Before Quantum Breaks the Math
Why cryptographic risk is already a governance issue
The last quantum physics course I took was in 2007. It was Physics 242, during my master’s in physics. It was also one of my lower grades at 1.75, which is roughly a B+.
Quantum physics was difficult for me. I’m a visual person, and many of the concepts never came naturally to me. I had to revisit them repeatedly just to get through the concepts.
So this is not an attempt to explain quantum mechanics.
It is also worth separating quantum physics from quantum computing. They are related, but they are not the same thing. Quantum physics studies how nature behaves at quantum scales. Quantum computing asks how those behaviors can be used to process information.
This post looks at a much narrower dimension of quantum computing: enterprise risk. Specifically, where the exposure falls in banking, finance, and telecommunications, and what Chief Risk Officers (CROs) should already be thinking about.
That is the scope. I’ll leave the rest to people better positioned to cover other areas.
What a quantum computer actually is, just the basics
Classical computers use bits, the smallest unit of information in an ordinary computer. A bit is a zero or a one, like a light switch that is either off or on.
Quantum computers use quantum bits, called qubits, which are not simply “on” or “off” while a computation is happening. A common analogy is a coin spinning on a table. Once the coin lands, you see heads or tails. While it is spinning, describing it only as heads or tails misses part of what is really happening. The “spinning coin” carries a state that contains both possibilities in a structured way. A qubit behaves similarly. While the computation is running, the system can work with that state mathematically in ways a classical bit cannot.
This is where many popular explanations drift into hype. A qubit does not mean the computer gets to try every answer and then magically picks the best one. It is stranger than that, narrower and more constrained. The power comes from designing computation so that some possibilities weaken each other while useful ones reinforce each other.
Quantum computers are powerful for a specific, narrow class of problems. For everything else, they are largely irrelevant.
The risk is tied to that distinction.
The two algorithms behind the concern
Two quantum algorithms are driving enterprise cryptographic risk. Both change the economics of attacking current cryptographic systems.
The first is Shor’s algorithm. Published in 1994, it can, in principle, break several major forms of public-key cryptography by solving certain mathematical problems far faster than any classical computer can.
The affected systems include RSA, which is still common in website certificates and older enterprise systems. There is also Diffie-Hellman, or DH, which helps two systems agree on a shared secret when opening a secure connection. Then there is elliptic curve cryptography, or ECC, which is widely used in secure websites, mobile apps, and messaging systems. ECDSA, a related digital signature scheme, is commonly used to sign software updates and blockchain transactions.
RSA, DH, and ECC underpin much of modern digital trust infrastructure, including secure communications, authentication, and digital signatures. Shor’s threatens those foundations.
The second is Grover’s algorithm, from 1996. It gives a quantum computer a faster way to search through possible keys. This affects symmetric encryption, which uses a single shared key for both encryption and decryption. AES is the main example.
Grover does not break AES the way Shor breaks RSA. The fix is more straightforward, which is to use longer keys; that is, AES-256 remains strong, while AES-128 becomes less reassuring for very long-term security planning.
Shor creates a replacement problem. Grover creates a reinforcement problem.
Those are different risk categories, and they require different responses.
Why this is already a current risk
If you’ve been following this space, you’ve probably come across “harvest now, decrypt later,” or HNDL.
An attacker records encrypted data today and stores it for future use. They do not need a quantum computer now. They need patience, storage, and enough confidence that the data will still be relevant when decryption becomes possible.
Agencies like CISA, the NSA, and Germany’s BSI have already warned that adversaries may be collecting encrypted data today, expecting that future quantum capabilities will eventually decrypt it.
This, for me, reframes the question.
The board might ask when a cryptographically relevant quantum computer (CRQC), will arrive. It’s a reasonable question. But the better one is: which data must remain confidential long enough to still matter later?
For banks, that could mean customer records, mortgage books, custody data, M&A files, and long-dated contracts. For telcos, subscriber records, network authentication data, and device credentials. For healthcare, patient and genomic data. For government and defense, the implications are obvious enough.
Cryptographer Michele Mosca proposed a useful way to think about the timeline. If your data’s useful life plus your migration time exceeds the estimated arrival of a CRQC, you are already late.
For many banks and telcos, that arithmetic is already becoming uncomfortable.
Where the exposure falls
Banking sits near the front of the risk table because much of its operating model depends on trust in the mathematics behind cryptography.
SWIFT messages rely on RSA-based signatures. Customer sessions run on TLS. Custody and digital asset accounts depend on ECDSA. Hardware security modules (HSMs), which are protected devices that generate, store, and manage cryptographic keys, need to be assessed and updated. Mortgage books run 25 to 30 years. KYC records carry statutory retention of 7 to 10 years.
To me, the real issue is scale (i.e., how many systems are involved) combined with duration; migration timelines are longer than most organizations expect.
A broad loss of confidence in today’s public-key cryptography would be systemic for digital banking. CROs are paid to think about events that cannot afford to arrive as surprises.
Telco has a different exposure profile, but arguably a larger systemic footprint. Telco networks sit upstream of almost every other digital industry. Banks, hospitals, cloud platforms, governments, and utilities all run on them. If a telco’s cryptographic foundations weaken, the security assumptions downstream weaken, too.
5G authentication relies on cryptographic protocols. IPsec (Internet Protocol Security) protects many network tunnels. SIM and eSIM provisioning, router firmware, and customer premises equipment all carry cryptographic dependencies. Some of this hardware will remain in the field for a decade or more.
No sector really gets to opt out of this transition. A sector inherits the worst exposure of any system it depends on.
The answer already exists
The cryptographic community has been preparing for this transition for years. NIST’s post-quantum cryptography project began in 2017, and the first standards were finalized in 2024.
These new cryptographic systems run on today’s hardware. They do not require quantum computers. Their security relies on mathematical problems that are currently believed to resist efficient quantum attacks.
Most organizations will likely spend the late 2020s running hybrid cryptography, where classical and post-quantum systems operate side by side while software libraries, vendors, and infrastructure mature.
One operational reality that gets underestimated is that post-quantum cryptography often comes with larger keys, signatures, and ciphertexts. That affects bandwidth, latency, HSM storage, embedded systems, and older hardware already deployed in the field. [1][2]
Unfortunately, this is not a copy-paste migration.
Regulators are already treating this as an active planning issue. In the US, federal agencies have timelines for retiring quantum-vulnerable cryptography. European and Asian regulators have begun issuing guidance tied to operational resilience, cryptographic agility, and migration planning.
By the second half of this decade, “we haven’t started yet” will likely stop sounding responsible.
What CROs should actually do
From a governance perspective, I do not think this belongs in an “innovation” discussion at all, at least not yet. Quantum computing is still a research field in many respects. Post-quantum migration, however, is already an infrastructure and risk management issue.
In practice, large organizations rarely fail because they were unaware of a technological transition. They fail because ownership is fragmented, inventories are incomplete, dependencies are poorly understood, and migration work begins only after the pressure becomes external.
I have seen similar patterns in data governance and AI governance. Organizations often discover too late that they do not fully know where sensitive data lives, which systems depend on which models, which vendors sit inside critical workflows, or where accountability actually rests when something fails.
Cryptography has the same problem profile.
Most enterprises today cannot easily answer a basic question: where exactly does vulnerable cryptography exist across the organization?
Not only in customer-facing applications, but in certificates, APIs, embedded devices, vendor platforms, network infrastructure, backup systems, authentication layers, and long-lived operational technology.
That visibility gap is itself a governance issue.
The challenge is not simply replacing one algorithm with another, but operationalizing change across systems with long life cycles, multiple vendors, regulatory obligations, and years of accumulated technical debt.
Banks inherit the migration timelines of core banking providers. Telcos inherit the timelines of network equipment vendors. Everyone inherits the constraints of legacy infrastructure.
This is why I think the discussion belongs naturally with enterprise risk and governance functions.
The organizations that manage this transition well will be the ones that started early, know where their exposure sits, and have clear accountability for fixing it. Of course, quantum capability is crucial, but governance capacity is what actually moves the work forward at this stage.
As with AI and data governance, the challenge is organizational clarity: understanding where exposure exists, how long systems remain vulnerable, and how quickly the institution can realistically adapt.