The new millennium bug: everything you need to know about Y2Q

The Y2Q problem: quantum computers could allow malicious actors to break cybersecurity algorithms.

The Y2Q problem: quantum computers could allow malicious actors to break cybersecurity algorithms. Image: IBM Research/Flickr

Jerome Desbonnet
Vice-President, Chief Technology Innovation Officer, Capgemini
Julian Van Velzen
Chief Technology Innovation Officer, Capgemini
Gireesh Kumar Neelakantaiah
Senior director, Capgemini Quantum Lab
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Quantum Computing is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

Tech and Innovation

  • Quantum computers could allow malicious actors to break the security algorithms that currently protect most information and communication systems.
  • The "Y2Q" problem bears similarities to the Y2K or millennium bug, but the differences are more serious, from the source of the threat to how to solve the problem.
  • Given the severity of the threat and the massive nature of the efforts required to address it, organizations should start preparing now.

The world witnessed one of the large-scale global efforts to address the issue of Y2K (also known as the millennium bug) during the final decade of the last century. It is estimated that nearly $308 billion was spent worldwide dealing with the Y2K problem, with more than $130 billion spent in the US alone. But, thanks to international coordination and efforts, the Y2K problem was well handled.

Have you read?

Fast forward two decades and we have the similar-sounding “Y2Q” problem – expected to affect most information and communication systems. The Y2Q problem relates to the algorithms that currently secure systems against cyberattacks. These algorithms are based on complex mathematical problems that are practically intractable for traditional computers, but large and sufficiently capable quantum computers, which make use of quantum mechanics, have the potential to solve them in hours or even minutes.

If malicious actors have access to such quantum computing power, they could break the security of government and enterprise systems, disturb or even damage public services and utility infrastructure, disrupt financial transactions and compromise personal data. This is the large-scale threat known as Y2Q.

Why ‘PQC’ is the recommended solution for Y2Q

Industry experts, government agencies and standards organizations supported by governments and private organizations worldwide are working on solutions to the Y2Q problem. Two crucial options are proposed: post-quantum cryptography (PQC) and quantum key distribution (QKD).

PQC algorithms are designed to be resilient to cyberattacks involving both classical and quantum computers. These algorithms are still based on classical mathematical complexities and computing techniques. They are expected to replace existing algorithms that are vulnerable to threats from quantum computers.

QKD is a mechanism for secure communications which implements cryptographic protocols based on the principles of quantum physics. QKD requires additional special hardware.


QKD as a technology is still under development, therefore, PQC is expected to be the most common form of quantum-safe cryptography to be adopted worldwide. It is designed with classical methods and expected to work in the existing infrastructure without the need for special hardware, unlike QKD.

Considering the seriousness of the threat and the massive nature of the efforts required, industries, governments and standards organizations are already working on defining standards for algorithms, protocols and systems.

Standards and industry organizations are collaborating to develop new quantum-safe PQC algorithms. The US Department of Commerce’s National Institute of Standards and Technology (NIST) is at the forefront of this. After a multi-year evaluation process, NIST has announced the selection of four algorithms that are expected as standards for post-quantum cryptography in 2024. Organizations are expected to adopt these cryptographic algorithms in IT and operational technology systems and upgrade their systems to protect against Y2Q threats as part of a quantum-safe migration.

Understanding Y2Q in comparison with Y2K

To achieve a better understanding of the Y2Q threat we need to compare and discuss certain similarities and specific differences between Y2Q and Y2K.

Similarities include:

  • Both are triggered by fear, uncertainty and doubt.
  • Both have the potential to have a large-scale impact on computing systems worldwide.
  • The implementation of a solution requires many trained engineers.
  • In both cases, testing and validating are very critical parts of the solution.
  • There are global efforts and collaborations, across the US, Europe and Asia, to address the problem, including the involvement of governments. For example, the US has enforced laws with specific focus on Y2Q as it did for Y2K.
  • In both instances, computer programmes and infrastructure across enterprise and operational systems must be reviewed, assessed, fixed and upgraded.
Quantum computing power is growing
Quantum computing power is growing Image: Statista

The differences are more serious:

  • Timelines: in the case of Y2K, there was a very clear deadline: if not fixed, the problem would hit computer systems at the beginning of the new century. In the case of Y2Q, we do not know when sufficiently powerful quantum computers that can break currently used cryptography algorithms will be available. There is a complete uncertainty of timelines.
  • Source of threat: with Y2K, it was certain that the problem was internal to the systems; the source of Y2Q is always external with malevolent intentions to cause damage or harm.
  • Solution: though Y2K was a huge problem, the solution to solve it was simple and straightforward; to solve the Y2Q problem, there are multiple proposed solutions. The two main solutions outlined above both have their own complexities in implementation.
  • Execution: with Y2K, there was a clear deadline for when all systems of an organization had to be updated or upgraded. It was a one-time activity and once the issue was fixed, the problem was solved. For Y2Q, there needs to be a detailed analysis of systems and data. Following the preparation of a roadmap to fix or upgrade these systems, the result may be a multi-year project rather than a one-time activity. Organizations need to achieve a state of crypto agility with dynamic monitoring and updating cycles.
  • Visibility of damage: the potential damage caused by Y2K, if not addressed, was expected to be directly visible or noticable. With Y2Q the damages may not be visible or experienced owing to the nature of the threat. The malicious agent may not even be revealed immediately and could cause damage at a later point in time.

Why we need to act now – and how

Y2Q is a growing concern as quantum risk in cyberspace slowly emerges. Some important developments demonstrate the seriousness and urgency of the problem. For example: the passing of the Quantum Computing Cybersecurity Preparedness Act by the US government in December 2022 and the end of coverage for state cyberattacks by some insurance companies. Organizations across the globe need to recognize these developments.

Today’s quantum computers are still rudimentary in their capabilities; it will take many years to create quantum computers powerful enough to break current cryptography algorithms. Nevertheless, given the severity of the threat and the massive nature of the efforts required to address it, industries, governments and standards bodies have already started preparing themselves for quantum safe migrations and the adoption of PQC algorithms.


How is the Forum tackling global cybersecurity challenges?

Preparation is vital. An organization should understand and collect all information about cryptography used for various applications within their company, to recognize how different post quantum cryptography and hybrid algorithms would affect the performance of those applications. They should prepare a well-defined roadmap to start the actual migration. In this phase, the transition to quantum-safe cryptography should be implemented in all systems across the organization. The upgraded systems should then be tested and validated for their expected security, functionality and performance.

We do not have a good estimate on the overall cost of the transition to quantum-safe cryptography, but the size and complexity of Y2Q are significantly larger than Y2K, which makes it necessary to develop solutions over the next couple of decades. Organizations need to start preparing as soon as possible.

To learn more, read the Capgemini report Y2Q: A journey to quantum safe cryptography.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

The brain computer interface market is growing – but what are the risks?

Manar Alohaly

June 14, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum