The quantum deadline: data stolen today, decrypted tomorrow

April 9, 2025

Imagine a scenario in which a malicious actor intercepts or stores vast volumes of encrypted data—trade secrets, corporate and military intelligence, financial records—with no current means of decrypting it. For now, that data remains safe. But what will happen a decade from now, when quantum computers can crack today's encryption?

That actor could retroactively decrypt everything, exposing years’ worth of confidential communications, transactions, and classified high-impact information—potentially undermining the interests and systemic operations of targeted organizations or nation-states.

This is, at its core, the Harvest Now, Decrypt Later (HNDL) cyber threat—a growing concern as quantum advancements accelerate.

This threat highlights the urgent need for organizations to act today to prevent future breaches that could compromise national security, financial stability, and individual privacy. But have we truly considered how imminent these risks are, and what steps are necessary to mitigate them?

Quantum computing threat

Organizations must act now to prevent future security breaches that could endanger national interests, financial systems, and personal data. But how imminent is this threat, and what must companies and governments do to prepare?

HNDL refers to the practice where malicious actors—including nation-state agents—collect and archive vast troves of encrypted data secured by current-day algorithms, even though they lack the computational power to decrypt it today.

The underlying premise of this strategy is simple: current cryptographic schemes will be rendered obsolete by future quantum computers, giving these actors the ability to decrypt and exploit stored data.

This line of reasoning exposes a growing concern. Encryption is the backbone of modern cybersecurity. If quantum attacks make it vulnerable, sensitive data confidentiality will be in jeopardy.

What’s secure today may be compromised tomorrow.

Mathematician Peter Shor developed a quantum algorithm to factor large integers and solve discrete logarithm problems. Mathematical foundations underpin widely used cryptographic systems like RSA and Elliptic Curve Cryptography (ECC).

Shor’s algorithm is one of the main reasons quantum computing poses a direct threat to traditional encryption. If your most sensitive data were exfiltrated today, how damaging would it be if decrypted in 10 or 20 years?

At present, classical computers struggle with these encryption schemes because factoring large numbers takes millions of years. But a sufficiently capable quantum computer running Shor’s algorithm could break RSA in hours—or even in a few minutes, making public-key cryptography obsolete in the near future.

■ This vulnerability creates an urgent need to adopt quantum-resistant encryption, well before quantum machines become commonplace.

The urgency of transitioning to post-quantum cryptography

The value of data theft extends far beyond the present, because many types of information remain strategically useful for decades.

Financial records and credit card data, for example, can be exploited long after being stolen—enabling fraudulent transactions, social engineering, or identity theft.

Having worked closely with nation-state security and defense strategies, I can tell you: government secrets and intelligence reports—even if intercepted today—could have profound strategic implications if decrypted years later, exposing national security operations and geopolitical maneuvers to public scrutiny.

In the healthcare sector, patient records hold highly sensitive personal data that could be weaponized for blackmail or used to defraud insurers in the future. And beyond that, intellectual property theft is a major concern. Confidential research, patents, and proprietary strategies could all be decrypted in the post-quantum era, creating severe economic and competitive disadvantages for victims.

Quantum decryption has staggering implications for industries like banking, healthcare, public administration, and other critical infrastructure sectors. Banks use encryption to protect online banking, digital transactions, and stock trading systems.

Should quantum computers break traditional encryption, digital fraud and market manipulation could become widespread. Healthcare systems depend on encryption to safeguard patient data and medical research; a quantum breakthrough could expose medical histories and derail pharmaceutical innovation.

Governments worldwide use encryption to protect military communications, diplomatic channels, and intelligence networks—core pillars of national security and sovereignty. If decrypted later, these could jeopardize entire defense strategies. Worse yet, large-scale decryption could disrupt global supply chains, erode trust in digital transactions, and facilitate pervasive state-sponsored espionage.

Are governments and institutions ready for the quantum threat—or are they underestimating the urgency of this transition?

Global initiatives in the transition to post-quantum cryptography

Some global efforts are already underway to counter quantum cyber threats. In the realm of R&D, Post-Quantum Cryptography (PQC) is gaining momentum, focusing on designing algorithms inherently resistant to quantum attacks. The U.S. NIST is leading efforts to identify and standardize such algorithms.

NIST advocates hybrid cryptography and emphasizes several key points:

Digital signature algorithms and key-establishing protocols like RSA and ECC will no longer offer adequate protection by 2030.
By 2035, digital signature families will no longer support 128-bit RSA or Edwards-Curve (EdDSA) signatures.
By 2030, 112-bit RSA and ECDSA keys will be deprecated, making stronger, quantum-resistant methods essential.
For organizations still using RSA and ECC, NIST recommends transitioning to Key Encapsulation Mechanisms (KEMs) for secure encryption.
In hybrid digital signatures, organizations should adopt dual-signature schemes—signing with two or more algorithms per message to reinforce security.
Block ciphers like AES, hash functions like SHA1, SHA2, SHA3, and eXtendable-Output Functions (XOFs) are integral to the quantum transition roadmap and future cryptographic architecture. These primitives are evolving to maintain robustness against quantum adversaries.

At the same time, NIST has laid out a roadmap emphasizing the need for cross-sector and international collaboration to create a cohesive, quantum-resilient infrastructure. This will demand cooperation, shared standards, and synchronized policy efforts. The European Union is taking parallel steps, while other nations may weaponize quantum capacity to strengthen offensive and defensive cyber capabilities—raising major national security concerns.

■ NIST has selected Kyber for encryption and Dilithium for digital signatures as primary candidates for quantum-resistant cryptography. Based on hard mathematical problems, these PQC algorithms will replace vulnerable systems like RSA and ECC to secure communications in a quantum future.

Will the quantum era redefine cybersecurity—rewarding those who invest in post-quantum resilience today?

Challenges in the transition toward post-quantum cryptography

Organizations face major hurdles when migrating to quantum-safe encryption. A primary obstacle is the overhaul of existing infrastructure to support new cryptographic algorithms across networks, databases, and software platforms.

Most current systems are deeply embedded in RSA and ECC, making seamless transitions difficult.

Interoperability is another critical issue. Organizations must ensure that their systems remain compatible with partners, vendors, and clients who still use legacy cryptographic protocols. The transition also requires substantial investment in hardware, software, and talent development.

Many organizations lack the internal expertise needed to manage quantum-era cryptographic strategies, further complicating the landscape.

Supply chain security must not be overlooked; ensuring that third- and fourth-party vendors adopt quantum-resistant standards is vital to ecosystem-wide resilience.

■ Organizations must take proactive steps to secure their data against future quantum threats. A critical concept is crypto-agility, designing systems capable of swiftly adopting new cryptographic standards as they become available.

Conclusion

Hybrid cryptographic approaches—combining traditional and post-quantum encryption—are essential during the transition period. A recommended first step is to build a cryptographic inventory: mapping all encrypted data, assessing its quantum vulnerability, and analyzing it through a practical risk lens.

The real question is: when will quantum cyber threats arrive? While the timeline remains uncertain, quantum computing experts estimate that cryptographically relevant quantum computers could emerge between 2030 and 2040.

That said, the transition may take years--so organizations must prepare now. Any delay increases the risk that today’s sensitive data will be exposed once quantum systems become powerful enough to break conventional encryption.

I’ve worked on cyber-resilience strategies for the quantum era, incorporating adaptive cryptographic methods, continuous risk assessments, capacity-building, and global collaboration. The future of cybersecurity isn't just about protecting data today—but ensuring its integrity and confidentiality long into the future.

Defining a robust strategy is imperative to meet the challenges of quantum computing.

Get our handbook on protecting data from the quantum threat

At Telefónica Tech we advocate for a cryptoagility-based strategy, enabling systems to adapt to new threats without disrupting operations.

■ We invite all organisations to access our complimentary handbook Strategic preparation for Post-Quantum Cryptography and take the first step towards a resilient cryptographic infrastructure ready for the quantum era.