Qby Wentzel
Back to Blog

What Is an HNDL Score? Measuring Your Quantum Risk

Ryan Wentzel··9 min read
pqchndlrisk-assessment

The term "Harvest Now, Decrypt Later" (HNDL) describes one of the most pressing threats in modern cybersecurity: adversaries intercepting and storing encrypted data today, with the intention of decrypting it once a cryptographically relevant quantum computer (CRQC) becomes available. The question is no longer whether this is happening -- intelligence agencies and nation-states have confirmed large-scale traffic interception programs. The question is how much of your organization's data is at risk.

The HNDL Score is a quantitative framework designed to answer that question. It distills a complex, multi-variable threat landscape into a single actionable number between 0 and 100, giving security teams a clear metric to communicate risk to leadership and prioritize migration investments.

Why Traditional Risk Assessments Fall Short

Traditional cryptographic risk assessments ask a straightforward question: can your encryption be broken today? If you are using AES-256, RSA-2048, or ECDH-P256, the answer in 2026 is still "no" from a classical computing perspective. A brute-force attack against AES-256 would require more energy than exists in the observable universe. Factoring a 2048-bit RSA modulus remains computationally infeasible for any classical computer.

But this framing misses the temporal dimension entirely. HNDL introduces a fundamentally different threat model. The attacker does not need to break your encryption today. They only need to record your ciphertext today and wait. If the data you are transmitting right now will still be sensitive in 2040, and a CRQC capable of running Shor's algorithm is available by 2035, then your data is already compromised in a meaningful sense -- it is just waiting to be read.

This is not a speculative scenario. The NSA, GCHQ, and other agencies have publicly acknowledged that nation-state adversaries are conducting HNDL operations. The cost of storing intercepted encrypted traffic continues to decline, making it economically viable to store petabytes of captured data indefinitely.

The 7-Factor Model

The HNDL Score evaluates risk across seven weighted dimensions, producing a composite score from 0 (minimal risk) to 100 (critical risk). Each factor captures a distinct aspect of your organization's quantum exposure.

Factor 1: Confidentiality Shelf Life (Weight: 25%)

This is the single most important variable in the HNDL model. How long must your data remain secret after it is encrypted? The answer varies dramatically by industry and data type:

  • Session tokens and ephemeral keys: Hours to days. Minimal HNDL risk.
  • Financial transactions: 7-10 years under regulatory retention requirements.
  • Healthcare records (HIPAA/GDPR): 20-30+ years, often the patient's lifetime.
  • Classified intelligence: 25-75 years depending on classification level.
  • Trade secrets and intellectual property: Indefinite.
Organizations handling data with multi-decade confidentiality requirements receive the highest scores on this factor. A hospital transmitting patient records encrypted with ECDH-P256 has a fundamentally different risk profile than a gaming company encrypting session tokens.

Factor 2: Industry Sector (Weight: 15%)

Regulatory and threat landscapes vary by sector. Financial services organizations face SEC and PCI-DSS requirements that increasingly reference quantum readiness. Healthcare organizations operate under HIPAA's long-term confidentiality mandates. Defense contractors handle classified material subject to NSA CNSA 2.0 suite requirements. Critical infrastructure operators -- energy, water, telecommunications -- face nation-state targeting that amplifies interception risk.

The scoring assigns higher weights to sectors that are both heavily regulated and actively targeted by sophisticated adversaries.

Factor 3: Data Sensitivity (Weight: 15%)

Not all data is created equal, even within the same organization. The HNDL model classifies data into sensitivity tiers:

  • Public data: No confidentiality requirement. Zero HNDL risk.
  • Internal data: Low sensitivity. Minimal HNDL risk.
  • Confidential data: PII, financial records, business-sensitive information. Moderate HNDL risk.
  • Restricted data: PHI, classified material, trade secrets. High HNDL risk.
  • Sovereign or mission-critical data: Data whose disclosure would cause severe national security or business impact. Maximum HNDL risk.
The score reflects the highest sensitivity tier of data transiting your quantum-vulnerable channels, not the average.

Factor 4: Exposure Surface (Weight: 15%)

The breadth of your network exposure determines how many interception opportunities an adversary has. This factor evaluates:

  • Internet-facing services: Web applications, APIs, and email servers directly accessible from the public internet.
  • Cloud deployments: Data in transit between your infrastructure and cloud providers, and between cloud regions.
  • Third-party integrations: API connections to vendors, partners, and SaaS providers that transit public networks.
  • Remote access: VPN concentrators, SSH gateways, and remote desktop services.
  • Inter-datacenter links: WAN connections between your own facilities.
Organizations with a small, well-controlled network perimeter score lower than those with hundreds of internet-facing endpoints and complex multi-cloud architectures.

Factor 5: Cryptographic Posture (Weight: 15%)

What algorithms are you actually deploying? This factor measures the gap between your current cryptographic stack and the NIST post-quantum standards:

  • Already deploying ML-KEM and ML-DSA: Score near zero. You have already addressed the primary risk.
  • Hybrid mode (classical + PQC): Low score. You are in transition and protected against both classical and quantum attacks.
  • Modern classical algorithms (X25519, ECDH-P256): Moderate score. Quantum-vulnerable but at least using current best practices.
  • Legacy algorithms (RSA-2048, DH-1024, 3DES): High score. Vulnerable to both quantum and potential classical weaknesses.
  • Unknown or unaudited: Maximum score. If you do not know what you are running, assume the worst.
This is the factor most directly under your control. Upgrading your TLS configuration to hybrid ML-KEM immediately reduces your HNDL Score, even before a full migration is complete.

Factor 6: Deployment Breadth (Weight: 10%)

How many systems, applications, and endpoints rely on quantum-vulnerable cryptography? A single legacy VPN concentrator using RSA-2048 is a different problem than an enterprise-wide PKI issuing thousands of ECDSA certificates to hundreds of services.

This factor scales the risk from Factor 5 by the number of affected systems. A poor cryptographic posture across thousands of endpoints is significantly worse than the same posture on a handful of isolated systems.

Factor 7: Change Friction (Weight: 5%)

How difficult will it be to update your cryptographic infrastructure? This factor penalizes environments with high migration friction:

  • Embedded systems and IoT devices with firmware that cannot be remotely updated.
  • Hardware Security Modules (HSMs) that require physical replacement to support new algorithms.
  • Legacy protocols (SCADA, HL7v2, legacy SOAP) with hardcoded cryptographic parameters.
  • Vendor dependencies where you rely on a third party to release PQC-compatible updates.
  • Contractual or regulatory constraints that slow change management processes.
High change friction means your migration will take longer, extending the window during which your data remains vulnerable.

How the Score Is Calculated

Each factor produces a sub-score from 0 to 100. The composite HNDL Score is the weighted sum:

HNDL Score = (0.25 x Shelf Life) + (0.15 x Industry) + (0.15 x Sensitivity)
           + (0.15 x Exposure) + (0.15 x Posture) + (0.10 x Breadth)
           + (0.05 x Friction)

The result maps to four risk tiers:

  • 0-25 (Low): Minimal quantum exposure. Your cryptographic posture is strong, your data sensitivity is low, or your shelf life requirements are short. Continue monitoring and maintain your current trajectory.
  • 26-50 (Moderate): Some exposure exists. Begin planning your migration roadmap. Conduct a cryptographic inventory and identify high-priority systems.
  • 51-75 (High): Significant risk. Prioritize building a CBOM, deploy hybrid key exchange on internet-facing services, and present a migration timeline to leadership.
  • 76-100 (Critical): Immediate action required. Long-lived sensitive data is being transmitted with quantum-vulnerable encryption across a broad attack surface. Every day without action increases your exposure.

Interpreting Your Score in Context

A score of 65 at a healthcare organization means something different than a score of 65 at a social media company. The HNDL Score is most useful as an internal benchmark that tracks progress over time. Run the assessment quarterly, and watch your score decrease as you deploy hybrid key exchange, reduce your quantum-vulnerable footprint, and complete migration milestones.

The score also serves as a communication tool. Security teams often struggle to convey cryptographic risk to non-technical stakeholders. A single number with a clear color-coded tier system translates complex threat modeling into terms that boards and executives can act on. "Our HNDL Score is 72 -- Critical" is more actionable than "We have some RSA deployments that may be quantum-vulnerable in the future."

Practical Steps to Lower Your Score

The most effective actions to reduce your HNDL Score, in order of impact:

  1. Deploy hybrid key exchange on TLS endpoints. Switching from ECDH-P256 to X25519+ML-KEM-768 immediately improves Factor 5 (Cryptographic Posture) and is a non-breaking change in modern TLS 1.3 implementations.
  1. Build a Cryptographic Bill of Materials (CBOM). You cannot improve Factors 5 and 6 without knowing what you are running. A comprehensive CBOM is the prerequisite for any targeted migration.
  1. Classify your data sensitivity. Many organizations score higher than necessary on Factors 1 and 3 because they have not distinguished between data that requires 30-year confidentiality and data that expires in days. Proper classification lets you focus resources on the systems that actually carry long-lived secrets.
  1. Use the Mosca Inequality for timeline planning. The Mosca Inequality tells you when your migration must be complete. Working backward from that deadline, you can determine whether your current pace is sufficient.
  1. Run the Q by Wentzel HNDL Calculator. Our free HNDL assessment tool walks you through all seven factors and produces your score with a detailed breakdown and prioritized recommendations.

Taking Action

The first step is always measurement. Run a free HNDL assessment to understand your baseline risk. From there, build a CBOM to inventory every algorithm in your infrastructure, then use the Mosca Inequality to determine your migration timeline. The goal is not to panic -- it is to plan methodically and migrate before the threat materializes.

The harvest is happening now. The only question is whether your organization's data will be readable when quantum computers arrive, or whether you will have migrated to post-quantum algorithms before that day comes. Your HNDL Score tells you exactly where you stand.

Ryan Wentzel

Founder of Q by Wentzel. Building tools to help organizations assess and manage their post-quantum cryptography risk. Focused on making PQC migration measurable, actionable, and accessible.

Related Posts

PQC Migration Playbook, Part 2: Risk Assessment

With your cryptographic inventory in hand, it is time to score every asset by quantum risk. This guide covers HNDL scoring, the Mosca Inequality, and building a Board Number.

March 16, 2026 · 8 min read

The Mosca Inequality Explained: When Should You Migrate to PQC?

A practical guide to the Mosca Inequality -- the decision framework that tells you exactly when your organization must begin migrating to post-quantum cryptography.

March 25, 2026 · 9 min read

NIST Post-Quantum Cryptography Standards in 2026: Where We Stand

A comprehensive overview of the current state of NIST PQC standardization in 2026, covering FIPS 203, 204, 205, the draft FIPS 206, and what comes next.

March 27, 2026 · 11 min read
NetflixOracleFigmaCoinbaseDellServiceNowAppleDeloitteNikeAWSJPMorgan ChaseT-MobileAtlassianBoschStripeL'OrealDatadogMicrosoftPalantirHPRobinhoodEYSonyCanvaVisaAutoCADDiscordBellAdobeCharles SchwabE*TRADENVIDIAGoogleJohnson & JohnsonFidelityClaudeMastercardIntuitBoeingAT&TShopifyPwCOpenAIKPMGIBMDatabricksSalesforceGitHubAmerican ExpressWorkday