"Harvest Now, Decrypt Later" - The Silent Threat to Your Data

Harvest now, decrypt later (HNDL) — also known as “store now, decrypt later” — is one of the most important cyber threats of the 2020s, and it doesn’t require a single quantum computer to exist today. In this attack model, adversaries quietly intercept and archive encrypted traffic now, betting that future quantum computers will be powerful enough to break today’s encryption. Instead of trying to defeat strong cryptography in real time, they fill petabytes of storage with captured ciphertext and wait for the physics to catch up. When a cryptographically relevant quantum computer arrives, everything in that archive can be decrypted in bulk, turning a decade of “secure” communications into a retroactive data breach.

The World Economic Forum’s February 2026 analysis calls HNDL the most immediate driver for quantum security today, warning that “harvest now, decrypt later” campaigns mean businesses’ data may already be vulnerable even if no breach is visible. Quantum computing is not yet breaking RSA or ECC in production, but the risk is already live because encrypted data with long-term value is being exfiltrated and stored. Google echoed this in its February 2026 quantum security statement, confirming that adversaries are actively mounting “store now, decrypt later” attacks and urging governments and enterprises to treat quantum threats as present-tense, not science fiction. Google also revealed that it has already migrated internal key exchanges to ML‑KEM, the NIST-selected post‑quantum key encapsulation mechanism, demonstrating that large-scale post-quantum cryptography (PQC) deployment is technically feasible today.

HNDL matters most wherever data has a long shelf life. If encrypted information only needs to remain confidential for a few months, a quantum computer arriving in the 2030s is largely irrelevant. But many categories of data must remain secret for years or decades. Financial records, long-term derivatives positions, and historical transaction logs can all be exploited years after capture, especially when combined with other datasets. Healthcare data is even more sensitive: genomic data, lifetime medical histories, and psychiatric records can’t be “rotated” like passwords, yet they are increasingly digitized and often subject to regulatory retention requirements measured in decades. Trade secrets, source code, and proprietary research — particularly in fields like pharmaceuticals, energy, and materials — may retain strategic value well beyond the original project timeline and can give competitors a durable advantage if exposed. Government communications, diplomatic cables, and defense-related data are among the highest-risk targets; even historical intelligence can become dangerous if decrypted, revealing sources, methods, alliances, and vulnerabilities long after the original conversations took place.

This is why 2026 is emerging as a turning point. Experts use the so‑called “Mosca Inequality” to frame the risk: if the time needed to migrate to quantum-resistant cryptography plus the required security lifetime of data exceeds the time until quantum computers can break current schemes, then organizations are already late. The WEF’s Global Risks Report 2026 notes that only a small fraction of organizations are quantum-safe today, even as “harvest now, decrypt later” campaigns are called out explicitly as an immediate concern. In parallel, NIST has finalized core PQC standards, and vendors like Google and HashiCorp have begun real deployments, including ML‑KEM-based key exchange and PQC-enabled secrets management. The message from both policymakers and industry is converging: migration must move from research and pilot phases into active rollout within the next one to two planning cycles.

Defending against HNDL requires treating cryptography as an evolving dependency, not a one-time project. The first practical step is a cryptographic inventory: organizations need to discover where and how public-key crypto is used — TLS, VPNs, email, messaging, machine-to-machine APIs, database encryption, backup systems, and third-party integrations. Many institutions still lack this basic visibility, which WEF identifies as a primary bottleneck in PQC migration. Without an accurate map of protocols, key lifetimes, and data flows, it is impossible to prioritize which systems need post-quantum upgrades first. Once inventory exists, the next move is to enforce or introduce forward secrecy wherever possible, so that even if long-term keys are broken later, past sessions remain protected because each session used unique ephemeral keys not recoverable from the long-term secret.

From there, organizations need a staged re-encryption strategy that introduces quantum-resistant algorithms for the data that matters most. That means prioritizing systems that handle long-lived secrets — archives, backups, regulated records, high-value intellectual property — and migrating key exchange and, where necessary, data-at-rest encryption to NIST-selected PQC algorithms or hybrid schemes that combine classical and post-quantum primitives. HashiCorp’s roadmap for adding PQC to Vault’s transit engine illustrates one practical approach: enable PQC in a way that supports hybrid operation, allowing teams to test and gradually adopt new algorithms without breaking existing clients. Finally, cryptographic agility should be anchored in hardware-backed key management. Hardware-based secure modules or dedicated security accelerators like QSPUs can isolate keys from software attacks, enforce strict access controls, and provide high-performance cryptographic operations — including PQC — without exposing raw key material to the application layer. Coupling post-quantum algorithms with hardware-anchored key management provides a stronger foundation against both classical and quantum-enabled adversaries, ensuring that keys remain protected even if software systems are compromised and significantly reducing the payoff of “harvest now, decrypt later” campaigns.