
Sign up to save your podcasts
Or


In this episode of the Entropy Podcast, Francis Gorman sits down with Darren Bender, a Texas-based attorney, chief legal officer, and co-founder working at the intersection of law, IT, and post-quantum cryptography.
The conversation explores a question many boards, legal teams, and security leaders are only beginning to face: when quantum computers threaten today’s encryption, who becomes liable for doing nothing?
Darren breaks down post-quantum negligence in practical terms, explaining why “we didn’t know” may not be a credible defence for much longer. From Harvest Now, Decrypt Later attacks to board minutes, data shelf life, migration timelines, DORA compliance, procurement decisions, and third-party liability, this episode reframes quantum readiness as more than a technical challenge.
It is a governance issue. A legal exposure issue. A fiduciary duty issue. And potentially, a future courtroom issue.
Key Takeaways
Soundbytes
“Quantum risk is moving from the server room to the boardroom.”
“Harvest Now, Decrypt Later may become Harvest Now, Litigate Later.”
“The question is not just whether encryption breaks. It is who knew, who acted, and who documented the decision.”
“In a future lawsuit, the paper trail may matter as much as the technology.”
“Cryptographic procrastination is not a strategy.”
“Doing nothing may be the most expensive decision a board ever makes.”
“Post-quantum readiness is not a light switch. It is a long fuse with a big boom at the end.”
“If your data still has value when quantum arrives, your risk clock has already started.”
“DORA can be a treasure trove or a minefield. It depends what your records show.”
“Your vendors may hold the keys, but your organisation may still hold the liability.”
“Quantum readiness is no longer just about algorithms. It is about governance, accountability, and foreseeable harm.”
“The courtroom may become the place where quantum risk finally gets priced.”
By Francis GormanIn this episode of the Entropy Podcast, Francis Gorman sits down with Darren Bender, a Texas-based attorney, chief legal officer, and co-founder working at the intersection of law, IT, and post-quantum cryptography.
The conversation explores a question many boards, legal teams, and security leaders are only beginning to face: when quantum computers threaten today’s encryption, who becomes liable for doing nothing?
Darren breaks down post-quantum negligence in practical terms, explaining why “we didn’t know” may not be a credible defence for much longer. From Harvest Now, Decrypt Later attacks to board minutes, data shelf life, migration timelines, DORA compliance, procurement decisions, and third-party liability, this episode reframes quantum readiness as more than a technical challenge.
It is a governance issue. A legal exposure issue. A fiduciary duty issue. And potentially, a future courtroom issue.
Key Takeaways
Soundbytes
“Quantum risk is moving from the server room to the boardroom.”
“Harvest Now, Decrypt Later may become Harvest Now, Litigate Later.”
“The question is not just whether encryption breaks. It is who knew, who acted, and who documented the decision.”
“In a future lawsuit, the paper trail may matter as much as the technology.”
“Cryptographic procrastination is not a strategy.”
“Doing nothing may be the most expensive decision a board ever makes.”
“Post-quantum readiness is not a light switch. It is a long fuse with a big boom at the end.”
“If your data still has value when quantum arrives, your risk clock has already started.”
“DORA can be a treasure trove or a minefield. It depends what your records show.”
“Your vendors may hold the keys, but your organisation may still hold the liability.”
“Quantum readiness is no longer just about algorithms. It is about governance, accountability, and foreseeable harm.”
“The courtroom may become the place where quantum risk finally gets priced.”