← Back to Blog
Threats||7 min read

Harvest Now, Decrypt Later: Why Your Encrypted Data Today Is Already at Risk

The threat isn't in the future: your encrypted data is being collected today to be decrypted tomorrow. Here's what you need to know.

Picture this scenario: today you send a confidential email, hold a strategic video call, or transfer sensitive documents. All protected by state-of-the-art encryption. Safe, right?

Not necessarily. State actors and sophisticated criminal groups are already intercepting and storing encrypted communications. They can't read them now, but they know they will be able to in the future.

What Is the Harvest Now, Decrypt Later Attack?

Harvest Now, Decrypt Later (HNDL), also called "Store Now, Decrypt Later", is an attack strategy where:

  1. An adversary intercepts encrypted traffic today
  2. They archive it waiting for sufficiently powerful quantum computers
  3. When the technology becomes available, they decrypt all collected traffic

The Threat Is Real

Intelligence agencies from multiple countries are already collecting encrypted traffic at scale. Data centre storage is cheap. Time is on their side.

Why Should You Care?

The key question is: how long must your data remain secret?

  • Medical records: forever (or at least decades)
  • Trade secrets: until they become obsolete (often 10-20 years)
  • Financial data: 7-10 year confidentiality requirements
  • Legal documents: potentially forever
  • Diplomatic communications: decades
  • Intellectual property: patent life + beyond

If your data has value for more than 5-10 years, it's already at risk if transmitted with classical encryption.

The Timelines: When Will the Threat Materialise?

Estimates vary, but most experts agree:

  • 2030-2035: Quantum computers capable of breaking RSA-2048
  • Possibly earlier: Unexpected advances or classified capabilities
  • Already today: Data collection is happening now

Migration Timeline

If PQC migration takes 3-5 years and quantum computers arrive in 2032, you need to start by 2027-2029. But your data from today will already be compromised.

Who Is Collecting Data?

This isn't paranoia. Declassified documents and leaks have confirmed mass interception programmes by:

  • State intelligence agencies (NSA, GCHQ, and equivalents from other countries)
  • State-sponsored APT (Advanced Persistent Threat) groups
  • Sophisticated criminal organisations

Intercepted traffic includes: emails, VoIP, file transfers, HTTPS web sessions, VPNs, and any other communication crossing the network.

How to Protect Yourself

The good news: solutions already exist. Here's what you can do:

1. Adopt TLS 1.3 with Modern Cipher Suites

TLS 1.3 is a prerequisite for post-quantum cryptography. Verify your servers support it and don't allow fallback to earlier versions.

2. Implement Hybrid Cryptography

Hybrid schemes combine classical algorithms (like ECDH) with post-quantum algorithms (like ML-KEM). Even if one fails, the other protects the data.

3. Reassess Your Most Sensitive Data

For data with long-term confidentiality requirements, consider:

  • Additional at-rest encryption with PQC keys
  • Out-of-band transmission for the most critical data
  • Data minimisation in transmissions

4. Verify Your Current Posture

The first step is understanding how exposed you are. Our free scan analyses your site's TLS configuration and identifies vulnerabilities.

How Exposed Are You?

Free scan to check your readiness against HNDL attacks.

Don't Wait

The nature of the HNDL attack means data transmitted today is already potentially compromised. You can't protect the past, but you can protect the future.

Every day you delay migrating to quantum-safe cryptography is another day of vulnerable data being collected. The transition takes time: start now.