How exposed are you to 'harvest now, decrypt later' quantum attacks?

The 'harvest now, decrypt later' threat means adversaries copy encrypted traffic today and decrypt it once quantum computers arrive. This paper derives a mathematically grounded formula for that exposure risk, showing it factorizes into a temporal hazard, a cryptographic vulnerability term, and an operational exposure term that interact multiplicatively — not additively. That matters practically: popular additive risk-scoring frameworks miss the cross-term entirely, meaning they can't correctly identify which systems to prioritize defending first.