If you could easily break some basic widespread cryptographic primitives, you could mitm TLS and serve valid signature spoofed OS updates, basically giving you total control over the computers of just about any organization you like.

The first thing to target would be the network operators, so that you have the technical ability to observe and inject packets into connections from leaf nodes. Then, you could redirect those connections to yourself, proxy their TLS undetected, or serve replies that contain (valid signature) updates or malware.

This is one of the many reasons that a defense in depth strategy (that is, not solely/blindly trusting TLS or digital signatures to ensure that your computer doesn't run unauthorized code) is a good idea.

It is also probably another reason why so many state-level intel agencies target telecoms first and foremost.

The mathematics of Shor's algorithm have been known for decades. The challenge is in building the hardware, not in the math.

There are tens of billions of dollars worth of abandoned Bitcoins in addresses with exposed public keys. It would be trivial to get those if you can break ECDSA. Yes, there is much more outside of Bitcoin but I don't see why someone who had this capability wouldn't go after the easy targets first.