Harvest Now, Decrypt Later: The Quantum Threat to UK Data

Steve Hollingsworth, Infrastructure Sales Director, Covenco

Steve Hollingsworth
Infrastructure Sales Director, Covenco Ltd

6 min read

Your encrypted data is being stolen right now. Not to read today. To decrypt later. Here is how HNDL works, why it matters, and what you can actually do about it.

It sounds like something from a security conference keynote. The kind of threat that gets a slide, a dramatic pause, and then gets filed away as a future problem. But Harvest Now, Decrypt Later, HNDL, is neither theoretical nor futuristic. It is an active, ongoing operation being run by nation-state actors against UK organisations right now.

Here is how it works, why it matters, and what you can actually do about it.

What is Harvest Now, Decrypt Later?

The attack is straightforward in concept. Adversaries intercept and store encrypted network traffic today, in bulk, without attempting to decrypt it. They hold it. When quantum computing matures to the point where current encryption standards can be broken, they decrypt it retrospectively.

The protocols protecting most enterprise networks, IPSec, VPN, TLS, and MACsec, rely on mathematical problems that are computationally infeasible for today’s computers to solve. RSA and ECC, the foundations of most enterprise key exchange, are solid against classical machines. Against a sufficiently capable quantum computer, they are not.

That threshold has a name: Y2Q. Dr Michele Mosca, a leading academic in quantum computing, estimates a 50:50 probability of Y2Q arriving by 2031. Hybrid quantum-AI attack methods are compressing that timeline. And the adversaries running HNDL operations are not waiting to find out. They are capturing traffic now and banking on the capability arriving in time.

Why your long-term data is the target

HNDL attacks are not indiscriminate. They are targeted at data whose sensitivity extends over time. The value of the harvest depends on whether the data will still matter when decryption becomes possible.

That puts certain sectors squarely in the crosshairs.

Financial services organisations are carrying years of transaction records, client communications, and counterparty data under current encryption. Legal practices hold privileged communications. Healthcare providers retain clinical records with sensitivity windows that extend decades. Public sector bodies transmit data under long statutory retention obligations.

For an IT Director in any of those sectors, the uncomfortable question is this: how much of that data has already been harvested? There is no way to know. The traffic was captured in transit, silently, with no visible breach event. The compromise, if it occurred, will not become visible until after Y2Q.

Why legacy systems make this significantly worse

Post-quantum migration is manageable for modern infrastructure. Cloud environments, current-generation network appliances, and recently deployed enterprise applications can adopt NIST-aligned cryptographic standards as vendor support rolls out.

Legacy systems are a different problem.

Industrial control platforms, fixed-firmware network appliances, embedded OT devices, and core financial applications running on IBM Power or other long-lifecycle architectures cannot be patched at source to adopt post-quantum cryptography. They are active, data-carrying parts of the network. They are also the least likely to be refreshed any time soon.

Every day those systems transmit data under classical encryption; that data is potentially being added to an adversary’s archive. The exposure does not pause while you plan a hardware refresh programme.

This is the part that tends to land badly in board conversations, because the natural response to a security gap is to ask when it will be closed. The honest answer is that for legacy estates, ‘when we refresh the hardware’ is not good enough. The data leaving those systems today is at risk, regardless of what replaces them in three years.

NIST has already moved. Has your organisation?

In 2024, the National Institute of Standards and Technology published its first finalised post-quantum cryptographic standards: FIPS 203, 204, and 205. Standards bodies do not publish migration requirements for hypothetical risks. This was a formal signal that post-quantum migration is now a time-bound obligation for regulated organisations and government suppliers.

The UK’s National Cyber Security Centre followed with its own post-quantum migration guidance. The direction of travel is settled. The question for most IT Directors is no longer whether to migrate but where to start and how to protect the estate in the meantime.

What a practical response looks like

There are two approaches that together cover the full enterprise estate, modern infrastructure and legacy systems alike.

For modern infrastructure, the problem is the key exchange, not the encryption algorithm itself. Traditional protocols such as IKEv2 and PKI transmit cryptographic keys over the same network path as the data they protect. Capture the traffic and you capture the keys. Digital Quantum Key Distribution, D-QKD, eliminates this by deriving keys independently at each endpoint. Keys are never transmitted over the data path. An adversary who captures every packet in transit has nothing usable, now or after Y2Q. Quantropi’s D-QKD runs entirely in software over existing IP networks. No dark fibre, no quantum hardware, no new infrastructure.

For legacy systems, a quantum-safe forward proxy applies protection at the network boundary without touching the underlying device. It intercepts outbound traffic before it crosses untrusted networks, re-encrypts it using quantum-safe algorithms, and passes it on transparently. The legacy system is unaware anything has changed. No modification, no downtime, no replacement programme required. The HNDL exposure is addressed where it can actually be controlled.

You can read more about how both approaches work on our Covenco and Quantropi partner page.

The board conversation you are probably going to have

Quantum risk is moving up the agenda. Audit committees are starting to ask about post-quantum readiness. Regulators are publishing guidance. Cyber insurers are paying attention.

Organisations that act now do so on their own terms, with time to assess their exposure, plan migration properly, and deploy protection in a managed way. Organisations that wait do so on the adversary’s schedule.

The starting point is not a large infrastructure programme. It is an honest assessment of current cryptographic exposure, which systems carry the greatest HNDL risk, where the legacy gaps are, and what a proportionate response looks like.

Covenco has partnered with Quantropi to help UK organisations work through exactly that. Quantropi’s QiSpace platform is NATO-approved, aligned to NIST FIPS 203, 204, and 205, and benchmarked by Deutsche Telekom at over 250x faster than traditional optical QKD. It deploys over existing infrastructure with no hardware investment required.

Harvest Now, Decrypt Later: the quantum threat your security team cannot afford to ignore

What is Harvest Now, Decrypt Later?

Why your long-term data is the target

Why legacy systems make this significantly worse

NIST has already moved. Has your organisation?

What a practical response looks like

The board conversation you are probably going to have

Further reading