What happened
Researchers Ailsa Robertson, Siân Brooke, Sebastian De Haro, and Christian Schaffner from Universiteit van Amsterdam and QuSoft published a system-level analysis of the transition to quantum-safe cryptography, identifying twelve distinct actor groups critical to the effort. The study goes beyond purely technical discussions to map social, governance, and institutional roles that will shape the move to cryptographic systems resistant to future quantum attacks.
Who is affected
- Governments and regulators shaping policy and oversight for national readiness.
- Industry stakeholders, from end users and manufacturers to consultants and financiers who must coordinate implementation.
- Standards bodies and researchers tasked with setting interoperable and future-proof cryptographic benchmarks.
- Security leaders globally, especially in sectors like finance, healthcare, and critical infrastructure that depend on long-term data protection.
Why CISOs should care
Quantum computers, once they reach sufficient scale, could break many current encryption algorithms, exposing archived and live data to future decryption. Mapping the ecosystem of actors involved in the quantum-safe transition highlights governance gaps and coordination challenges that could slow adoption of post-quantum cryptography (PQC). Understanding these dynamics helps CISOs anticipate strategic, regulatory, and operational shifts that will influence enterprise security roadmaps.
3 Practical Actions for CISOs
- Initiate or update a quantum-safe strategy: Inventory cryptographic assets, assess exposure to “harvest now, decrypt later” threats, and build a phased PQC adoption plan aligned with evolving standards and national initiatives.
- Engage cross-functional stakeholders: Work with legal, compliance, procurement, and architecture teams to clarify roles and responsibilities in QSC transition projects, mirroring the multi-actor focus of the research.
- Monitor governance and standards developments: Stay apprised of regulatory guidance, standardisation progress, and consortium activities to ensure cryptographic choices are interoperable and future-ready, reducing integration risk.