NCSC warns on quantum‑era harvesting

Encrypted data is supposed to buy you time. Quantum computing threatens to take that time back. That is the point behind the UK National Cyber Security Centre’s warning on “harvest now, decrypt later” — the idea that an attacker can copy protected traffic today, store it for years, and read it once quantum machines can break the public-key systems we still use all over the internet. The NCSC has been pushing this message through its post-quantum guidance, and it surfaced again around CYBERUK 2026 as part of a broader call to stop treating quantum migration as a far-off research problem. (ncsc.gov.uk) ### What is being “harvested”? Mostly ciphertext — encrypted emails, VPN sessions, backups, archived files, identity traffic, and anything else protected with today’s public-key cryptography. The trick is simple. An attacker does not need to crack the data now. The attacker just needs to collect it now, keep it, and wait for a cryptographically relevant quantum computer to arrive. The NCS(ncsc.gov.uk)attacker read information encrypted in the past and forge information in the future. (ncsc.gov.uk) ### Why is this a problem now? Because some data stays valuable for a very long time. Think health records, government files, defense material, industrial secrets, legal archives, and regulated datasets with long retention periods. If that information must stay secret for 10 or 20 years, then a future decryption capability is already a present-day risk. That is why the NCSC frames post-(ncsc.gov.uk)antum hardware matures. (ncsc.gov.uk) ### What did the NCSC actually tell organizations to do? Start planning on a schedule, not “someday.” The NCSC’s migration guidance sets three headline milestones: by 2028, define goals, discover where cryptography sits across the estate, and build an initial migration plan; by 2031, complete early high-priority upgrades and refine the roadmap; by 2035, finish migration of systems, services, and pro(ncsc.gov.uk) possibly taking longer. (ncsc.gov.uk) ### Why is discovery the hard part? Because most big organizations do not fully know where cryptography lives. It is buried in apps, devices, certificates, vendor products, industrial systems, old integrations, and forgotten internal tools. Replacing an algorithm sounds like a software patch, but turns out the real job is inventory, dependency mapping, procurement pressure, testing, and sequencing. (ncsc.gov.uk)tional infrastructure operators, and companies with bespoke IT because those are the places where hidden crypto sprawl becomes a years-long program. (ncsc.gov.uk) ### Is this about all encryption? Not exactly. The sharpest quantum threat hits widely used public-key cryptography — the machinery behind key exchange and digital signatures. That matters because public-key systems help set up secure sessions and prove identity across networks. If those foundations break, confidentiality and trust both get shaky. The NCSC’s answer is migration to post-quantum crypt(ncsc.gov.uk)th classical and quantum attacks. (ncsc.gov.uk) ### Does this mean panic? No — but it does mean stop waiting for a perfect forecast. The NCSC’s line is basically that the migration itself will take years, span multiple investment cycles, and reward early preparation. Even if small organizations mostly get quantum-safe upgrades through vendors, larger enterprises still need decisions now about data retention, supplier roadmaps, and which long-lived secrets deserve first protection. (ncsc.gov.uk) ### So what is the real takeaway? The quantum story is not just about the day a powerful machine shows up. It is about whether your most sensitive data has already been copied by then. That is why “harvest now, decrypt later” lands so hard — the breach can happen years before the reading does. (ncsc.gov.uk)