is no longer theoretical. Based on the current state of readiness, many operators still have significant ground to cover.

Key Takeaways

• Most telecom operators are still not prepared for large-scale post-quantum cryptography migration, despite growing industry awareness.
• The biggest challenge is not developing new encryption algorithms but achieving “crypto agility” across complex telecom infrastructure and long-life connected devices.
• The “Harvest Now, Decrypt Later” threat is pushing operators to begin post-quantum planning during the 5G era rather than waiting for 6G.
• Asia’s ongoing investments in 5G, private networks, IoT, and smart infrastructure create an opportunity to embed quantum-safe security into current deployments.
• Post-quantum security could evolve from a compliance requirement into a competitive advantage as enterprises and governments place greater emphasis on trusted connectivity and digital trust.