Contrary to what it might look from afar, quantum-in-cyber risk is not solely about cryptography and quantum computers.

Let's delve into what shapes the risk profile of an application.

1. The first consideration is the IT component itself. (I deliberately use the term "IT component" as it includes systems, services, middleware, hardware, etc.). The review of a specific IT component should factor in not just the inherent risks but also the broader cyber context within which it exists. IT components are not stand-alone. An IT component exposure to quantum-in-cyber risk comes from two areas:

• Cryptographic components exposure to quantum computing

• Current cyber capabilities, such as Data Governance & Management, Network Protection & Data Loss Prevention, and Third-Party Risk Management. These areas shine a light on the potential exposure of sensitive data to malicious attempts.

2. The second consideration is the research of a quantum computing state. This involves probing the quantum technology arena, grasping its progression, and pinpointing the challenges it presents to existing cryptographic algorithms. The state of the quantum computing industry and attacking algorithm development together set the risk level.

• While we transition to scalable, fault-tolerant quantum computing, parameters like the number of physical qubits, noise, cross-talk, and the fidelity of 1-qubit and 2-qubit operations continue to evolve and should be factored in.

• Concurrently, attacking algorithms are continually refined to challenge encryption schemes, lessening the need for advanced quantum hardware.

3. This consideration concentrates on gauging a system's allure for Threat Actors, directly influencing the tied risk level. The process involves studying the panorama of potential Threat Actors based on their expertise and potential interest in the data managed by the specific IT component. Not all data holds equal allure and data with the lesser appeal can decrease the system's overall risk stature.

4. The forth consideration, which is closely linked with the previous one, zeroes in on data retention mandates. The longer the data's shelf life, the greater its allure for potential intruders.

5. Next - the system's adaptability. The task of system upgrades can vary vastly in complexity. Consider the distinction between actively maintained components in web applications and custom-built systems in obsolete languages. Factors like the intricacy of updates, timeframes, upgrade costs, and the potential incompatibility of vital integrations with post-quantum cryptography play into the risk profile.

6. And lastly - the remediation plan. Executing a remediation plan will take time on its own, but putting one together and, what is more importantly, getting funding can take considerable time, too. Factoring in prioritization amidst a sea of competing urgencies complicates matters.

So, these six considerations, systems' cryptographic stance and surrounding cyber measures, quantum computing state, attractiveness to attackers, data retention requirements, system's adaptability and remediation planning complexity, form a holistic view of the quantum risk profile of the system.