Harvest now, decrypt later: why your encrypted data has an expiry date

Quantum computing may seem like a distant promise, a perception reflected in recent Fujitsu research showing nearly a third of Australian organisations (30%) view it as ‘overhyped’.

But as industry leaders, policymakers and technology organisations prepare to convene at the Quantum Australia Conference 2026, the conversation is rapidly shifting from possibility to preparedness. The question is no longer whether quantum will arrive, but how organisations should respond to its earliest and most immediate impacts.

Nowhere is this more urgent than in data security.

Of the three major quantum domains — computing, sensing and communications — it is quantum communications that is advancing fastest in terms of practical, commercial deployment. Technologies like quantum key distribution (QKD) are already being piloted across government and financial institutions globally.

The reason is simple: quantum communications does not depend on fully realised quantum computers. It addresses problems organisations already face, specifically how to secure sensitive data against future threats.

The immediate threat of ‘harvest now, decrypt later’

One of the most important shifts in cybersecurity is the growing concern around ‘harvest now, decrypt later’. While Australian organisations are the most likely globally (28%) to agree that quantum computing could make their current cybersecurity measures inadequate, Fujitsu’s data also shows they are the least likely to be investing in a solution, with only 24% dedicating budget to exploring quantum.

Threat actors are already collecting encrypted data today, with the expectation that future quantum capabilities will allow it to be decrypted. This creates a long-term exposure problem, particularly for organisations handling data that must remain secure for years or decades.

This risk is recognised at a global level. The National Institute of Standards and Technology, for example, has begun formalising Post-Quantum Cryptography (PQC) standards. It has stated that organisations should begin transitioning now. Under its published roadmap, the encryption methods used today will be considered obsolete by 2035, and the most critical systems must be upgraded even sooner. This timeline sets a non-negotiable deadline for organisations to act.

Why quantum communications is gaining momentum

Quantum communications is gaining traction because it changes the security model entirely.

Today’s encryption is based on creating mathematical problems that are incredibly hard for current computers to solve. Quantum computing has the potential to break these models using algorithms such as Shor’s algorithm, an approach specifically designed to find the hidden mathematical weaknesses in today’s public-key encryption protocols (like RSA) that secure the modern internet.

In contrast, quantum communications, particularly quantum key distribution, is based on the laws of physics. Any attempt to intercept a quantum key alters its state, leaving behind clear evidence that tampering has occurred.

This fundamentally shifts the conversation from: “how hard is it to break encryption?” to “can we guarantee the privacy of our encryption keys before they are even used?” The distinction is why governments and critical infrastructure sectors are already investing in quantum-safe communication approaches.

The global response to the quantum threat is already underway

The quantum threat is no longer being treated as a niche cybersecurity issue. It has become a matter of national capability and digital resilience. We’re already seeing early signals of how this will play out:

• Governments and defence agencies are leading investment in quantum-safe communications infrastructure, including the development of domestic, sovereign quantum networks.
• Financial institutions are beginning to assess long-term data exposure risk.
• Standards bodies are accelerating the transition toward Post-Quantum Cryptography and beginning to issue the clear transition guidance that industry needs to move beyond legacy mathematical protocols.
   

At the same time, broader research highlights the urgency. The World Economic Forum has warned that quantum computing could compromise widely used public-key cryptography, creating systemic risk across digital systems.

For organisations, this means the question is no longer if quantum will impact security but when.

Quantum communications isn’t a tech trend, it’s a leadership decision

For CIOs and CTOs, quantum communications should not be viewed purely as an emerging technology. It should be considered across three dimensions:

1. Security upgrade: Ensuring data remains protected against future decryption capabilities through the adoption of quantum-resistant algorithms.
2. Risk mitigation: Addressing long-term exposure of sensitive data that is already being harvested.
3. Strategic capability: Building sovereign control over data and communications infrastructure.

This is especially relevant for organisations operating in regulated environments or managing critical data assets.

What organisations should do now: a five-step plan

The transition to quantum-safe security will take time. Organisations that start early will have a significant advantage. Here are five practical steps leaders can take now:

1. Audit cryptographic exposure: Identify where current public-key encryption standards are used across your systems, particularly those supporting sensitive or long-lived data.
2. Prioritise high-risk data: Focus on data that must remain secure for extended periods including financial, personal, operational and intellectual property data.
3. Develop a post-quantum roadmap: Align with guidance from the National Institute of Standards and Technology and other standards bodies to define a phased migration towards Post-Quantum Cryptography.
4. Test quantum-safe approaches early: Use simulation and testing environments to assess the impact of quantum-resistant algorithms on system performance, latency and integration.
5. Build ecosystem capability: Transitioning to quantum-safe environments requires coordination across vendors, platforms and partners. Organisations should begin engaging their broader ecosystem now.

A predictable disruption with a limited window to act

Quantum communications represent a rare type of disruption: one that is both predictable and already in motion. Organisations do not need to wait for quantum computers to become mainstream to act. The transition to quantum-safe security has already begun, and the timeline is now defined by global standards bodies.

The organisations that act early will be best positioned to manage risk, maintain trust and ensure continuity in a post-quantum world.

The question is no longer whether quantum will impact your organisation. It is whether you are preparing for it now.

Image credit: iStock.com/koto_feja