QUANTUM RISK: A STRATEGIC FRAMEWORK FOR PQC MIGRATION AND BOARD ACCOUNTABILITY
Authors/Creators
Description
This paper addresses the survival‑critical risks posed by cryptographically relevant quantum computers (CRQCs) and the urgent need for post‑quantum cryptography (PQC) migration. It provides a forensic framework for boards and regulators to assess exposure, prioritize migration pathways, and enforce accountability. The analysis covers the collapse of RSA/ECC under Shor’s Algorithm, the harvest‑now‑decrypt‑later threat, and the solvency implications for data‑holding institutions. A governance mandate is outlined, linking PQC migration to board‑level fiduciary duties, regulatory resilience, and strategic survival KPIs. The paper concludes with a structured roadmap for PQC adoption, budget allocation, and audit‑grade enforcement, positioning quantum risk as a board accountability issue rather than a technical option.
Files
Quantum Risk White Paper - The Oracle for Boards and Mitigation.pdf
Files
(7.1 MB)
| Name | Size | Download all |
|---|---|---|
|
md5:b853d67063771f549c32e1bd1cac95ea
|
7.1 MB | Preview Download |
Additional details
Dates
- Created
-
2025-11-30
References
- Mosca, M. (2018). Cybersecurity in an Era with Quantum Computers: Will We Be Ready? IEEE Security & Privacy. Shor, P. (1994). Algorithms for Quantum Computation: Discrete Logarithms and Factoring. Proceedings of the 35th Annual Symposium on Foundations of Computer Science. National Institute of Standards and Technology (NIST). (2022). Post‑Quantum Cryptography Standardization Project. European Union Agency for Cybersecurity (ENISA). (2021). Post‑Quantum Cryptography: Current State and Quantum Threats. National Security Agency (NSA). (2015). Commercial National Security Algorithm Suite and Quantum Computing FAQ. Internet Engineering Task Force (IETF). (2018). Deprecation of TLS 1.0 and TLS 1.1. European Commission. (2000). Y2K Readiness and Contingency Planning. Google Security Blog. (2017). Announcing the Deprecation of SHA‑1. General Data Protection Regulation (GDPR). (2016). Regulation (EU) 2016/679.