Risk Management, Not Science Fiction: The Case for PQC

If you’re a CISO trying to get PQC budget approved, you already know the hard part isn’t the technology. It’s explaining why the organization should spend money defending against a computer that doesn’t exist yet. The good news: you don’t need to predict when quantum computers will break encryption. You just need to frame this as what it is, which is a risk management decision.

TL;DR: The strongest case for PQC budget isn’t futuristic hype. It’s straightforward risk management: reduce a high-impact cryptographic failure scenario before regulation, customer pressure, and attacker capability converge.

The quantum threat is a fat-tail risk

RSA and ECC underpin nearly every secure connection on the internet. A cryptographically relevant quantum computer (CRQC) running Shor’s algorithm could break these ciphers in minutes, making decades of encrypted data readable. Estimates for when this happens range from 5 to 20 years, but the impact doesn’t depend on the timeline: total loss of confidentiality for data encrypted with today’s algorithms.

For a board audience, the framing that works is business continuity. Customer data, intellectual property, financial records, all exposed. The consequences are regulatory fines, lawsuits, reputational damage. This isn’t speculative in the way boards usually mean that word. The math is settled. Only the engineering timeline is uncertain.

Framing the budget: risk reduction, not R&D

PQC isn’t experimental. NIST published its first three standards in August 2024, and the algorithms are in production at companies like Google, Cloudflare, and Meta. The investment case is about eliminating a category of risk, not betting on quantum timelines.

For the board, the contrast is simple:

Reactive approach — wait for a clear threat (like the SHA-1 collisions) before acting, spend heavily on mitigation after the fact, and accept that some risks are too speculative to address early.

Proactive approach — deploy PQC algorithms alongside existing ones (hybrid mode), make your systems resistant to quantum advances whenever they arrive, and remove quantum vulnerability from your risk register.

Once PQC is deployed in hybrid mode, the quantum timeline debate stops mattering to your organization. You’ve already handled it.

The business case

Cost of inaction — Quantum breaches could be catastrophic. NIST estimates PQC migration costs at a fraction of breach remediation expenses.

Regulatory pressure — The EU and US government are both moving toward PQC mandates. Falling behind means compliance problems.

Competitive positioning — Organizations that migrate early avoid the scramble and build trust with customers who care about long-term data protection.

Insurance — Cyber insurance premiums may increase for organizations that haven’t addressed known cryptographic risks.

Getting started

Use QCready.com for a free assessment of whether your servers support PQC algorithms. For broader TLS monitoring, SSLboard.com can help.

Frequently asked questions

What is post-quantum cryptography?
PQC refers to cryptographic algorithms designed to resist quantum computer attacks. Unlike RSA and ECC, they rely on mathematical problems that quantum computers can’t efficiently solve.

How much does PQC migration cost?
It depends on organization size, but enterprise deployments typically run $50,000 to $500,000 including software updates, hardware refreshes, and testing. Compare that to the $4.45 million average cost of a data breach (IBM, 2023).

Is quantum computing imminent?
A full CRQC is still years away. But that’s somewhat beside the point. PQC removes the risk regardless of timing, and harvest-now-decrypt-later attacks mean your data is already being collected by adversaries who plan to decrypt it later.

Sources:

NIST Post-Quantum Cryptography Standardization: csrc.nist.gov/projects/post-quantum-cryptography
IBM Cost of a Data Breach Report 2023
European Union Cybersecurity Act requirements for PQC

Photo by Loic Leray on Unsplash