Mitigating Data Exposure to Quantum Computing.  A simplified risk-timeline has four influencing factors to consider; given you have made a complete cryptographic inventory.  The four factors to consider are:

1/ Cryptographic strength of the algorithms in use to protect data and communications

2/ Length of time, in years, your data must be protected

3/ Cryptographic agility of the enterprise.  How to quickly is the enterprise able to change the algorithms?  Weeks?  Months?  Years?

4/ Quantum computing advancements, in terms of years to achieve (i.e. when will quantum supremacy arrive?)

The advent of quantum computing capable of cracking cryptography is nearing.  “When?” is the bigger question.  Anywhere from a bold 2 years to never are routinely discussed.  

Reference is found here…