Mike argues that the point of moving to Post-Quantum Cryptography now is 

 that there'll be a quantum computer that can break encryption in the next 20 years (most likely there won't), but it's so that 

 a quantum computer gets invented, the quantum-resistant cryptography has already been in place for decades if not more.

The point is to defend against "harvest now decrypt later" attacks, in which the attacker harvests all your encrypted data now, and just waits until quantum computers are ready for them to decrypt it.

This attack isn't much of a concern for anyone who doesn't have decades old secrets.  For example, if all your secrets are expired by the time quantum is ready, say in 30 years, it doesn't matter if your secrets right now use post-quantum cryptography.  But for some groups who might indeed have decades-long secrets, they might want to think about migrating to post-quantum cryptography 

science

bitcoin

Mike argues that the point of moving to Post-Quantum Cryptography now is *not* that there'll be a quantum computer that can break encryption in the next 20 years (most likely there won't), but it's so that *if* a quantum computer gets invented, the quantum-resistant cryptography has already been in place for decades if not more.

The point is to defend against "harvest now decrypt later" attacks, in which the attacker harvests all your encrypted data now, and just waits until quantum computers are ready for them to decrypt it.

This attack isn't much of a concern for anyone who doesn't have decades old secrets.  For example, if all your secrets are expired by the time quantum is ready, say in 30 years, it doesn't matter if your secrets right now use post-quantum cryptography.  But for some groups who might indeed have decades-long secrets, they might want to think about migrating to post-quantum cryptography *now*, rather than later.