I am going to describe a theft that is happening right now, to organisations like yours, that you cannot detect with any current security tool.
The attackers are not breaking your encryption. They are not trying to. They are recording your encrypted data — all of it, every packet that crosses your network perimeter — and storing it. They will decrypt it in three to five years, when the quantum computers needed to break current encryption standards become capable enough to do the job.
This is not a theoretical attack. It has a name: Harvest Now, Decrypt Later (HNDL). It has been confirmed by intelligence agencies in the UK, US, and EU as an active threat. And it means that the classification question for your board is not “do we need to worry about quantum computing in 2030” but rather “what data did we transmit in 2025 and 2026 that will be readable by adversaries before the decade is out.”
The answer to that second question is almost certainly: rather more than you would like.
Why your current encryption will not protect you
Our digital world runs on encryption standards that were brilliant when they were designed: RSA, Elliptic Curve Cryptography (ECC), Diffie-Hellman key exchange. They rely on mathematical problems that are genuinely hard for classical computers to solve — factoring very large numbers, or finding discrete logarithms in a finite field. A classical computer trying to break RSA-2048 would need thousands of years of computing time.
A sufficiently capable quantum computer could break it in hours.
Imagine a combination lock you have used to protect a container for years. The lock is genuinely excellent. Nobody can pick it. The combination is safe. But imagine someone has invented a master key that works by a completely different physical mechanism — not picking the tumblers, but resonating with the lock’s internal structure. Your combination is irrelevant. The lock opens anyway.
That is a significant oversimplification of what quantum computers actually do. But the analogy captures the governance-relevant point: the security assumption that your existing encryption rests on — that certain mathematical problems are computationally hard — does not hold under quantum conditions.
The current consensus in the quantum security community is that cryptographically relevant quantum computers (CRQCs) capable of breaking RSA-2048 within hours could exist within the decade. The National Institute of Standards and Technology (NIST) finalised its first set of post-quantum cryptography (PQC) algorithms in August 2024 precisely because the threat has moved from theoretical to planning-horizon.
Whether that timeline is 2028, 2031, or 2035 matters less for the HNDL threat than most boards realise. The data being harvested today does not need to be decrypted today. It needs to be decrypted before it loses its value — before the intellectual property is outdated, the competitive intelligence is stale, or the personal data is no longer actionable.
What is being harvested right now
Let me be specific about what HNDL-focused adversaries are collecting. The intelligence community is clear that these operations are real and ongoing. The most targeted data categories include:
Long-lived sensitive communications. Diplomatic and legal correspondence, board communications, M&A negotiations, and strategic plans. If an adversary can read your acquisition strategy from two years ago, they know what you paid and what you passed on. If they can read your legal correspondence, they know your litigation exposure.
Intellectual property in transit. Patents before filing, research and development data, proprietary algorithms, trade secrets. For technology companies and financial services firms, this category is often the highest-value target.
Authentication credentials and key material. Long-term cryptographic keys, identity certificates, and session material that will still be valid or still be referenced when decryption becomes possible.
Personal and biometric data. Health records, financial records, and identity data with a long shelf life. This is the category with the most complex regulatory implications, because the personal data obligations under GDPR do not have a “we were harvested before quantum computing existed” exemption.
The board’s governance question
I am not writing this to create alarm that boards should not feel. I am writing it because the governance question that HNDL raises is real, specific, and almost never asked in the boardroom.
The question is: which of our data transmissions today involve information that will still be sensitive in five to ten years, and are we planning to protect that data with encryption that will survive the quantum transition?
For most mid-sized companies, the honest answer is: we do not know what our PQC migration plan looks like, we have probably not inventoried our long-lived sensitive data, and the word “crypto-agility” has not appeared in any board paper in the last twelve months.
That is a governance gap, not a technical one. The technical community — CISOs, security architects, cryptography vendors — knows what PQC migration involves. The governance failure is that the board has not asked the questions that would surface whether the migration is on the roadmap, appropriately resourced, and timed to the actual threat timeline rather than a comfortable five-year plan.
What NIST’s August 2024 standards mean for your timeline
In August 2024, NIST finalised three post-quantum cryptographic algorithms: ML-KEM (for key encapsulation), ML-DSA (for digital signatures), and SLH-DSA (a stateless hash-based signature scheme). A fourth, FALCON, was also standardised.
These are not draft standards. They are the replacements for RSA and ECC that organisations should be planning to migrate to. The UK’s National Cyber Security Centre (NCSC) published its own PQC migration guidance in the same period, recommending that organisations with long-lived sensitive data begin migration planning now.
The NCSC’s advice is deliberately non-alarmist. It is also specific: organisations should be inventorying their cryptographic assets, identifying their most sensitive long-lived data, and beginning the migration planning process — not because CRQCs exist today, but because the migration is complex enough that waiting for the threat to be immediate means the migration will be late.
For a mid-sized company, “begin migration planning” is a board-level resource and priority decision, not just a CISO task. It requires budget allocation, external expertise, and a clear timeline. All three require board-level approval.
Is this just CyberScare?
This is the question I asked myself when I first encountered HNDL as a serious threat model, and it is the right question to ask.
The answer is no, but with a calibration. The threat is real and confirmed by multiple intelligence agencies. The timeline for CRQCs is uncertain — the 2028-2035 range reflects genuine uncertainty in the quantum research community, not false precision. The organisations most at risk are those handling data that is sensitive over a long horizon: financial institutions, defence supply chain companies, healthcare data processors, legal and professional services, and technology companies with significant IP in transit.
If your company transmits data that has no value after eighteen months, the HNDL threat is lower priority. If your company transmits data that carries value for five or more years — competitive strategy, IP, regulated personal data — the governance question is live.
At QSECDEF, we see the range of responses boards are giving to this briefing. Some dismiss it as speculative. Some treat it as a CISO-level technical question and file it accordingly. The boards that govern technology well treat it as the question it is: a data classification question, a migration planning question, and a board-level timeline decision.
The Quantum Risk: What Directors Need to Know covers the HNDL threat in full, including what data categories are most exposed, what the NIST standards mean for your migration timeline, what NIS2’s personal liability provisions imply for boards that have not begun planning, and what a proportionate migration plan looks like for a mid-sized company. It is an executive briefing document, not a technical paper — written for the director who needs to ask the right question in the room, not the cryptographer implementing the fix.
For boards seeking independent advisory support on quantum risk, visit Quantum Security Defence or contact Steven directly.
