Adversaries are not waiting for quantum computers to arrive before putting them to work. They are stealing encrypted data today, banking on the ability to decrypt it later once the technology matures. This strategy, known as “Harvest Now, Decrypt Later” (HNDL), is already in motion, and security experts warn that organizations need to start their post-quantum cryptography (PQC) migration immediately.
The Quantum Threat Is Not Hypothetical
Current quantum prototypes lack the scale and error-correction capability needed to crack modern encryption. But the window is narrowing. A cryptographically relevant quantum computer (CRQC) capable of breaking today’s encryption schemes could realistically emerge between 2030 and 2035. Such a machine could unravel protections that currently take classical computers millions of years to defeat, potentially doing so in minutes.
The problem is especially acute for long-lived data. Trade secrets, classified infrastructure designs, and sensitive government records all carry lifespans that may well outlast the encryption protecting them right now. Once that encryption breaks, there is no reversing what was already harvested.
Why PQC Migration Cannot Wait
Post-quantum cryptography refers to a new generation of cryptographic algorithms built to resist attacks from both classical and quantum machines. The National Institute of Standards and Technology has been driving standardization efforts, and the field is moving toward consensus, though unevenly.
A significant obstacle is the absence of uniform terminology and agreed-upon migration steps across the industry. Without a shared framework, organizations struggle to benchmark their own strategies, coordinate with vendors, or adopt best practices efficiently. Security researchers note that this fragmentation is slowing progress at exactly the wrong time.
Mohammed Meziani, Senior Security Consultant at Orange Cyberdefense, identifies three interdependent categories of challenges that organizations must navigate during any PQC migration:
More Read
- Technical complexity within existing security architecture
- Organizational readiness, including staffing and expertise gaps
- Industry-wide coordination and the lack of standardized migration language
Building a Migration Team
Meziani’s framework centers on one non-negotiable starting point: a dedicated migration team for every system or infrastructure undergoing transition. That team should include cryptography specialists, cybersecurity professionals, and managers directly responsible for the systems in scope. Without that internal ownership, migrations stall.
The scale of the transition is significant. PQC migration is not a single software update. It spans an entire organization’s security stack, touching authentication systems, data storage, communication protocols, and third-party integrations. Each layer requires its own assessment before any algorithm swap takes place.
The Broader Threat Landscape
The quantum risk does not exist in isolation. Orange Cyberdefense’s Security Navigator 2026 report, which provides the broader context for this analysis, documented 139,373 incidents and 19,053 confirmed breaches across the current threat environment. The ransomware and cyber extortion ecosystem has already demonstrated the criminal world’s capacity to fund, scale, and professionalize data theft operations.
Cloud infrastructure has removed storage constraints entirely. Threat actors can accumulate vast quantities of encrypted data at negligible cost, sitting on it indefinitely. The HNDL strategy is, in that sense, a rational long-term investment for well-resourced adversaries.
Organizations that treat PQC as a future-state concern are already behind. The data being encrypted today is the data at risk tomorrow.
Photo by Markus Winkler on Unsplash
This article is a curated summary based on third-party sources. Source: Read the original article
