Not If, But When: Post-Quantum Cryptography and Global Infrastructure Risk

Quantum computing has shifted from theoretical promise to imminent reality. Its progress has profound implications for global cybersecurity, financial stability and the integrity of the systems that underpin everyday life. In this episode of The International Risk Podcast, Dominic Bowen speaks with Dr Michele Mosca, Co-Founder and CEO of Evolution Q, about the timeline, governance, and technical urgency of preparing for the quantum transition.

The Quantum Threshold

Dr Mosca explains that we are now in what he describes as an intermediate phase. Quantum computers are no longer confined to laboratories. Commercial access through cloud platforms has made them available to researchers and corporations worldwide. These devices are already performing certain computations more efficiently than classical machines, though not yet in areas with broad business application.

The decisive change, Mosca says, lies in quantum error correction. For decades, experts doubted that quantum states could be stabilised long enough to perform reliable computation. Today, multiple platforms have demonstrated repeatable error correction at scale, each using different physical architectures, from superconducting qubits to trapped ions and photonic circuits. This diversity, Mosca notes, is an encouraging sign. “There are several very different platforms demonstrating the same milestones, which further validates that we can do quantum error correction.”

While large-scale code-breaking capability is not yet achieved, the probability of it emerging within the next decade is no longer negligible. Dr Mosca estimates a 10 per cent chance within five years and around 30 per cent within ten, with the probability increasing as the technology matures. The conclusion is simple: the world must prepare as if this event is inevitable.

The Mosca Theorem: Modelling the Temporal Risk of Quantum Decryption

Among Dr Mosca’s most significant contributions is the framework now known as the Mosca Theorem (or Mosca Equation). It provides a quantitative method for assessing whether an organisation or state is already behind schedule in its migration to quantum-safe cryptography.

The theorem is expressed through three interdependent variables:

1. X, representing the shelf life of the information that must remain secure.
2. Y, representing the migration time required to replace or upgrade existing cryptographic systems.
3. Z, representing the expected time remaining until quantum computers can break current encryption.

If X + Y > Z, the system is already too late to ensure confidentiality.

This formulation reframes the conversation about quantum preparedness. It is not merely a question of when a quantum computer will appear, but whether migration can be completed before that point. If the data being protected must remain secure for twenty years, and migration will take ten, then without intervention the combined thirty-year requirement exceeds any plausible estimate for quantum decryption capability.

The theorem transforms quantum risk into a temporal optimisation problem. It requires institutions to think of cryptography as a dynamic system constrained by time, not simply a static technological shield.

Temporal Asymmetry and the Harvest-Now, Decrypt-Later Problem

One of the distinctive features of quantum risk is its temporal asymmetry. Most threats act in the present. Quantum risk acts from the future into the present. Adversaries can intercept encrypted information today, store it indefinitely, and decrypt it once quantum capability becomes available.

This “harvest-now, decrypt-later” threat means that sensitive data transmitted in 2025 could be compromised in 2035 or 2040. Traditional cybersecurity frameworks are designed around immediate probability and impact, not delayed exposure. “Most of our frameworks are about what is happening today,” Mosca notes. “They do not even have a vocabulary for emerging threats.”

The Mosca Theorem makes this asymmetry measurable. By treating time as a finite resource, it compels risk managers to determine whether their migration timelines are commensurate with the lifespan of the data they are meant to protect.

Cryptography as a Systemic Dependency

Dr Mosca highlights a deeper structural flaw in the current model of digital security: the universal reliance on a small set of cryptographic standards. “We talk about vendor-concentration risk and supply-chain risk,” he says, “but we ignore the fact that everyone uses the same cryptography.”

If one cryptographic primitive fails, the compromise would cascade through industries and sectors simultaneously. This, he argues, is a form of correlated systemic risk. The digital economy is not diversified; it is homogenous.

His solution is cryptographic diversity and agility. Organisations should maintain detailed cryptographic inventories, adopt at least two standards-based algorithms across critical systems, and build the technical capacity to switch methods rapidly. Such agility would make cryptography less of a brittle perimeter and more of a self-healing process.

Regulation, Incentives and Market Failure

Dr Mosca argues that the technology required for post-quantum transition is developing faster than the regulatory and institutional mechanisms designed to support it. The result is inertia. Regulators wait for new standards to be finalised before acting. Industry waits for regulatory mandates before investing. Meanwhile, adversaries continue to advance.

He calls for a structured intermediate approach. “Regulators can require organisations to conduct risk assessments and publish migration plans even before final standards are approved,” he says. “It is not about bureaucratic control but about accountability.”

This paralysis, he explains, mirrors the conditions that led to the 2008 financial crisis. Distributed responsibility and moral hazard left correlated risks unmanaged. The same dynamic now characterises the cryptographic ecosystem. “No one is more deaf than those who do not want to hear,” he observes.

Security, Resilience and the Limits of Governance

Dr Mosca draws a distinction between security and resilience. Security seeks to prevent compromise. Resilience seeks to ensure recovery. When the internet became a commercial tool in the 1990s, the objective was security: to prevent breaches. Today, with digital infrastructure underpinning entire economies and military systems, that approach is insufficient. “It is not just about confidentiality anymore,” he says. “It is about availability and control. You could lose a war through a systemic compromise of your digital platforms.”

The challenge, he argues, is not technological capacity but political and commercial will. Quantum-safe algorithms exist. Research is advancing. The barrier is institutional resolve. “The risk is the lack of business and political will,” he warns. “It consumes short-term resources, but the benefits are long-term. Humanity has a long history of failing in those situations.”

Towards a Resilience Framework for the Quantum Era

Dr Mosca’s message is not one of despair but of responsibility. The cryptographic transition is manageable, provided it is treated as a continuous process rather than a discrete event. Organisations must develop a resilience mindset that incorporates detection, recovery and agility into their design philosophy.

“The quantum threat to cryptography is really a blessing in disguise,” he concludes. “It is a call to action to modernise the way we manage cryptography.”

The Mosca Theorem provides the conceptual basis for that action. By treating time as a measurable dimension of risk, it replaces uncertainty with accountability. In doing so, it transforms quantum preparedness from a matter of speculation into a matter of planning. The question is not whether institutions understand the mathematics of cryptography, but whether they understand the mathematics of time.