It's definitely not true today: for example, there are no NIST standards (and I'm not sure about standards from other governments) for quantum-resistant key exchange. Several such systems have been developed, and NIST has even chosen one to standardize, but they aren't standardized or widely deployed yet.
But I expect that in 5-10 years, most security systems designed by competent professionals (up-to-date OS security services, TLS servers, SSH servers, VPN, firmware update systems etc) will have post-quantum crypto enabled by default. And I expect it will take longer than that to build a QC that can break classical crypto.
More likely it will play out like the SHA-1 break: all professional security engineers should have switched off SHA-1 (at least for unkeyed hashing) years before any collision was found, and users who apply security patches should therefore by mostly up to date, but I'm sure some are still using the older crypto.
But I expect that in 5-10 years, most security systems designed by competent professionals (up-to-date OS security services, TLS servers, SSH servers, VPN, firmware update systems etc) will have post-quantum crypto enabled by default. And I expect it will take longer than that to build a QC that can break classical crypto.
More likely it will play out like the SHA-1 break: all professional security engineers should have switched off SHA-1 (at least for unkeyed hashing) years before any collision was found, and users who apply security patches should therefore by mostly up to date, but I'm sure some are still using the older crypto.