Axelspire

Your 2015 Data Will Be Public by 2032—Unless You Act Now

Part of the Post-Quantum PKI Migration Guide

The quantum computing threat isn't coming. It's already here.

While you're reading this, state-sponsored actors are copying your encrypted data—customer transactions, M&A negotiations, proprietary trading algorithms—and storing it. They can't decrypt it today. But in 6-8 years, when quantum computers mature, they will.

Every email, every trade, every confidential document your firm encrypted in the last decade could become public within your current strategic planning horizon.

This isn't a technology problem. It's a balance sheet risk.

Executive Summary

The Risk:

Adversaries are harvesting your encrypted data today to decrypt it later with quantum computers (expected 2030-2032). For financial institutions where data retains value for decades, this represents immediate material risk.

The Timeline:

  • Now: Data being harvested
  • 2028-2032: Current encryption broken by quantum computers
  • Impact Window: Any data encrypted before 2027 is potentially compromised

The Financial Exposure:

  • Retroactive exposure of 10-20 years of strategic communications
  • Proprietary trading algorithms with indefinite competitive value
  • M&A documents, regulatory filings, customer transaction histories
  • Potential liability: comparable to or exceeding historical mega-breaches

Required Action:

Begin post-quantum cryptography (PQC) migration in 2026—deploying quantum-resistant algorithms before current encryption becomes obsolete. Institutions that delay past 2027 risk permanent loss of strategic confidentiality for all historical encrypted data.

Board Question:

"What sensitive data did we encrypt between 2015-2025 that would damage the firm if made public in 2032?"

Why This Matters to Your Business (Not Just Your CISO)

The Traditional Cybersecurity Model Is Broken

Your CISO protects data from being stolen today. That's the wrong threat model.

The quantum threat is retroactive: adversaries are already stealing your encrypted data. They're just waiting for technology to catch up so they can read it.

What's At Risk

Financial services data isn't like consumer data (useful for 6-12 months). Your data has strategic value for decades:

Your Data How Long It Matters Quantum Vulnerability
Proprietary trading models Forever Exposed 2030-2032
M&A negotiations (2015-2025) 20+ years Exposed 2030-2032
Customer transaction histories 30+ years (regulatory) Exposed 2030-2032
Board strategic planning 10-20 years Exposed 2030-2032

Translation: A quantum computer in 2032 can decrypt your 2020 board meeting notes about that confidential acquisition strategy.

The Business Case for Acting Now

Cost of Preparation vs. Cost of Exposure

Option A: Begin PQC migration in 2026

  • Estimated cost: $50-200M (varies by institution size)
  • Timeline: 4-6 years for full migration
  • Outcome: Strategic data remains confidential

Option B: Wait and see

  • Cost: $0 (until 2030-2032)
  • Outcome: Permanent retroactive exposure of 15+ years of encrypted communications
  • Liability: Potentially catastrophic (competitive intelligence loss, regulatory penalties, shareholder lawsuits, reputational damage)

The ROI Calculation

What's the value of protecting:

  • Your last 10 years of M&A negotiations?
  • Proprietary trading algorithms you've developed since 2015?
  • Strategic board discussions about market positioning?

If that's worth more than $200M, the decision is straightforward.

Related: See PQC Migration Strategy for detailed cost breakdowns and infrastructure-first approach that reduces costs to $1M-$2.5M.

What "Post-Quantum Cryptography" Actually Means

In Plain English

Current encryption relies on math problems that are hard for regular computers but easy for quantum computers. It means that securely encrypted data will be instantly readable by quantum computers.

Post-quantum cryptography (PQC) uses different math problems that remain hard even for quantum computers.

The U.S. government (NIST) finalized the new standards in 2024-2025. The technology is proven and ready for deployment. See PQC Timeline & Mandates for details on NIST standards and federal requirements.

What Changes for Your Firm

  • New encryption protocols for networks, VPNs, TLS connections
  • Updated security certificates
  • Crypto-agility frameworks (ability to switch algorithms quickly)

What Doesn't Change

  • Your existing applications (mostly)
  • Your business processes
  • Customer-facing functionality

This is infrastructure modernization, not business transformation. See Why Infrastructure First for why building crypto-agility infrastructure is more important than algorithm choice.

Your 2026-2032 Migration Roadmap

Phase 1: 2026-2027 - Hybrid Protection

  • Deploy post-quantum + classical encryption hybrid
  • Protect all new external communications
  • Cost: 20-30% of total budget
  • Outcome: New data is quantum-safe

Phase 2: 2027-2029 - Core Systems

  • Migrate customer-facing systems
  • Update VPNs, APIs, data centers
  • Cost: 40-50% of total budget
  • Outcome: Critical infrastructure protected

Phase 3: 2029-2032 - Complete Transition

  • Legacy system replacement
  • Remove old encryption entirely
  • Cost: 20-30% of total budget
  • Outcome: Full quantum resilience

Key Milestone: 2027 is the "point of no return" for protecting historical data.

For detailed month-by-month implementation guidance, see PQC Migration Strategy with CertBridge architecture.

Regulatory and Competitive Implications

Regulatory Pressure Building

  • NIST: Federal agencies must begin PQC migration by 2025-2026
  • CISA: Critical infrastructure guidance targeting 2027 deadlines
  • BIS/FS-ISAC: Financial sector-specific roadmaps published 2025
  • Expected: Regulatory mandates for financial institutions 2026-2028

See PQC Timeline & Mandates for complete regulatory timeline and PQC for Regulated Industries for compliance requirements.

First-Mover Advantage

Early adopters will:

  • Meet regulatory deadlines with buffer
  • Attract quantum-conscious enterprise clients
  • Position as security leaders (marketing advantage)
  • Avoid last-minute implementation costs

Laggard Risk

Late movers will face:

  • Emergency implementation costs (3-5× higher)
  • Regulatory penalties
  • Customer trust issues
  • Competitive disadvantage in enterprise sales

Board-Level Actions (Q1 2026)

What Your Board Should Do This Quarter

  1. Commission crypto inventory audit
    Question: "What sensitive data did we encrypt 2015-2025 that adversaries might have harvested?"
  2. Request PQC migration roadmap from CISO
    Timeline: 2026-2032, phased budget, risk mitigation
  3. Approve initial budget for Phase 1 (2026-2027)
    Typical range: $10-50M depending on firm size
  4. Assign executive sponsor
    This is a strategic program, not an IT project
  5. Set quarterly reporting requirement
    Track: % systems migrated, budget vs. actual, regulatory compliance status

Red Flags Indicating You're Behind

  • CISO hasn't mentioned PQC in last 6 months
  • No crypto inventory exists
  • "We'll wait for others to go first"
  • Budget requests being deferred to 2027+

Use Crypto-Agility Assessment to evaluate your organization's readiness for PQC migration.

The Bottom Line

You can't protect yesterday's data with tomorrow's encryption.

Data encrypted in 2020 with today's standard algorithms will be readable by quantum computers around 2030-2032. If that data has strategic value—and for financial institutions, it does—you must begin post-quantum migration now.

This is not a speculative technology risk. This is a balance sheet risk with a defined timeline and quantifiable exposure.

The cost of preparation is measurable. The cost of retroactive data exposure is potentially catastrophic.

The time to act is 2026.

Technical Deep-Dive: Understanding the HNDL Threat Model

For CISOs and CTOs

Harvest Now, Decrypt Later (HNDL) Operations

Harvest Now, Decrypt Later (HNDL) describes the active practice by state-sponsored actors and sophisticated criminal groups of intercepting and long-term archiving of encrypted data streams. The objective is straightforward: store data protected by currently secure algorithms until quantum computers can break them.

This is not theoretical. Multiple intelligence assessments and cybersecurity firms have confirmed HNDL operations targeting high-value sectors including finance, defense, pharmaceuticals, and critical infrastructure.

Technical Mechanism

HNDL attacks exploit the asymmetry between:

  • Current computational hardness: RSA and ECC are secure against classical attacks
  • Future quantum capability: Shor's algorithm renders RSA/ECC breakable

The attack timeline:

  1. 2015-2025: Adversary intercepts and archives encrypted traffic
  2. 2028-2032: Adversary gains access to cryptographically relevant quantum computer (CRQC)
  3. 2032+: Adversary decrypts archived traffic, extracting sensitive data

Data Lifetime vs. Quantum Timeline

For financial institutions, the implications are particularly severe:

Data Type Typical Retention Period Strategic Value Duration Quantum Vulnerability Window
Customer transaction histories 7–10 years (regulatory) 10–30+ years Immediate–2032
Investment banking M&A documents 5–10 years (compliance) Decades Immediate–2032
Proprietary trading algorithms Indefinite Indefinite Immediate–2032
Risk models & pricing engines Indefinite Decades Immediate–2032
Regulatory reporting archives 7–30+ years Decades Immediate–2032
Blockchain transaction signatures Permanent Permanent Immediate–2032

The Quantum Computing Timeline: When Will Quantum Computers Break Encryption?

Recent Breakthroughs Compressing the Timeline

When will quantum computers break current encryption? Earlier estimates (2018-2022) typically placed the arrival of cryptographically relevant quantum computers in the 2040s. Recent breakthroughs have compressed this quantum computing timeline dramatically—and the implications for every organisation relying on RSA and ECC are now urgent rather than theoretical.

Key 2025 Developments

Craig Gidney (Google Quantum AI) - May 2025

Demonstrated factoring RSA-2048 in under one week using fewer than 1 million noisy qubits through:

  • Improved circuit depth reduction
  • Windowed arithmetic optimizations
  • Better approximate residue arithmetic

Error Correction Advances

Surface code and topological codes achieving threshold with:

  • 50-70% reduction in physical qubits per logical qubit
  • Improved syndrome extraction circuits
  • Better decoder algorithms

Hardware Progress

  • IBM: 1,121-qubit "Condor" processor (2023) → 5,000+ qubit roadmap (2027-2028)
  • Google: Willow processor demonstrating exponential error suppression (2024)
  • IonQ/Quantinuum: Trapped-ion systems with 99.9%+ gate fidelities

Current Credible Q-Day Consensus (January 2026)

Source Most Likely Q-Day Window Earliest Plausible Latest Plausible
Google Quantum AI (Gidney 2025) 2029–2033 2028 2035
Global Risk Institute (2025 update) 2030–2034 2027 2040
McKinsey Quantum Monitor (2025) ~2034 2029 2042
NSA / CISA joint guidance (2025) Late 2020s – early 2030s 2028 2035
BIS / FS-ISAC working groups 2030 ± 3 years 2027 2038

Consensus: The most dangerous period is 2028–2035, with highest probability density around 2030–2032.

NIST Post-Quantum Cryptography Standards

The National Institute of Standards and Technology (NIST) completed standardization of the first set of post-quantum cryptographic algorithms in 2024-2025. These are now published as Federal Information Processing Standards (FIPS).

FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)

Formerly: CRYSTALS-Kyber

Algorithm Type: Key Encapsulation Mechanism (KEM)

Primary Use Cases:

  • TLS 1.3 key exchange
  • VPN tunnel establishment
  • Secure email (S/MIME, PGP)
  • API authentication

Security Levels:

Parameter Set Security Level Public Key Size Ciphertext Size Shared Secret Size
ML-KEM-512 NIST Level 1 800 bytes 768 bytes 32 bytes
ML-KEM-768 NIST Level 3 1,184 bytes 1,088 bytes 32 bytes
ML-KEM-1024 NIST Level 5 1,568 bytes 1,568 bytes 32 bytes

Recommended Profile for Financial Institutions:

  • External-facing systems: ML-KEM-768 (NIST Level 3, equivalent to AES-192)
  • Long-term archival: ML-KEM-1024 (NIST Level 5, equivalent to AES-256)

Performance Characteristics:

  • Key generation: ~10 µs (ML-KEM-768)
  • Encapsulation: ~12 µs
  • Decapsulation: ~14 µs
  • ~100× faster than RSA-2048 key exchange

FIPS 204: Module-Lattice-Based Digital Signature Algorithm (ML-DSA)

Formerly: CRYSTALS-Dilithium

Algorithm Type: Digital Signature

Primary Use Cases:

  • X.509 certificate signing
  • Code signing
  • Document signing
  • Firmware updates
  • Blockchain transaction signing

Security Levels:

Parameter Set Security Level Public Key Size Signature Size Signing Speed
ML-DSA-44 NIST Level 2 1,312 bytes 2,420 bytes ~200 µs
ML-DSA-65 NIST Level 3 1,952 bytes 3,293 bytes ~350 µs
ML-DSA-87 NIST Level 5 2,592 bytes 4,595 bytes ~530 µs

Recommended Profile:

  • Standard use: ML-DSA-65 (NIST Level 3)
  • High-security archival: ML-DSA-87 (NIST Level 5)

Key Consideration: Signature sizes are significantly larger than RSA/ECDSA (10-20× increase). This impacts certificate chain transmission overhead, blockchain transaction sizes, and storage requirements for signed audit logs.

FIPS 205: Stateless Hash-Based Digital Signature Algorithm (SLH-DSA)

Formerly: SPHINCS+

Algorithm Type: Hash-based digital signature (stateless)

Primary Use Cases:

  • Backup signature scheme (algorithm diversity)
  • Long-term archival signatures (conservative security profile)
  • Root certificate authority signing
  • Hardware security module (HSM) implementations

Trade-offs:

  • Advantages: Conservative security assumptions (relies only on hash function security), no structured hardness assumptions
  • Disadvantages: Very large signatures (50KB for Level 5), slower signing performance

Recommended Use: Backup/diversity signature scheme, not primary

Strategic Implementation Framework

Principle 1: Adopt a Retroactive Security Mindset

Critical Assumption:

Every communication made today using vulnerable cryptography will eventually become public unless protected by quantum-resistant algorithms now.

Operational Guidance:

  • Classify data by confidentiality lifetime (not just current sensitivity)
  • Prioritize protection of data with strategic value >5 years
  • Assume adversaries are archiving all encrypted external communications

Principle 2: Implement Crypto-Agility

Definition: Crypto-agility is the ability to switch cryptographic algorithms without major architectural changes.

Why It Matters:

  • Algorithm deprecation (current standards will eventually need replacement)
  • Performance optimization (better PQC algorithms will emerge)
  • Regulatory compliance (requirements will evolve)
  • Incident response (rapid algorithm rotation if vulnerability discovered)

See Why Infrastructure First for detailed guidance on building crypto-agility.

Principle 3: Prioritize by Data Lifetime and Sensitivity

Highest Priority (Begin Migration Immediately - 2026)

External TLS Connections:

  • Customer portals
  • Market data feeds
  • Interbank messaging (SWIFT, FIX)
  • Regulatory reporting systems
  • Cloud service connections

Why First: Externally visible, likely targets of HNDL, long data lifetime

Action: Deploy hybrid TLS 1.3 (ML-KEM + X25519)

VPNs and Site-to-Site Links:

  • Data center interconnects
  • Branch office connections
  • Third-party integrations
  • Remote access VPN

Why First: Bulk data transmission, prime HNDL targets

Action: Upgrade to PQC-capable VPN solutions (IPsec with ML-KEM, WireGuard with PQ extensions)

API Security Layers:

  • REST API authentication
  • GraphQL endpoints
  • Microservices communication
  • Partner integrations

Why First: Transaction and position data, long strategic value

Action: Migrate to ML-KEM for session establishment, ML-DSA for API tokens

Document Encryption (Long-term Archival):

  • Regulatory filings
  • M&A documentation
  • Board minutes
  • Strategic planning documents

Why First: Indefinite confidentiality requirements

Action: Re-encrypt archives with ML-KEM-1024

Medium Priority (12–24 Months)

  • Internal network segmentation
  • Code signing & software updates

Longer-Term Priority (24–60 Months)

  • Full application-layer refactoring
  • Hardware Security Module (HSM) replacement
  • Blockchain & DLT migration

Want Expert Assessment?

We've helped Fortune 500 enterprises and major financial institutions assess their quantum risk exposure and build PQC migration strategies.

What we provide:

  • HNDL threat assessment (what data is at risk?)
  • Crypto inventory audit (what are you protecting?)
  • PQC migration roadmap (2026-2032 timeline)
  • Executive presentation (board-ready format)

Contact us for quantum risk assessment

We'll tell you honestly what data is vulnerable, when you need to act, and what it will cost.

Related Resources

PQC Migration Guide
Why infrastructure first
PQC Timeline & Mandates
Federal deadlines and NIST standards
PQC Migration Strategy
Detailed implementation roadmap
PQC for Regulated Industries
Compliance requirements
What Is Post-Quantum Cryptography?
PQC explained in plain language
PQC Impact on TLS & Certificates
Larger certs, handshake performance, mitigations

References

  1. National Institute of Standards and Technology. (2024). Post-Quantum Cryptography Standards.
  2. National Security Agency. (2022). Quantum Computing and Post-Quantum Cryptography FAQ.
  3. Gidney, C. (2025). Factoring RSA-2048 with Fewer Than 1 Million Noisy Qubits. Google Quantum AI.
  4. Global Risk Institute. (2025). Quantum Computing Risk Assessment Update.
  5. McKinsey & Company. (2025). Quantum Monitor: Technology Progress and Market Implications.