Nobody Can Tell You What PQC Migration Costs. Here’s How to Get Budget Anyway.

Introduction

A CISO I work with recently described the moment her PQC program died the first time. She had spent three months building a business case. She had the regulatory context, the HNDL threat narrative, the competitive positioning. She walked into the CFO’s office with a polished deck. The CFO asked one question: what will this cost us?

She could not answer. Not because she was unprepared. Because the information needed to answer did not exist. Cryptographic infrastructure has never been separately costed in any organization I have worked with. It sits inside development budgets, infrastructure budgets, operations budgets, and vendor contracts, with no line item that says “cryptography.” The CFO asked a follow-up: how much are we spending on cryptography today? She could not answer that either.

The CFO did not say no. The CFO said “come back when you have a number.” She could not produce a number. The program stalled for six months.

Tim Williams, a PQC advisory consultant, correctly diagnosed this dynamic in a recent working paper: cryptographic infrastructure suffers from a three-dimensional opacity (cost, asset, and risk), which means neither CISOs nor CFOs can construct the cost baseline that capital allocation requires. His diagnosis is accurate. The field does not yet have enough data from completed migrations to build a reliable top-down cost model. Anyone who gives you a confident total program number before you have completed discovery is guessing.

But CISOs cannot wait for a perfect cost model. Regulatory deadlines are already set. The budget request has to go in now. This article explains how to build one that your CFO will approve, with enough specificity to be credible and enough honesty about uncertainty to survive the first quarterly review.

I have previously written about how to frame PQC as a budget opportunity by positioning quantum readiness as the lever that funds overdue security improvements. That article covers the political strategy: nine benefit buckets (regulatory compliance, asset discovery, cryptographic debt cleanup, crypto-agility, supply chain governance, data governance, talent attraction, stakeholder confidence, and AI security alignment) that make the business case for PQC investment independent of Q-Day predictions. Those framing arguments matter. They determine whether the CFO sees PQC as a cost center or an investment. Read that article before your CFO meeting.

This article covers the mechanics: what numbers to put in the budget request, how to phase the spending, what line items to include, and how to handle the questions that follow.

The Ranges Approach: How to Be Honest and Credible Simultaneously

The single biggest mistake CISOs make in PQC budget conversations is presenting a single number. The second biggest mistake is saying “I don’t know, I need to do discovery first.”

CFOs do not expect precision for a multi-year program that has never been done before. They expect structured thinking about ranges, assumptions, and uncertainty. They deal with imprecise estimates constantly: M&A valuations, R&D pipelines, market forecasts. What they cannot work with is a blank space where the number should be or a single point estimate that will obviously be wrong.

The approach that works is a three-range model. For each cost category, present a low estimate (optimistic assumptions, everything goes smoothly), a central estimate (realistic assumptions based on comparable programs), and a high estimate (conservative assumptions accounting for the cost traps described later in this article). The range narrows over time as discovery provides measured data, and you show the CFO which assumptions drive the spread.

This framing accomplishes three things. It demonstrates that you understand the uncertainty rather than hiding it. It gives the CFO a planning envelope rather than a single number they know is wrong. And it creates a natural mechanism for refining estimates at each stage gate: “discovery reduced our range from $15-40M to $18-25M because we now know the certificate count and application complexity distribution.”

The rest of this article provides the cost categories and indicative ranges for each. Your numbers will depend on organization size, IT estate complexity, regulatory environment, and how much foundational work (asset inventory, certificate management, vendor governance) already exists.

What You Can Estimate Before Discovery

Some costs do not depend on what discovery finds. They can be estimated now, budgeted in the first funding request, and started immediately. CISOs who present these alongside the discovery budget demonstrate to the CFO that the program has been thought through beyond “give me money to figure out the scope.”

Program governance and leadership

A PQC migration program of the kind I described in my 120,000 Tasks analysis requires dedicated program leadership from day one. The governance overview describes the structure: an accountable executive, a program office, and a steering committee. The costs are knowable before discovery because they are a function of your organization’s size and governance model, not of your cryptographic estate.

A dedicated PQC program director (or equivalent senior hire/contractor): $250K-$400K annually for a large enterprise, including benefits and overhead. This person cannot be the CISO doing PQC on the side. If the program office is one person juggling PQC on Fridays between SOC escalations, you do not have a program office.

Program office support (2-4 additional FTEs for planning, reporting, and coordination during year one, scaling to 3-8 during migration): $400K-$1.2M in year one. Steering committee and board reporting infrastructure (dashboards, KRI development, governance documentation): $50K-$150K in setup costs. External advisory (architecture review, regulatory compliance guidance, cryptographic engineering consultation): $200K-$500K in year one.

Awareness and training

The board needs a quantum threat briefing before it approves the mandate (I cover the content and format in the board governance article). Senior leadership needs to understand what PQC migration means for their functions. Application development teams need to understand crypto-agility principles before they start encountering PQC requirements in their work. Security operations teams need training on the PQC algorithms and their operational characteristics. I have written about the full skill stack needed for quantum readiness.

Board and executive briefing development and delivery: $20K-$50K. Specialized cryptographic engineering training for the core team (external courses, certifications, or intensive workshops): $50K-$150K. Broader security team and developer awareness program: $30K-$100K. This work can start in parallel with everything else and should not be deferred.

Initial vendor engagement

Before discovery tools are deployed, you need to notify your critical vendors that a PQC migration is coming. This is not a contractual negotiation (that comes later, as described in the vendor governance article). It is an initial signal: “We are beginning PQC planning. We will need to understand your cryptographic implementations and your migration roadmap. Please designate a point of contact.”

Some organizations hold a vendor conference or webinar to do this at scale. Others send a structured questionnaire to their Tier 1 vendors. Either way, there are costs: event logistics or questionnaire development ($10K-$30K), internal coordination to identify and tier the vendor list ($20K-$50K), and follow-up management ($30K-$80K over the first six months). These are modest amounts, but they start the vendor timeline clock, which is critical because vendor lead times are often the longest dependency in the program.

Pre-discovery total

Program governance, awareness, and vendor engagement in year one, before the first discovery tool is deployed: $1M-$2.5M for a large enterprise, $250K-$700K for a mid-size organization. These costs are estimable with reasonable confidence today because they depend on your organizational structure, not on the size of your cryptographic estate.

The Discovery Budget

Discovery is the phase that produces the data needed to estimate everything that follows. Its own costs can be estimated with reasonable confidence because the scope is bounded: scan the organization’s IT and OT estate, identify every instance of public-key cryptography, classify each instance by algorithm, key size, protocol, certificate lifecycle, and owning business unit, and produce a Cryptographic Bill of Materials (CBOM) comprehensive enough to plan the migration.

Asset inventory foundation

Most organizations discover during PQC planning that they do not have a comprehensive IT asset inventory. Cryptographic discovery tools need something to scan against. If that foundation does not exist, building it is the first cost, and it is the most commonly underestimated line item in PQC programs.

One organization I am aware of purchased a $150K cryptographic discovery tool, deployed it, and then realized they had no asset inventory for the tool to scan against. They spent $2M building the asset inventory before cryptographic discovery could begin. Others spent $5M on a manual, interview-based cryptographic inventory (I wrote about why that approach fails) only to discover the results were incomplete enough to be unusable.

If your organization has a mature, comprehensive IT asset inventory: budget $0 for this line item. If it does not (and most do not): $500K-$2M for a large enterprise, $100K-$500K mid-size.

Cryptographic discovery tooling and deployment

Commercial cryptographic discovery and inventory platforms range from $100K-$500K in license and deployment costs for a large enterprise. The cryptographic inventory vendors I have assessed vary in capability, coverage, and maturity. Some scan network traffic for cryptographic protocols. Some analyze application code. Some integrate with certificate management platforms. None of them cover everything.

Deployment is where costs surprise people. In a production environment with strict change management, deploying a new network scanning tool or agent-based discovery platform requires testing, security review, change approval, and phased rollout. Some organizations I have worked with required a full production-equivalent sandbox environment to test the discovery tooling before approving it for production deployment. That sandbox alone cost $200K-$500K to provision and maintain.

Budget for the tool ($100K-$500K), deployment effort ($100K-$300K for a large enterprise including sandbox provisioning and testing), and integration work to feed results into a central CBOM ($50K-$150K).

Discovery team staffing

The tools do the scanning. People do the analysis, classification, validation, and the manual discovery work for systems that automated tools cannot reach (OT environments, embedded systems, legacy applications with no network exposure, vendor-managed services where you depend on the vendor for cryptographic visibility).

A discovery phase in a large enterprise typically requires 5-15 people (a mix of internal staff and contractors) for 6-12 months. The team includes a discovery lead, cryptographic specialists who can interpret scan results and classify risk, application analysts who map cryptographic usage to business systems, OT specialists if the organization has operational technology, and a vendor liaison who coordinates Tier 1 vendor assessments.

For a large enterprise: $1.5M-$3M in staffing costs for a 6-12 month discovery phase. For mid-size: $300K-$1M.

Vendor assessment costs (discovery-specific)

Discovery is not only internal. You need cryptographic visibility into your vendor-managed systems, which means developing and administering readiness questionnaires, and for Tier 1 vendors, conducting more detailed assessments. Where existing contracts do not include cryptographic disclosure rights, contract amendment costs apply (I cover this in detail in the vendor governance article).

Vendor assessment during discovery: $50K-$200K. Contract amendments for Tier 1 vendors: $100K-$500K in legal costs.

Discovery phase total

For a large enterprise, the discovery phase budget (excluding the pre-discovery governance and awareness costs covered above) typically lands in the $2M-$5M range. For mid-size: $500K-$1.5M.

These numbers are higher than most CISOs expect. Discovery is almost universally underestimated, and I have never seen a program where the initial discovery budget proved too generous.

Building the Full Program Estimate

Here is where “I need to do discovery first” fails as a CFO strategy. The CFO needs a directional total, even if it is imprecise. You need to provide one, with explicit assumptions that you will refine.

Anchoring the range

Two reference points help bound the estimate.

The White House Report on Post-Quantum Cryptography projected the total government-wide PQC migration cost at $7.1 billion over 2025-2035 for a population served of roughly 335 million. That works out to approximately $21 per person served. Applied to your organization (using customer count or employee count as the scaling proxy), this produces a top-down sanity check. For a financial institution serving 2 million customers with a financial services complexity multiplier of 1.5x, the implied range is $50-$65M. That is a very rough anchor, not a budget, but it gives the CFO a reference frame.

The IT budget percentage approach provides a second anchor. Major infrastructure transitions historically consume 8-15% of the IT budget over the transition period. For an organization with a $100M IT budget running a 5-year PQC migration, that implies $8-15M per year or $40-$75M total. These two anchors tend to converge within a factor of two for organizations of similar complexity, which is useful for giving the CFO a directional range.

The three-scenario table

Present the CFO with a table that shows three scenarios with explicit assumptions. Here is an illustrative example for a large enterprise (10,000+ employees, 200+ applications, $100M IT budget):

Assumptions driving the range: The optimistic scenario assumes the organization has a mature asset inventory, a modern cloud-native architecture with abstracted cryptographic calls, a limited OT footprint, and cooperative Tier 1 vendors. The conservative scenario assumes poor asset visibility, a large legacy estate with embedded cryptography, significant OT exposure, and vendor dependencies that require workarounds or substitution. The expected scenario assumes a typical large enterprise with a mix of modern and legacy systems.

Explain to the CFO: “The range is wide because we have not yet completed discovery. Discovery will tell us where on this spectrum we fall. The year-one ask ($3.5-$7.5M covering governance, awareness, vendor engagement, and discovery) is the investment that narrows this range. I will return after discovery with a refined estimate and a phased migration plan for board approval.”

What makes this credible

Three things prevent the CFO from dismissing these ranges as guesswork.

First, the ranges are tied to specific assumptions that the CFO can evaluate. “Optimistic assumes we have a mature asset inventory. Do we?” The CFO can check with the CIO. If the answer is “not really,” the optimistic scenario becomes less plausible, and the CFO’s mental anchor shifts toward the expected or conservative end.

Second, the IT budget percentage cross-check provides an independent validation. If the expected scenario represents 7% of the IT budget over five years, and the CFO knows that comparable infrastructure transitions (ERP, cloud, Zero Trust) consumed 8-12%, the number passes a basic reasonableness test.

Third, you are asking for a bounded year-one commitment, not the full program. The year-one budget is specific and defensible. The out-year estimates are ranges that refine at stage gates. The CFO approves $3.5-$7.5M now, not $35M.

Migration Budget Categories (After Discovery)

Once discovery is complete, you have organizational data to build detailed estimates. The categories below provide the structure for translating discovery outputs into a phased migration budget. I covered the full task taxonomy across these categories in my 120,000 Tasks analysis; here I focus on the cost implications.

Infrastructure migration

PKI infrastructure rebuild: new CA hierarchy supporting hybrid and PQC certificate issuance, certificate rotation across the estate, CRL and OCSP infrastructure updates for larger PQC signatures. HSM upgrades or replacement: PQC-capable firmware, FIPS 140-3 validated modules (the validation process alone takes 12-24 months and costs $50K-$200K per module submission), key ceremony and provisioning. Network encryption: TLS configuration updates, VPN gateway firmware, load balancer certificate management. Identity and access management platform updates.

These are predominantly CapEx items.

Application migration

This is the largest and most variable cost category. Application code changes to support PQC algorithms and hybrid modes range from $50K for a modern microservice with abstracted cryptographic calls to $500K+ for a legacy system with embedded cryptographic logic. The 120,000 Tasks article breaks applications into four complexity tiers. Multiply your application count per tier by the per-application cost range and you have a defensible estimate for this category.

The scope cascade is the primary risk: organizations that scope PQC as “migrate the algorithms” discover mid-program that algorithm migration is 10-20% of the total. The rest is application refactoring, integration changes, data format updates, and regression work.

Testing and validation

Integration testing across the migrated estate. Performance testing (PQC algorithms produce larger keys and signatures, with measurable impacts on latency and throughput). Regression testing for every migrated system. FIPS 140-3 module validation where required. Penetration testing of hybrid and PQC-only configurations.

One organization I worked with found that testing consumed 40% of their total migration budget, against an initial estimate of 15%. Budget testing as 25-40% of application migration costs, not 10-15%.

Vendor coordination

Contract amendments, vendor migration tracking, escalation management, and potential vendor substitution evaluation for non-cooperating Tier 1 vendors. See the vendor governance article for the full treatment.

Hybrid operations

Running classical and post-quantum cryptography in parallel for the multi-year transition period. ML-KEM public keys are roughly 37x larger than their classical equivalents. This affects TLS handshake performance, certificate storage, HSM key slots, and network bandwidth. Maintaining two cryptographic stacks has ongoing operational costs (monitoring, staffing, incident response for both) that are rarely present in initial estimates.

OT and IoT

If your organization has operational technology or IoT devices, these represent a separate cost category with different constraints: long device lifecycles, limited firmware update capability, safety-critical change management, and vendor dependencies that may extend beyond any reasonable migration timeline. I covered the OT problem in detail in the 120,000 Tasks article. For budgeting purposes, treat OT and IoT as a separate migration workstream with its own cost estimate produced during discovery, not as a percentage of the IT migration cost.

The Six Cost Traps

Six patterns consistently inflate PQC budgets beyond initial estimates. Building awareness of these into your budget presentation signals to the CFO that you have thought beyond the optimistic case.

The discovery trap. Organizations that budget for discovery as a tool purchase ($100-200K) learn it is actually a program ($2-5M). The asset inventory foundation, the sandbox provisioning, the manual discovery for systems automated tools cannot reach, and the vendor assessment work are all costs that appear only after the first tool deployment reveals how much the tool cannot see.

The scope cascade. Organizations that scope PQC as “migrate the cryptographic algorithms” discover mid-program that algorithm migration is 10-20% of the total cost. The remaining 80-90% is application refactoring, vendor coordination, testing, re-certification, organizational change management, and hybrid operations overhead. My enterprise migration timeline analysis showed that planning quality can swing timelines by several years.

The vendor timing mismatch. Your migration timeline and your vendors’ timelines rarely align. When a critical vendor cannot deliver on your schedule, you either wait (extending the program) or build a workaround (which costs more and may need replacement later). Budget a vendor contingency line item.

The hybrid operations tax. Running two cryptographic stacks simultaneously for years has ongoing operational costs that persist for the entire transition period and are rarely present in initial estimates.

The redo multiplier. Every PQC program I have worked on has required at least one significant redo of a completed phase. Based on what I have observed, the post-discovery migration estimate will absorb a 1.5-2x multiplier over the program’s lifetime. Present this to the CFO as managed contingency, not as uncertainty.

The budgeting structure trap. How you structure the PQC budget (standalone CapEx, OpEx absorption, distributed across BUs) determines whether the program gets funded or starved. I covered the three models and their failure modes in the governance overview. The recommended model: a ring-fenced program budget with CapEx and OpEx components, approved by the board.

Structuring CapEx and OpEx

CFOs work in CapEx and OpEx. If your budget request does not clearly separate the two, it will get sent back for rework.

CapEx: HSM hardware. PKI infrastructure rebuild. Application code changes (capital development). Network encryption hardware. Cryptographic discovery tooling (if purchased). Integration and testing infrastructure.

OpEx: Program office staffing. External advisory. SaaS-based discovery and monitoring tools. Hybrid operations overhead. Training. Vendor assessment and contract amendment legal costs. Certificate lifecycle management.

A rough split: 60-70% CapEx / 30-40% OpEx during active migration phases, shifting to 20% CapEx / 80% OpEx during the steady-state hybrid operations period.

Present the budget as annual cash flows over the program’s planned duration (typically 5-7 years for a large enterprise). The CFO needs to see the spending profile year by year, not a lump sum. If your CFO requires net present value, apply the organization’s standard discount rate.

Preparing for the CFO Conversation

The CFO’s questions are predictable. Prepare specific answers for each, rehearse them, and bring supporting data.

“What’s year-one spend?” The pre-discovery costs (governance, awareness, vendor engagement) plus the discovery budget. For a large enterprise: $3.5M-$7.5M. This is your most defensible number because every line item has a specific scope and deliverable. Lead with this number, not the total.

“What’s the total?” Present the three-scenario table. Explain the assumptions. Point to the IT budget percentage cross-check. Be explicit: “I am giving you a range because no organization has completed a full PQC migration. Discovery will narrow this range. I will return after discovery with a refined estimate for board approval.” CFOs hear “I don’t know the total yet” as a problem. They hear “I have a structured range with explicit assumptions and a defined process for refining it” as competent program management.

“What happens if we wait two years?” This is your strongest card. Regulatory deadlines are already set: FIPS 140-2 deprecation in September 2026, CNSA 2.0 procurement gate in January 2027, EU target of high-risk system migration by 2030. A two-year delay does more than shift the spending forward. It increases the total cost because the same work must be done in a shorter window with less flexibility, and extends Harvest Now, Decrypt Later exposure for every additional month.

“What’s the risk if we don’t do it at all?” Regulatory non-compliance (DORA, CNSA 2.0, proposed NIS2 amendment). Potential credit rating implications (Moody’s has explicitly linked quantum computing to creditworthiness assessment). Cyber insurance coverage gaps (Lloyd’s war exclusions under LMA5567 may apply to nation-state quantum attacks). Competitive disadvantage when clients, partners, and regulators begin requiring PQC readiness attestation.

“Can’t we just wait for vendors to handle it?” No. I wrote about why PQC readiness is not just a vendor problem. IBM found that 62% of executives were waiting for vendors. Those vendors do not have visibility into your cryptographic estate and have no incentive to prioritize your timeline.

“Why is the contingency so high?” Because no organization on earth has completed a full PQC migration. Every program surfaces costs that were not scoped. Present a base estimate and a realistic range, propose gated funding with stage-gate reviews where actuals are compared against estimates, and offer to adjust the remaining budget at each gate. A CFO who understands that the contingency is deliberate and managed will accept it. A CFO who discovers mid-program that the budget was built on optimistic assumptions will not.

“What do we get even if Q-Day never comes?” This is where the benefit buckets from the CISO budget article earn their keep. PQC migration forces comprehensive asset discovery, improves certificate lifecycle management, eliminates legacy protocols, and strengthens vendor governance. The CFO is funding PQC migration and, through it, a set of security improvements the organization should have made years ago. Even in a scenario where a cryptographically relevant quantum computer takes 20 years to arrive, the organization gets immediate value from the foundational work.

Presenting the Budget Request

Pull this together into a format the CFO already recognizes from other multi-year capital programs.

One-page executive summary. The regulatory driver (which deadlines, which consequences). The program approach (governance and discovery first, then phased migration with stage-gate reviews). The year-one ask (specific line items). The total program range (three scenarios with assumptions). The governance mechanism (who the accountable executive is, how progress is measured through board-level KRIs).

A detailed budget. Annual cash flows over 5-7 years, separated into CapEx and OpEx, with contingency shown as a separate line (not buried in other categories). Year one should be fully detailed with specific line items. Years two through seven should show category-level estimates with explicit ranges that narrow after each stage gate.

A risk section. Cost of delay analysis. Regulatory non-compliance consequences. The six cost traps and how the program structure mitigates each. The benefit buckets from my CISO budget article reframed as investment returns independent of Q-Day timing.

The governance structure. Who the accountable executive is. How the steering committee operates. What the stage-gate review process looks like. How progress is measured and reported to the board.

Start with What You Can Estimate

The cost question has an honest answer: you do not yet know the total, and neither does anyone else. What you do know is what it costs to get started (governance, awareness, vendor engagement), what it costs to build visibility (discovery), and what comparable programs have cost at organizations of similar size and complexity (the anchoring references). Present all three in a structured range with explicit assumptions, ask for year-one funding, and commit to refining the estimate at defined stage gates.

Discovery will narrow the range. Each migration phase will narrow it further. By year two, you will have actual data from your own program to project the remaining costs. By year three, the CFO will have enough confidence in your estimates to stop questioning the methodology and start asking about the schedule.

The PQC Migration Framework provides the structured methodology. The Getting Started Deep Dive walks through the lifecycle. Quantum Ready covers the full picture.

Get the program moving. The cost model improves by doing the work, not by waiting.