'Harvest Now, Decrypt Later': The Quantum Threat CISOs Can't Wait Out

In March 2026, Google announced that it was dramatically shortening its internal deadline to prepare for Q-day, the day when quantum computers will be able to break the encryption algorithms we currently use to protect everything from banking to messaging to government secrets, pushing its readiness deadline up to 2029. Meanwhile, the National Security Agency continues to adhere to a 2031 date to be ready. Estimates of when Q-day will be still vary: optimists say 2029, pessimists say 2035. But there’s no longer any doubt that Q-day will happen, and it’s increasingly likely to be this decade.

Harvest now, decrypt later

For CIOs and CISOs, it doesn’t really matter when Q-day is because you can’t wait until Q-day to think about quantum computing. Although the impact won’t be felt for years, there’s an active threat today and it’s called “harvest now, decrypt later.”

Threat actors are gathering large quantities of encrypted traffic and storing it for the day when useful quantum computers become available to break encryption and decrypt all those packets. While some older data may not be useful by the time it is decrypted, a great deal of information will still be useful to threat actors, and the closer we get to Q-day, the more useful the data will be.

At first glance, quantum computing seems ridiculous. It uses quantum phenomena – superposition and entanglement – to manipulate data far faster than classical computing, at temperatures approaching absolute zero. Superposition? Entanglement? What does that really mean? For those of us who are not physicists, understanding any, much less all, the ways that companies are trying to make quantum work is a mind-bending experience. 

Companies are trying to scale six types of quantum computing: superconducting, topological, trapped-ion, photonic, neutral-atom, and quantum dots. Quantum computing vendors are battling to get their chosen technology to be the winner – or one of the winners – of the quantum computing race. Will the winner be superconducting, where IBM has built one of the first quantum processors to surpass 1,000 qubits? Or maybe it will be trapped ion. If you’re a CIO or CISO, it doesn’t matter. What matters is that small quantum computers are already functioning. While there is still disagreement over how many logical qubits will be necessary to achieve Q-day, it could be as few as 10,000, and the day when a 10,000 logical qubit quantum computer exists is not far off. The physical qubit estimates have also dropped sharply. Breaking RSA-2048 was estimated to require 20 million qubits in 2019. By May 2025, that estimate was under one million. In early 2026, new research brought it below 100,000. These reductions came from better algorithms, not faster hardware, which is why readiness deadlines keep moving up.

A quick encryption primer 

Encryption works through keys. For systems where keys must be passed unprotected, there’s a key pair, and each party has a key. Both are required, one to encrypt and one to decrypt the data. This is called public key encryption.

Symmetric encryption uses a single key and is appropriate when keys can be passed securely, such as after an HTTPS session has been established. This type of encryption is vulnerable to Grover’s algorithm. Quantum computing will halve the time required to break symmetric encryption; therefore, the symmetric key length must be doubled to maintain the same level of security. However, the problem is much more severe for public key encryption. Shor's algorithm, which finds the prime factors of an integer, can break the vast majority of public key encryption algorithms in use today, including RSA, rendering them obsolete.

Until recently, all asymmetric encryption algorithms were vulnerable to these harvest now, decrypt later attacks. However, in 2024 and 2025, after testing many candidates, NIST issued new quantum-resistant algorithms that have not been broken to date. These algorithms will protect vital secrets from harvest now, decrypt later and from prying eyes in the quantum computing future.

Although efforts are underway to develop room temperature quantum computers, it is unlikely that there will ever be a quantum computer on every desk. That does not reduce the risks posed by quantum computers and Q-day. Nation-state actors and their proxies will have access to quantum computers, and anyone willing to pay for access will be able to use quantum computing resources in the cloud.

The steps CIOs and CISOs need to take now

Human beings aren’t very good at responding to future threats. Our brains aren’t wired that way. If we were, the headlines would be full of concerns about the threats posed by harvest now, decrypt later, and organizations would be laser-focused on solving their encryption problems. The lack of noise doesn’t reflect a lack of risk. The data protection challenges posed by quantum computing are real, and organizations need to prepare now so their data stays protected later.

Now that post-quantum encryption algorithms are available, it is time for CIOs and CISOs to act to ensure their systems are upgraded as soon as possible. The deadline isn’t when practical quantum computers are available. We need to stop the harvesting of decryptable data now. CIOs and CISOs should take the following steps right away:

• Inventory all the systems in their enterprise and their cryptographic algorithms. Many organizations have an enterprise application inventory. Those that don’t will need to create one. All organizations need to include something unlikely to be in the enterprise inventory: shadow IT systems. Whether shadow IT is encouraged or discouraged, it’s a risk and needs to be part of the inventory.
• Understand each vendor’s strategy for updating their cryptographic modules, and ensure the necessary upgrades are performed to receive the updated modules.
• If vendors can’t or won’t replace the cryptographic modules in their products, or if a production version is past end-of-support or has reached end-of-life, the entire product must be replaced.
• The same review and replacement exercise must be performed for customized and home-grown applications and infrastructure - anything with encryption capability. Upgrade cryptography or replace the application.

Start today because Q-day won’t wait. Bad actors are harvesting your data today and patiently waiting to decrypt it later. 

If you’re still not convinced, watch (or rewatch) the movie Sneakers. That should do the trick.

Ann Dunkin is a Distinguished Professor of the Practice at the Georgia Institute of Technology and CEO of Dunkin Global Advisors, where she provides strategic advice to organizations navigating complex technology decisions and evolving technology environments. She served as CIO of the U.S. Department of Energy under the Biden-Harris administration, managing a $5 billion IT portfolio, and as CIO of the U.S. Environmental Protection Agency under the Obama administration. Earlier in her career, she held leadership roles at Dell Technologies, the County of Santa Clara, and Hewlett-Packard. She is the author of Industrial Digital Transformation and a licensed professional engineer.