Cyber Strategy

At The Cyber Guild Executive Roundtable on Post-Quantum Readiness, leaders from government, industry, academia, and policy explored what happens when two technology revolutions arrive at the same time.

While the discussion covered cryptography, AI, governance, talent, and risk, four themes consistently surfaced:

• Leadership matters more than technology.
• Visibility matters more than perfection.
• Market pressure can accelerate readiness.
• Waiting is the riskiest strategy of all.

At the heart of the discussion was a simple but powerful metaphor:

Two clocks are running.

One is the AI acceleration clock that delivers visible returns every quarter through efficiency, automation, and innovation.

The other is the post-quantum readiness clock that delivers little immediate reward, until the day organizations discover they can no longer trust, protect, or access the systems and data they depend on.

The challenge facing leaders is not deciding which clock matters more.

It is ensuring they don’t lose sight of either.

Leadership Is the Real Readiness Indicator

One of the most provocative observations from the discussion was that post-quantum readiness may be visible long before any technology deployment begins.

You can see it in the boardroom.

As one expert panelist noted: “I would be able to tell whether an organization is post-quantum ready simply by reading its board minutes.”

The point wasn’t that boards need to become experts in cryptography.

The point was that organizations rarely prioritize risks that leadership does not consistently discuss.

When AI and quantum appear only as occasional briefings, they struggle to compete for resources against more immediate business demands. When they become recurring board-level discussions, they begin influencing investment decisions, enterprise risk management, vendor strategy, talent development, and long-term planning.

As we explored in Why Executive Cyber Literacy Matters More Than Ever, strategic cyber fluency at the leadership level is no longer optional.

The technology challenge may belong to security and technology teams.
The readiness challenge belongs to leadership.

You Can’t Protect What You Can’t See

Many organizations still lack a comprehensive understanding of where cryptography exists across their environments, which systems rely on vulnerable algorithms, and which data assets must remain secure for years or decades into the future.

For many, the first challenge isn’t migration. It’s discovery.

Several participants highlighted the complexity of identifying cryptographic dependencies spread across hardware, software, cloud platforms, SaaS environments, and operational technology.

One expert panelist described how traditional discovery efforts missed significant dependencies until AI-assisted analysis dramatically improved visibility into the environment.

The same challenge is emerging on the AI side.

Organizations increasingly face shadow AI, autonomous agents, unmanaged integrations, and machine identities operating outside traditional governance processes.

Across both domains, the conclusion was remarkably similar:

You don’t have to be perfect to start. But you do have to see what you’re trying to secure.

Market Pressure May Be the Most Underestimated Lever

For organizations that lack large security teams or specialized quantum expertise, the conversation produced an unexpectedly practical insight.

Every organization has influence through the way it buys technology.

Participants discussed how even small and mid-sized organizations can shape vendor priorities by consistently asking questions such as:

• What is your post-quantum roadmap?
• When will your products support quantum-resistant cryptography?
• How are you managing AI safety and model risk?

One customer asking may not change a roadmap.

Thousands asking the same questions eventually will.

Organizations often underestimate their ability to influence markets. Yet history shows that vendor priorities shift quickly when customers make expectations clear.

Readiness is not only built internally. It can be encouraged throughout the ecosystem.

AI and Quantum Are Different Risks, But They Demand the Same Discipline

The discussion repeatedly returned to how differently organizations perceive AI and post-quantum cybersecurity.

AI feels immediate.

Leaders can see productivity gains, efficiency improvements, and business value today. It is often viewed through the lens of opportunity and competitive advantage.

Post-quantum readiness feels distant.

The risks are harder to visualize and the benefits are difficult to measure until the consequences become unavoidable.

Yet participants argued that this contrast may be creating a dangerous imbalance.

AI is largely focused on efficiency and exposure.

Post-quantum readiness is focused on continuity and resilience.

One accelerates change. The other ensures we can survive it.

Think about the systems that power hospitals, transportation networks, critical infrastructure, financial services, and supply chains. If organizations fail to transition to quantum-resistant cryptography, the challenge extends beyond protecting data confidentiality.

It becomes a question of operational continuity.

• Can we trust the systems that underpin modern society?
• Can we still access the information required to operate them safely?

As we examined in What AI Can Automate in Cybersecurity and Where Human Judgment Still Matters, the balance between technological capability and human oversight remains critical.

The technologies may be different. The leadership responsibility is the same.

The Language Problem

One of the most important observations came from outside traditional cybersecurity circles.

A social scientist challenged participants to consider who is impacted by these risks and why.

The discussion highlighted how often cybersecurity professionals assume the urgency of a threat without translating it into language that resonates with business leaders, educators, policymakers, or the broader public.

At major innovation conferences, quantum is frequently discussed as a driver of optimization, discovery, and economic growth.

Rarely is it discussed as a cybersecurity challenge.

Within cybersecurity itself, dense terminology and technical jargon often create barriers that make quantum and AI risks feel inaccessible, even to highly capable professionals.

If organizations want broader action, the conversation cannot remain confined to specialists.

Post-quantum readiness is not simply a security issue.

• It is a business continuity issue.
• An operational resilience issue.
• A societal resilience issue.

So Where Do We Start?

Despite the complexity of the challenge, the conversation produced a surprisingly practical answer.

• Start before you have all the answers.
• Put AI and post-quantum risk on the board agenda.
• Build a living inventory of your cryptography, identities, and critical assets.
• Ask your vendors better questions.

None of these actions require perfect information or a massive transformation program.

They simply require acknowledging that the risk exists and deciding to move.

Because the discussion ultimately reinforced four simple truths:

• Leadership matters more than technology.
• Visibility matters more than perfection.
• Market pressure can accelerate readiness.
• Waiting is the riskiest strategy of all.

At The Cyber Guild, we believe resilience is built when leaders come together to learn, challenge assumptions, and take action.

The clocks are running. The time to start is now.

If this conversation raised more questions than answers, that’s a good place to start. Explore our Executive Questions on AI & Post-Quantum Cyber Risk guide to help your leadership team navigate what’s next.

---

Are you ready to take the next step in your cybersecurity journey?

The Cyber Guild connects leaders, practitioners, and emerging talent through events, mentorship, and community.

👉 Explore upcoming events
👉 Subscribe to our mailing list
👉 Learn more about RISE Mentorship