Understanding the Harvest Now, Decrypt Later threat is not the same as knowing which of your data is already at risk. Most organisations that have absorbed the HNDL concept have not taken the next step: mapping their specific data categories against the intersection of sensitivity, longevity, and current encryption strength to produce an actual exposure score. That is the gap this calculator fills. It tells you which of your data is most exposed to retrospective decryption once a cryptographically relevant quantum computer exists, ranked by category. Score your HNDL exposure now

What the HNDL Risk Calculator Does

HNDL exposure scoring maps three variables for each data category your organisation holds: how sensitive the data is, how long it needs to remain confidential, and how strong the current encryption protecting it is against quantum attack. These three variables, combined with an estimated CRQC arrival window, produce a risk score per data category indicating which assets are most exposed to retrospective decryption.

The inputs are structured at the data category level rather than the individual file or record level:

  • Data type and classification: government/classified, financial records, health records, intellectual property and trade secrets, authentication credentials, and general enterprise data
  • Longevity requirement: for each category, how many years must this data remain confidential from the point it was created or will be created? This is the question most organisations find hardest to answer accurately.
  • Current encryption algorithm: the algorithm protecting this data category. RSA-2048, AES-128, ECDSA-256, AES-256, or others. Note that the quantum threat profile differs materially between these: RSA-2048 and ECDSA-256 are completely broken by Shor's algorithm on a sufficiently large CRQC; AES-128 is weakened by Grover's algorithm (effective security reduced from 128 to approximately 64 bits), making migration to AES-256 advisable; AES-256 retains approximately 128 bits of security post-CRQC.
  • Data volume estimate: an approximate indicator of how much data in this category exists in your organisation

The output is a risk score by data category, flagging which assets have the highest HNDL exposure. The full assessment takes under 10 minutes.

HNDL risk timeline: data capture window, storage period, CRQC arrival window, and data sensitivity bands showing which data types are at risk Harvest Now, Decrypt Later: Risk Timeline Data harvested today may be decrypted when a cryptographically relevant quantum computer (CRQC) arrives 2020 2024 2028 2032 2036 2040 2044 Now Data capture / harvest window (adversary collection ongoing) CRQC capability window (estimated 2030s-2040s) Data type Classified / Govt 30+ yr longevity HIGH HNDL RISK - already in adversary window Health records 10-20 yr longevity HIGH HNDL RISK IP / Trade secrets 15-25 yr longevity MEDIUM-HIGH HNDL RISK Financial records MEDIUM RISK - depends on content High risk Medium-high Medium Mosca inequality: risk = longevity + migration time vs. time to CRQC
HNDL risk timeline showing which data categories fall within the adversary decryption window based on their confidentiality longevity requirement intersecting with the estimated CRQC capability window (2030s-2040s). Classified and health records carry the highest exposure; data with longevity requirements extending past 2030 is most at risk.

This calculator is specifically about data that already exists and is potentially already being harvested. It answers a different question from a general PQC migration readiness assessment, which asks whether your organisation is ready to migrate. The HNDL calculator asks which of your current data holdings are already in adversary hands, or would be valuable to them if they are.

Why Your HNDL Exposure Score Matters Now

The HNDL threat is different from every other quantum security risk because it is not contingent on future events. Intelligence community assessments indicate that nation-state adversaries with sufficient storage infrastructure are already intercepting and archiving encrypted traffic for future decryption. The question is not whether your data will be targeted, it is whether the data they already hold will be valuable once a CRQC arrives.

The data categories with the highest HNDL exposure are those where the longevity requirement extends well into the period when CRQC capability is plausible. Government and classified data is the clearest case. Financial transaction records, depending on their content, can carry 10 to 20 year confidentiality requirements. Health data in most jurisdictions has retention requirements of 10 years or more. Intellectual property with long commercial value, pharmaceutical research, advanced manufacturing processes, may need to remain protected for decades. Authentication credentials with long validity periods are a separate category: private keys in active use today may still be in use when a CRQC arrives.

The data longevity calculation is where most organisations underestimate their exposure. The gap between "how long do we retain this data" (a compliance question about storage) and "how long does this data need to remain secret" (a security question about adversary value) is often significant. A financial institution that retains transaction records for 7 years under its data retention policy may hold records with confidentiality value extending well beyond that window. Most organisations, in practice, have far less idea than they think about which of their data is genuinely long-lived.

The Mosca inequality context: HNDL risk is highest when data longevity requirement plus migration time exceeds time until CRQC. The Q-Day calculator models this for your organisation's full cryptographic profile; this calculator focuses specifically on the data that already exists and is already at retrospective decryption risk.

The sectors with the highest concentration of HNDL exposure are government, defence, financial services, healthcare, and critical infrastructure operators. These are not coincidentally the sectors facing the most direct regulatory pressure from NIST's finalised PQC standards (FIPS 203, 204, and 205, published 13 August 2024) and frameworks including NIS2 and DORA.

Our tools are designed as directional tools only. Advice and standards are changing rapidly and although we update tools as new information is periodically released they are not designed as a replacement for expert advice. If your organisation results show high-priority exposure the next step is to contact our team or speak to a qualified expert member.

How to Use the HNDL Risk Calculator

Step 1. Open the calculator. No registration or account required.

Step 2. Select your primary data categories. The tool presents a taxonomy of data types: government/classified, financial records, health records, intellectual property and trade secrets, authentication credentials, and general enterprise data. Select all categories that apply to your organisation. If your organisation holds multiple categories, complete the assessment for each, the output ranks categories against each other.

Step 3. For each category, enter the longevity requirement. The tool asks: how many years from creation must this data remain confidential? Enter the number that reflects the genuine confidentiality requirement, not the retention or deletion policy. These are different questions. A legal document that must be retained for 7 years under compliance requirements may need to remain secret from adversaries for 30 years.

Step 4. For each category, confirm the current encryption algorithm. Select from the list: RSA-2048, AES-128, AES-256, ECDSA-256, or other. If you are unsure what algorithm protects a specific data category, flag it as unknown, the tool will score it conservatively and the output will identify this as a data gap.

Step 5. Review the risk scoring output. The tool generates a score per category indicating which data is most exposed to retrospective decryption within the modelled CRQC window.

Step 6. Download or note the result for remediation planning. The output can be used directly in a migration prioritisation conversation or a board briefing.

How to Interpret Your HNDL Exposure Results

High HNDL score: this data category has a combination of sensitive classification, long longevity requirement, and quantum-vulnerable encryption that places it at material retrospective decryption risk. Two responses are appropriate: first, prioritise this category in your PQC migration programme immediately; second, consider data minimisation for data in this category that does not need to exist, if the data does not need to be held, it cannot be decrypted.

Medium score: this category should be included in the first tranche of your migration programme. The risk is real but does not require emergency mobilisation. Do not defer beyond 18 months.

Low score: this category is included in the migration programme but does not drive the schedule. Shorter longevity requirements or lower sensitivity classifications mean the HNDL exposure window is narrower.

The board-level value of the HNDL score is specific: it tells the board not that quantum is a threat in the abstract, but which data your organisation holds that may already be in adversary hands. That framing makes the stakes concrete in a way that general threat briefings do not. "Our classified IP records from 2018 to 2024 are currently protected by RSA-2048, which is fully broken by a CRQC, and they need to remain confidential until 2038" is a different sentence from "we have a quantum risk."

For a full migration priority view that connects HNDL exposure to your cryptographic asset inventory, cross-reference with the Post-Quantum Risk Assessment, which scores your assets across exposure surface as well as data longevity and sensitivity.

Discuss your results with a QSECDEF expert member. A directional assessment is the starting point, not the programme. If your results show high-priority exposure, the next step is a discussion about a structured migration programme with defined milestones. Request a consultation with our team or find a qualified expert member.