Quantum computers capable of breaking current public-key cryptography may still be years away, but organizations already face quantum-related data risk.

Attackers are already stealing encrypted data, in preparation for quantum technology to reach the point that current cryptographic algorithms can be broken. This threat is known as “harvest now, decrypt later,” and makes future quantum risk a very real and current threat to organizations.

Encryption protects online transactions, private communications, software updates, digital identities and the sensitive data organizations store and transmit. Quantum computing has the potential to undermine the protection offered by the algorithms in use today.

The day quantum computing breaks current cryptography – Q-day – is anticipated to occur as soon as 2030.

According to EY’s 2026 Quantum Business Readiness Report, 87% of UK business leaders expect disruption from quantum computing by 2030. Meanwhile, an ISACA survey reported that 56% of cybersecurity and trust professionals were concerned about the harvest now, decrypt later threat.

In this article, we’ll explain what quantum computing is and how it will impact cybersecurity. We’ll look at the future threat to cryptography, the prevailing threat of harvest now, decrypt later, and the steps organizations can take to protect their data now and for the post-quantum future.

What is quantum computing?

Quantum computing is a different way of processing information that uses the principles of quantum physics, giving them the potential to solve certain highly complex problems far more efficiently than conventional computers.

Quantum computers are specialized machines that are highly competent at solving specific problems that are difficult with conventional computing capabilities. This includes the mathematics used for cryptography.

While the technology is still in development, recent breakthroughs have accelerated the timeframe in which cryptographic algorithms in use today will be broken

New algorithms capable of withstanding quantum capabilities have been published and organizations are faced with the challenge of adopting and migrating to these new technologies before quantum risk becomes reality.

Why is quantum computing a cybersecurity threat?

The security of current encryption algorithms relies on mathematical problems that conventional computers are unable to solve in a practical amount of time. 

For example, RSA encryption uses a public key built from the product of two extremely large prime numbers. The forward calculation to determine the product is very easy to compute. However, reverse-engineering the original prime factors is computationally hard to achieve with conventional computers. This is what creates the security we rely on for securing much of our online lives.

A sufficiently powerful quantum computer could solve these problems much more efficiently. This could expose confidential information and compromise authentication throughout technology supply chains.

Tomorrow’s threat: Shor’s algorithm

In 1994, mathematician Peter Shor developed a quantum algorithm capable of solving these large-number factoring problems in “reasonable” time. Using Shor’s algorithm, a quantum computer could compromise public-key algorithms including RSA, Diffie-Hellman and elliptic-curve cryptography. 

These are commonly used algorithms used to protect data exchange, secure online communications and authenticate connections across mobile devices, web services, identity systems and modern applications. 

Symmetric encryption is also weakened with quantum search capabilities, these protocols can remain effective provided the key and output sizes are sufficiently large.

Tackling this problem is one of scale and complexity. At-risk algorithms are used throughout digital infrastructure in application code, certificates, authentication systems, cloud integrations, software-signing processes, hardware, firmware and legacy platforms.

Today’s problem: Harvest now, decrypt later

Harvest now, decrypt later (sometimes hack now, decrypt later) is an attack strategy where attackers exfiltrate encrypted information and retain it until quantum technologies are available to decrypt it.

As quantum computing continues to evolve, the harvest now threat will continue to grow as attackers aim to capture as much data as possible before organizations have completed their transition to quantum-safe protocols or post-quantum cryptography (PQC).

Organizations also need to consider how long their data must remain confidential, how exposed it is today and how long it will take to replace the systems protecting it.

This is why NIST and other security authorities, like the UK NCSC, are highlighting the importance of starting the transition process now.

Which data is most exposed?

The data most at risk from quantum threats is long-lived information that doesn’t go out of date or lose its value over time. 

While some information is transitory in nature and loses value quickly such as a one-time token or transactional message, other types of data are much more valuable over time.

Biometric and genetic information cannot easily be changed. Health, identity and legal records may remain sensitive throughout a person’s life. Trade secrets, product designs, scientific research and government information may retain strategic value for decades.

The location and accessibility of that information also affect the risk. A tightly controlled data store presents a different exposure from the same records duplicated across email, cloud platforms, backups, analytics environments and third-party systems.

Planning for PQC migration

Post-quantum cryptography, or PQC, uses mathematical algorithms designed to resist attacks from both conventional and quantum computers. They run through standard software and communications infrastructure, without requiring access to quantum capabilities.

In 2024, NIST published three PQC standards based on structured lattice and hashed-based approaches, designed to be effective against both traditional and quantum security threats.

Google and Microsoft have recently published their plans to migrate to post-quantum cryptography by 2029, and the US government has issued an executive order for federal systems to be migrated by the end of 2030.

The challenge organizations face is more than selecting a new algorithm and applying it to a system. It requires a collaborative effort to ensure continued compatibility and operability of systems within an organization and externally across the digital supply chain.

A roadmap for quantum-safe data security

Industry frameworks for quantum migration vary, but broadly align around the same requirements: establish ownership, build visibility, assess risk, modernize cryptographic architecture and migrate in controlled phases.

Effective PQC migration also requires a clear understanding of the data context, that takes into account:

  • sensitivity of the data

  • confidentiality lifespan of the data

  • data locations, current exposure, and how widely it has been distributed

  • current cryptography in use and vulnerability

PQC roadmap-1

1. Define scope and governance model

Quantum resilience should be treated as a business transformation initiative rather than an IT project.

Establish clear ownership, governance and decision-making across security, IT, architecture, engineering, privacy, legal, procurement, risk and data owners.

Define the systems and data in scope, agree reporting and integrate quantum risk into existing technology and enterprise risk processes. This approach aligns with current US federal guidance.

2. Discover sensitive and long-lived data

Identify sensitive and strategically valuable data across cloud, SaaS, on-premises and hybrid environments, then assess its sensitivity, confidentiality lifespan, exposure and business value. The objective is to identify information that will remain valuable beyond the migration period and determine where current exposure should be reduced.

McKinsey recommends using data lifespan, sensitivity, exposure and system criticality to prioritize migration. Enterprise Recon provides the data intelligence needed to identify long-lived sensitive data, manage widespread distribution and establish migration priorities.

3. Build a cryptographic inventory

Create an inventory of the cryptographic assets protecting your data, including algorithms, keys, certificates, protocols, libraries and dependencies.

Each asset should be linked to the systems, services and data it protects, together with ownership and upgrade options. This provides the context needed to distinguish low-risk dependencies from systems protecting highly sensitive or long-lived information.

4. Assess and prioritize exposures

Combine the data inventory with the cryptographic inventory to create a risk-based migration plan.

Prioritize according to data sensitivity, confidentiality lifespan, current exposure, cryptographic vulnerability and system criticality. Focus first on long-lived sensitive data and critical systems using vulnerable public-key cryptography, then plan lower-risk systems into later migration phases.

5. Reduce existing data exposure

Delete data that no longer needs to be retained, remove redundant copies, enforce retention policies and restrict unnecessary access to sensitive information. 

Reducing the amount of long-lived data available to attackers lowers harvest now, decrypt later risk while the wider migration program continues.

6. Design for crypto-agility

Crypto-agility is the ability to replace or update cryptographic algorithms, keys and certificates without significant disruption to applications, infrastructure or business operations.

Build crypto-agility by separating cryptographic functions from business logic, standardizing approved libraries and centralizing certificate and key management. 

At the same time, engage vendors to understand their PQC roadmaps and update procurement requirements so new technology does not introduce additional cryptographic debt.

7. Pilot, migrate and monitor

Start with controlled pilots before expanding into phased production migration, especially for higher-priority systems. Validate interoperability, performance and operational impact before progressing from pilot to production.

Establish continuous monitoring to identify sensitive data and cryptographic assets in an ongoing BAU process to continue throughout the migration period.

Quantum resilience starts with understanding the data

Q-day may be some time in the future, but the threat from quantum computing is current today through harvest now, decrypt later attacks. 

The most important consideration for business leaders is to understand which information must remain confidential beyond 2030 and where it currently exists. They need to prioritize locations where exposure can be reduced now, before the cryptographic transition is complete.

Sensitive data discovery helps businesses establish which information is sensitive or confidential, how long it will retain value and where it is currently exposed. Cryptographic discovery shows which algorithms, keys, certificates and systems will need to change.

Aligning these two inventories - of sensitive data and the cryptography protecting it - allows organizations to identify and reduce immediate exposure, prioritize migration around business risk and design the crypto-agility they need to support full PQC migration.


Frequently asked questions

What is harvest now, decrypt later?

Harvest now, decrypt later is an attack strategy where adversaries collect encrypted information today and retain it until future quantum computers can decrypt it. The risk is current because the data can be captured before quantum decryption becomes possible.

Why is quantum computing a cybersecurity threat?

A sufficiently powerful quantum computer could use Shor’s algorithm to break public-key cryptography. This includes RSA, Diffie-Hellman and elliptic-curve systems used for encryption, key exchange, authentication and digital signatures.

Does a quantum computer capable of breaking encryption exist today?

There is no known cryptographically relevant quantum computer capable of breaking widely deployed cryptography at scale. However, encrypted information can already be collected and retained for future decryption.

Which NIST post-quantum standards are available?

NIST has finalized FIPS 203 for ML-KEM key establishment, FIPS 204 for ML-DSA digital signatures and FIPS 205 for SLH-DSA hash-based digital signatures.

When should organizations begin PQC migration?

Organizations should begin data discovery, cryptographic inventory, risk assessment and vendor engagement now. NIST recommends beginning the transition to its finalized standards immediately.

How does sensitive data discovery support quantum readiness?

Sensitive data discovery identifies which information has long-term confidentiality value, where it is stored and how it is exposed. This provides the context needed to prioritize cryptographic migration and reduce harvest now, decrypt later risk.