Harvest Now, Decrypt Later
"Harvest Now, Decrypt Later": The Quantum Clock Is Already Ticking on Your Data
A guide to post-quantum cryptography risk, HNDL attacks, and what your organisation must do before Q-Day.
AKATI Sekurity Insights | 1 April 2026 | 8 min read
The breach already happened. You just can't see it yet.
Somewhere between 2020 and today, a nation-state actor, or a well-resourced criminal syndicate playing a very long game, intercepted your organisation's encrypted data in transit. They didn't try to crack it. They didn't need to. They stored it, cleanly archived, waiting for the day the mathematics protecting it simply stops working.
That day has a name: Q-Day. Most credible estimates place it between 2029 and 2033. Gartner puts it plainly: advances in quantum computing will render the asymmetric cryptography that organisations currently rely on to secure data and systems unsafe by 2030.
You have, at most, four years to protect data that may have been compromised for the last five.
This is not a future risk. It is a present one with a delayed fuse.
What is "Harvest Now, Decrypt Later"?
Harvest Now, Decrypt Later (HNDL) is a cyberattack strategy in which adversaries collect and archive encrypted data today, intending to decrypt it once quantum computers become capable of breaking current encryption standards. The attack requires no immediate decryption capability. It only requires patience and storage.
The attack strategy has been a documented operational concern in the intelligence community since at least the early 2010s. Its mechanics are straightforward and its implications are severe.
Attackers intercept encrypted data, including financial transactions, M&A communications, executive correspondence, clinical trial results, and government contracts, and archive it at scale. The encryption protecting that data is, for now, unbreakable. Classical computers cannot factor the large prime numbers underpinning RSA-2048 in any meaningful timeframe. They would need thousands of years.
A sufficiently powerful quantum computer, running Shor's Algorithm, could do it in hours.
The uncomfortable reality: your organisation's current encryption does not need to protect your data forever. It only needs to hold until Q-Day. For most data with a five to ten-year sensitivity window, including personnel records, legal strategy, product roadmaps, and regulatory filings, the math is already uncomfortable.
Sensitive communications captured in 2026 could be decrypted in 2032. By the time the encryption fails, there is nothing left to do.
How the HNDL attack actually works
The attack moves through three stages. The first two are likely already complete for any organisation that has transmitted sensitive data over the past decade.
Stage one: Collection.
Attackers intercept encrypted data at network transit points through passive eavesdropping on public infrastructure, through breaches of data repositories, or through compromised VPN endpoints. Because the goal is not immediate exploitation, there is no visible intrusion. No corrupted files, no ransom note, no alerts firing in your SIEM. The data leaves your environment silently and intact.
Stage two: Storage.
The harvested data sits in an archive. Nation-state actors have been building these archives for years. The storage cost of encrypted data is negligible compared to its potential future value. A terabyte of encrypted corporate communications costs less than USD 25 to store indefinitely in cold cloud storage.
Stage three: Decryption.
When a cryptographically relevant quantum computer (CRQC) becomes operational, the attacker returns to the archive. Shor's Algorithm breaks RSA and elliptic curve cryptography (ECC), the two mathematical foundations under virtually all current public-key encryption. TLS connections, VPNs, S/MIME email, code-signing certificates, and digitally signed contracts all become readable.
The critical point for CISOs: this threat does not require the attacker to be technically sophisticated today. Collecting encrypted data requires far less capability than breaking it. The collection phase is already underway for high-value targets. The sophistication comes later, and later is when you cannot stop it.
What it means for your board
The business stakes break across three dimensions.
Regulatory liability.
The standards are already published. NIST finalised three post-quantum cryptography standards, FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA), in August 2024. The NSA's Commercial National Security Algorithm Suite 2.0 mandates PQC deployment for newly classified systems by 2027. The US government has been clear: PQC migration is not optional for any organisation handling federal data or operating in regulated sectors. For organisations in financial services, healthcare, and critical infrastructure across ASEAN, equivalent pressures are building.
When a breach is eventually attributed to data harvested before your organisation had migrated, the question a regulator will ask is not whether quantum computers existed when the data was collected. The question will be: when did you know PQC migration was necessary, and what did you do?
The NIST standards were published nineteen months ago. The clock is running.
Reputational exposure.
HNDL attacks are uniquely damaging because the breach and its public disclosure are separated by years. A company can do everything right after Q-Day, patch systems, issue statements, cooperate with regulators, and still find decade-old M&A strategy, clinical data, or executive communications appearing in public view. The breach will feel current even though it is ancient. There is no incident response playbook that addresses historical interception.
Data with a long shelf life.
Not all data ages quickly. A 10-year retention requirement on financial records, health data, legal strategy, and employee files means that data created today, under current encryption, will still need protection in 2036. By then, whether Q-Day arrived in 2030 or 2032 is entirely irrelevant. The data will be exposed either way if PQC migration has not happened.
The financial services sector understood this calculus earliest. Major banks in the US and Europe have already begun hybrid post-quantum cryptography deployment in their TLS connections. The question for any organisation in ASEAN is whether you are moving in the same direction, or whether you are still waiting for this to become urgent.
What to do, and in what order
The migration to post-quantum cryptography is a multi-year programme. Here is where to start, in sequence.
1. Run a cryptographic inventory before anything else.
You cannot protect what you have not mapped. Every system, protocol, and library in your environment that uses cryptography needs to be identified. Focus on TLS endpoints, VPNs, email systems, code-signing infrastructure, and any firmware with embedded cryptographic keys. Most organisations have significantly more cryptographic exposure than their architecture diagrams suggest. This exercise will confirm that.
2. Prioritise long-shelf-life data immediately.
Not all data carries equal HNDL risk. Identify categories with a sensitivity window beyond five years, including personnel files, legal strategy, IP, clinical data, and financial records, and prioritise those systems for early PQC migration. This is a risk-based triage, not an organisation-wide lift-and-shift.
3. Begin hybrid post-quantum deployment in your highest-exposure protocols.
The current recommended approach is hybrid deployment: running PQC algorithms alongside existing encryption rather than replacing it outright. ML-KEM (FIPS 203) combined with X25519 for TLS key exchange is the most widely validated starting point. AWS, Google Cloud, and Microsoft Azure all have hybrid TLS support available today. This is not a research exercise. The tooling exists and is production-ready.
4. Build cryptographic agility into your architecture.
Cryptographic agility is the ability to swap cryptographic components without rewriting application logic. Systems built with this principle will allow your organisation to adapt as post-quantum standards evolve and as new algorithms are added to the NIST framework. This needs to be embedded in your next architecture review cycle, not retrofitted after a compliance deadline arrives.
5. Establish a PQC migration timeline and put it in front of your board this year.
The NSA mandates full transition for national security systems by 2035. NIST's projected adoption cycle for critical infrastructure runs five to ten years from the 2024 standards publication, placing the outer boundary at 2034. Given that Q-Day estimates cluster around 2030 and ASEAN regulatory frameworks are tightening, the practical internal deadline for meaningful progress is 2028.
Your board needs to see a written plan with milestones. Not because a regulator will ask for it today, but because they will ask, and the answer "we hadn't started" will be significantly more costly than the migration itself.
The bottom line
In 2024, NIST published the most significant upgrade to cryptographic standards in a generation. It received modest coverage in the technology press and almost none in the business press. That coverage gap is the real risk.
Organisations that treat post-quantum cryptography as a technical matter for the security team to handle quietly are the ones who will spend 2031 explaining to regulators, shareholders, and customers why a breach that happened in 2025 is only becoming visible now.
PQC migration is not a defensive upgrade. It is the correction of an existing liability, one that was incurred every time your organisation transmitted sensitive data under encryption that a future quantum computer can break.
The data is already out there. The question your board needs to answer this year is whether your encryption will still be standing when Q-Day arrives.
Frequently Asked Questions
What is Harvest Now, Decrypt Later (HNDL)?
HNDL is a cyberattack strategy where adversaries collect and store encrypted data today, planning to decrypt it when quantum computers become capable of breaking current encryption. No decryption capability is needed at collection time, only storage.
When is Q-Day?
Q-Day refers to the point when a cryptographically relevant quantum computer (CRQC) can break widely used encryption such as RSA and elliptic curve cryptography. Most expert estimates, including those from Gartner and the NSA, place this window between 2029 and 2033.
What is FIPS 203 and why does it matter?
FIPS 203 is the NIST-approved post-quantum cryptography standard specifying ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism). It is the primary recommended standard for general encryption, designed to resist attacks from quantum computers. It was finalised in August 2024 alongside FIPS 204 and FIPS 205.
What is post-quantum cryptography (PQC)?
Post-quantum cryptography refers to cryptographic algorithms designed to be secure against both classical and quantum computers. Unlike RSA or elliptic curve cryptography, PQC algorithms are based on mathematical problems that quantum computers cannot solve efficiently.
What is cryptographic agility?
Cryptographic agility is the design principle of building systems so that cryptographic algorithms can be updated or replaced without rewriting core application logic. It is considered essential for organisations beginning their PQC migration.
Is HNDL happening right now?
There is no public confirmation of specific HNDL campaigns against commercial targets, though the strategy has been attributed to nation-state actors in intelligence community assessments. The US government's urgency around PQC migration timelines reflects the assumption that adversaries with long-term interests are already collecting encrypted data.
What should organisations in ASEAN do first?
Start with a cryptographic inventory to identify every system, protocol, and library using encryption. Then prioritise data with a sensitivity window beyond five years. Hybrid PQC deployment in TLS connections is the most practical immediate step for most organisations.
Sources
NIST, "NIST Releases First 3 Finalized Post-Quantum Encryption Standards," August 2024. https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
NIST, "Post-Quantum Cryptography FIPS Approved: FIPS 203, FIPS 204, FIPS 205," August 2024. https://csrc.nist.gov/news/2024/postquantum-cryptography-fips-approved
NIST, "PQC Standardization Process: Selected Algorithms and Timeline," updated December 2025. https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization
Gartner, "Gartner Identifies the Top Cybersecurity Trends for 2026," February 2026. https://www.gartner.com/en/newsroom/press-releases/2026-02-05-gartner-identifies-the-top-cybersecurity-trends-for-2026
SafeLogic, "Harvest Now, Decrypt Later: What Leaders Do Now," March 2026. https://www.safelogic.com/blog/harvest-now-decrypt-later-quantum-threat
MDPI, "Harvest-Now, Decrypt-Later: A Temporal Cybersecurity Risk in the Quantum Transition," December 2025. https://www.mdpi.com/2673-4001/6/4/100
US Federal Reserve, "Harvest Now Decrypt Later: Examining Post-Quantum Cryptography and the Data Privacy Risks for Distributed Ledger Networks," January 2026. https://www.federalreserve.gov/econres/feds/harvest-now-decrypt-later-examining-post-quantum-cryptography-and-the-data-privacy-risks-for-distributed-ledger-networks.htm
Palo Alto Networks, "A Complete Guide to Post-Quantum Cryptography Standards," 2025. https://www.paloaltonetworks.com/cyberpedia/pqc-standards
Cloudflare, "NIST's First Post-Quantum Standards," updated October 2025. https://blog.cloudflare.com/nists-first-post-quantum-standards/
Disclaimer: This article is intended for informational purposes only and does not constitute legal, compliance, or technical advice. Statistics and regulatory timelines cited reflect publicly available information as of the date of publication. Organisations should conduct their own assessment and consult qualified advisors before making cybersecurity or compliance decisions.
