On 7 February 2025, Europol hosted a Quantum Safe Financial Forum (QSFF) event, during which the QSFF issued a call to action for financial institutions and policymakers, urging them to prioritise the transition to quantum-safe cryptography.
With the rapid advancement of quantum computing, the financial sector faces an imminent threat to its cryptographic security.
This transition presents both a challenge and an opportunity to enhance cryptographic management practices across the industry.
During the event, representatives from leading organisations discussed the need to urgently address the transition and the challenges industry peers, vendors, policymakers, and society are facing.
A sufficiently advanced quantum computer has the potential to break widely used public-key cryptographic algorithms, endangering the confidentiality of financial transactions, authentication processes, and digital contracts.
While estimates suggest that quantum computers capable of such threats could emerge within the next 10 to 15 years, the time required to transition away from vulnerable cryptographic methods is significant.
A successful transition to post-quantum cryptography requires collaboration among financial institutions, technology providers, policymakers, and regulators.
The forum recommended that financial institutions and policymakers prioritise the transition to quantum-safe cryptography and actively support its implementation.
Coordination among different stakeholders will be key, ensuring alignment on their planning, roadmaps, and the concrete implementation of the transition to PQC, as well as establishing common goals and a shared view of the requirements to achieve them.
There is no need for additional legislation; a voluntary framework established between regulators and the private sector would be sufficient to set guidelines for quantum-safe cryptography and promote standardisation across institutions.
This transition presents an opportunity to enhance cryptography management practices. A forward-looking framework for cryptography management is needed.
Promote collaboration, knowledge sharing and fostering a cohesive approach across jurisdictions at a global scale. This means encouraging the industry, including private and public sector actors, to partner up in the context of quantum-safe experiments, projects, Points of Contact and other initiatives.
The QSFF warns of the increasing risk posed by ‘Store now, decrypt later’ (SNDL) attacks, where malicious actors collect encrypted data today to decrypt it in the future using quantum computing.
Sensitive financial information, including long-term investment strategies and confidential agreements, could be compromised if urgent security measures are not taken.
These challenges have been identified by Europol and presented in the First Report on Encryption, published by the EU Innovation Hub, and The Second Quantum Revolution report, published by Europol’s Innovation Lab.
Although these reports focus on the law enforcement perspective, some synergies can also be applied to the financial industry.
Governments and regulatory bodies worldwide have begun addressing the quantum threat by introducing major regulatory acts in Europe, the United Kingdom, the United States and Singapore.
Despite these efforts, a 2023 survey of 200 financial sector leaders found that 86 per cent of organisations feel unprepared for post-quantum cybersecurity. Additionally, 84 per cent anticipate adopting quantum-safe solutions within the next two to five years.
The QSFF urged financial institutions, vendors, and policymakers to take immediate steps towards a quantum-safe financial ecosystem.
The QSFF emphasised that action should be taken promptly to protect the industry from significant risks, financial losses, and reputational damage.
