As the era of quantum computing approaches, the foundations of digital security are under threat. Modern cryptographic systems that maintain the confidentiality, authenticity and integrity of data and digital signatures will no longer be secure once a cryptographically relevant quantum computer exists.
For sectors like finance and banking, where the security of records underpins global trust and stability, this presents a critical challenge. Quantum-enabled attackers could decrypt sensitive communications, forge digital signatures and compromise important legal documents.
Fortunately, organizations do not have to respond to abstract risk scenarios or uncertain timelines given that they now have concrete milestones to guide them in their journey to the era of cryptographic assurance.
With the US National Institute of Standards & Technology (NIST)’s post-quantum cryptographic standards now in place, the phase out of quantum-vulnerable algorithms is possible and is anticipated to occur in the next 10 years. Such standards provide the compliance and technical foundation for proactive planning today.
Crypto-Procrastination: Why Action is the Best Policy
“Crypto-procrastination” refers to widespread hesitancy to start actions towards the transition to quantum-safe cryptography and improving cryptographic management in organizations.
The term describes how organizations are delaying action on quantum-safe cryptography, due to three main reasons: underestimating the impact of the risk and the associated compliance requirements, misunderstanding the challenges of the transition and treating quantum threats as too distant to merit action.
Part of the challenge lies in the fact that quantum security remains poorly understood across many organizations, making it difficult to elevate as a strategic priority. To act decisively on quantum safety demands a certain depth of knowledge.
Further, with CISOs pressed by immediate threats such as ransomware or nation-state cyber activity, longer-term quantum milestones can seem too distant. This disconnection contributes to inertia at the exact moment when forward planning is most essential.
The longer organizations delay, the greater the risk of compressed implementation timelines which can strain resources, inflate costs and reduce the quality and security of outcomes.
By starting now, institutions can spread investments, integrate changes into regular update cycles, and engage in coordinated sector-wide planning. The advantage is not just risk reduction—it’s long-term resilience, smoother compliance and more informed, cost-effective decision-making.
Navigating the Quantum Security Timelines
Encouragingly, the evolving conversation around quantum timelines, once characterized by speculation, is now giving way to clarity and strategic foresight. While academic debate continues, it has helped raise awareness and sparked productive dialogue within industries.
Many organizations are beginning to recognize that preparing for post-quantum security is not about reacting to an imminent threat, but about building long-term resilience in a measured, standards-aligned way. This shift in mindset is already paving the way for collaborative planning and innovation.
And we do have a certain milestone: Post-quantum cryptography standards are already available and in widespread use (for instance, in web browsing to major search engines), and the end of life of the quantum-vulnerable cryptography has been set between 2030 and 2035.
The need to transition has become a compliance requirement supported not only by standards, but also by sector-specific regulations like the EU’s Digital Operational Resilience Act (DORA) and PCI-DSS, capturing growing attention from financial supervisors like the Monetary Authority of Singapore and the Bank of Israel.
Impact on the Financial Sector
Financial institutions are vulnerable to quantum threats as they depend on cryptography to secure their operations. Customers rely on cryptographic tools to securely authenticate, communicate, and sign documents—all essential to daily financial operations.
The same mechanisms protect the operations among financial institutions in markets, wholesale operations, etc.
"Without post-quantum cryptography, the financial ecosystem—from online banking to secure payments—faces serious cybersecurity risks"
A successful quantum attack could compromise transaction integrity, allowing hackers to disclose financial information, manipulate payments, forge digital signatures and bypass authentication mechanisms.
Without post-quantum cryptography, the financial ecosystem—from online banking to secure payments—faces serious cybersecurity risks. As quantum computing advances, financial institutions must accelerate efforts to implement quantum-resistant cryptography, ensuring their systems remain secure and resilient for the post-quantum era.
The consequences of these types of breaches extend far beyond individual institutions, posing a systemic risk to global financial stability. As noted in the World Economic Forum’s quantum security white paper, proactively addressing quantum risk is essential to maintaining financial stability and public trust as digital infrastructure evolves.
Quantum Readiness: the Role of Standards Bodies and Regulation
The transition to quantum-safe cryptography cannot happen in silos. Cross-sector roadmap alignment is essential. Through collaborative platforms that bring together academia and industry experts, these organizations, including ETSI, are shaping the technical foundations and policy frameworks needed to support a quantum secure future.
The financial sector, supervisors and regulators are putting the spotlight on mature cryptography management practices. Existing regulations, such as DORA or PCI-DSS, require organizations to prevent future challenges to cryptography.
Financial sector organizations, like the Europol Quantum Safe Financial Forum or FS-ISAC, are driving collaboration initiatives to share best practices and coordinate efforts. The global, interconnected and interoperable nature of the financial ecosystem sets the need for a strong global alignment in the sector at large on the priorities and timeline to implement the transition.
Given the financial sector’s high level of interconnectivity, a synchronized migration strategy would streamline the transition by addressing key bottlenecks, including:
- Fragmentation: Misaligned strategies due to organizations adopting different approaches
- Prolonged reliance on outdated cryptography: The need to maintain legacy cryptography to accommodate slower adopters
- Duplicated effort: Wasted resources as companies independently solve the same challenges without knowledge sharing
A global action plan is essential to prevent crypto-procrastination and ensure an orderly transition. The global financial system must build a cohesive, strategic roadmap toward a quantum-secure economy today.
Leadership in a Standards-Led Era
The good news is the that the roadmap to a quantum-secure economy is clear and anchored in emerging standards that make implementation achievable today. By adopting quantum-safe cryptographic solutions, financial institutions can adapt to evolving standards, protect sensitive assets, mitigate security risks and reinforce customer trust before quantum-enabled attacks become a reality.
Proactive action ensures long-term resilience, regulatory compliance and the continued integrity of global operations. Financial organizations will be able to take control of their futures, ensure resilience and uphold trust as they navigate tomorrow’s quantum threats.