Harvest Now, Decrypt Later: Why Post-Quantum Cryptography Can't Wait
Harvest Now, Decrypt Later: Why Post-Quantum Cryptography Should Already Keep You Up at Night
The scenario sounds like science fiction. Adversaries are right now harvesting and storing encrypted data they cannot yet read—banking transactions, state secrets, medical records, intellectual property—betting that quantum computers will eventually break today's encryption. They're playing the long game, and they're winning because most of us are still pretending this isn't happening.
This isn't theoretical anymore. This is a live threat unfolding in real time, and if you're responsible for security infrastructure, you need to act today, not when quantum computers arrive.
The Harvest Now, Decrypt Later Reality
Let me be direct: if your organization handles sensitive data with a lifespan beyond five to ten years, you're already exposed. Here's why.
The mathematics underpinning RSA and elliptic curve cryptography—the algorithms protecting everything from your SWIFT transfers to your healthcare records—remain secure against classical computers. A 2048-bit RSA key would take conventional supercomputers thousands of years to crack. That's not a weakness; it's by design.
But quantum computers operate differently. A sufficiently powerful quantum computer running Shor's algorithm could break RSA-2048 in hours. The timeline remains uncertain—estimates range from ten to thirty years—but uncertainty is precisely the problem.
Adversaries aren't waiting. Nation-states and sophisticated threat actors are systematically collecting encrypted traffic today. They're storing it in vast repositories, betting that the decryption keys of tomorrow will unlock the secrets of today. This isn't paranoia. The U.S. National Security Agency has already warned that foreign intelligence services are harvesting encrypted data now for future decryption.
Your sensitive data has a "harvest window." If it's still valuable in ten years—and most organizational data is—you're vulnerable.
Why Your Current Security Team Isn't Ready
I've worked in security operations long enough to recognize the pattern. Organizations excel at addressing immediate threats. A vulnerability drops, patches deploy within days. A breach occurs, incident response activates. Quantum computing threats are different. They're not immediate, not visible, and not yet causing tangible business damage.
This creates a dangerous gap in urgency.
Most security teams are stretched thin managing firewalls, SIEM platforms, threat intelligence feeds, and compliance audits. Post-quantum cryptography (PQC) feels abstract. There's no dashboard showing quantum risk. No alerts firing. No breach headlines (yet) attributable to harvest-now-decrypt-later attacks. So it gets deprioritized.
But here's the uncomfortable truth: your cryptographic inventory is likely a mess.
When was the last time you audited every encryption algorithm running across your infrastructure? Do you know which systems use RSA-2048 versus stronger variants? Can you identify all the places where elliptic curve cryptography is deployed? What about legacy systems running decades-old encryption standards? Most organizations can't answer these questions with confidence.
And if you can't see your cryptographic footprint, you can't protect it.
The Technical Landscape Shift
NIST's post-quantum cryptography standardization process—concluded in 2022 with the selection of four finalists—marks a genuine inflection point. ML-KEM (Kyber), ML-DSA (Dilithium), SLH-DSA (SPHINCS+), and Falcon represent the cryptographic future. They're designed to resist both classical and quantum attacks.
But standardization and deployment are different animals.
Integrating PQC into production systems is not a patch-and-pray exercise. It requires:
Cryptographic agility — The ability to swap algorithms without wholesale system redesigns. Most organizations built infrastructure around specific cryptographic primitives. Changing them means touching TLS stacks, certificate chains, key management systems, and legacy applications that nobody fully understands anymore.
Hybrid approaches — Running classical and post-quantum algorithms in parallel during the transition. This adds computational overhead and complexity. A hybrid TLS handshake using both RSA and ML-KEM consumes more bandwidth and processing power than today's implementations.
Key rotation at scale — Issuing new certificates, rotating keys, and managing the cryptographic lifecycle across thousands of systems. If your organization has struggled with basic certificate management, PQC transitions will expose those weaknesses painfully.
Vendor coordination — Most organizations don't control their entire cryptographic stack. You depend on cloud providers, SaaS platforms, hardware vendors, and open-source libraries. Getting everyone to move simultaneously is like herding cats across an earthquake.
I've overseen infrastructure modernization projects. This is harder than most security leaders realize.
What "Already" Means
The word "already" in this article's title isn't hyperbole. It's a call to immediate action, not distant planning.
Here's a practical timeline:
Now (this quarter): Conduct a cryptographic inventory. Map where encryption lives in your environment—data at rest, data in transit, digital signatures, certificate authorities. Classify by data sensitivity and retention period. You cannot manage what you don't see.
Next two quarters: Pilot post-quantum cryptography in non-critical environments. Test ML-KEM in your TLS implementations. Evaluate performance impact. Identify integration pain points before they become production disasters. Work with vendors to understand their PQC roadmaps.
Next year: Develop a hybrid cryptography strategy. Decide which systems migrate first. Plan certificate authority updates. Begin rotating keys toward post-quantum algorithms in sensitive domains—financial systems, healthcare infrastructure, government-grade security.
2-3 years: Achieve significant PQC coverage across critical infrastructure. This isn't a sprint; it's a structured migration.
The reason for urgency isn't that quantum computers are arriving next month. It's that the migration itself takes years, and you're already behind.
The Compliance and Liability Angle
Here's what keeps security leaders awake: regulatory exposure.
If a breach occurs five years from now—attributed to harvest-now-decrypt-later attacks—and auditors discover you didn't initiate PQC migration when standards were already available, you have a liability problem. Regulators will ask: "Why wasn't this addressed when guidance existed?"
NIST SP 800-131B already recommends transition plans. The European Telecommunications Standards Institute (ETSI) has published PQC guidelines. If you're in financial services, healthcare, or critical infrastructure, your regulators are watching. Non-compliance with emerging cryptographic standards is becoming a governance issue, not just a technical one.
Insurance carriers are starting to ask about quantum readiness in cyber risk assessments. Some are already adjusting premiums. This is no longer a "nice to have" roadmap item.
The Practitioner's Dilemma
I'll be honest about the complexity. Post-quantum cryptography is computationally heavier than classical algorithms. ML-KEM key sizes are larger. Signature sizes grow. Performance penalties exist, especially on resource-constrained devices and embedded systems.
Some organizations will discover that their aging infrastructure simply cannot support PQC without replacement. That's a capital expenditure conversation nobody wants to have right now.
There's also the uncertainty problem. What if NIST's selected algorithms prove vulnerable in ways we haven't anticipated? What if hybrid approaches create unexpected attack surfaces? These concerns are legitimate, but they're also paralysis-inducing. Perfect security doesn't exist. You're managing risk, not eliminating it.
The answer isn't to wait for absolute certainty. It's to move deliberately, test rigorously, and build flexibility into your cryptographic architecture so you can adapt as the landscape evolves.
What You Should Do Monday Morning
1. Inventory your cryptography. Every system, every algorithm, every key. If you can't list it, you can't protect it.
2. Classify by urgency. Which data matters most in ten years? Which systems handle information that remains sensitive long-term? Prioritize those.
3. Engage your vendors. Ask cloud providers, SaaS platforms, and hardware manufacturers about their PQC roadmaps. Hold them accountable. Your security is only as strong as your supply chain.
4. Pilot post-quantum algorithms. Don't wait for perfection. Test ML-KEM in development environments. Measure performance. Learn what breaks.
5. Update your threat model. Include harvest-now-decrypt-later scenarios. Assume adversaries are collecting your encrypted data today. What's the business impact if they decrypt it in 2035?
6. Build cryptographic agility into new projects. Don't design systems around fixed algorithms. Design them to swap algorithms as standards evolve.
This isn't optional complexity. It's the cost of operating in a world where quantum computing is coming, where adversaries are patient, and where your encrypted data has value far beyond today.
The Uncomfortable Truth
We prefer to avoid uncomfortable truths. We'd rather believe that quantum computers are decades away, that our current encryption is sufficient, that someone else will handle this problem. We'd rather focus on the threats we can see—ransomware, phishing, zero-days—than prepare for threats that haven't materialized yet.
But that's exactly why adversaries are harvesting encrypted data now. They're betting on our inertia.
The quantum computing threat isn't science fiction. It's a live operational reality that demands action today. Not next year. Not when quantum computers arrive. Today.
Your encrypted data is being collected right now. The question isn't whether to prepare for post-quantum cryptography. It's whether you'll prepare before or after the decryption starts.
The time to act is now.
What's your organization's current status on post-quantum cryptography? Are you inventorying cryptographic assets, or is this still on the backlog? Share your experience—the practitioner perspective matters more than theoretical debates.