⚠ THREAT LEVEL: ELEVATEDHARVEST NOW DECRYPT LATER ATTACKS ACTIVE · GOOGLE REVISED TIMELINE TO 2029–2032 · NSA CNSA 2.0 DEADLINE: JAN 2027 · NIST PQC STANDARDS FINALIZED AUG 2024 · THREE BREAKTHROUGH PAPERS IN 12 MONTHS · QUBIT REQUIREMENTS REDUCED BY 20X · 2026 DESIGNATED YEAR OF QUANTUM SECURITY BY FBI/NIST/CISA ·
Q-Day Earliest Estimate — Jan 1, 2029
--
YEARS
:
---
DAYS
:
--
HRS
:
--
MIN
:
--
SEC
Earliest plausible window: 2029–2032. Google estimates a 10% probability by 2032.
Three research papers published in the last 12 months have reduced the qubit requirement for breaking RSA-2048
from 20 million to under 1 million. Your employees' PII, payroll data, and benefits records
are protected by encryption that could become obsolete within this window.
Global Threat Assessment
CRITICAL THRESHOLD
7.2 / 10
ELEVATED — ACCELERATING
NSA CNSA 2.0 Deadline
---
DAYS UNTIL JAN 2027 MANDATE
All new U.S. National Security Systems must be quantum-safe by January 2027. Federal agencies are already under formal compliance requirements.
28% OF WINDOW ELAPSED
Recent Threat Intelligence
MAR 2026
Google whitepaper — elliptic curve crypto protecting Bitcoin/blockchain shown vulnerable to <1M qubits. Confidence in Q-Day by 2032 described as "shot up significantly."
CRITICAL
MAR 2026
Iceberg Quantum Pinnacle — new QLDPC architecture reduces RSA-2048 qubit requirement to under 100,000 under certain conditions.
CRITICAL
JAN 2026
Gidney RSA paper — factoring RSA-2048 now estimated at fewer than 1 million noisy qubits, down from 20 million. A 20x reduction in one paper.
CRITICAL
AUG 2024
NIST finalizes ML-KEM, ML-DSA, SLH-DSA — first three post-quantum cryptography standards. Available for immediate enterprise deployment.
DEFENSE
MAR 2025
NIST selects HQC — code-based backup KEM algorithm selected as backup to lattice-based primary standards.
DEFENSE
2025–NOW
Harvest now, decrypt later — state actors actively collecting encrypted data today for future quantum decryption. Threat is present-tense.
ACTIVE
HR Data Exposure Risk
Social Security NumbersCRITICAL
Banking / Payroll DataCRITICAL
Medical / Benefits RecordsCRITICAL
Employee PIIHIGH
Digital Signatures / AuthHIGH
Internal CommunicationsMEDIUM
Data stolen today may be decrypted after Q-Day. Long-lived sensitive records require immediate prioritization.
HCM Vendor Quantum Readiness Scorecard
Vendor
PQC Roadmap Public
NIST Standards Adopted
HNDL Strategy
Public Commitment
Score
Note
Workday
HCM / Financials
?
?
✗
✗
C
No public PQC statement found
ADP
Payroll / HR
?
?
✗
✗
C
Silent on quantum security
SAP SuccessFactors
HCM Suite
✓
?
?
✓
B-
SAP crypto roadmap exists, limited specifics
Oracle HCM
Cloud HCM
✓
?
?
✓
B-
Oracle has published PQC intent
Ceridian Dayforce
HCM / Payroll
✗
✗
✗
✗
D
No quantum security posture found
UKG Pro
Workforce Mgmt
✗
✗
✗
✗
D
No public PQC commitment
Google (Android/Workspace)
Productivity
✓
✓
✓
✓
A
ML-DSA in Android 17, leading PQC adoption
* Scores based on publicly available information as of April 2026. Vendors are encouraged to publish their PQC roadmaps.
HR Leader Action Checklist
Harvest Now, Decrypt Later
ACTIVE
State actors are collecting and storing encrypted HR data today with the intention to decrypt it after Q-Day. Your employees' data may already be in an adversary's vault. Waiting for Q-Day to act is already too late for data stolen now.