Disaster Recovery Journal Winter 2025

Imagine this: a single mouse is dropped into a massive, twisting maze. Traditional computers are like that one mouse—it must explore one corridor at a time, hit a dead end, backtrack, and try again. Eventually, after millions of years, it might find its way out. That’s why RSA and ECC encryption are secure today: the math is simply too big for one “mouse” to solve. Quantum computing shreds that limitation. Now picture a thousand mice dropped into the same maze, each exploring a different path simultaneously. In essence, every qubit acts like its own mouse. Quantum computers can send thousands— eventually millions—of qubits to explore all paths at once, collapsing into the correct solution almost instantly. That’s what superposition and entanglement make possible—testing every potential outcome at once and pinpointing the right one in record time. With just 4,000–6,000 stable qubits, a quantum computer could break 2048-bit RSA encryption in hours. This isn’t theory—it’s mathematics, and the math is advancing faster than most organizations care to admit. The Timeline: Closer Than You Think The Hudson Institute forecasts quantum breakthroughs by 2033. Other experts estimate a 50% chance by 2031. NIST rolled out its post-quantum cryptography (PQC) standards in 2024, and the NSA has already mandated national security systems use quantum safe algorithms by 2035. Organizations now have a five- to 10-year window to act. The data being intercepted and stored today is already compromised. It’s simply waiting in cold storage for quantum to catch up. Every month you delay adds another layer of vulnerable data to the pile. When that decryption day arrives, it’s not just new breaches you’ll face—it’s every breach and data interception you never knew happened.

active. Federal deadlines are in motion. Financial regulators are quietly probing for PQC readiness. Healthcare won’t be far behind. If you wait for the government to tell you it’s time, you’ve already lost the race. The Cost of Inaction: A Future You Can’t Afford Picture it: 2035. A nation-state achieves quantum supremacy. Ten years of encrypted emails, contracts, designs, and patient records—instantly decrypted. Strategic plans, board communications, and legal correspondence surface in the open. Competitors gain insight into M&A negotiations, regulatory strategies, and executive deliberations once thought private. Customers vanish. Regulators pounce. Lawsuits multiply. The board demands answers—not just for the breach, but for the years of warnings ignored. This isn’t science fiction. It’s the logical outcome of doing nothing. Final Words: The Countdown Is Real Resilience isn’t about backup tapes anymore. It’s about protecting trust, brand, and survival. The harvest is happening now. The decryption is coming soon. Quantum readiness isn’t about perfection—it’s about momentum. Get your team aligned. Get your vendors compliant. Start now—or explain later why you didn’t. v As senior director of advisory services at Everbridge, he leads consulting across governance, risk, compliance, cybersecurity, business continuity, and crisis management. Previously serving as chief risk officer, Hill identified more than $1.2B in risk exposures and guided boards through high-stakes investment and regulatory decisions. At Jack Henry & Associates, he resolved an FFIEC enforcement order seven months ahead of schedule while reporting directly to the CEO and board. A regular contributor to the Disaster Recovery Journal and frequent guest on industry podcasts including ByteWise, Hill explores emerging threats such as quantum cryptography, AI dependence, and Shadow IT. As founder of Resiliency Now, he’s known for cutting through compliance theater to deliver programs that actually work, helping organizations build real readiness—not just check boxes. John Hill, MBA, ITIL, CBCP is a board trusted executive leader with more than 25 years helping Fortune 500 companies, financial institutions, and SaaS organizations transform risk into resilience.

What’s at Risk: Secrets with a Shelf Life This isn’t about antivirus software or zero-day exploits. This is about your organization’s crown jewels being compromised retroactively. Healthcare, finance, research, government—all house data with lifespans measured in decades. If your data’s shelf life exceeds 10 years, quantum readiness isn’t optional. It’s existential. Action Plan: What Resilience and Continuity Pros Must Do Now 1. Cryptographic Inventory and Risk Assessment – Inventory every use of public-key cryptography. Map where encryption lives, who controls it, and how long data must remain confidential. 2. Migration to Post-Quantum Cryptography – Adopt NIST-approved standards (CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+). Hybridize classical and quantum-safe approaches. 3. Build Crypto-Agility – Design systems that can replace cryptographic algorithms without rewriting code. 4. Vendor and Supply Chain Management – Demand quantum readiness roadmaps. Bake PQC into SLAs. 5. Backup and Archive Protection – Re-encrypt legacy archives using PQC for high-value data. 6. Secure Communications and Infrastructure – Deploy PQC-enabled VPNs, TLS upgrades, and quantum-safe HSMs. 7. Modernize IAM – Transition to PQC supported certificates and authentication. 8. Governance and Awareness – Make quantum risk a board-level issue, not an IT issue. 9. Testing and Continuous Improvement – Run quantum breach tabletop exercises and refine yearly. Regulatory Pressure Is Coming—Fast The Quantum Computing Cybersecurity Preparedness Act is already

14 DISASTER RECOVERY JOURNAL | WINTER 2025