Most organisations lack clear ownership of cryptographic decisions. With post-quantum cryptography (PQC), this becomes an urgent risk: migration takes years, regulations are tightening, and decisions have long-term business impact. This interactive session focuses on why PQC fails when treated as a technical upgrade rather than a governance and IT operating model challenge. Participants start with an IT capability card and a live poll that reveals fragmented ownership. Using a realistic cryptographic change scenario and an IT capability map, they explore how one decision impacts architecture, development, operations, and vendors. PQC is positioned as a stress test for operating models, shifting the focus from algorithms to decision-making under uncertainty and crypto agility. Participants will leave with: – A clear mental model of cryptography as an operating model responsibility – Practical insight into governance and decision making – A clear way to explain PQC governance to boards and regulators
