Harvest Now, Decrypt Later: The Quantum Security Threat Hanging Over Today’s Data

Nation-state adversaries are not waiting for quantum computers to arrive. They are intercepting and stockpiling encrypted data right now, betting on a future where quantum processors crack today’s encryption in hours. This attack pattern has a name: Harvest Now, Decrypt Later (HNDL).

HNDL is not hypothetical. Intelligence agencies, cybersecurity researchers, and government regulators agree: HNDL campaigns are active today. The US, China, and Russia all run signals intelligence programs collecting encrypted communications at scale. The data sits in storage, waiting for the quantum hardware to catch up. In 2020, data from Google, Amazon, Facebook, and more than 200 other networks was redirected through Russia. Traffic rerouting incidents like these are consistent with large-scale HNDL collection.

This post breaks down the HNDL threat model, the data showing how fast the quantum timeline is accelerating, the compliance deadlines closing in, and the 5 concrete defense steps your organization needs to take now.

How HNDL Attacks Work

The HNDL attack pattern follows 3 stages:

• Intercept. Adversaries tap network traffic, fiber optic cables, satellite links, or compromised infrastructure to capture encrypted data in transit. Nation-states with signals intelligence capabilities do this at massive scale.
• Store. Collected ciphertext goes into long-term storage. Storage is cheap. A petabyte of data costs less than $20,000 to archive. Adversaries face no time pressure at this stage.
• Decrypt. When a cryptographically relevant quantum computer (CRQC) comes online, attackers run Shor’s algorithm against the stored data, breaking RSA, ECC, and other public-key encryption in hours or days.

The critical insight: any data with a secrecy shelf life longer than the timeline to a CRQC is already at risk. A 30-year mortgage file encrypted with RSA-2048 today, if a CRQC arrives in 2030, leaves 26 years of exposed shelf life remaining.

What Adversaries Are Targeting

HNDL campaigns focus on data with long-term value:

• Government and military communications (classified intelligence, diplomatic cables)
• Financial records (trade secrets, M&A activity, central bank communications)
• Healthcare data (patient records, pharmaceutical IP, clinical trial results)
• Critical infrastructure schematics (power grids, telecom networks, water systems)
• Personally identifiable information (PII with 10+ year retention requirements)

The common thread: information staying sensitive for years or decades. If your encrypted data needs to remain confidential past 2030, assume it is already being harvested.

The Quantum Timeline Is Accelerating

The standard objection to HNDL urgency has been “quantum computers are decades away.” Recent research has dismantled this argument.

Qubit Estimates Are Dropping Fast

Three papers published between May 2025 and March 2026 reduced the estimated quantum resources needed to break RSA-2048 from 20 million qubits to fewer than 1 million. A February 2026 study described a new fault-tolerant architecture factoring RSA-2048 with fewer than 100,000 physical qubits, an order of magnitude below previous estimates.

Separately, the JVG algorithm published in early 2026 demonstrated a 1,000x reduction in quantum resources needed for integer factorisation compared to prior approaches.

CRQC Timeline: 2029 to 2032

The median estimate for a cryptographically relevant quantum computer now sits around 2030, with a credible threat window of 2029 to 2032. IBM targets its Starling machine with approximately 200 logical qubits by 2029 and larger error-corrected systems by the early 2030s. Google has set an internal Post-Quantum Cryptography (PQC) migration deadline of 2029.

75% of cybersecurity practitioners surveyed by the Ponemon Institute (4,149 respondents) expect quantum computers to break traditional encryption within 5 years. The Quantum Insider projects cryptographically relevant quantum computers by 2027.

The Math

If your encrypted data needs to stay confidential past 2030 and the decryption timeline is 2029 to 2032, the overlap is already here. Adversaries do not need to build the quantum computer themselves. They need to store the data until someone else does.

What the Data Shows

The numbers paint a clear picture of an industry unprepared for the threat it faces.

• 90% of companies have no systems to defend against quantum threats (Bain & Company, 180 technology leaders surveyed)
• 75% of practitioners expect quantum break of traditional encryption within 5 years (Ponemon Institute, 4,149 respondents)
• Only 38% are preparing to adopt PQC (Ponemon)
• 41% cite limited visibility into cryptographic assets as the top barrier to PQC readiness (Ponemon)
• 68% report managing cryptographic assets is extremely or very difficult (Ponemon)
• 59% acknowledge quantum exposure of long-term sensitive data (Ponemon)

Meanwhile, IBM’s 2025 Cost of a Data Breach Report found US organizations pay an average of $10.22 million per breach, an all-time high. Encryption ranked as the 3rd most effective cost-reduction factor, and the only one both highly effective and widely deployed.

The PQC market is projected to grow from $1.2 billion in 2025 to $13 billion by 2035 (Bain, IQT, Juniper Research). The money is moving. The question is whether your organization’s defenses will move with it.

Compliance Deadlines Are Closing the Window

Federal mandates have turned PQC migration from a recommendation into a requirement.

CNSA 2.0 (NSA’s Commercial National Security Algorithm Suite 2.0) sets the following timeline:

• January 1, 2027: new National Security System acquisitions must be CNSA 2.0 compliant
• 2030: legacy equipment unable to support CNSA 2.0 must complete transition
• 2033: full compliance across most NSS types

FIPS 140-2 goes Historical on September 21, 2026. After this date, only FIPS 140-3 validated modules are eligible for new federal procurement. Organizations still running FIPS 140-2 validated encryption have months, not years, to transition.

Additional mandates tightening the timeline:

• Executive Order 14144: federal cryptographic modernization
• Executive Order 14306: further PQC directives
• NSM-10: PQC migration directive for federal agencies
• OMB M-23-02: federal PQC inventory and migration requirement
• DORA: EU Digital Operational Resilience Act with a sub-4-year compliance horizon for financial institutions
• NIS2 and eIDAS 2.0: EU cybersecurity and digital identity frameworks with cryptographic requirements

The regulatory message is consistent: migrate now, not later.

5 Defense Steps Against HNDL

Defending against HNDL requires action across 5 dimensions. Waiting for a single vendor upgrade or algorithm fix leaves gaps.

1. Inventory Your Cryptographic Assets

You do not protect what you do not see. 41% of organizations cite limited visibility into cryptographic assets as the top barrier to PQC readiness. Start with a complete inventory: where encryption is deployed, which algorithms are in use, which keys protect which data flows, and which assets have long secrecy shelf lives.

2. Adopt Post-Quantum Cryptography

NIST finalized its first PQC standards in 2024 (FIPS 203 for ML-KEM, FIPS 204 for ML-DSA, FIPS 205 for SLH-DSA). The standards are published. The “waiting for standards” excuse is gone. Deploy FIPS 203 validated PQC on your most sensitive data flows first, then expand.

3. Build Crypto-Agility Into Your Architecture

Crypto-agility is the ability to manage and update cryptographic algorithms and policies across your infrastructure without disrupting operations. Single-algorithm PQC deployments create a new problem: when an algorithm breaks (and history says algorithms break), you face another emergency migration. Architecture decisions matter more than algorithm choices.

As Eddy Zervigon, CEO of Quantum XChange, has noted: “The future of encryption is not a math problem, it’s an architecture problem.”

Phio TX®, the cryptographic management platform from Quantum XChange, hot-swaps PQC algorithms on the fly with no downtime, no recertification cycle, and no maintenance window. When NIST or CNSA shifts the algorithms, Phio TX updates centrally. No endpoint rewrites. No emergency patching. Competitors put algorithm agility on roadmaps; Phio TX ships it.

4. Separate Key Delivery from the Data Plane

For nearly 50 years, organizations relied on an encryption model where the public key and data travel together. Phio TX uses a dual-path architecture: a strong symmetric key travels out-of-band, separate from encrypted data. Keys are ephemeral, generated in memory, used once, and self-deleted through Ephemeral Keys and Forward Secrecy (EKFS). Nothing stored. Nothing reused. Nothing for an insider to steal.

Phio TX holds FIPS 140-3 CMVP Certificate #4850 (module), FIPS 203 CAVP Certificate #6060 (ML-KEM algorithm), and NIST Entropy Source Certificate #E79. The industry’s first FIPS 140-3 + FIPS 203 + Entropy validated solution.

5. Deploy Without Ripping and Replacing

PQC migration does not require a network overhaul. Phio TX overlays existing infrastructure with no downtime and no measurable performance impact. Deployments take days, not months. The platform runs as a Docker container (including Phio TX-EM for native Cisco integration), software, VM, secure hardware, or native cloud images for AWS, Azure, and GCP. The platform supports air-gapped federal deployments. No rip-and-replace. No vendor lock-in.

The “We Have Time” Objection

The most dangerous response to HNDL is inaction.

Data harvested today is the data adversaries will decrypt in those “few years.” The threat is not future. The collection is happening now. The only variable is when decryption becomes possible, and every new qubit reduction paper compresses the timeline.

90% of companies are unprepared. Vendors promising “quantum-proof” protection (a term with no standard or cert behind it) fill the market with noise. Ask a simple question: is the solution FIPS 140-3 and FIPS 203 validated today, or is it “in process”? A cert number is not the same thing as a press release.

Quantum XChange is a Quantum Industry Coalition (QIC) member alongside AWS, Google, IBM, Microsoft, and Accenture. QXC collaborates with the NIST National Cybersecurity Center of Excellence (NCCoE) and participates in the Quantum Economic Development Consortium (QED-C). The validation, the architecture, and the procurement path exist today.

Frequently Asked Questions

What is a Harvest Now, Decrypt Later attack?

Harvest Now, Decrypt Later (HNDL) is an attack pattern where adversaries intercept and store encrypted data today, planning to decrypt it when quantum computers grow powerful enough to break current encryption algorithms. Nation-state actors are executing HNDL campaigns now, targeting data with long-term secrecy value across government, financial, and healthcare sectors.

When will quantum computers break current encryption?

Recent research reduced the estimated quantum resources needed to break RSA-2048 from 20 million qubits to fewer than 100,000. The median estimate for a cryptographically relevant quantum computer sits around 2030, with a credible threat window of 2029 to 2032. Google has set an internal PQC migration deadline of 2029.

What data is most vulnerable to HNDL attacks?

Any data with a secrecy shelf life longer than the timeline to a cryptographically relevant quantum computer faces HNDL risk. This includes government and military communications, financial records, healthcare data, critical infrastructure schematics, and personally identifiable information with 10+ year retention requirements.

What is crypto-agility and why does it matter for HNDL defense?

Crypto-agility is the ability to update cryptographic algorithms and policies across your infrastructure without disrupting operations. Single-algorithm PQC deployments create re-migration risk when algorithms break. Phio TX hot-swaps PQC algorithms on the fly with no downtime, avoiding repeated emergency migrations as standards evolve.

What federal mandates require post-quantum migration?

CNSA 2.0 requires new National Security System acquisitions to be compliant by January 2027, with full compliance by 2033. Executive Order 14144, NSM-10, and OMB M-23-02 mandate federal cryptographic modernization. FIPS 140-2 goes Historical on September 21, 2026, after which only FIPS 140-3 validated modules are eligible for federal procurement.

How does Phio TX protect against HNDL attacks?

Phio TX uses a dual-path architecture with out-of-band ephemeral key delivery to strengthen encryption of data-in-motion. It holds FIPS 140-3 CMVP #4850, FIPS 203 CAVP #6060, and NIST Entropy Source #E79 validations. The platform overlays existing infrastructure, deploys in days, and hot-swaps PQC algorithms when standards evolve.

Ready to Secure Your Network?

Adversaries are collecting your encrypted data today. The defense window is narrowing. Talk to a Quantum XChange expert about protecting your data-in-motion with validated PQC before the decryption clock runs out.

Talk to an Expert