Quantum computing and the board: Managing risk, migration and opportunity - The Corporate Director Podcast

Summary7 min read

Podcast Summary

Episode Overview

Podcast: The Corporate Director Podcast
Episode: Quantum Computing and the Board: Managing Risk, Migration and Opportunity
Date: June 17, 2026
Host(s): Megan Day (Diligent), Kira Ciccarelli (Diligent Institute)
Guest: Dr. Aaron Kemp, US Quantum Leader for KPMG

This episode dives into the rapidly emerging topic of quantum computing, highlighting what corporate boards need to know about risk, security migration, and future opportunities as quantum technologies mature. Dr. Aaron Kemp demystifies quantum computing basics, outlines current and impending quantum-related business risks, especially in cryptography, and offers actionable guidance for directors unsure how to face these fast-approaching threats and opportunities.

Key Discussion Points & Insights

1. What is Quantum Computing? (03:38-06:20)

Quantum vs. Classical Computing:
- Classical computing uses bits (0s and 1s). Quantum computing uses qubits—quantum bits that can exist in superpositions of both 0 and 1, and can be "entangled" with each other.
- "Quantum computing is a new modality of computing leveraging how physics work at the quantum scale." (Dr. Aaron Kemp, 03:53)
- Not a replacement for all classical computers but specialized for problems where classical optimization has maxed out: portfolio optimization, pharma/drug research, materials science, and the traveling salesman problem.
Recent Breakthrough:
- Mention of 'quantum advantage'—milestone where a quantum computer has performed tasks a classical one cannot—achieved recently by IBM and Q-CTRL.

2. Quantum Computing Hype vs. Reality (06:20-09:51)

Timeline & Maturity:
- Divide quantum tech into two streams:
  a) Quantum security (post-quantum cryptography, PQC) – immediate board concern
  b) Quantum computing (business advantage) – more nascent, early adopter advantage
- Significant advancements have led to shifting migration deadlines for cryptography standards (now as soon as 2029, not 2035 as previously thought).
Urgency:
- Advances in algorithm development and error correction have accelerated expected arrival of cryptographically relevant quantum computers.

3. Quantum as a Boardroom Risk and Sector Impact (09:51-13:59)

Key Risks:
- "Boards are going to have the risk aspect of the data and what they're losing combined with mandates." (Dr. Aaron Kemp, 12:38)
- Direct cost of breaches expected to climb (current: $450–$500 per breached file).
- "Harvest now, decrypt later": Nation-states collect encrypted data now to decrypt when quantum computers become capable, making current—especially sensitive—data effectively at risk.
- Upcoming mandates from US Federal Government and CISA will drive migration.
- Anticipation that cyber insurers will soon require PQC migration for coverage.
Vulnerable Sectors:
- Financial data, internet transactions, credit card processing.
- Organizations with "technical debt" (legacy/old infrastructure) at greater challenge due to scale and cost of upgrades.

4. The Cryptography “Countdown” (13:59-16:58)

Algorithms at Play: Shor’s and Grover’s algorithms threaten today’s public-key encryption once sufficient quantum capacity is reached.
Practical Implications:
- Boards must understand data shelf life and prioritize migration for data that needs protection for multiple years.
- “What we think is going to happen in the future is now something we are having to plan for.” (Dr. Aaron Kemp, 15:54)
Timeframes:
- Key migration deadline potentially accelerated to 2029 due to reduced qubit requirements (from billions to under 100,000).
- Migration is a 10–12 year endeavor for large organizations; starting early is essential.

5. Board Questions and Oversight Best Practices (16:58-21:48)

Immediate Board Actions:
- Ask management/CISO: What is our quantum risk strategy? What is the cryptographic baseline?
- Understand migration roadmap and allocate resources proactively.
- Recognize scope: Not just a security/IT task but crosses into data governance, legal, contracts, vendor risk.
Governance Model Implications:
- Migration will be as disruptive as Y2K, but for cryptography (“Y2Q”).
- Ongoing engagement and familiarization with quantum-specific language and risks is crucial.
- International complexity: Conflicting regional mandates/timelines for multinational firms.
Quote: “This is the first time we're really going to have to migrate cryptography at this scale in a world where we've got Internet of Things, where we've got OT, where we've got our classical systems. And this is not a simple process.” (Dr. Aaron Kemp, 18:49)

6. Recommended Next Steps for Directors (20:10-21:48)

Start Now:
- “For me, it's start. Go ask the questions. Where is your organization? Have you done a cryptographic baseline?...Just getting into the space and starting is going to be key.” (Dr. Aaron Kemp, 20:19)
- Engage with working groups, industry peers, and continuous learning on quantum timelines and NIST/Federal guidance.
- Recognize and prepare for sudden timeline compressions as breakthroughs happen.

7. Looking Ahead: Boardroom Agility & Governance (22:14-23:09)

Agility Required:
- Boardrooms in 10 years will demand a level of agility not yet present—technology cycles (AI, quantum, others) are outpacing traditional quarterly governance.
- “The cycle is getting so rapid...meeting quarterly is no longer going to be enough.” (Dr. Aaron Kemp, 22:26)

8. The Governance “Vacuum” and Future Roles (23:16-24:08)

Gap in Guidance vs. Governance:
- Recent shift in recommended migration timelines revealed a lack of governance (“vacuum”): “We have lots of guidance but no governance, and cryptography...has never been out in the open and had a governance program built around it.” (Dr. Aaron Kemp, 23:49)
- Anticipates that organizations will need to design and staff robust cryptography governance programs.

9. Quantum Upside & Passion Projects (24:16-25:35)

Quantum’s Opportunity:
- Dr. Kemp highlights work using quantum computing in medical imaging—adapting enhanced satellite image analysis techniques to cancer marker detection.
- Reminder to keep focused on quantum’s potential upside, not just on risk: “Yes, we're going to go through 10 years of migration...But on the end we're also going to end up with a new compute modality that opens up a lot of things for us.” (Dr. Aaron Kemp, 25:05)

Memorable Quotes with Timestamps

On what quantum computing is—and isn’t:
“Quantum computing is a new modality of computing leveraging how things physics work at the quantum scale... You’re not going to be replacing your phone with a quantum phone.” (Dr. Aaron Kemp, 03:53–06:20)
On urgency and risk:
“Harvest now, decrypt later... if you have long shelf life data at an organization...if it’s being emailed around...is being taken offline and you can't get it back.” (Dr. Aaron Kemp, 08:35)
On conflicting guidance:
“We have lots of guidance but no governance... that's going to be something it needs going forward.” (Dr. Aaron Kemp, 23:49)
On boardroom agility:
“The cycle is getting so rapid... meeting quarterly is no longer going to be enough to keep up with the tech change cycle.” (Dr. Aaron Kemp, 22:26)
On why to start early:
“If you need to migrate...it’s going to take a large organization between 10 and 12 years...if you don’t start until the computer’s here, that’s 10 to 12 years of risk you’re living daily.” (Dr. Aaron Kemp, 16:14)

Actionable Takeaways for Boards

Start the Quantum Conversation:
- Initiate quantum risk discussions now—not wait until computers arrive.
Audit & Plan:
- Conduct a cryptographic baseline and inventory across the organization.
- Build and fund a migration strategy; engage the broad cross-section of leaders (IT, legal, risk, cyber, vendors).
Stay Informed:
- Keep up with NIST, federal, and industry-specific recommendations and timelines.
- Participate in working groups and raise issues early.
Integrate Quantum Risk into Routine Oversight:
- Make quantum risk reviews part of annual or semi-annual risk processes and connect them with related hot-button areas (cyber, AI, geopolitical risk).
Be Ready to Act:
- Be prepared for sudden shifts in technology maturity and compliance requirements—timeline advancements can be swift and significant.

Additional Reflections (Post-Interview)

The hosts reflect on the “gray rhino” nature of the quantum threat—visible and approaching, but often neglected until urgent.
The compressed migration timeline (2035 → 2029) is cause for heightened board awareness and preparedness.
Quantum risk should be framed as a scenario for annual risk reviews, closely tied with cyber, AI, and geopolitical developments.
The emerging question: Will boards increasingly need quantum expertise, as they did for cybersecurity?

Suggested Timestamps for Key Segments

Quantum Computing Overview: 03:38–06:20
Board-level Timeline & Risks: 06:20–09:51
Sector Impacts & Technical Debt: 10:15–13:59
Encryption Countdown: 13:59–16:58
Board Oversight & Governance: 16:58–21:48
Future of Boardroom Agility: 22:14–23:09
Governance Gaps: 23:16–24:08
Quantum’s Positive Potential: 24:16–25:35
Host Final Reflections: 25:47–30:31

Final Word:
Quantum computing presents both a potential risk and a transformative opportunity. Boards should act now to ensure they’re not caught unprepared. As Dr. Kemp advises, “Just getting into the space and starting is going to be key.” (20:19)

Loading summary

Transcript51 lines

[00:00]
A
Foreign. Welcome to the Corporate Director Podcast where we discuss the experiences and ideas behind what's working in corporate board governance in our digital tech fueled world. Here you'll discover new insights from corporate leaders and governance researchers with compelling stories about corporate governance strategy, board culture, risk management, digital transformation and more.
[00:35]
B
Hello and welcome back to the Corporate Director Podcast, the voice of modern governance. My name is Megan Day, strategy leader at Diligent and I'm joined by Kira Ciccarelli, Senior manager of Research at Diligent Institute. Kira, how are you today?
[00:52]
C
I'm pretty good, Megan, Happy to be here with you.
[00:55]
B
Well, we're going to dive right into it because we have. I mean, meaty is an understatement in terms of the topic today. We have a topic today that frankly I know nothing about, which is why I made you do this interview. And that topic is Quantum computing.
[01:12]
C
Well, I'm afraid we maybe weren't that much better off with me doing it because I, I also know next to nothing and I made that very clear to Aaron Kemp who we got the chance to interview about it. He, he thankfully knows a lot more.
[01:23]
B
Well, I think the reason why we wanted to talk about this and have Aaron on the show today is that there is some board level conversation starting to percolate around quantum computing. But I think boards are probably a lot like us. They're trying to understand what they need to know. What they need to know today versus what they might need to know three, four, five years down the line.
[01:51]
C
Yeah, absolutely. I remember several years ago we got a request from a Diligent friendly to ask some questions about quantum computing as part of our Director Confidence Index, which is our quarterly full survey of US public company directors. I want to say this was 2022 or 2023, and at the time I was like, I don't even know what that is. I doubt any directors do. And I don't know that we should even be asking about it. And it seems like that is changing in a big way.
[02:17]
B
Well, let's give this interview a listen.
[02:20]
C
Sounds good. Joining us on the Corporate Director podcast today is Dr. Aaron Kemp, US Quantum Leader for KPMG. Aaron, welcome to the show.
[02:35]
D
Thank you for having me. It's great to be here.
[02:37]
C
To start off, before we get into our interview topic for the day, could you introduce yourself to our listeners and tell us a little bit more about your background and your current role?
[02:46]
D
Absolutely. Aaron Kemp, I'm a senior director in our Enterprise Innovation Emerging Tech group. So we are responsible for figuring out what's coming down the line next and what boards and the C suite need to be thinking about technology wise. Currently I am leading our US Quantum computing group both in quantum security and quantum research. We are actively pursuing what's coming for the NIST migration and kind of the post quantum security requirements and also looking at what quantum computing is going to afford organizations as the computers come into their own. My background is very much in the cybersecurity realm. I spent a lot of time doing classified cybersecurity. I'm also a retired naval aviator, so I spent some time flying anti submarine helicopters before I found my way to quantum computing about eight years ago.
[03:39]
C
So for our audience who might not be familiar, maybe we should start by talking a little bit about what quantum computing actually is and how is it different from the types of computing that underpins most corporate technology today.
[03:54]
D
Yeah, that's a great question. I think it really is something to distinguish about quantum computing. I know there's a lot of hype in the market about what quantum is going to do. It's going to replace all our computers. And that's really not true. Quantum computing is a new modality of computing leveraging how things physics work at the quantum scale. And it is a new way of processing from what we traditionally call classical computing. So if you think bits that we're all used to, those zeros and ones that we've built everything around a quantum computer is fundamentally different. It has what we call a qubit, a quantum bit. And that becomes the methodology for processing. But those qubits have some really unique properties imbued on them. For from physics of they can be in a superposition which is where they're in a state where they can be 0, 1 or probabilistically anything in between those two. They can also be entangled with each other. So they one affects another. And that kind of superposition combined with entanglement provides us a different kind of compute power where the quantum computer is able to accomplish things that a classical computer theoretically can't. We interestingly just had quantum advantage, which is when a quantum computer does something that a classical computer cannot do, supposedly happen. IBM and another organization called Q Control announced that a couple weeks ago. So we are in this interesting area now where these computers with those kind of physics powers are doing work that a classical system cannot. But this does not mean that a classical computer is going away. You're not going to be replacing your phone with a quantum phone. You're not going to be replacing your laptop with a quantum computer. Quantum computers are very good for niche problems, for very small subsets of problems, things like portfolio optimization, drug research, chemical research, material science. The, the traveling salesman problem is actually one of the big ones that they think it's going to be good at. So not going to replace everything, but is really going to afford organizations the opportunity to perhaps move into areas where their current classical optimizations can't go any further because you run out of computing power. So long winded answer to a very different computer.
[06:20]
C
So you mentioned there's maybe a lot of hype around quantum computing both as an opportunity and a threat. And you're kind of saying, look, it's not going to replace all of the classical computing that we see currently. So where are we actually on the quantum timeline and what are some of the key developments in your mind over the next few years that boards should be watching the most closely?
[06:43]
D
So I think you have to divide quantum into two pieces when you talk about this. You've got the quantum security aspects of this, which is the post quantum cryptography and the current multiple migration that a lot of organizations are beginning. And then you've got quantum computing. So on the quantum computing side we are seeing algorithmic jumps. We're seeing that initial quantum advantage and we're really starting to see the research move into an actionable place where organizations can see gains by using a quantum computer. Probably still not mainstream enough to make it a part of a day to day organization, how they process, but really more of a it's time to begin researching and exploring because the early adopters will have advantage when those quantum computers get here. On the security side, it's a much different story. So our current cryptography, things like rsa, ECC are susceptible to a quantum computer through something called Shor's algorithm. We've known about that algorithm since 1994, but we didn't have the computers to actually implement it. And we are just beginning to move into the phase where our computers are at scale where we can do that. Organizations think that's going to happen sometime between 2028 and 2033. And that kind of puts a large amount of pressure on the board to go through this migration. We're seeing some key indicators from big players. In the last few weeks we've seen Cloudflare and Google come out and say what was originally a 2035 timeline for migration needs to now be 2029. And that is because of improvements in the error correction on the computers, improvements in our algorithms and how we implement them. As we begin to explore a new compute space and really A convergence of the technologies. So I think the pressing issue for boards when you say quantum will be on the security side first because this is going to be a risk that organizations are going to have to handle. It's going to affect things like cybersecurity and cyber insurance for your organizations. But there's also something called Harvest now, Decrypt later, where Internet traffic, traffic that's flying around right now that is encrypted with the current standards is being captured and taken offline. And that's being done by nation states with the intention to decrypt it at a later date when the computers catch up and we're able to see that power. So if you have long shelf life data at an organization, things like your IP or HIPAA or pii, that data, if it's being emailed around or sent around the Internet, is being taken offline and you can't get it back. So we do have kind of imperative because of some data leakage and what's going on to begin the migration. NIST has finalized the three standards already. There will be more to follow. And those standards allow organizations to start exploring how they're going to function in this new post quantum world. So you've kind of got this security aspect that's going to be driven by mandates and governance over the next few years and then you've got this opportunity with quantum computing where organizations will be able to optimize better and explore new compute areas.
[09:52]
C
Okay, a lot to unpack in there and I've definitely got some follow up questions. So you touched on it briefly, but maybe just talk a little bit more about why quantum computing is emerging as a risk issue specifically for the board. And then again, I think you touched on it briefly, but what kinds of business models or sectors do you think are the most exposed to quantum related disruption?
[10:15]
D
That's a great question. I think for boards it's going to come down to the cost of breaches. If you look at the breaches that we've seen over the last few years, I think the last number I SAW is between 450 and $500 per file in a breach. With quantum able to break the cryptography that we're using to protect a lot of that, that puts a clear and present danger on that data now. And as boards are looking at the data, they're controlling that key information to the organization. That's going to become a big problem if they're losing that. We're also starting to see the mandates catch up to that. There is some federal government Mandates, beginning for the Department of War and federal civilian, where they're going to have some timelines to migrate. We've got CISA starting to put out some timelines for migration. So we think there's going to be a drive from the government side to really begin to get this migration underway and get these risks secured. And obviously, once the government starts moving, anybody that does business with the government will need to migrate as well. So they can continue to do that and be compliant with how the military and how the federal government is doing security, because eventually it will become a. You won't be able to connect and talk with each other because you won't have the appropriate algorithms to decrypt. So it'll be something that is driven over the next couple of years. But I think cyber insurance plays a big part of this, too. There's going to be a point where cyber insurance companies begin to say, hey, if you haven't done this post quantum migration and you're breached, we're not going to be responsible for that. There's been ample warning that this is coming. There's been ample standards put out there, so you need to begin these migrations. Your next question about which groups I think are most susceptible? I think you have to take that in two positions. I think you've got a what data is the most susceptible? Where I see financial data, Internet transactions with credit cards. That kind of data is usually the key stuff that people want to get a hold of. They want to get a hold of those transactions, the credit card numbers, et cetera, and leverage that for whatever reason. But the flip side of that is those organizations that have a lot of technical debt, where we've kept those older computers, those older mainframes, where we're running outdated software, outdated hardware that could put significant strain onto an organization as they try to upgrade, as they realize how much equipment they're going to have to replace to get this migration done if it's not capable of being migrated. So I think boards are going to have the risk aspect of the data and what they're losing combined with mandates. And then on the other side, they're going to have this hardware issue of how much do we have to get rid of, how much do we have to upgrade, what is that going to cost and how do we balance all this? And I think the hard part about PQC is the date is not set. We don't know when that cryptographically relevant quantum computer is actually going to come onto the market. We don't know when it's going to be there. We may not know if it's a foreign adversary. That may be something we are never told and we find out at a later date. So there's a lot of risk, there's a lot of opportunity, but it's something boards are going to have to really begin to prioritize of. How long are we, I know nobody wants to be early, but how long are we willing to wait to begin to protect our data? And if we do have a lot of infrastructure that needs to be replaced and everybody decides to replace all their infrastructure in 2028, 2029, how long does it take you to get a firewall or a load balancer or VPN if all of a sudden the supply chain is inundated with requests? So there's a lot going on that boards need to begin piecing together and understanding what a roadmap looks like through this.
[13:59]
C
One of the bigger concerns that you mentioned is the potential for quantum computers to break today's encryption. What are some of the practical implications for boards to think about in terms of data protection and confidentiality?
[14:12]
D
Yeah, so this is an interesting one of we have two algorithms. We have Shor's algorithm and Grover's algorithms. And both of these algorithms are they need a quantum computer to work. So the good news is we've got quantum computers. Yes, but we don't have them at a scale big enough to implement these algorithms to where our data is at risk. Yet that harvest now decrypt later threat puts current data at risk that is offline. But as that data runs out, if it expires or it doesn't have to be secured for five years, you're probably okay. It's that longer shelf life data, but it's also a day to day operations. Then as these computers come online, we know this cryptography is susceptible to attack. We know how it works mathematically. We just need the computer to implement it. It's actually been described as no longer a theoretical problem, it's just an engineering problem. So as we get over these engineering humps and that is rapidly accelerating, there are some roadmaps out there for some quantum computing companies right now that show us hitting the threshold we need qubit wise in 2028. I think most people agree RSA will probably be broken somewhere between 2029 and 2033. Now that doesn't mean everything's broken at once. This isn't a key to everything. That'll be a long process. It'll probably take two, three days to break a single email, but that's that proof of concept that the algorithm works and then it becomes an issue of scalability. So there is this ticking clock that boards need to kind of have an understanding of. What we think is going to happen in the future is now something we're having to plan for. And if you'd asked me 10 years ago how many qubits we were going to need, it was going to be over a billion. And if you ask me how many qubits we need now, through some recent Google papers and some other people doing some research, we're under 100,000 qubits. So we've had this significant decrease in the requirements, what we're going to need out of the computers. And this is all still theoretical. I think that's important to highlight of this all works mathematically, but we've not done it on a quantum computer. But it's that risk coming of if you need to migrate, you know it's going to take a large organization between 10 and 12 years to migrate and you don't start until the computer's here. That's 10 to 12 years of risk that you're living daily. So beginning now, starting to understand what it's going to take, getting a roadmap in place allows you to move at a slower pace, be more direct in how you do things, more intentional, and really get the roadmap built out correctly. So the organization is acquiring the right equipment, doing the right steps and ending security. The end of this.
[16:58]
C
So this is kind of a dizzying concept to wrap your brain around, I think. And the majority of people and the majority of directors are not quantum experts. Right. So what are the most important questions you think boards should be asking management and the CISO today about quantum risk and what does good oversight look like
[17:20]
D
at this point, I think a board needs to ask what is the strategy? I think the CISOs have got their strategies, they're beginning to lay that out of what is our strategy to get from where we are today to what PQC resistant looks like in three, five, seven years, Whatever that migration timeline ends up looking, boards are going to obviously hold the oversight on that. They're going to need the updates, but they're also going to need to be proactive in funding what the CISOs are going to need. And I also think it's important boards understand this is not just a security problem. This is going to touch your data governance. This touches your cio, this touches your legal, this touches contracts, it touches your third party vendors. It's a much bigger thing when you Start thinking about everywhere cryptography is in our day to day lives and in our systems. It's something we really need to be proactive in. And the boards are going to need to understand that this may be bigger than they understand at first, but starting to get familiar with the vernacular, starting to understand the terms that are being used with this, starting to understand why your CISO is asking you for that additional funding, why they're looking for bodies to begin this migration. One of the hard parts of this migration is going to be for 45 years, cryptography has existed in the background. It is something we make the key bigger, the computer gets bigger, we make the key bigger, everything's fine and we move forward. And this is the first time we're really going to have to migrate cryptography at this scale in a world where we've got Internet of things, where we've got ot, where we've got our classical systems. And this is not a simple process. It's amazing all the cryptography that's out there and it's very much akin and you may have heard, or somebody may have heard it said Y2Q. They are very much associating this with the Y2K. And I think that's a great association because this is a technical problem. We understand the problem, we understand how to do it. It's just getting the organization moving, Committing to a very big project that you don't have proof of an end date is hard. There are a lot of challenges with AI and AI security and all the things we have going on in that space. So to get aboard to dedicate resources, money, time, personnel to this project can sometimes be a hard sell as it doesn't seem as pressing, but it is real, it's coming. I think you're going to see the governance and the mandates follow very soon and that will drive that. So the boards are going to have to be aware of both the governance structure requirements, especially international. We're seeing a lot of governance that's conflicting, different timelines, different dates. So if you're an international organization, you may also have conflicting regional and global challenges.
[20:11]
C
So before we pivot to our final three questions here, do you have any best and final thoughts for corporate directors on quantum computing?
[20:19]
D
For me, it's start go ask the questions. Where is your organization? Have you done a cryptographic baseline? Have you started to talk about what our strategy is going to look like? There's a lot of, lot of good guidance out there that has been put out on what this migration is going to look like, where Are the first steps big companies really starting to come together and say, hey, this is what we think are going to be the challenges. This is where we're seeing problems. Get involved with some of these working groups that are out there where you can come and put your hand up and say, we found these problems. How are you addressing them? Is it unique to us? Is this an industry issue? Financial services has some great stuff out there now. They've put a lot of really good guidance, as they are probably going to be one of the key attackees. They will be seeing a lot of the attacks coming their way. So I think just getting into the space, starting to understand the timelines, getting an idea of what's changing in quantum, making that a part of your weekly or monthly discussion of what is the status of Quantum, where are we at on the migration? What is NIST guidance? What is federal guidance? And making sure that you're moving along with it. There's going to be challenges, there's going to be timeline slips, jumps. We've seen the 2035 timeline. Now we've got organizations saying 2029, you know, so everybody that thought they had seven, eight years, now all of a sudden you've got three. So those breakthroughs could change really quickly. And I think getting into the space and starting is going to be key.
[21:49]
C
Yeah, I think that's great advice. I am struck by how neatly this fits into one of the things we've been hearing a lot from directors this year at Diligent, and that's this idea that the quarterly board meeting isn't going to cut it anymore, and we need to maybe move to more continuous modes of governance and oversight. And this definitely seems like one of those areas where it would behoove directors to move to that sort of system.
[22:14]
D
Agreed.
[22:15]
C
We've got a couple questions here that we like to ask all of our guests before we end the show. First one, I'll ask you, what do you think will be the biggest difference between boardrooms today and 10 years from now?
[22:27]
D
I think boards are going to have to have a level of agility they do not have now. The technology is changing too fast. We're seeing new AI updates almost monthly. We're seeing new breakthroughs monthly agentic AI quantum computing coming online. We've got Neuromorphics coming down the road. There's thermodynamic computing. There's all these new methodologies coming. And the cycle is getting so rapid that, like you just said, meeting quarterly is no longer going to be enough to keep up with the Tech change cycle of something that may have not been a problem six weeks ago is now a problem just because of a breakthrough. So I think they've got to become more agile and understand that the technology is almost driving faster than we can react.
[23:09]
C
Right. What was the last thing you read, watched or listened to that made you think about governance in a new light?
[23:16]
D
The paper that came out recently really made me think about the governance coming up on moving that date from 2035 to 2029 and the recommendations coming from big players out in the space of we don't have the governance in play right now to mandate that organizations begin the migration. So we are in a almost governance vacuum. We have lots of guidance but no governance and cryptography, because it has always been kind of a back room thing, has never been out in the open and had a governance program program built around it. And that's going to be something it needs going forward of what does your cryptography program look like? How do you become cryptographically agile and what does that mean to your organization? So there's a lot of design to be done and a lot of new roles and new things that need to be thought through for an organization to be secure.
[24:08]
C
We'll be sure to link to that paper in the podcast notes for this episode.
[24:12]
D
Excellent.
[24:13]
C
Final question. What is your current passion project?
[24:16]
D
I have been working a lot in the quantum computing side recently and we are beginning to tailor one of our we did some work with enhanced satellite recognition use or enhanced data recognition from satellite imagery using multispectral data, and we think that's going to be adaptable to cancer research. So we are trying to adapt that research to be able to identify cancer markers in pictures, which I think is just amazing. If we can go down that road and really take quantum and solve a problem, I think it would be phenomenal. There's a lot of negative hype around quantum right now with the quantum risk. And I think everybody forgets there's a lot of opportunity on the other side of this. Yes, we're going to go through 10 years of migration and difficulty and costs and new governance and all these things. But on the end we're also going to end up with a new compute mallet modality that opens up a lot of things for us. And I want to keep people's eyes focused on the good part of this as well.
[25:17]
C
Yep. Like with any technological advancement and that's fascinating.
[25:20]
D
Yeah. Anything can be good, anything can be bad. This is one where I think the bad we're aware of we Work through it. We solve it as a problem, it is a technical problem. Build a roadmap, solve it, and then we can get into what can we do with this to make things better.
[25:35]
C
Great. Well, that wraps up this episode. Aaron, thanks so much for joining us.
[25:38]
B
Thanks.
[25:39]
D
Thank you for having me. It was a pleasure.
[25:48]
B
All right, thanks for that, Kira. I feel slightly smarter about quantum computing, but man just shows the scope, a breadth, depth of what board members need to grapple with today.
[26:01]
C
Yeah, absolutely. I left that interview and my head felt very physically heavy. There was a lot of new information to consider. And, I mean, to me, the quantum computing issue specifically for the board is just the definition of a gray rhino where you can see it and it's a couple years out into the future. One of the things that Aaron said that scared me a little bit was this idea that the timelines for these capabilities being scaled and broadly available to folks has been shortened from like a 2035 timeline out to 2028 or 2029. So the fact that it's shortening sort of exponentially and it might be here a lot quicker than we think was definitely cause for pause.
[26:49]
B
Yeah. And I do think it gives again, though, it opens up a bigger conversation just about how boards need to think about risk and preparedness in a world in which truly disruption is happening at every corner. And so whether it's quantum computing or something else, how do you ask the right questions and frame conversations in the boardroom so that you feel like you not only necessarily a good understanding, it's not necessarily about the physics of it all, but that, again, you are from framing risks in the right way and protecting what needs to be protected without maybe even losing some of the upside that comes along with some of this new technology.
[27:36]
C
Yeah, definitely. And I think, though, the catch 22 is that this is something where Aaron pointed out they know how the math is going to work. I think theoretically, what quantum computing can do, we know that part of it, or at least we have a pretty good understanding of what it's going to be able to do. The problem is just having the actual computers themselves and the equipment catch up with what we now know is theoretically possible. That's still a little bit of a ways away, it sounds like. And I think what my big takeaway from this interview was is the idea that I don't know that given the environment we're currently in, if boards are going to have the luxury to take the sort of preparedness steps that they need to be taking right now, it's a luxury to be able to look at something that we know is not going to be a problem for another two or three years and start thinking about it now. There are so many other issues that are so urgent and so pressing, and I think we've seen that a lot in the last few years that I think, while the advice is good and it's something the boards probably should be starting to think about and ask questions about now, I don't know that they have the time.
[28:54]
B
That's a really, really great point. It. It might be worth framing as part of a broader, you know, annual risk review or semiannual risk review, you know, just to think about a number of different things in this space and understanding just the strategic implications if things mature faster than already expected.
[29:17]
C
Yeah. And I think also looking at how quantum then hooks into a lot of the other issues that are super pressing for directors right now might be a good way to do it. So things like geopolitical risk, things like the current cybersecurity landscape, because obviously quantum capabilities are going to play into that. How does it kind of hook in with AI deployment, things like that?
[29:37]
B
Yeah. It might be also a great topic to have an outside expert come in and spend, you know, a half a day, a couple of hours with the board thinking about how it relates to your particular sector or industry and your organization in a deeper way.
[29:50]
C
Yeah, I think that's a really practical point. Part of me just felt really bad by the end of the interview, saying to our audience, and here's one more thing that you now have to think about, just as if the current agenda wasn't really quite challenging enough for you.
[30:05]
B
Well, let's see if the next. The next conversation we have in a year or so is, do you need a quantum computer computing expert on your board of directors?
[30:14]
C
I was thinking that same thing. We've seen it cycle so many times, and I guess in a way it might look a little bit like the conversation about, do you need a cyber expert on your board? Because I do think the quantum question really ties the most closely to cybersecurity implications. But, yeah, I'm sure that'll be the next thing.
[30:32]
B
Oh, man. Well, that wraps up another episode of the corporate director podcast, the voice of modern Governance. We'd like to say, say a couple of special thank yous first to our Quantum computing expert, Dr. Aaron Kemp. You gave us a lot to think about. Podcast producers and today's great interview. Kira Ciccarelli, Steve Clayden and Terry Thierry. Our sponsors, kpmg, Wilson Cincini and Meridian Compensation partners and most especially to Diligent. If you also serve on a nonprofit or public sector board, tune into our sister Diligent podcast, Leading with Purpose for expert conversations on governance, risk and compliance that makes an impact for mission driven organizations. Thanks for listening.
[31:21]
A
You've been listening to the Corporate Director Podcast. To ensure that you never miss an episode, subscribe to the show in your favorite podcast player. If you'd like to learn more about corporate governance and tools to help director do their job better, visit www.digent.com. thank you so much for listening. Until next time.