The Monetary Authority of Singapore (#MAS) recently issued a memorandum directed at bank CEOs, highlighting the cybersecurity #risks posed by #quantum #computing. 

This communication underscores the essential steps recommended to mitigate such risks. However, I want to focus on the target audience of the communication. Traditionally, it's common for such broad communications to be directed at CEOs; however, the unique nature of quantum-related cybersecurity risks justifiably demands the attention of top-tier stakeholders.

The role of a CEO encompasses the ownership of various risks, including financial, reputational, cybersecurity and others. Yet, it's often observed that the significance of cybersecurity is underappreciated at the executive level. There are understandable reasons for this. 

Typically, risks that do not directly impact financial stability are prioritized lower. The more removed an event is from causing a direct financial loss, the lower its perceived priority. Cyber incidents could or could not happen and may or may not lead to a financial loss, whereas on the opposite side, credit risk, for example, has a direct financial consequence. CEO has limited resources and dedicates attention to high-priority items only. Cyber risks, in many cases, are considered below that threshold and are presented to senior stakeholders as aggregated items or within other risks.

Despite the common practice of delegating risk management, accountability remains non-transferable. The significance of risk dictates the level of engagement required from those at the top; the more substantial the potential impact, the greater the need for direct involvement from senior stakeholders. This principle is especially true for high-risk concerns, where oversight cannot afford to be obscured within broader risk categories.

However, the risk associated with quantum computing within the cybersecurity domain stands out due to its potentially extreme impact. Therefore, directly engaging CEOs in the management of this risk is not only appropriate but necessary, acknowledging the serious recognition the issue demands.

https://www.mas.gov.sg/-/media/mas-media-library/regulation/circulars/trpd/mas-quantum-advisory/mas-quantum-advisory.pdf