Key Takeaways
- HNDL attacks are already underway: nation-states are harvesting encrypted enterprise data now for future decryption, yet only 5% of enterprises have quantum-safe encryption deployed (DigiCert/Propeller Insights, May 2025).
- Consulting and professional services captured roughly 50% of PQC market revenue in 2024 and will grow at a 46.2% CAGR through 2030 as enterprises discover that migration complexity cannot be resolved by software purchases alone.
- Canada's April 2026 federal migration plan mandate and NSA CNSA 2.0's January 2027 deadline mark the start of a regulatory cascade that will pull private-sector enterprises in through contractor requirements and sector-regulator alignment.
- The talent bottleneck is structural: one qualified quantum practitioner for every three open roles (McKinsey), with lattice-theory specialists commanding $210K median salaries — whichever consulting firm solves staffing first sets the market's billing ceiling.
- Full enterprise PQC engagements run $1M–$10M+ over two to five years; the White House pegs the federal government's own migration at $7.1B through 2035, a figure that implies private-sector exposure of several multiples.
Nation-state actors are intercepting and archiving enterprise encrypted traffic right now. They cannot read it yet — but Google, IBM, and IonQ each independently project that cryptographically relevant quantum computers (CRQCs) will arrive between 2028 and 2031, at which point those archives become readable. According to a May 2025 DigiCert/Propeller Insights survey, only 5% of enterprises have quantum-safe encryption actually deployed. That gap between existential threat and operational readiness is the consulting engagement that nobody in the industry can now avoid.
The Attack Is Already Live, and Enterprises Have No Map of What's Exposed
The NSA's explicit public warning that adversaries "may already be harvesting encrypted data with long-term strategic value" is a rarity: an intelligence agency telegraphing an active counterintelligence concern. China, Russia, and other well-resourced state actors are capturing TLS-encrypted traffic, VPN sessions, and cloud data transfers today, building stockpiles for retroactive decryption once CRQCs mature.
What makes HNDL structurally different from conventional cyber risk is the exposure window's asymmetry. Organizations protecting data with multi-year strategic sensitivity — M&A deliberations, pharmaceutical IP, defense contract negotiations, clinical trial results — face retroactive exposure on everything transmitted under vulnerable RSA or ECC encryption. The relevant calculation is not "time until Q-Day" but "data sensitivity lifetime minus years until Q-Day." For large swaths of corporate communications, that window has already closed in the adversary's favor.
The operational problem compounds from there. Consultants running discovery engagements routinely find that enterprises discover 3–5 times more cryptographic assets than initially estimated — embedded across APIs, legacy applications, hardware security modules, endpoints, and decades of accumulated infrastructure. A September 2025 Federal Reserve paper examining HNDL risks to distributed ledger networks highlighted the same fundamental gap: organizations concentrate on future-state security while failing to account for already-recorded, immutable data that adversaries can exploit retroactively. You cannot migrate what you have not found, and most enterprises have not looked.
Why Consulting Is Already Capturing Half the PQC Market Before Migration Peaks
The MarketsandMarkets PQC forecast projects overall market growth from $0.42 billion in 2025 to $2.84 billion by 2030 at a 46.2% CAGR. The headline understates the consulting opportunity because it does not capture adjacent cybersecurity spend redirected toward PQC remediation. What the data does confirm is where early revenue concentrates: the Design, Implementation, and Consulting segment generated approximately 50% of overall PQC revenue in 2024 and holds the fastest growth trajectory through 2030.
NIST's August 2024 finalization of FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) eliminated the one defensible reason enterprises had for deferral: algorithm uncertainty. For three years, CISOs could credibly argue that committing to a migration before standards were finalized was premature. That argument expired the moment NIST published. What replaced it was a recognition that cryptographic inventory, hybrid deployment architecture, HSM procurement and configuration, supply chain quantum-readiness assessment, and staff retraining cannot be resolved through a software purchase. Accenture, Deloitte, EY, PwC, and KPMG have all stood up dedicated PQC advisory practices; Deloitte formalized its practice as early as 2023. The boutique cryptography specialists, MSSPs, and Big Four are converging simultaneously on a practice category that was largely theoretical five years ago.
Inside a Multi-Million Dollar PQC Engagement: The Migration Playbook
A full enterprise PQC migration for an organization above 5,000 employees runs $1 million to $10 million-plus and spans two to five years. The six-phase structure consultants are now selling at scale — cryptographic inventory, risk stratification, pilot testing, hybrid deployment, full production migration, and continuous governance — generates deliverables at each stage and, critically, creates scope expansion that extends both timeline and fees.
The NCCoE practice guide documented roughly 50% throughput reduction in hybrid classical/PQC configurations during testing, a performance headwind that forces architecture rework few organizations budgeted for. Embedded devices, OT systems, and long-lifecycle hardware with non-updatable firmware represent a hardware replacement cycle layered on top of the software migration. The White House estimated the federal government's own migration at approximately $7.1 billion over the 2025–2035 window. Private-sector exposure, distributed across financial services, healthcare, energy, and defense contracting, is larger by any reasonable extrapolation.
The inventory phase alone explains the fee structure. Organizations discover far more cryptographic surface area than their own architecture teams anticipated, and that discovery drives risk stratification, which drives remediation sequencing, which feeds directly back into expanded consulting scope. An engagement sold as a six-month assessment reliably becomes a multi-year implementation program.
Canada's April 2026 Mandate Is the First Regulatory Domino
The Canadian Centre for Cyber Security's ITSM.40.001 roadmap, effective June 2025, required every federal department and agency to submit an initial PQC migration plan by April 2026, complete high-priority system migration by end of 2031, and finish all remaining systems by 2035. The Treasury Board of Canada Secretariat is formalizing these timelines into binding policy instruments. The NSA's CNSA 2.0 framework requires quantum-safe algorithms for all new national security systems by January 2027, full application migration by 2030, and complete infrastructure transition by 2035. CISA published its first PQC product category list in January 2026.
This sequencing drives private-sector demand through three compounding vectors. Defense contractors and federal vendors inherit quantum-safe requirements through procurement agreements. Regulated industries — banking, healthcare, critical infrastructure — face sector regulators who routinely mirror federal frameworks with a one-to-two year lag. Publicly traded companies face SEC disclosure obligations for material cybersecurity risks, and retroactive HNDL exposure now arguably qualifies. The BFSI sector already holds the largest vertical share in PQC adoption precisely because financial regulators track national security guidance closely. When equivalents in the EU and APAC jurisdictions formalize quantum-safe reporting requirements, the regulatory pipeline will dwarf the current North American wave.
The Talent Bottleneck Consulting Firms Cannot Simply Buy Their Way Out Of
A McKinsey analysis found only one qualified quantum professional for every three open roles, with fewer than 50% of quantum positions filled as of 2025. Lattice-theory specialists — the cryptographic subspecialty central to ML-KEM and ML-DSA implementations — command median salaries of $210,000, a 38% premium over classical cryptographers, according to the 2025 Robert Half Technology Salary Guide. The university pipeline is accelerating (42 U.S. institutions introduced PQC courses in 2025–2026, up from just 7 in 2022), but graduate programs require years to produce practitioners at scale.
The structural paradox is acute: consulting firms are simultaneously the primary demand driver for PQC talent and the organizations most constrained by its scarcity. Firms that solve this through offshore capability centers, proprietary discovery tooling that reduces manual inventory labor, or strategic acquisition of cryptography boutiques will set the billing rate ceiling. Firms that cannot staff engagements will lose clients to competitors willing to pay for talent at any cost. This is the competitive dynamic that will determine market share through the end of the decade, and it has nothing to do with brand recognition or legacy client relationships.
From $2.84B to the Long Tail: Positioning for the Full Migration Cycle
The MarketsandMarkets figure is conservative as a total opportunity estimate. PQC migration is not a one-time remediation project — it initiates a permanent cryptographic agility function requiring ongoing management as NIST deprecates vulnerable algorithms, standards evolve, and hardware threat timelines shift. Every new sector mandate extends the engagement pipeline. Every quantum hardware milestone compresses the urgency. Every year that enterprises delay adds another year of HNDL exposure that cannot be retroactively remediated.
The firms positioned to own the full migration cycle combine deep cryptographic expertise with sector-specific regulatory knowledge, proprietary inventory tooling, and the implementation headcount to execute at scale. Generalist strategy firms that deliver a quantum readiness roadmap and hand off implementation capture a single fee. Firms that embed governance functions permanently inside client organizations will compound revenue across the full decade. The consulting category nobody could sell three years ago has become the one engagement every CISO now has on their board-level priority list.
Frequently Asked Questions
What is a harvest now, decrypt later (HNDL) attack, and is it actually happening?
HNDL is a strategy where adversaries capture and archive encrypted data today, before they can decrypt it, with the intent to decrypt it once quantum computers become powerful enough to break current RSA and ECC encryption. The NSA has explicitly warned that adversaries 'may already be harvesting encrypted data with long-term strategic value,' and intelligence assessments attribute active collection campaigns to state-level actors including China and Russia. A [Federal Reserve paper published in September 2025](https://www.federalreserve.gov/econres/feds/harvest-now-decrypt-later-examining-post-quantum-cryptography-and-the-data-privacy-risks-for-distributed-ledger-networks.htm) formally examined HNDL risks to financial infrastructure, indicating institutional recognition that the threat is present-tense, not hypothetical.
Has NIST finalized post-quantum cryptography standards, and are they safe to deploy?
Yes. NIST finalized three post-quantum cryptographic standards in [August 2024](https://www.nist.gov/pqc): FIPS 203 (ML-KEM, for key encapsulation), FIPS 204 (ML-DSA, for digital signatures), and FIPS 205 (SLH-DSA, a hash-based backup algorithm). NIST selected HQC as an additional key encapsulation mechanism in March 2025, providing a code-based algorithm as a hedge against lattice vulnerabilities. These standards have undergone multi-year public review and are safe to deploy in production; AWS, Microsoft, and Google Cloud all integrated ML-KEM into core infrastructure services by late 2025.
What are the key compliance deadlines enterprises should be planning around?
The NSA's CNSA 2.0 framework requires all new national security systems to use quantum-safe algorithms for key exchange and signatures by January 2027, with full application migration by 2030 and complete infrastructure transition by 2035. Canada mandated that all federal departments submit initial [PQC migration plans by April 2026](https://www.cyber.gc.ca/en/guidance/roadmap-migration-post-quantum-cryptography-government-canada-itsm40001), with critical systems completed by end of 2031. Defense contractors, financial institutions, and healthcare organizations should treat government deadlines as leading indicators for their own sector-specific regulatory requirements, which typically follow federal templates by 12 to 24 months.
How much does a post-quantum cryptography migration engagement actually cost?
Enterprise PQC migration costs [range from $1 million to $10 million-plus](https://www.graygroupintl.com/blog/post-quantum-cryptography-enterprise-guide/) for organizations with more than 5,000 employees, spanning two to five years of phased implementation. Mid-market organizations (500–5,000 employees) typically budget $200,000 to $1 million, driven primarily by discovery tooling, HSM upgrades, and testing. The White House estimated the U.S. federal government's own migration at approximately $7.1 billion through 2035 — a figure that suggests private-sector aggregate costs will be substantially higher once financial services, healthcare, and defense contractors are included.
Why is the PQC talent shortage a problem for consulting firms specifically?
Consulting firms are simultaneously the largest creators of enterprise demand for PQC expertise and the organizations most constrained by the scarcity of qualified practitioners. [McKinsey's analysis](https://www.qurisk.fr/publications/the-quantum-talent-gap) found one qualified candidate for every three open quantum roles in 2025, with fewer than half of positions filled. Lattice-theory specialists command $210,000 median salaries according to the 2025 Robert Half Technology Salary Guide — a 38% premium over classical cryptographers — creating intense competitive pressure among consulting practices trying to staff and retain delivery teams at a volume the current academic pipeline cannot yet support.