There is a security threat building right now that I think almost everyone underestimates, precisely because the technology that would trigger it does not fully exist yet. The threat is that sufficiently powerful quantum computers could break much of the encryption that protects our data today. And the reason this is not a problem for the distant future, but a problem for right now, comes down to a chillingly simple idea: harvest now, decrypt later.
Let me explain the logic, because it is the part people miss. Most of the data we send and store is protected by encryption that is currently unbreakable in any practical timeframe. The assumption underpinning our entire digital security is that this encryption will hold. But a powerful enough quantum computer could, in principle, break some of these schemes. That capability does not exist at the necessary scale today. So you might think the threat is years away and can be dealt with later. That conclusion is wrong, and dangerously so.
Here is why. An adversary does not need a quantum computer today to threaten your data today. They only need to collect your encrypted data now and store it, waiting for the day the technology to decrypt it becomes available. The data you transmit today, captured and hoarded, can be broken open the moment the capability matures. So anything you encrypt now that still needs to be secret years from now is, in a real sense, already at risk. The clock started running the moment someone could begin collecting, not the moment they could begin decrypting.
This reframes the urgency completely. The question is not "when will quantum computers be able to break encryption" — a question that invites complacency, because the answer feels far off. The right question is "how long does the data I am sending today need to stay secret." If the answer is years — and for a great deal of sensitive information, medical, financial, governmental, personal, it is — then the threat is present-tense, not future-tense. You are exposed now to a capability that arrives later.
The good news, which I do not want to bury, is that the response is well understood. There are new forms of encryption designed to resist quantum attack, and the work of migrating systems to them is underway. The path forward exists. The hard part is not knowing what to do. The hard part is doing it in time — replacing encryption across an enormous, sprawling base of systems before the threat fully materialises, and doing it for data whose secrecy is already being silently compromised by collection happening now.
What worries me is the mismatch between the urgency of the threat and the lethargy of the response. Because the breaking capability is not here yet, the pressure to act feels weak, and migration is slow, expensive, and easy to defer. But the harvest-now-decrypt-later logic means that every day of delay adds to the pile of data that will eventually be exposed. We are treating as a future problem something that is quietly accumulating consequences in the present. The bill is being run up now and paid later, and the longer we wait, the larger it grows.
There is a broader lesson in this that extends beyond encryption. Some of the most important risks are exactly the ones that do not feel urgent because their consequences are deferred. We are wired to respond to immediate, visible threats and to discount slow, invisible ones. The quantum threat to encryption is a near-perfect example of a danger that is real now but feels distant, and that gap between reality and perception is precisely where preventable harm lives.
So the question I would ask anyone responsible for protecting sensitive information is direct and uncomfortable: of the data you are encrypting today, how much of it still needs to be secret a decade from now — and have you accepted that some adversary may already be storing it, patiently, waiting for the day they can read it?
The above reflects my personal views only and is intended for informational and discussion purposes. It does not represent the position of any employer or organisation.