up:: The Human & Organizational Side MOC

Funding a PQC Program (The Business Case)

Funding a PQC program is the work of turning a cryptographic risk that has no breach date on the calendar into a budget line a finance committee will approve, by framing the migration as loss avoidance against a dated obligation rather than as a discretionary security upgrade. The core difficulty is that the quantum threat is real and years out at the same time, so the memo that moves money has to make a slow, invisible risk feel as fundable as an incident that already happened. The argument that works rests on three pillars a board already understands, which are a regulatory deadline the organization is bound to, data that is being exposed today through harvest-now-decrypt-later, and a discovery-and-migration effort long enough that starting late costs more than starting now.

The short version:

  1. A PQC program competes for budget against threats that already have victims, so the case has to convert a future risk into a present, quantifiable obligation.
  2. The strongest lever is a mandate you’re already bound by, because a deadline turns “should we” into “we have to,” and compliance risk is a language finance speaks fluently.
  3. Harvest-now-decrypt-later is what makes the risk present rather than future, since long-lived data is being copied today for decryption once a quantum computer exists.
  4. The cost argument runs on timing, because discovery and migration take years, so an early, phased program is cheaper and calmer than a late, forced sprint against a deadline.
  5. The memo that funds it names a first move small enough to approve now, usually a scoped cryptographic inventory, rather than asking for the whole multi-year number in one vote.

Think of it like arguing for a roof repair on a building where the leak hasn’t started but the inspection is scheduled. Nobody feels water on the floor yet, so the instinct is to wait. The case that wins rests on three concrete things: the inspection date you can’t move, the fact that the shingles are already aging in ways you can measure, and a contractor’s honest timeline showing the repair takes 8 months, so a leak that starts the week before the inspection leaves you with no good options and a rushed, expensive job. You fund the roof because the calendar and the clock, rather than the weather, have already decided for you.

Why is a PQC program hard to fund?

Because the risk it addresses has every property that makes a budget request lose. It’s future-dated, so it competes against ransomware and phishing that produce victims this quarter. It’s invisible, since nothing is on fire and no auditor has flagged a finding yet. And it’s abstract, because “a quantum computer might break our encryption someday” sounds like science fiction to a committee that funds against incident history. A cryptographically relevant quantum computer doesn’t exist yet, and a request to spend real money now against a machine that isn’t built is a hard sell without the right framing.

That’s the trap the business case has to climb out of. The migration is genuinely urgent for reasons that have nothing to do with when the quantum computer arrives, and the whole job of the funding argument is to surface those reasons in terms a board already prices. The reframe is from “defend against a future attack” to “meet a present obligation and avoid a foreseeable, larger cost.” Once the request stops sounding like insurance against sci-fi and starts sounding like a dated compliance and continuity problem, it moves into the category of things organizations reliably fund.

What’s the risk-cost argument that moves money?

The argument that moves money is loss avoidance measured against a deadline, built from the three things a board already treats as real: a binding mandate, data exposed today, and a migration clock that punishes delay. Each converts one property of the quantum risk into a fundable form.

  1. The mandate makes it non-discretionary. If the organization is bound by a rule that references NIST’s post-quantum standards, the migration stops being a judgment call and becomes a compliance obligation with a date. Federal civilian agencies are directed by OMB M-23-02 to inventory and plan their migration, and the U.S. government’s own projection is that migrating priority federal systems between 2025 and 2035 will cost about $7.1 billion in 2024 dollars, a number that exists precisely because a mandate forced the estimate. Regulated sectors inherit the same pressure through their own supervisors, so the first move in any business case is to name the specific rule that reaches you and treat its deadline as the budget’s forcing function.

Source: Office of Management and Budget, “Report on Post-Quantum Cryptography,” July 2024, as required by Public Law 117-260, OMB PQC Report.

  1. Harvest-now-decrypt-later makes the loss present. The reason the risk isn’t safely in the future is that adversaries can copy encrypted traffic and stored data today and hold it until a quantum computer can decrypt it. Any data whose confidentiality has to outlast the arrival of a CRQC, think health records, financial data, state secrets, or long-term contracts, is already exposed the moment it crosses a network in a quantum-vulnerable algorithm. That turns “someday” into “the clock started when this data was created,” which is what HNDL means for a budget.

  2. The migration clock makes early cheaper than late. Finding all the cryptography in a large estate takes months to years, and replacing it takes longer, so an organization that starts when the deadline is close has to do the same work faster, with less negotiating room on vendor timelines and more overtime. Mosca’s theorem states this formally: if the years your data must stay secret plus the years your migration takes exceed the years until a quantum computer arrives, you’re already late. An early, phased program spreads the cost across budget cycles and avoids the premium of a forced sprint.

The table shows how each pillar converts a property that normally sinks a budget request into a fundable form.

Property of the quantum riskWhy it sinks a requestThe pillar that converts it
Future-datedCompetes against threats with victims this quarterThe mandate’s deadline makes it non-discretionary
Invisible, nothing on fireNo auditor finding, no incident to point toHNDL makes the loss present, not future
Abstract, “a machine that isn’t built”Sounds like science fiction to a committeeThe migration clock proves early is cheaper than late

The three pillars reinforce each other. The mandate sets the deadline, HNDL explains why the deadline is real rather than nominal, and the clock proves that waiting makes the same work cost more. A committee that hears all three is being asked to avoid a foreseeable, larger, dated cost, which is the shape of request finance approves.

How do you quantify the loss you’re avoiding?

You quantify it the way the organization already quantifies any other cyber risk, by pairing the value of what’s exposed with the cost of the response, rather than inventing a quantum-specific number. The honest version of the business case doesn’t claim a precise dollar figure for a quantum breach, because nobody can date the breach. It sizes three things a board can act on:

  1. The exposure. Which data sets have a confidentiality lifetime that runs past the plausible arrival of a CRQC, and what a compromise of each would cost in regulatory penalty, breach notification, litigation, and lost trust. This is standard cyber risk quantification applied to the harvest-now surface.
  2. The compliance cost of missing the deadline. What it costs to be found non-compliant with the mandate that binds you, which for regulated entities can include supervisory findings, remediation orders, and reputational damage that lands well before any quantum computer does.
  3. The delta between acting early and acting late. The premium of a compressed, deadline-forced migration over a phased one, which is the clearest apples-to-apples number in the whole case, because it compares the same work done calmly against the same work done in a panic.

The move that keeps the case credible is refusing to overclaim. A board trusts a request that says “here is the data at risk, here is the rule we’re bound by, here is why starting now costs less than starting later” far more than one that asserts a fabricated breach probability. Loss avoidance framed against a deadline is defensible. A made-up expected-loss figure invites the one question that sinks the request, which is “how do you know.”

What does the memo that moves money actually say?

The memo that moves money asks for a small, concrete first step rather than the whole multi-year program, because a committee approves a scoped diagnostic far more readily than an open-ended commitment. The structure that works mirrors how any capital request is framed, and it’s the same spine as a good board briefing:

  1. The obligation, stated first. The specific mandate or regulatory expectation that binds the organization, with its date. This is the “why now” and it’s non-negotiable, so it leads.
  2. The exposure, sized honestly. The categories of long-lived data already exposed to harvesting, and what a future decryption of each would cost, in the organization’s own risk terms.
  3. The clock, made concrete. How long discovery and migration realistically take for an estate this size, so the deadline and the timeline can be laid side by side to show whether there’s slack.
  4. The ask, scoped small. A funded cryptographic inventory as the first phase, because you can’t budget a migration you haven’t scoped, and the inventory itself is the deliverable that produces the real, defensible cost estimate for the phases after it.
  5. The owner, named. Who is accountable for the program, because an unowned initiative doesn’t spend a budget even after it’s approved, which is the failure cryptographic ownership exists to prevent.

Asking for the inventory first is the least-risky request in the whole program and the one that unlocks every number after it. It converts “we need an unknown amount of money for a multi-year effort” into “we need a bounded amount to find out exactly what this will take,” which is a request a finance committee can say yes to without a leap of faith.

Where does the funding case connect to the rest of the program?

The business case is the front door to everything else, and it only holds up when it’s wired to the artifacts that produce its numbers. Discovery is both the first funded phase and the source of the real cost estimate, so the initial ask funds the very work that sizes the later asks. The board briefing is where the case is delivered, and it draws its authority from a named owner and a governance structure, since quantum readiness is a governance problem before it’s a technical one.

Cyber insurance intersects the case from two sides, as a partial backstop for residual risk and, increasingly, as a source of underwriting pressure that itself pushes migration up the priority list. And when the case asks a committee to weigh the cost of acting against the cost of a failure, who actually pays when cryptography fails is the ledger that makes the loss side concrete. The funding argument is the hinge that turns all of that analysis into an approved budget.

Common misconceptions

  1. “There’s no point funding this until a quantum computer exists.” Waiting for the machine is what makes the program late, because data harvested today is already exposed and discovery plus migration take years. The clock, per Mosca’s theorem, starts well before the CRQC arrives.
  2. “We need a hard breach-probability number or the board won’t fund it.” A fabricated probability is more likely to sink the request than carry it. Loss avoidance framed against a real deadline and a real exposure is the defensible case, and it’s the one finance actually prefers.
  3. “This is a security budget line, so security should fund it from its own pot.” The migration touches procurement, infrastructure, application teams, and vendor contracts across the organization, so treating it as a siloed security expense underfunds it and strands the owner without cross-functional authority.
  4. “We can fund the whole thing once, then it’s done.” Cryptography changes again after this transition, so the durable ask includes crypto-agility, which is the property that keeps the next change a configuration swap rather than another full program. Funding agility is funding the avoidance of the next forced sprint.
  5. “A big total number is the strongest way to ask.” The multi-year total often triggers sticker shock and delay. A scoped first-phase inventory that produces the real total is easier to approve and de-risks every request that follows it.

Questions people ask

What’s the single strongest argument for funding a PQC program? The mandate that binds you, stated with its deadline, because it converts the request from a discretionary security upgrade into a compliance obligation with a date. A deadline is the one thing that reliably moves a future risk to the top of a funding queue.

How do I make a future threat feel urgent to a finance committee? Anchor it to harvest-now-decrypt-later, which makes the loss present rather than future. Long-lived data crossing the network today in a quantum-vulnerable algorithm is being exposed now, even though the decryption happens later, so the clock has already started.

Should I ask for the full migration budget up front? Usually not. Ask for a funded cryptographic inventory as the first phase, because it’s the smallest, least-risky request and it’s the only thing that produces a real, defensible cost estimate for the phases after it. You can’t budget a migration you haven’t scoped.

How much does a PQC migration cost? There’s no single figure, and it scales with the size and complexity of the estate. The one large primary-source anchor is the U.S. government’s projection of about $7.1 billion in 2024 dollars to migrate priority federal civilian systems between 2025 and 2035. See What a PQC Migration Costs for the cost drivers and how to size your own.

Source: Office of Management and Budget, “Report on Post-Quantum Cryptography,” July 2024, OMB PQC Report.

Who should own the business case? A named accountable owner with cross-functional reach, not a role that can only task the security team. Per cryptographic ownership, an unowned program doesn’t spend its budget even after approval, so the memo names the owner as part of the ask.

Does cyber insurance cover the quantum risk, so we don’t need to fund migration? No. Cyber insurance is a partial backstop for residual loss, not a substitute for migration, and underwriters are increasingly asking about cryptographic posture, so a weak posture can raise premiums or narrow coverage. Insurance and migration are complements, and one is starting to price the other.

What if the deadline that binds us is years away? A distant deadline still favors starting now, because discovery and migration take years and a phased program spread across budget cycles is cheaper and calmer than a late sprint. The business case uses the distance as the reason to start, not the reason to wait.


Everything here is the map, given freely. When your team needs its exposure sized in its own risk terms, its mandate mapped to a fundable deadline, and a phased program a finance committee will actually approve, that’s the work I do. Request an alignment briefing.

Last verified 2026-07-14 · Maintained by Addie LaMarr, LaMarr Labs.