Quantum computers are steadily advancing – and with them emerges a new threat scenario targeting one of the core pillars of digital security: cryptography. Cryptographic algorithms that currently ensure confidentiality, integrity, and authenticity may become vulnerable in the near future. A particularly relevant scenario is known as “Harvest Now, Decrypt Later” (HNDL): encrypted data is intercepted today with the expectation that it can be decrypted in the coming years using quantum capabilities.
This threat manifests with a time delay – but the risk is already real. Organizations that store or transmit data today must assume that this information could potentially be decrypted between 2030 and 2035. Those who think long-term should therefore begin adapting their security architecture to this timeline now.
Emerging Threat Scenarios
In connection with the Harvest Now, Decrypt Later (HNDL) model, we are already witnessing tangible developments today:
- Sale of Encrypted Data to Third Parties: Nation-states, corporations, or advanced persistent threat (APT) groups are purchasing encrypted data packages with potential long-term value – for example, in research, financial markets, or intellectual property.
- “Data Futures” as a Business Model: Markets are emerging on the dark web where data is traded like digital investments – with promises such as “decryptable by 2032.”
- Delayed-Impact Ransomware: Instead of traditional extortion, actors now threaten the future disclosure of sensitive information – introducing a new form of long-term coercion.
These scenarios make it clear: although actual decryption using quantum resources may still be years away, the threat is already taking shape today.
Growing Risks from Quantum Attacks
In addition to the active Harvest Now, Decrypt Later (HNDL) threats we already face today, further risks are coming into sharper focus:
- Asymmetric encryption becomes vulnerable – core protocols such as TLS, VPN, PKI, and SSH could be compromised.
- Digital signatures can be forged – with serious implications for contracts, software updates, and official communications.
- Digital identities come under pressure – forged authentication may enable unauthorized access.
- Hybrid transition solutions may introduce new vulnerabilities – the migration phase itself becomes a risk factor.
- Established supply chains become attack vectors – particularly when partners are not yet prepared for Post-Quantum Secure Cryptography (PQSC).
- Migration is complex and costly – without clear planning, organizations risk delays and operational disruptions.
Who Has Access to Quantum Resources – and When?
Over the next few years, various actors will gain direct or indirect access to quantum computing capabilities – through government-funded initiatives, research collaborations, or commercial providers.
- State-Sponsored Groups (APT): Highly skilled actors with strategic objectives. They are among the first to actively pursue HNDL strategies – particularly targeting healthcare and government data.→ Access: Highly likely – already active today.
- Cybercrime Groups: Developing models to store data long-term for future decryption – e.g., via Quantum-as-a-Service.→ Access: Likely – contingent on the commercialization of quantum resources.
- Corporate Spies: Especially active in sensitive sectors like pharmaceuticals and finance, often with targeted access through partnerships.→ Access: Selectively possible – represents a major threat.
- Hacktivists: Technically less sophisticated, more focused on public leaks and reputational damage.→ Access: Unlikely – presents a lower threat.
- Insiders: No direct access to quantum systems, but potential vectors for data exfiltration to third parties with future decryption capabilities.→ Access: Indirect – already a relevant risk today.
How Organizations Can Prepare
The migration to quantum-secure cryptographic methods is not a conventional IT project with a fixed deadline – it is a long-term transformation of the entire security architecture. Organizations should begin building structures early to effectively prepare for the challenges ahead. Key measures include:
How CySafe Supports Organizations on Their Journey Toward Post-Quantum Resilience
Implementing post-quantum secure cryptography requires foresight, technical expertise, and a structured approach. CySafe stands by your side as an experienced partner – with a deep understanding of strategy, governance, and operational realities.
CySafe combines strategic consulting with deep technological expertise – get in touch with us for a non-binding consultation.
English 
German