How are you socializing quantum-safe cryptography with your organization's leadership team? What’s your approach to the messaging around that given the complexity?

I would treat quantum-safe or post-quantum as a natural lifecycle of any security control, over the time it offer lower security margin thus the replacement must be planned. 

Using actual cryptographic attack risk may not always be successfull in gaining sponsorship due to ARO = 0 to date, thus the urgency can be debatable.

I would start by socializing what can go wrong if we don't plan for transition (compliance issue, interoperabiility, failing to meet standards, etc) also need to be emphasized that transitioning means not only changing config but how would the overall system supports the deprecated encrypted data (as old data already in backup). 

Transition is easy, ensuring smooth transition is hard. Deliberate multi-year planning is required.

Come up with the natural explanation that everything age, transition plan needed because new and old algo need to be operate in co-exist manner, and follow guidelines relevant to your countries such as NIST or BSI (if you're in Germany).

I’ve been framing the quantum-safe conversation around reducing data exposure first. Vaultless tokenization enables us to remove sensitive data entirely—no vaults, no key management, and nothing for a quantum attack to target. Since the tokens can’t be reversed without proprietary logic and context, it drastically limits the impact surface. That’s a lot easier for leadership to grasp than post-quantum algorithms, and it naturally leads into bigger discussions about crypto agility and long-term planning.