In particular, it threatens the cryptographic systems that protect sensitive data across governments, enterprises, and critical infrastructure. A growing concern tied to this shift is often referred to as Y2Q, a shorthand for the moment when quantum computers become capable of breaking widely used public key encryption. Closely associated with this is the strategy known as “store now decrypt later”, in which attackers collect encrypted data today with the intention of decrypting it in the future once quantum capabilities mature. Together, these risks represent one of the most pressing long-term security challenges facing organizations today.

The Threat

Most of the world’s digital security relies on public key cryptography algorithms such as RSA and elliptic curve cryptography. These systems underpin secure communications, digital signatures, authentication mechanisms, and data protection across nearly every industry. However, as documented by the National Institute of Standards and Technology, sufficiently powerful quantum computers running algorithms such as Shor’s algorithm would be able to break these cryptographic foundations.

NIST has been explicit about the urgency of preparing for this transition. On its official post-quantum cryptography guidance page, the agency explains that sensitive data encrypted today may be vulnerable in the future because adversaries can collect encrypted information now and decrypt it later when quantum computers become available. This risk model is widely referred to as “harvest now decrypt later” and is one of the primary drivers behind the global push for post-quantum cryptography standards.

This concern is not limited to theoretical discussions. A 2023 Capgemini Research Institute publication reported that nearly two thirds of organizations believe quantum computing will become one of the most serious cybersecurity threats within the next decade. The same report highlights that long-lived data such as intellectual property, personal records, classified information, and industrial data is particularly exposed, since it must remain confidential well beyond the anticipated arrival of quantum capabilities.

Current organized responses

Government leaders and national security officials have been increasingly vocal about the need to act before Y2Q arrives. Speaking publicly on the topic, Mona Harrington, Acting Assistant Director at the Cybersecurity and Infrastructure Security Agency’s National Risk Management Center, stated,

“Critical infrastructure and government leaders must be proactive and begin preparing for the transition to post-quantum cryptography now.”

This message reflects a consistent theme across national cybersecurity strategies: waiting until quantum computers are operational is already too late.

The National Security Agency has echoed this position. Rob Joyce, Director of NSA Cybersecurity, emphasized the importance of early preparation when discussing quantum threats, saying,

“Post-quantum cryptography is about proactively developing and building capabilities to secure critical information and systems from being compromised through the use of quantum computers. The key is to be on this journey today and not wait until the last minute.”

His remarks underscore that post-quantum security is not a single upgrade but a long-term transition that must begin well in advance.

Former CISA Director Jen Easterly reinforced the same point in public statements, noting that it is imperative for organizations, particularly those operating critical infrastructure, to begin preparing now for migration to post-quantum cryptography. These warnings are grounded in the reality that cryptographic transitions across large systems, supply chains, and global enterprises can take many years to complete.

The danger of the store now decrypt later model lies in its invisibility. Unlike conventional cyberattacks, there may be no immediate breach or system disruption. Instead, encrypted data is silently collected and stored, creating a latent risk that materializes years later. When quantum decryption becomes feasible, vast archives of previously protected data could suddenly be exposed without any opportunity for retroactive mitigation.

Rising to the challenge

This is why post-quantum cryptography is increasingly viewed as a data longevity problem rather than a near-term breach scenario. Information with a long shelf life, such as trade secrets, government communications, health records, energy infrastructure data, and financial transactions, must be protected not just against today’s adversaries but against the computational capabilities of the future.

In response to this challenge, organizations are beginning to seek structured, scalable ways to manage cryptographic risk across complex environments. This is where Exatect plays a critical role. Exatect helps enterprises and institutions understand where cryptographic vulnerabilities exist today and how they will evolve under a quantum threat model. Rather than focusing on isolated upgrades, Exatect supports organizations through a comprehensive transition strategy.

By providing cryptographic discovery and inventory capabilities, Exatect enables organizations to identify where quantum-vulnerable algorithms are in use and which systems rely on long-lived encryption. Building on this visibility, Exatect helps develop phased migration roadmaps aligned with emerging NIST post-quantum standards, allowing organizations to adopt quantum-resistant algorithms while maintaining operational continuity.

Exatect also assists with implementation and governance, helping organizations deploy hybrid cryptographic models that combine classical and post-quantum algorithms where appropriate. This approach supports crypto agility, ensuring that systems can adapt as standards evolve and as quantum timelines become clearer. In doing so, Exatect enables organizations to reduce exposure to store now decrypt later threats while aligning with regulatory and national security guidance.

Quantum computing will undoubtedly reshape the digital landscape. The question facing organizations is not whether this transition will happen, but whether they will be prepared when it does. Y2Q is not a single date on a calendar but a threshold that arrives once quantum capability crosses a critical line. With adversaries already collecting encrypted data today, preparation is no longer a future concern. It is a present-day responsibility.