Likelihood: MODERATE
Impact: VERY HIGH
Treatment: MITIGATE
Confidence: Moderate
Likelihood is moderate because cryptographically-relevant quantum computers capable of breaking RSA/ECC do not yet exist, making near-term exploitation implausible; however, harvest-now-decrypt-later operations are actively occurring today, meaning the exposure window is open now even though the decryption event is deferred. Impact is very high because the business consequence is retroactive — data already encrypted and exfiltrated becomes readable in a future window the organization cannot control, affecting competitive intelligence, regulated personal data, long-lived secrets, and critical infrastructure operational data simultaneously.
Treatment rationale: The harvest-now-decrypt-later threat model makes avoidance and acceptance indefensible for organizations holding long-lived sensitive data, and transfer cannot address the retroactive data-exposure component that has already occurred; only active migration to NIST-finalized PQC standards (FIPS 203, 204, 205) reduces the forward and retrospective attack surface.
Third-Party / Supply-Chain Risk
Significant. Organizations dependent on third-party PKI providers, cloud key management services, SaaS platforms using TLS/asymmetric encryption, and hardware security module (HSM) vendors face inherited exposure if those vendors have not committed to or completed PQC migration roadmaps. Supply-chain cryptographic dependencies — including certificate authorities, VPN vendors, and API gateway providers — may transmit or store data under algorithms that will become vulnerable, extending the organization's harvest-now-decrypt-later exposure surface beyond its direct control. NIST SP 800-161 framing applies: organizations should require PQC transition attestation from critical third parties as part of supplier risk management.
Loss Exposure (illustrative)
Magnitude: very high — illustrative $5M–$50M+ per organization holding high-value long-lived data (critical infrastructure operators, financial institutions, defense contractors), reflecting regulatory penalties, litigation exposure, operational disruption from forced re-encryption, and competitive harm from disclosed intellectual property; lower-sensitivity organizations illustratively $500K–$5M
Frequency: Illustrative single-event model: one deferred-realization event per organization upon quantum threshold being reached, but with compounding severity proportional to volume of data harvested during the intervening window; harvest activity is assessed as ongoing now
Annualized: Not defensible as a single annualized figure given the deferred-realization model — the loss event does not occur annually but accrues silently; organizations should model this as a deferred liability growing in proportion to annual data volume encrypted under vulnerable algorithms
Basis: Range derived from the structure of the threat, not external reports: magnitude reflects the combination of regulatory exposure (sector-specific penalties for critical infrastructure and financial entities), litigation potential from third-party data exposure, and operational re-encryption costs for large cryptographic estates; frequency reflects the harvest-now-decrypt-later temporal model in which adversary collection is assessed as current and the loss-realization event is tied to quantum computing maturity rather than a recurring annual probability
Illustrative estimate — not actuarially derived.
Insurance / Contractual / Legal — Potential Obligations
Potential triggers, not legal determinations. Verify with counsel/broker before acting.
• Retroactive exposure of regulated personal data under harvest-now-decrypt-later may invoke breach-notification obligations if quantum decryption is later confirmed — verify with counsel regarding whether prospective exfiltration of currently encrypted data constitutes a reportable event under applicable state, federal, or sector-specific law.
• Cyber-insurance policies may exclude or limit coverage for quantum-enabled decryption events if PQC migration was not underway by policy renewal date — verify with broker regarding emerging quantum-risk exclusion language.
• Contractual data-protection obligations with customers or partners holding long-lived sensitive data may require notification or remediation if those data flows relied on RSA/ECC encryption that has not been migrated — verify with counsel.