Your Encrypted Data May Already Be Compromised. You Just Don't Know It Yet.
Feb. 14, 2026
Adversaries may already be stealing your encrypted data. They can't read it yet, but they're betting quantum computers will crack it open within the next decade. Cybersecurity experts call it "harvest now, decrypt later," and it means the quantum threat isn't a future problem. It's happening now.
Chris Inglis has been warning about this. As the former deputy director of the National Security Agency and the nation's first Senate-confirmed national cyber director, he spent decades watching threats emerge before they hit the headlines. At CruiseCon 2026, he put the risk in stark terms.
"How concerned am I about quantum? I'm very concerned about that," Inglis said. "It's not going to come through the front door that we're looking at. It's going to come through the side door. And the first party that has it isn't going to tell you that they have it. So all of that sets us up for a big surprise."
Remarks are drawn from notes taken during his CruiseCon address.
Why This Matters Now
A joint cybersecurity information sheet from CISA, NSA and NIST explicitly warns of this threat, urging companies to begin preparing now. As Microsoft's Security team has noted, the threat of harvest now, decrypt later cyberattacks becomes increasingly pressing as quantum computing advances. Hackers are recording and storing encrypted data today with the intention of decrypting it once quantum capabilities mature.
Your client records, financial data, trade secrets and legal documents are all encrypted. That encryption keeps them safe from today's computers. But quantum computers operate on fundamentally different principles. When they mature, they'll crack the encryption algorithms that protect most of the world's data, including RSA (Rivest–Shamir–Adleman) and elliptic-curve cryptography (ECC), in a fraction of the time it would take conventional machines.
The critical point: Post-quantum cryptography doesn't retroactively protect data that's already been stolen. If adversaries have captured your encrypted files, upgrading your encryption later won't help. The window for protection is now.
Timeline Tighter Than You Think
Most estimates suggest functional quantum computers capable of breaking current encryption are somewhere in the 10-20-year range. Some experts believe it could happen sooner. The uncertainty itself is the risk.
Inglis noted the federal government has set 2035 as its deadline for transitioning to quantum-resistant encryption. But he cautioned this timeline may already be too tight.
"We're already, by most accounts, way inside of that window," he said, referring to the gap between how long sensitive data needs to stay protected and when quantum computers might compromise it.
The National Institute of Standards and Technology released its first set of post-quantum encryption standards in August 2024 and is urging businesses to start transitioning immediately. In March 2025, NIST selected an additional algorithm called HQC as a backup standard. The agency plans to deprecate current encryption methods by 2030 and disallow them entirely by 2035.
That means the software, cloud services, and security tools your business relies on will all need to update their encryption over the next several years.
Inglis had pointed words for firms planning to wait and see how things develop.
"When you say, 'I'll just be a fast responder or a fast follower,' you are setting yourself up to be in a hard call'," he said.
What This Means for Your Business
You don't need to become a quantum computing expert to protect your business. But you do need to start asking questions and planning ahead.
The first step is understanding what data your business holds that could still be valuable in 10 or 15 years. Client records, intellectual property, financial histories, legal agreements and personnel files all fall into this category. If that data were exposed a decade from now, would it cause harm to your business or your customers?
Next, start conversations with your technology vendors and IT providers. Ask whether they're tracking NIST's post-quantum cryptography standards. Find out if they have a roadmap for transitioning to quantum-resistant encryption. Understand what their timeline looks like and how it will affect your systems.
Finally, consider conducting a cryptographic inventory. This means identifying where encryption is used across your business, from email and file storage to payment processing and customer databases. You can't upgrade what you haven't mapped.
We're Not Quantum Ready
Inglis put the stakes in perspective when he compared the coming quantum disruption to the rapid emergence of generative AI.
Chris Inglis
White House's First-Ever Cyber Director
Generative AI was kind of a big surprise. It kind of came on so fast, and the speed of it is the thing. I think quantum is going to make that look like a walk in the park. And we're not quantum ready.
The businesses that start preparing now will have time to transition methodically. Those that wait for a clear signal may find themselves scrambling when the threat is no longer theoretical.
The quantum era is coming. The only question is whether your business will be preparing early or reacting late.
Need Help Assessing Your Quantum Readiness?
STACK Cybersecurity can help you understand your current encryption posture and develop a roadmap for the post-quantum future. Call (734) 744-5300 or Contact Us to start the conversation.