At a glance: Only 5% of CISOs prioritize the “Harvest Now, Decrypt Later” threat despite second-highest concern about quantum computing, while standards for quantum-resistant encryption are available from 2024.
Attackers are already stealing sensitive data today in the expectation of decrypting it later with quantum computers. A 2025 ISACA survey shows: only 5% of cybersecurity professionals rate this risk as high priority — even though two-thirds are concerned about quantum threats.
The attack pattern “Harvest Now, Decrypt Later” describes a current security gap: cybercriminals are already gaining access to encrypted data today and storing it. Once powerful quantum computers become available, they can decrypt this data using classical encryption methods — a risk that is significant for large volumes of data in finance, healthcare, and critical infrastructure.
According to Félix Barrio, director of Spain’s cybersecurity institute INCIBE, the problem will not worsen suddenly — no so-called “Q-Day” — but gradually. Experts cite different time estimates, from a few months to a decade. However, the required computing power is likely to be available initially only to a few actors — primarily governments.
The US National Institute of Standards and Technology (NIST) published the first three standards for Post-Quantum Cryptography (PQC) in 2024. These algorithms are intended to be quantum-computer-secure, but are currently still being tested and adapted to various technologies. In parallel, Quantum Key Distribution (QKD) is developing as an alternative key exchange method that works via optical fiber or satellite connections and offers an intrusion detection mechanism through quantum physics properties.
The EU has defined a migration path: December 2026 as the first phase for post-quantum cryptography, 2030 for critical systems, 2035 for the rest. Spain is investing in five regional projects on quantum-resistant cryptography through innovation procurement programs. Alberto de Mercado from Fortinet emphasizes that a structured transition process is required that takes into account the type of data transmission and its long-term sensitivity.
Source: www.csoonline.com · Published June 12, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.