What Is “Harvest Now, Decrypt Later” And Why Your Data Is Already at Risk?

Share:

Harvest Now, Decrypt Later (HNDL) is the practice of collecting encrypted data today with the intention of decrypting it, using future quantum computers. Discover how HNDL works, which industries are most vulnerable, and the steps organizations should take to prepare for the quantum era.

“Harvest Now, Decrypt Later” (HNDL) is a cyberattack strategy where adversaries steal and store encrypted data today, waiting for future quantum computers to break the encryption and read it later. Sensitive data with a long shelf life, such as financial records, health data, government secrets, and intellectual property, is most at risk, because it will still be valuable years from now when decryption becomes possible.

If you work in cybersecurity, government, healthcare, or finance, you’ve probably heard this phrase whispered in board meetings and security conferences alike. It sounds like science fiction. It isn’t. Nation-state actors and well-resourced threat groups are already executing this strategy, and the data they’re stealing today could be unlocked far sooner than most organizations expect.

What Is “Harvest Now, Decrypt Later”?

what-is-harvest-now-decrypt-later

Harvest Now, Decrypt Later describes a two-stage attack. First, an adversary intercepts or exfiltrates encrypted data, think intercepted network traffic, stolen database backups, or breached cloud storage. They can’t read it yet because today’s encryption, built on algorithms such as RSA and ECC, is mathematically infeasible to break with classical computers. So instead of walking away, they archive it.

Second, they wait. Once a sufficiently powerful quantum computer exists (often called a Cryptographically Relevant Quantum Computer, or CRQC), that same encrypted data can be decrypted using algorithms like Shor’s algorithm, which can factor the large numbers that make RSA and similar systems secure. The attacker doesn’t need to breach your systems again. They already have the data. They just need time and quantum hardware.

This is fundamentally different from a typical breach, where stolen data is either useless once encrypted or exploited immediately. HNDL turns encrypted data into a ticking time bomb, and understanding your organization’s exposure to harvest now, decrypt later risk, where adversaries capture encrypted data today so they can decrypt it once quantum hardware matures, starts with recognizing which of your assets have long-term sensitivity.

Who Is Behind Harvest Now, Decrypt Later Attacks?

The primary actors carrying out HNDL campaigns are nation-state intelligence agencies and state-sponsored threat groups, since executing this strategy requires patience, resources, and long-term storage infrastructure that few criminal groups can justify. Espionage-focused adversaries are especially motivated because national security data, diplomatic communications, and defense research retain their sensitivity for decades.

That said, the risk isn’t limited to governments. Any organization holding data with a long confidentiality lifespan is a plausible target, including:

  • Healthcare providers storing genomic and patient records.
  • Financial institutions with long-term account and transaction data.
  • Legal firms holding privileged client communications.
  • Technology companies protecting trade secrets and source code.
  • Critical infrastructure operators managing industrial control data.

If your organization’s data needs to stay confidential for 10, 15, or 20 years, you are a viable HNDL target today, regardless of your industry’s typical threat profile.

When Will Quantum Computers Be Able to Decrypt Stolen Data?

This is the question every security leader wants answered precisely, and the honest answer is: nobody knows for certain, but the window is closing faster than many assume. Estimates for a CRQC capable of breaking RSA-2048 range from the next several years to roughly 10 to 15 years out. Given that migrating an entire organization’s cryptographic infrastructure typically takes several years on its own, security teams that wait for a confirmed timeline are effectively planning to fail.

The more useful question isn’t “when will quantum computers arrive,” but “how long does my data need to stay secret.” If that answer is longer than the time it will take quantum computers to mature, your data is already exposed; it just hasn’t been unlocked yet.

Where Is the Risk Concentrated?

HNDL risk concentrates wherever encrypted data travels or rests for extended periods: VPN tunnels, TLS-secured web traffic, encrypted email, cloud backups, and archived database exports. Any point where an adversary can passively capture and store encrypted traffic, such as an internet exchange point, a compromised network segment, or an insider with backup access, becomes a viable harvesting location.

Geographically, sectors tied to national security, critical infrastructure, and cross-border financial transactions face outsized exposure, since these data flows are natural surveillance targets for state-sponsored collection programs. Reviewing your own data encryption practices is a practical first step toward identifying where your organization’s most exposed traffic flows.

Why Is This a Real and Urgent Threat?

Skeptics sometimes dismiss HNDL as a theoretical concern reserved for defense contractors. That framing misses two important realities.

First, evidence already exists of large-scale encrypted data collection by state actors, independent of any specific future use case; the storage itself is the strategic asset. Second, the cryptographic transition required to defend against HNDL is slow and complex by nature. Migrating protocols, reissuing certificates, updating hardware security modules, and testing interoperability across legacy systems isn’t a weekend project; it’s a multi-year program. Organizations need to adopt flexible architectures that enable seamless transitions between legacy and post-quantum algorithms as standards evolve, and that agility takes time to build.

Waiting until quantum computers are provably capable of breaking encryption means starting a multi-year migration after the exposure window has already opened. That’s why security leaders increasingly treat HNDL as a present-tense risk rather than a future hypothetical, closely tied to broader zero trust architecture strategies that limit how much sensitive traffic is exposed in the first place.

How Can Organizations Protect Data Against Harvest Now, Decrypt Later?

The defense against HNDL is post-quantum cryptography (PQC), a new generation of encryption algorithms designed to resist attacks from both classical and quantum computers. In August 2024, the U.S. National Institute of Standards and Technology finalized its first three PQC standards (FIPS 203, 204, and 205), giving organizations concrete algorithms to begin implementing rather than waiting on draft guidance. NIST’s official post-quantum cryptography project page the standards and migration resources directly, and its plain-language explainer on post-quantum cryptography is a useful starting point for non-cryptographers on your team.

Practical steps organizations can take now include:

  1. Inventory your cryptography: Identify every system, protocol, and data store relying on RSA, ECC, or Diffie-Hellman.
  2. Classify data by shelf life: Prioritize protecting information that must remain confidential for 10+ years.
  3. Build crypto-agility: Design systems so cryptographic algorithms can be swapped without re-architecting entire platforms.
  4. Pilot hybrid encryption: Combine classical and post-quantum algorithms in TLS and VPN implementations to hedge against transition risk.
  5. Engage vendors early: Ask cloud providers, HSM manufacturers, and software vendors about their PQC roadmaps now.

Coordinating this work often benefits from a formal quantum risk assessment to sequence which systems need migration first based on data sensitivity and exposure.

Protect Your Data Before the Countdown Ends

Harvest Now, Decrypt Later isn’t a distant hypothetical; it’s a present-day collection strategy targeting data that needs to stay confidential for years to come. The organizations that will weather the quantum transition safely are the ones inventorying their cryptography and building agility today, not after a CRQC arrives.

Talk to Ampcus Cyber’s security experts to assess your organization’s quantum readiness and build a practical, phased roadmap to post-quantum cryptography, before your encrypted data becomes someone else’s decrypted asset.

Enjoyed reading this blog? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn.

×

7th August 2026

New Delhi, India

Know more
Ampcus Cyber
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Talk to an expert