Post-Quantum Cryptography: Is Your Data Ready for the “Harvest Now” Threat?

SHILPI MONDAL| DATE: JANUARY 08, 2026

The Quantum Clock is Ticking Louder Than You Think

Imagine a burglar who can’t pick your safe today, so they simply steal the entire safe and wait for a better drill to be invented. This isn't a hypothetical scenario; it is the exact reality of the "Harvest Now, Decrypt Later" (HNDL) threat facing enterprise data right now. With recent breakthroughs pushing us closer to fault-tolerant quantum computing, the "theoretical" risk has officially graduated to a strategic inevitability.

For CIOs and IT leaders, the comfortable assumption that RSA and ECC encryption will hold the line is no longer valid. The question isn't whether your cryptography will break, but whether you'll have transitioned to Post-Quantum Cryptography (PQC) before your 10-year secrets are exposed.

The Hardware Reality Check

Quantum computing was a “2030s problem” until very recently, but this schedule was quickly pushed forward during the past year. In December of 2024, Google Quantum AI made huge strides in the area of quantum error correction. This was a huge step forward for building a fault-tolerant machine potentially able to break existing encryption. However, even greater breakthroughs were made in 2025 with the introduction of the Majorana-based quantum architecture by Microsoft.

Why does this matter? Because global digital security depends on the difficulty of factoring large integers. While classical supercomputers would take thousands of years to break a 2048-bit RSA key, a sufficiently powerful quantum system running Shor’s algorithm could theoretically do so in hours or days. A fully operational quantum computer may still be years away but the window to prepare is closing far faster than most security roadmaps assume.

"Harvest Now, Decrypt Later": Your Data is Already Vulnerable

Here is the most unsettling part of the quantum narrative: you don't need a quantum computer today to be compromised. Adversaries-including sophisticated nation-state actors-are actively intercepting encrypted traffic now, storing it, and waiting for the technology to mature.

This strategy effectively transforms your current secure communications into time-delayed vulnerabilities.

Quantifying Your Risk

To understand if you are exposed, you need to look at the math of data longevity. The risk exists if the number of years you need to keep a secret ($L_d$) is greater than the years remaining until a quantum computer can break it ($H_a$).

"If an organization expects a CRQC to emerge within the next 10 years but has data that must remain secret for 20 years, they are already in a state of compromise."

According to a 2025 analysis by the Federal Reserve Board, adversaries who replicate a public ledger today can harvest the data and later reveal previously encrypted transaction information once quantum computing power makes current cryptography breakable - leaving long-lived data such as patient records or trade secrets at risk of retrospective compromise.

The New Defense: NIST’s PQC Standards

As per the announcement by NIST in August 2024, the National Institute of Standards and Technology has completed the very first three Federal Information Processing Standards (FIPS) related to post-quantum cryptography on August 13th, 2024. This is a historic occasion in the field of cybersecurity standardization. It has been achieved after a worldwide competition started with a call for proposals in 2017.

As noted by the NIST Computer Security Resource Center, these standards aren't merely recommendations they represent mandatory requirements for federal systems and serve as the blueprint for the private sector's quantum-safe transition.

FIPS 203 (ML-KEM): 

Formerly based on the CRYSTALS-Kyber algorithm, is the new module-lattice-based key-encapsulation mechanism standard for general encryption and key establishment. According to the NIST Computer Security Resource Center, it is designed for general-purpose encryption to protect data access.

FIPS 204 (ML-DSA): 

Formerly based on the CRYSTALS-Dilithium algorithm, this Module-Lattice-Based Digital Signature standard is the primary standard for digital signatures. 

FIPS 205 (SLH-DSA): 

A stateless hash-based digital signature scheme derived from SPHINCS+ designed as a fail-safe backup. 

We are also now seeing a global push for adoption. In the U.S., the Commercial National Security Algorithm Suite (CNSA 2.0) - a government roadmap for quantum-resistant cryptography-calls for systems such as web browsers, servers, and cloud services to support quantum-resistant algorithms by 2025, with an overarching target for all National Security Systems to fully transition by 2035 CNSA2.0FAQ.

The Implementation Challenge: It’s Not Just a Swap

Here is where the rubber meets the road for IT practitioners. Migrating to PQC isn't as simple as swapping out a certificate. The underlying mathematics-shifting from integer factorization to lattice-based problems; introduces significant performance trade-offs.

The "Memory Tax"

Post-quantum cryptography (PQC) introduces a significant challenge regarding key sizes, which are vastly larger than those used in classical methods. For instance, according to the Kyber documentation on Wikipedia, Kyber768 (an ML-KEM standard) requires public keys of approximately 1,184 bytes-a massive jump from the roughly 32 bytes used in standard ECC P-256 keys.

A 2025 review in Engineering, Technology & Applied Science Research found that migration to post-quantum algorithms "leads to massive memory and processing overhead on these lightweight IoT microcontrollers". As a result, "efficient implementations still pose a technical challenge" for many algorithms; during the 2025 IEEE Quantum Week series, panelists and presenters emphasized that increased RAM and processing requirements mean that existing legacy endpoints in the IoT will not in most cases be able to be retrofitted with a software update but instead will probably need to be replaced with new hardware to provide quantum-safe security.

The Skills Gap

Despite these clear technical hurdles, organizational readiness remains alarmingly low. Data from IBM Institute for Business Value research, both the Secure the Post-Quantum Future and 2025 Quantum-Safe Readiness reports, indicated that awareness was outpacing action: Although a substantial majority of organizations are aware of the quantum threat, few have near-term maturity targets or defined roadmaps to ensure a secure future, and many remain reliant on vendors without developing internal capability. In the Secure the Post-Quantum Future report, 62% of respondents think their vendors will take care of transitioning to quantum-safe technologies, yet the global readiness score across all regions is 25 out of 100, a disconnect between awareness of the risk and preparation for the risk.

The most frequently highlighted barrier in these analyses isn’t lack of concern-it’s a shortage of internal expertise in quantum computing and advanced cryptography, which continues to slow real progress toward operationalizing post-quantum security initiatives at scale. According to a 2025 analysis by Post-Quantum of IBM’s "Secure the Post-Quantum Future" report, a lack of skilled personnel remains the top challenge, with 46% of organizations citing insufficient expertise as the primary obstacle to executing their quantum-safe strategies.

The Path Forward: Agility and Hybrids

So, how do you eat this elephant? The industry consensus points to a strategy of Crypto-Agility. We must stop treating cryptography as a static "set and forget" configuration and start managing it as a dynamic lifecycle.

The Hybrid Approach

You don't have to abandon classical encryption overnight. In fact, you shouldn't. The safest immediate step is a hybrid implementation, layering a PQC algorithm (like ML-KEM) on top of a classical one (like X25519). As Palo Alto Networks notes in their guide to PQC standards, this ensures that your data remains secure even if one of the algorithms is compromised. This "belt and suspenders" approach is already being deployed in protocols like OpenSSH and TLS 1.3.

You don't have to abandon classical encryption overnight. In fact, you shouldn’t. The safest immediate step is a hybrid implementation, layering a PQC algorithm (like ML-KEM) on top of a classical one (like X25519). As Palo Alto Networks’ guide to hybrid cryptography explains, this approach combines the strengths of both worlds, ensuring that your data remains secure even if one of the algorithms is compromised exactly the “belt and suspenders” defense model organizations need during the transition to quantum-safe security.

The Cryptographic Bill of Materials (CBOM)

You cannot protect what you cannot see. The first step for any AmeriSOURCE client should be a comprehensive discovery phase. We recommend utilizing the methods outlined in the GSA's 2025 Buyers Guide to generate a Cryptographic Bill of Materials. This inventory allows you to map interdependencies and prioritize high-value assets that have long data shelf lives.

Vendor Governance

Don't try to build everything in-house. Survey your technology vendors immediately. If your SaaS providers and hardware vendors don't have a PQC roadmap for 2026, they are introducing risk into your environment.

Conclusion: The Time to Architect Is Now

Out in the open now - FIPS 203, 204, and 205 have landed, yet this moment feels more like a first step than a finish line. Digital trust faces deep shifts because of quantum computing, though oddly enough, that disruption opens space to rebuild enterprise security on tougher ground. While threats grow, so does the chance to design better defenses.

Ahead of us lies a problem we can’t wait out. When news breaks that quantum computers cracked codes, consequences will have arrived long before. Machines designed around current encryption won’t adapt fast just because urgency strikes. Fixing them on short notice isn’t how infrastructure works.

Shifting to post-quantum encryption won’t happen fast - it’ll take years, not weeks, plus it’ll demand effort and money. Still, beginning matters most. Those who act early gain room to prepare, try things out, then shift at their own pace instead of rushing later.

Key Takeaways

• Right now, someone might be stealing encrypted data without needing to crack it yet. Years down the line, that same data could become readable through future decryption methods. That possibility hits hard when the stolen files include patents or medical histories. When secrets last decades, waiting isn’t invisible protection - it’s a gamble. Time doesn’t fix exposure; it just delays the moment we see it.

• FIPS 203, 204, and 205 now stand as real standards, not ideas. With NIST's official approval, these rules shift from draft to done. Since post-quantum plans have launched in earnest, stalling makes little sense anymore. What happens after today just became everyone’s starting point.

• What happens to infrastructure matters. Keys for post-quantum crypto might grow nearly 60 times bigger than current ECC ones. That size hits speed, response time, storage tight spots hard. Devices like sensors, small computers inside machines, networks with little room to spare feel it most.

• A blend of old and new methods makes sense right now. Instead of replacing everything at once, systems can keep using current encryption while layering in quantum-resistant types. This mix helps maintain function across different platforms. At the same time, it strengthens defenses step by step. Gradual integration reduces risks that come with big changes. Working this way allows updates without breaking what already works.

• Ahead of the curve? Not quite. Less than one in ten federal agencies run special teams for quantum shifts. Leadership clarity slips through the cracks here. Someone needs to take charge - properly. Outside experts could fill what's missing, if asked.