The breach has already happened. You just don't know it yet — because the adversary isn't reading your data today. They're waiting for the computing power to read it tomorrow.
There is a particular kind of threat that the cybersecurity industry has struggled to communicate with urgency: the threat that is invisible, patient, and already underway. Ransomware announces itself. A DDoS attack is impossible to ignore. A deepfake executive call demands an immediate response. But the quiet, methodical collection of encrypted data by nation-state actors — data that cannot be decrypted today but will be trivially decipherable within a three-to-five year window — produces no alarms, no visible damage, no incident response. It produces nothing but silence.
That silence is the most dangerous sound in cybersecurity right now.
The strategy has a name: Harvest Now, Decrypt Later — and it represents one of the most consequential asymmetric threats in the history of digital intelligence. Its architects are not operating in the future. They are operating today, inside networks that believe themselves secure, against data that believes itself protected, with a patience that our current security frameworks were never designed to detect or defeat.
The Mechanics of Patient Compromise
To understand the Harvest Now, Decrypt Later threat, you must first understand the mathematics that make it possible. Almost all sensitive data transmitted across global networks today is protected by public-key cryptography — RSA, Elliptic Curve Cryptography, Diffie-Hellman key exchange. These algorithms derive their security from computational problems that classical computers cannot solve in any useful timeframe. Factoring a 2048-bit RSA key on the most powerful classical supercomputer would take longer than the age of the universe. This is not hyperbole. It is mathematics.
Quantum computers do not operate on the same principles as classical machines. They leverage superposition and entanglement to evaluate multiple computational states simultaneously. In 1994, mathematician Peter Shor published an algorithm that, when run on a sufficiently powerful quantum computer, can factor large integers — and therefore break RSA and elliptic curve encryption — in polynomial time. In practical terms: what takes a classical computer millions of years, Shor's algorithm on a cryptographically relevant quantum computer could accomplish in hours.
"The adversary does not need to decrypt your data today. They need only to store it — and wait. The patience of a nation-state is measured in decades."
The immediate question that follows is obvious: quantum computers capable of running Shor's algorithm at scale do not yet exist. So why is this a present-day threat? The answer requires understanding the asymmetry between collection and decryption. Harvesting encrypted data requires only the infrastructure to intercept and store it — capabilities that advanced persistent threat actors have demonstrated for years. The computational power needed to decrypt that data does not need to exist at the time of collection. It only needs to exist before the value of the data expires.
Consider what has a long shelf life: diplomatic communications. Long-term strategic intelligence. Nuclear facility designs. Pharmaceutical research pipelines. Biometric databases. Financial system architectures. Medical records containing information that will define an individual's insurability, legal standing, or political vulnerability for decades. For nation-state actors, the value of this data does not depreciate on the timeline of a fiscal quarter. It appreciates — and they are collecting it now.
The Intelligence: What We Already Know
This is not a theoretical scenario constructed for conference presentations. The evidence of active harvest-now-decrypt-later operations is substantial and growing. Intelligence agencies in the United States, United Kingdom, Canada, Australia, and the European Union have issued repeated warnings about the systematic collection of encrypted data by adversarial nation-states — most prominently China's People's Liberation Army and associated civilian intelligence apparatus, but increasingly Russia's FSB and SVR as well.
The 2023 disclosures surrounding Chinese cyber operations — including the documented breach of major telecommunications infrastructure — revealed not just espionage objectives, but data collection patterns consistent with long-term archival strategy. Traffic was not merely monitored. It was stored. The distinction is critical: monitoring suggests tactical intelligence gathering; storage suggests strategic preparation for a capability that does not yet exist.
CISA Advisory AA23-278A: U.S. and allied agencies have formally documented nation-state actors pre-positioning within critical infrastructure — not for immediate disruption, but for future capability. The behavioral signature of harvest operations is now a recognized threat pattern in federal intelligence frameworks.
The NSA's Cybersecurity Directorate has been explicit: organizations handling data with a sensitivity horizon longer than five years — which includes virtually every government agency, financial institution, healthcare system, defense contractor, and research university — should treat their current encryption as already compromised for that data. Not because the encryption has failed. But because the window for decryption is closing.
The timeline is not speculative. IBM, Google, and a constellation of sovereign quantum programs in China, the EU, and Canada have all published roadmaps projecting cryptographically relevant quantum capability within the current decade. The most conservative independent estimates place this threshold between 2029 and 2033. The most aggressive suggest sooner. None suggest never.
Mapping Your Exposure
Every organization that transmits or stores sensitive data is in scope for this threat — but exposure is not uniform. Understanding where your organization sits on the quantum risk spectrum requires assessing two dimensions simultaneously: the sensitivity lifetime of your data, and the depth of your current cryptographic dependencies.
Data with a sensitivity lifetime shorter than five years — routine operational communications, short-term financial transactions, non-proprietary customer interactions — carries lower quantum risk, though not zero. The encryption protecting these interactions will likely be deprecated and replaced before quantum decryption becomes operationally viable.
Data with a longer sensitivity horizon is a different matter entirely. This includes intellectual property that defines competitive advantage for years or decades, personal health and genetic information, strategic defense and infrastructure designs, diplomatic and geopolitical intelligence, and any dataset whose exposure would constitute a material, irreversible harm to an individual, organization, or nation. For this class of data, the calculation has already changed — the adversary has already started the clock.
The Response: NIST and the Post-Quantum Standard
The global cryptographic community has not been idle. In August 2024, the National Institute of Standards and Technology finalized the first suite of post-quantum cryptographic standards — the result of a decade-long international competition involving hundreds of cryptographers across dozens of nations. These standards represent the most significant cryptographic transition since the establishment of RSA in the 1970s.
FIPS 203 (ML-KEM, based on CRYSTALS-Kyber) addresses key encapsulation — the mechanism by which two parties establish a shared secret over an insecure channel. FIPS 204 (ML-DSA, based on CRYSTALS-Dilithium) provides digital signature capability. FIPS 205 (SLH-DSA, based on SPHINCS+) offers a hash-based signature alternative with different performance characteristics suited to specific deployment contexts. A fourth standard, FIPS 206 (FN-DSA, based on FALCON), has been finalized and addresses further signature use cases.
"The NIST standards are not a future project. They are a present deployment requirement. Every day of delay is another day of data collected that will never be protected."
These algorithms are designed to be computationally hard for both classical and quantum computers. They are not perfect — no cryptographic standard is — but they represent the current consensus of the global cryptographic research community, stress-tested across years of public cryptanalysis by adversaries and allies alike.
Federal agencies in the United States are required to complete their migration to these standards by 2030. The EU's post-quantum migration recommendations for critical infrastructure and high-security government systems apply to current procurement cycles — meaning that technology being purchased today must be capable of running post-quantum algorithms, or it is already non-compliant with the trajectory of regulatory mandate.
For private sector organizations, the absence of a legally binding deadline does not mean the absence of urgency. Supply chains that serve regulated sectors will inherit regulatory obligations through contractual requirements. Financial institutions operating under prudential supervision in multiple jurisdictions will face overlapping cryptographic mandates. And any organization whose breach would constitute material reputational or financial harm — which is most organizations above a certain scale — faces the same quantum timeline regardless of what their regulator has formally required.
Crypto Agility: The Strategic Imperative
The transition to post-quantum cryptography is not simply a matter of swapping one algorithm for another. Organizations that approach it as a discrete technical upgrade will execute it once, breathe a sigh of relief, and find themselves unprepared when the next cryptographic transition arrives — as it inevitably will. The correct strategic response is not post-quantum migration. It is crypto agility.
Crypto agility is the architectural capability to rotate cryptographic primitives — algorithms, key lengths, protocols — without disrupting operational systems or requiring full infrastructure rebuilds. It means designing systems so that the cryptographic layer is modular: identifiable, auditable, replaceable. An organization with genuine crypto agility can respond to a newly discovered vulnerability in a specific algorithm within days. An organization without it faces months or years of emergency remediation under the worst possible conditions.
The Hybrid Deployment Strategy: NIST and CISA both recommend a hybrid approach during the transition period — running classical and post-quantum algorithms in parallel to ensure backward compatibility while building quantum-resistant protection for new communications. This is not a permanent state; it is a bridge. Organizations that skip it face interoperability failures during migration.
The technical components of crypto agility are well understood: abstraction layers that separate cryptographic function from application logic, centralized cryptographic libraries that can be updated without touching individual applications, automated certificate lifecycle management, and a cryptographic inventory — a comprehensive catalog of every system, protocol, and dataset whose security depends on a specific algorithm or key type.
The cryptographic inventory is the foundation. You cannot migrate what you have not mapped. And the evidence from organizations that have begun this process is sobering: the depth of cryptographic dependency in modern enterprise environments is consistently underestimated. RSA and elliptic curve algorithms are embedded not just in obvious places — HTTPS, VPNs, email encryption — but in firmware, IoT device communication stacks, legacy industrial control systems, internal authentication infrastructure, and data archives that have not been touched in a decade. Every one of these is a potential harvest target. Every one requires assessment before it can be migrated.
The Board Mandate
Quantum risk is not a technology department problem. It is a governance problem — and the distinction matters enormously for how organizations respond to it.
Technology departments can implement post-quantum algorithms. They cannot determine which datasets carry a sensitivity lifetime long enough to warrant immediate protection. They cannot make the investment case for a multi-year cryptographic migration program against competing budget priorities. They cannot communicate to shareholders, regulators, and auditors that quantum risk has been assessed, inventoried, and is being systematically addressed. These are board-level responsibilities, and they require board-level ownership.
The questions that boards and C-suite leaders should be asking — and that they will increasingly be asked by regulators and institutional investors — are not technical. They are strategic. Do we know what data we hold that carries long-term sensitivity? Have we conducted a cryptographic inventory? Do we have a post-quantum migration roadmap with timelines and resource commitments? Does our technology procurement require post-quantum algorithm support? Are our key suppliers and partners migrating on a compatible timeline?
"The organization that cannot answer these questions in 2026 will be answering them in a congressional hearing, a regulatory investigation, or a post-breach deposition in 2029."
The immediate priority for every organization is the cryptographic inventory. This is not a six-month project that requires a specialized quantum team. It is an audit — a systematic identification of every cryptographic dependency across the technology stack. Many organizations will find that the most challenging part is not the technical discovery but the organizational reality that no one person or team has ever had end-to-end visibility into how cryptography is deployed across the enterprise. That gap itself is a risk that needs immediate remediation.
The second priority is procurement policy. Every technology contract signed today that does not include post-quantum algorithm requirements is a future migration liability being added to the queue. Procurement teams must be equipped with quantum-readiness criteria before they sign the next infrastructure contract, cloud agreement, or software license.
The third priority is data classification through a quantum lens. Not all data requires immediate migration priority. Organizations that attempt to migrate everything simultaneously will fail. A risk-stratified approach — identifying the highest-sensitivity, longest-lifetime datasets first, and sequencing migration accordingly — is both more achievable and more defensible to regulators and auditors.
The harvest has already begun. The question is not whether your organization is a target. The question is whether the data being collected today will still be decryptable by the time the adversary has the tools to read it — and whether the decisions you make in the next twelve months will determine the answer.
Quantum computing will not arrive with a declaration of war. It will arrive with silence — the same silence that has accompanied every harvest operation conducted against your organization's data over the past several years. The organizations that survive the quantum transition with their secrets, their competitive advantage, and their stakeholder trust intact will be the ones that treated that silence as the alarm it already is.