Sales Teams · Free Tool
Twelve questions across seven scored dimensions produce an Opportunity Score and Sales Priority Tier for any PQC prospect. No account required. All processing happens in your browser. Results appear on this page when the assessment is complete.
Post-quantum cryptography (PQC) replaces the public-key and signature algorithms that classical and quantum adversaries can break. The transition is mandated by NIST FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA), published in 2024. For sales professionals working in quantum security, the challenge is not explaining why PQC matters. It is identifying which prospects are at the right stage of awareness, urgency, and technical maturity to convert, and knowing what to say to each of them.
This tool calculates an Opportunity Score (0 to 100) for a PQC prospect. Seven sub-scores feed the calculation: Cryptographic Exposure, Data Longevity, Trust and Signing Infrastructure, Regulatory Pressure, Migration Complexity, Buyer Maturity, and Commercial Readiness. Four Sales Priority Tiers map to Opportunity Score ranges: Awareness Only (0 to 30), Qualified Lead (31 to 55), High-Value Consulting Lead (56 to 80), and Strategic Transformation Lead (81 to 100).
This tool is a sales triage instrument, not a technical security assessment. It tells a salesperson how strong the opportunity is, what the prospect's primary problem type is, and what to say first. Scoring runs in your browser. Results appear on this page after step 12. No email, name, or company details are transmitted or stored.
Quantum Security Defence does not collect, associate, or retain your name or your company name when you use these tools. All information is stored only for the duration of the browser session.
We collect only anonymised score data. This information cannot be associated with you or your company. Such anonymised data may be used for industry-level reporting, incorporated into our research, and provided to government departments to support lobbying activity and the communication of industry readiness.
By using this tool, you consent to the provision of results data on a strictly anonymised basis. No personal name, email address, or company name is stored.
Country determines applicable regulatory frameworks and compliance timelines. Required for sector-level benchmarking.
Country is recorded anonymously for industry-level reporting only.
Sector determines the organisation's baseline regulatory exposure and which talk track is most relevant. Financial services, defence, government, and critical infrastructure operators face the earliest and most specific compliance obligations. Sector also sets the commercial context for the results: the dominant regulations and standards that apply to this prospect are drawn from the sector selection.
The Industry selection is required and recorded anonymously. Your industry may impact your score. Be sure to choose your nearest industry category.
These optional fields appear on your results for reference. They are not scored.
Not recorded. Only used to label your results within this browser session.
Not recorded. Only used to create your PDF report in the browser session.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
Size is a proxy for migration complexity and commercial potential. Larger organisations have broader cryptographic surface area, more legacy systems, and more interconnected infrastructure. They are also the source of the highest-value structured migration engagements. Smaller organisations may have simpler estates but limited internal capability and budget.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
Examples include patient records, intelligence files, intellectual property, legal contracts, financial histories, and personal identity data. This is the primary indicator of Harvest Now, Decrypt Later (HNDL) exposure: a well-resourced adversary collecting encrypted traffic today to decrypt once a cryptographically relevant quantum computer becomes available. Current encryption is not broken. The risk is prospective and depends on how long the data must remain confidential and when a capable quantum computer might exist.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
Regulatory pressure is the strongest commercial driver in PQC sales. Heavily regulated sectors face the earliest compliance deadlines under NIST PQC standards, NIS2, and sector-specific mandates. A highly regulated prospect may already be under audit pressure and actively seeking a qualified vendor rather than needing to be convinced that PQC matters. Critical national infrastructure operators face the most demanding and time-sensitive obligations.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
Legacy systems include mainframes, older operating systems, hardware security modules purchased before 2020, or any system where cryptographic libraries cannot be updated without significant operational disruption. Legacy infrastructure is the single biggest predictor of migration complexity. High complexity creates high commercial potential for structured, multi-phase migration programmes. An organisation with a large legacy estate will need structured programme support, not just a product.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
High vendor dependency means the organisation cannot complete its PQC migration until those vendors act. Cloud providers, enterprise software platforms, and hardware suppliers must upgrade their cryptographic implementations before the organisations that rely on them can migrate. This changes the migration strategy fundamentally. The immediate commercial need is vendor readiness scoring and supplier questionnaire frameworks: tools that let the organisation document, track, and pressure its supply chain.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
A CISO signals two things: the organisation takes security seriously enough to invest in it, and there is a named decision-maker who owns this problem. A partial security function often signals a security manager trying to build internal credibility and board visibility, which creates appetite for tools that produce board-ready reports and documented risk baselines. An organisation with no dedicated security function will need the conversation framed around compliance obligation or procurement risk rather than technical security.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
The conversation driver is the strongest signal of commercial urgency. A compliance or procurement requirement creates an external deadline the organisation cannot ignore. Board concern or an incident creates internal urgency. General awareness is the weakest driver: the prospect knows the problem exists but faces no pressure to act immediately. Understanding the driver before the conversation tells you which product to lead with and how to frame the commercial case.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
Executive awareness determines where the sales conversation can go. Without board awareness, a CISO who wants to buy may not be able to secure budget approval. Actively investigating is often the most commercially productive state: urgency is acknowledged, no solution has been selected yet, and the prospect is in the market. Budget already allocated signals that the conversation is about vendor selection, not problem education.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
Maturity level determines which product to recommend first. An organisation with no awareness needs educational tools before any technical assessment is useful. An organisation that has completed a cryptographic inventory is ready for migration prioritisation and implementation support. Maturity also signals likely conversion speed: a prospect already in active migration is much closer to a purchasing decision than one at early awareness.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
QSECDEF Advisory
The QSECDEF advisory team works with PQC sales professionals on prospect qualification, engagement structuring, and proposal development. A 30-minute conversation covers the prospect's specific exposure and what a credible first engagement proposal looks like.
