Quantum computing threatens several common encryption standards and protocols underpinning the world’s digital systems, but this will not occur until a fault-tolerant quantum computer with adequate performance is built. Chief information security officers (CISOs) nonetheless need to track the risks of quantum technologies today as currently encrypted data could be stored with vulnerable encryption and attacked later. Security and risk (S&R) professionals should read this report to assess their organization’s quantum risk exposure over the next several years and build the competence required to communicate and mitigate the risk.