Security Teams · Free Tool
Seven questions. A scored estimate of your organisation's exposure to Harvest Now Decrypt Later attack scenarios. No registration. All computation runs in your browser. Results display on this page.
Harvest Now Decrypt Later (HNDL) is a prospective attack strategy in which an adversary captures encrypted data today, stores it, and decrypts it retrospectively once a cryptographically relevant quantum computer (CRQC) is operational. The attack requires no cryptographic break at the point of collection. It exploits the gap between the lifetime of sensitive data and the expected arrival of quantum decryption capability. Organisations that hold data with multi-year confidentiality requirements face a real exposure window even though no CRQC exists today.
This calculator scores your organisation across five factors drawn from the Mosca inequality framework. Data confidentiality lifetime carries the greatest weight because the Mosca Z variable, the number of years data must remain secret, is the primary determinant of whether HNDL poses a material risk. Data sensitivity, interception accessibility, collection attractiveness, and adversary relevance contribute progressively smaller weights. A regulatory exposure question applies an additional score modifier where formal quantum migration obligations exist. Together, these inputs produce a score between 20 and 100 and assign your organisation to one of four risk tiers.
Two points are essential for interpreting the output correctly. First, the score is a directional indicator, not an audit finding. The tool does not examine your cryptographic infrastructure, assess the strength of your encryption, or analyse your network architecture. It produces an exposure estimate based on the type and sensitivity of data your organisation holds and transmits. A high score means the combination of your inputs creates conditions under which HNDL is a plausible and material threat. It does not confirm that collection is occurring. Second, current encryption is not broken. RSA and elliptic curve cryptography remain computationally secure against any adversary operating today. The risk this tool assesses is prospective: data encrypted today remains vulnerable to a future CRQC if its confidentiality requirement extends into the CRQC threat window.
The scoring model is based on the Mosca inequality, first articulated by Professor Michele Mosca at the Institute for Quantum Computing, University of Waterloo. The formula is: Score = (Lifetime x 0.30 + Sensitivity x 0.25 + Accessibility x 0.20 + Attractiveness x 0.15 + Adversary x 0.10) x 20, plus regulatory uplift.
Quantum Security and Defence does not collect, associate, or retain your name or your company name when you use these tools. All information is stored only for the duration of the browser session.
We collect only country, industry, and results data. This information is anonymised and cannot be associated with you or your company. Such anonymised data may be used for industry-level reporting, shared with members, incorporated into our research, and provided to government departments to support lobbying activity and the communication of industry readiness.
By using this tool, you consent to the provision of results data on a strictly anonymised basis. No personal name, email address, or company name is stored.
Country is recorded anonymously for industry-level reporting only.
Required to calculate your score, recorded anonymously.
Industry selection is required and recorded anonymously. It does not affect the margin calculation.
Not recorded. Only used to create your PDF report in the browser session.
Not recorded. Only used to create your PDF report in the browser session.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
Consider the data your organisation would most want to protect from future decryption. Not all data you hold will qualify. Operational logs, short-lived transaction records, and publicly accessible communications carry minimal HNDL exposure. The question is: if an adversary captured encrypted copies of your most sensitive records today and could read them in ten years, what would be the consequence? Select the longest confidentiality period that applies to any significant data category your organisation protects.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
The HNDL threat depends not only on how long data must remain confidential but on what it reveals if decrypted. Assess the most sensitive category in your organisation's data estate, not the average. If your organisation holds data across multiple sensitivity levels, select the highest applicable category.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
This question is not about the strength of your encryption. Asymmetric encryption in use today is not practically breakable by any adversary operating without a CRQC. This question assesses the extent to which your encrypted data moves across infrastructure that could be monitored or tapped by a capable adversary. Data that remains within a physically controlled private network presents a much smaller collection surface than data that regularly crosses public internet infrastructure, cloud provider interconnects, or telecommunications backbones. Bulk interception at network chokepoints is a documented intelligence collection technique.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
Adversaries with the capability and intent to conduct HNDL operations do not collect indiscriminately. They prioritise organisations that hold large volumes of high-value data. An organisation that aggregates sensitive data on behalf of many other parties, or whose data would provide strategic intelligence value, is more likely to be a deliberate collection target. The question is not whether your encryption can currently be broken. It is whether your organisation is the type of target a state-level adversary would invest collection effort in.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
Harvest Now Decrypt Later is primarily a nation-state attack vector. Conducting it at scale requires the capability to intercept encrypted data across network infrastructure, the storage capacity to retain ciphertext for years, and ultimately the possession of a CRQC. These requirements place HNDL capability within a small set of well-resourced state intelligence organisations. Not every organisation is exposed to this adversary. A domestically-focused commercial business with no government contracts, no defence connections, and no critical infrastructure designation is an unlikely specific target. A NATO defence prime contractor, a central bank, or a national telecommunications operator occupies a fundamentally different position.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
Professional Advisory
This calculator returns a directional exposure estimate based on five organisational factors. A full assessment of your HNDL risk requires analysis of your cryptographic estate, data classification, network transit paths, and applicable regulatory obligations. Quantum Security Defence conducts structured HNDL assessments for organisations at all stages of quantum security readiness.
Speak to an adviser