Quantum Risk Management: Assessing and Mitigating Quantum Computing Threats

Q: How do I calculate quantum risk for my organization?

Quantum risk assessment considers three factors: (1) Data sensitivity and confidentiality requirements; (2) Data lifespan - how long it must remain protected; (3) Migration timeline - how long it will take to implement quantum-safe cryptography. If data lifespan plus migration time exceeds the quantum timeline, you have immediate risk.

Q: Which systems face the highest quantum risk?

Highest-risk systems include: (1) PKI and root certificate authorities; (2) Long-term secrets and encryption keys; (3) Data with extended confidentiality requirements (healthcare, financial, government); (4) Internet-facing systems subject to HNDL attacks; (5) Critical infrastructure with long operational lifetimes.

Quantum risk management addresses the threat that future quantum computers pose to current cryptographic systems. Unlike traditional cybersecurity risks, quantum risk has a unique characteristic: adversaries can capture encrypted data today and decrypt it years later when quantum computers become available.

This guide provides a framework for understanding, assessing, and mitigating quantum risk across your organization. We'll cover the Mosca inequality for timeline analysis, threat categorization, risk quantification methods, and practical mitigation strategies.

Understanding Quantum Risk

Quantum risk differs from conventional security risks in several important ways:

Temporal displacement: The attack vector exists today (data capture), but the exploit occurs in the future (quantum decryption)
Certainty of capability: Quantum computers will eventually break current cryptography - only the timeline is uncertain
Irreversibility: Data captured today cannot be "uncaptured" once quantum computers arrive
Asymmetric impact: Data with long confidentiality requirements faces higher risk than transient data

The HNDL Threat

Harvest Now, Decrypt Later (HNDL) is the primary quantum threat facing organizations today. Adversaries capture encrypted network traffic and store it for future decryption when quantum computers become available.

HNDL is Already Happening Nation-state actors are actively capturing encrypted traffic from high-value targets. If your organization handles classified, financial, healthcare, or other sensitive data, assume HNDL attacks are occurring now.

The Mosca Inequality

The Mosca Inequality provides a framework for determining when to begin quantum migration:

Mosca Risk Inequality

X + Y > Z → Immediate Action Required

X = Data shelf life

Y = Migration time

Z = Time to quantum threat

If X + Y > Z, your data is at risk. The sum of how long data must remain confidential (X) and how long migration will take (Y) exceeds the time until quantum computers arrive (Z).

Timeline Analysis Example

Quantum Risk Timeline

Today Migration Complete (Y=5yr) Quantum Threat (Z~10yr)

2024 2029 2034 2039

Scenario	X (Shelf Life)	Y (Migration)	Z (Quantum Threat)	Risk Status
Healthcare records (HIPAA)	50+ years	5 years	~10 years	Critical Risk
Financial trading data	7 years	3 years	~10 years	Moderate Risk
Session tokens	Hours	2 years	~10 years	Lower Risk

Threat Categories

Quantum threats can be categorized by their timing and impact:

HNDL Attacks

Data captured today, decrypted in the future. Active threat against internet-exposed encrypted communications. Highest priority for long-lived confidential data.

Key Compromise

Long-term secrets (root CAs, master keys) captured via HNDL. Once compromised, enables decryption of all protected data and signing of malicious content.

Signature Forgery

Digital signatures become forgeable once private keys are exposed. Affects code signing, document authentication, and identity verification.

Authentication Bypass

Breaking authentication mechanisms that rely on public-key cryptography. Enables identity impersonation and unauthorized access.

Risk Assessment Framework

Assess quantum risk across two dimensions: impact severity and exposure likelihood.

Impact Severity

Critical: Compromise of long-lived secrets, classified data, critical infrastructure
High: Sensitive PII, financial records, intellectual property
Medium: Internal communications, operational data
Low: Public information, transient session data

Exposure Likelihood

High: Internet-facing, high-value target, nation-state interest
Medium: Limited external exposure, moderate value
Low: Air-gapped, minimal external connections

Risk Matrix

High Exposure

Medium Exposure

Low Exposure

Critical Impact

Critical Risk

High Risk

High Impact

Critical Risk

High Risk

Medium Risk

Medium Impact

High Risk

Medium Risk

Low Risk

Low Impact

Medium Risk

Low Risk

Building a Quantum Risk Register

Document quantum risks in a structured register for tracking and prioritization:

Sample Quantum Risk Register

Risk Description

Severity

Likelihood

Mitigation Strategy

Root CA private keys exposed via HNDL

Critical

High

Deploy hybrid PQC certificates, establish new PQC root

Customer PII database encryption compromised

High

Migrate to ML-KEM key wrapping, re-encrypt archives

Code signing keys enable malware signing

High

Medium

Transition to ML-DSA dual-signature scheme

VPN tunnel encryption decryptable

Medium

High

Enable hybrid key exchange in IPsec/IKEv2

Mitigation Strategies

Address quantum risk through layered mitigation strategies:

Immediate Actions

Build cryptographic inventory: Document all quantum-vulnerable cryptography
Classify data by shelf life: Identify data requiring long-term confidentiality
Enable hybrid TLS: Deploy hybrid key exchange on internet-facing services
Prioritize high-risk systems: Focus on PKI, key management, classified systems

Medium-Term Actions

Migrate to PQC: Implement ML-KEM for key exchange, ML-DSA for signatures
Update PKI: Deploy hybrid or pure PQC certificate chains
Re-encrypt archives: Protect stored data with quantum-safe encryption
Vendor coordination: Ensure third parties support PQC

Ongoing Actions

Monitor threat landscape: Track quantum computing advancement
Maintain crypto agility: Ensure ability to update algorithms rapidly
Regular assessment: Re-evaluate risk as timelines evolve
Incident response: Plan for potential quantum-related breaches

Defense in Depth Don't rely on a single mitigation. Combine network segmentation, access controls, data minimization, and cryptographic upgrades. Even quantum-safe cryptography should be part of a layered security architecture.

Communicating Risk to Leadership

Executives and board members need quantum risk communicated in business terms:

Technical Concept	Executive Translation
HNDL attack	Data stolen today can be read when quantum computers arrive
Mosca inequality X+Y>Z	If migration takes longer than we have, we're already too late
Cryptographic agility	Ability to swap security algorithms without major disruption
Hybrid cryptography	Belt-and-suspenders approach using both old and new security
PQC migration	Upgrading security infrastructure to resist quantum attacks

Frequently Asked Questions

What is quantum risk?

Quantum risk refers to the threat that future quantum computers pose to current cryptographic systems. Specifically, quantum computers running Shor's algorithm can break RSA, ECDSA, and other public-key algorithms that protect virtually all encrypted communications and digital signatures today.

What is the Harvest Now, Decrypt Later (HNDL) threat?

HNDL refers to adversaries capturing encrypted data today with the intention of decrypting it once quantum computers become available. This is an immediate risk for any data that needs to remain confidential beyond the expected arrival of quantum computers.

How do I calculate quantum risk for my organization?

Quantum risk assessment considers three factors: data sensitivity and confidentiality requirements, data lifespan (how long it must remain protected), and migration timeline (how long to implement quantum-safe cryptography). Use the Mosca inequality: if X+Y > Z, you have immediate risk.

When will quantum computers break current encryption?

Estimates vary, but most experts predict cryptographically-relevant quantum computers could emerge between 2030 and 2040. However, the exact timeline is uncertain. The prudent approach is to begin migration now, especially for long-lived data.

Which systems face the highest quantum risk?

Highest-risk systems include PKI and root certificate authorities, long-term secrets and encryption keys, data with extended confidentiality requirements (healthcare, financial, government), internet-facing systems subject to HNDL attacks, and critical infrastructure with long operational lifetimes.

Next Steps

Begin managing quantum risk in your organization:

Take the assessment - Use our QRAMM Assessment to evaluate your current state
Build your inventory - Follow the Cryptographic Inventory Guide
Apply Mosca analysis - Calculate X+Y>Z for your critical data categories
Create risk register - Document and prioritize quantum risks
Brief leadership - Share the Executive Brief with decision-makers

Quantum Risk Management

Understanding Quantum Risk

The HNDL Threat

The Mosca Inequality

Timeline Analysis Example

Threat Categories

HNDL Attacks

Key Compromise

Signature Forgery

Authentication Bypass

Risk Assessment Framework

Impact Severity

Exposure Likelihood

Risk Matrix

Building a Quantum Risk Register

Mitigation Strategies

Immediate Actions

Medium-Term Actions

Ongoing Actions

Communicating Risk to Leadership

Frequently Asked Questions

Next Steps

Related Articles

PQC Migration Planning

Quantum-Safe Encryption

Cryptographic Inventory