Your Encrypted Data Is Already Compromised. The Decryption Comes Later
India’s enterprises are encrypting data against a threat they have already crossed. The window to act is not opening. It is closing.
News
- Gemini Flaw Let Hackers Exploit Android Notifications
- AI Is Beginning to Write Its Own Future, Anthropic Says
- Data Centers Find Friendlier Ground in India, Survey Finds
- Supreme Court Proposes AI Rules for Courts, Bars Algorithm-Only Judicial Decisions
- SAP Labs India Selects 16 Startups for 2026 Startup Studio Cohort
- Nearly Half of Workers Now Spend More Time Managing AI Than Doing Tasks, Study Finds
[Image source: Krishna Prasad/MITSMR Middle East]
Key Takeaways
01
Data encrypted today using RSA or elliptic curve cryptography is already within the harvest now, decrypt later breach window. The threat is a present condition, not a future event, for any organization holding data with a shelf life beyond five years.
02
India’s DST released a post-quantum migration roadmap in February 2026 with a 2027–29 timeline for critical sectors, but without binding mandates, enterprise adoption remains conceptual rather than operational.
03
The first required action is not replacing cryptographic infrastructure but conducting a data shelf-life classification: identifying which assets must remain confidential past the point at which current encryption fails.
The standard framing of quantum risk goes like this: sometime in the next decade, quantum computers will become powerful enough to break the encryption protecting today’s data. Organizations have time to prepare. The threat is real but distant.
That framing misreads the timeline entirely.
“The threat is real, imminent, and almost certainly being underestimated, particularly by enterprises,” says Sunil Gupta, Founder and Chief Executive of QNu Labs, a Bengaluru-based quantum-safe cybersecurity company whose systems are deployed across Indian defense networks, banking infrastructure, and government agencies.
The more relevant question is not when quantum computers will break encryption. It is what is already happening to data protected by encryption that will not survive that moment.
Threat actors are collecting encrypted data today with the expectation of decrypting it later, once quantum systems are sufficiently capable. Financial records, diplomatic communications, and intellectual property all retain value over long periods. A corporate merger negotiation encrypted in 2026, if harvested now, could be fully readable by 2032. The encryption does not need to be broken in real time. It only needs to be stored until the tools catch up.
“The breach has already happened,” Gupta says. “The decryption is simply scheduled.”
This strategy, known as harvest now, decrypt later (HNDL), reframes the risk from a future event to a present condition. A January 2026 working paper from the Federal Reserve examined this threat directly. Its conclusion: data whose shelf life extends beyond the point at which a cryptographically relevant quantum computer exists is already compromised in functional terms. Three academic papers published between May 2025 and March 2026 have further compressed the threat timeline. The estimated quantum resources needed to break RSA-2048 encryption have fallen from 20 million qubits to fewer than one million, and in some architectures as low as 100,000.
For organizations protecting data that must remain confidential into the 2030s, the window for action is not approaching. It has already opened, and it is narrowing.
Encryption Built for Yesterday Cannot Protect Data That Must Last Until Tomorrow
The encryption securing most enterprise and government systems today rests on a small set of mathematical assumptions: the computational difficulty of factoring large numbers or solving discrete logarithm problems. RSA (Rivest-Shamir-Adleman) and elliptic curve cryptography, the algorithms underpinning most of the world’s secure communications, are built on these assumptions. Classical computers cannot break them in any practical timeframe. A sufficiently powerful quantum computer, running Shor’s algorithm, could.
The National Institute of Standards and Technology (NIST) finalized three post-quantum cryptography standards in August 2024: ML-KEM, ML-DSA, and SLH-DSA. This marked the end of an eight-year standardization process. Its transition roadmap sets out plans to deprecate RSA and elliptic-curve cryptography for new deployments by 2030 and to disallow them entirely by 2035. A US Executive Order in June 2025 mandated that federal agencies begin migrating. The US government estimates its own migration will cost approximately $7.1 billion between now and 2035.
Those numbers matter not because they translate directly into Indian enterprise costs, but because they establish the scale and duration of what migration actually entails. Migration is not a software update. It requires identifying every system that relies on quantum-vulnerable cryptography, redesigning key exchange and signature architectures, procuring validated quantum-safe products, and testing against interoperability constraints. A realistic enterprise migration timeline runs 42 to 54 months from the point at which a serious effort begins.
For organizations that have not started, the arithmetic is uncomfortable. If a cryptographically relevant quantum computer arrives by 2030, a scenario that recent research has made more credible, and migration takes four years, organizations that begin today will finish just in time. Those that wait for a regulatory directive will not.
“The breach has already happened. The decryption is simply scheduled.” — Sunil Gupta, Founder and Chief Executive, QNu Labs |
IBM’s 2025 Cost of a Data Breach Report put the average cost of a breach in India at INR 220 million (about $2.6 million), a 13% increase over 2024 and the highest figure on record. That figure captures only the visible, immediate costs of a breach. It does not capture the deferred cost of data harvested silently and held until its encryption fails.
“Any sector that holds data with a shelf life beyond three to ten years needs quantum-safe protection today,” he says. Defense and government agencies lead in urgency, followed by banking, telecommunications, and critical infrastructure. What defines their exposure is not technical complexity but the longevity of the data they hold, and what that data would be worth to a threat actor willing to wait.
India Has a Roadmap. It Does Not Yet Have a Mandate.
In February 2026, India’s Department of Science and Technology (DST) released “Implementation of Quantum Safe Ecosystem in India.” The report, produced by a task force under the National Quantum Mission, maps the country’s migration to post-quantum cryptography. It identifies critical information infrastructure sectors, including defense, power, telecommunications, space, and core government systems, as the highest priority for early adoption. It recommends a National Post-Quantum Cryptography (PQC) Testing and Certification Program by December 2026. It sets a 2027-29 migration timeline for high-priority systems and specifies that all cryptographic transition planning should proceed under an “assume breach” principle.
What the report does not yet do is mandate. It is a framework and a recommendation, not a binding directive. The US has its Commercial National Security Algorithm Suite (CNSA) 2.0 framework, with a January 2027 deadline for all new national security system acquisitions to be compliant. The European Union has its quantum roadmap. India has signaled its intent but has not yet translated it into a time-bound transition plan with enforcement mechanisms.
The consequence is practical. In April 2026, QNu Labs demonstrated a 1,000-kilometer quantum communication network under the National Quantum Mission, one of the longest quantum key distribution, or QKD, deployments globally, built entirely on indigenous technology. The technical capability exists. The policy architecture to compel enterprise adoption at scale does not.
Gupta identifies three structural gaps in India’s quantum security ecosystem. The first is procurement speed. India has the vision and increasingly the budget, but government and defense buying cycles move more slowly than the threat. The second is the absence of a binding cryptographic migration mandate across regulated sectors. The third is ecosystem scale. Quantum security depends on a layered network of hardware, networking, and software providers across the full stack, not a single pioneer.
“India needs a quantum security industry, not just a quantum security pioneer,” he says.
The talent constraint sits beneath all three. Quantum security requires simultaneous working knowledge of quantum physics, cryptography, and systems engineering. The pool of people with that combination of experience remains small. “It has improved, but it remains a structural challenge,” Gupta says. Building it will take a decade of deliberate investment, not incremental adjustment.
Research Context
Primary interview with Sunil Gupta, Founder and Chief Executive, QNu Labs, May 2026. Quantitative sources: IBM Cost of a Data Breach Report India (2025); Federal Reserve HNDL working paper (January 2026); NIST post-quantum cryptography standards (August 2024). Policy sources: DST report, Implementation of Quantum Safe Ecosystem in India (February 2026); US migration cost estimate, White House PQC Report (July 2024). |
What Leaders in Each Role Must Do Differently
C-Suite: Start the Inventory, Not the Migration | The first concrete action is not replacing cryptographic infrastructure. It is knowing what you have. Organizations that have not yet mapped which systems rely on quantum-vulnerable encryption cannot prioritize or sequence a migration. For organizations holding data with a shelf life beyond five years, that inventory should be treated as a board-level risk item. The DST framework recommends mandatory cryptographic inventories as a first-phase requirement for critical sectors. Enterprises in banking, insurance, healthcare, and defense supply chains should apply the same standard without waiting for a regulatory directive. |
Technology Leaders: Map Data Shelf Life, Not Just System Vulnerability | The relevant risk variable is not which systems use RSA. It is which data, protected by RSA, must remain confidential past the point at which RSA becomes breakable. CISOs and infrastructure teams should classify data by longevity: records, communications, and intellectual property that retain sensitivity into the 2030s. The cryptographic systems protecting those assets should be the first to migrate. Hybrid deployments that simultaneously use both current and post-quantum algorithms are technically feasible today and are recommended by NIST as a transition mechanism. They do not require full infrastructure replacement. |
Boards and Governance: Treat Harvested Data as a Current Liability | The harvest now, decrypt later model changes the governance question. A board that asks only whether current systems have been breached is asking the wrong question. The relevant question is whether data transmitted and stored over the past several years is already in adversarial hands, awaiting decryption. That reframing changes how cyber risk should be reported, how insurance coverage should be assessed, and how audit committees should evaluate cryptographic posture. Boards governing organizations in regulated sectors should be asking, today, whether their Chief Information Security Officer (CISO) can answer it. |
India’s quantum security posture is stronger than it was two years ago. The National Quantum Mission has produced working infrastructure. The DST roadmap exists and is specific. QNu Labs has demonstrated deployment at a national scale. The technology is not what is holding India back.
That gap is the distance between a framework and a mandate, between a recommended inventory and a completed one. For enterprises holding data that must remain confidential for a decade, that gap is measured not in policy cycles but in exposure that is quietly accumulating today in someone else’s archive.
“Quantum hackers do not knock,” Gupta says. “They harvest and wait.”
The question for Indian organizations is no longer whether quantum computing will affect their encryption. It is whether the data they transmitted last year is already in the breach window. And whether they know it.
