Post‑quantum threat climbs finance agenda
Experts warn quantum computing could break today's encryption and are urging accelerated adoption of post‑quantum cryptography across the financial sector. - The shift is framed as urgent: legacy crypto protections risk future retroactive exposure if adversaries harvest encrypted data today. (techtimes.com)
G7’s Cyber Expert Group published “Advancing a Coordinated Roadmap for the Transition to Post‑Quantum Cryptography in the Financial Sector” on 13 January 2026 to inform senior leaders, vendors, banks and financial market infrastructures about coordinated migration activities. (gov.uk) The Bank for International Settlements released BIS Paper No. 158, “Quantum‑readiness for the financial system: a roadmap,” on 7 July 2025, which prescribes cryptographic inventory, cryptographic agility and phased migration as core steps for financial firms. (bis.org) NIST finalized its first three post‑quantum encryption standards (published as FIPS 203–205) on 13 August 2024 and explicitly recommended organizations begin migrating to the new algorithms immediately. (nist.gov) NIST then selected the HQC scheme for standardization on 11 March 2025 and continues work on additional signature schemes including plans for FALCON in a forthcoming FIPS entry. (csrc.nist.gov) JPMorgan Chase has deployed a high‑speed “quantum‑secured crypto‑agile network” and signalled a dual remediation strategy that combines PQC and QKD in public technology briefings. (jpmorgan.com) The firm also published a supplier‑facing “PQC Transition Best Practice Recommendations” document (Version: October 2025) to steer vendor compliance and integration work. (jpmorganchase.com) Mastercard published a detailed 2025 white paper on migration to post‑quantum cryptography that compares PQC and QKD and outlines performance and migration considerations for payments systems. (mastercard.com) FS‑ISAC’s Post‑Quantum Cryptography Working Group has released guidance for the payment card industry urging coordinated, cross‑border migration planning and supplier vetting. (fsisac.com) Cloudflare reported on 28 October 2025 that a majority of human‑initiated traffic traversing its network was using post‑quantum encryption, marking an infrastructure milestone for widespread PQC availability. (blog.cloudflare.com) At the policy level, U.S. National Security Memorandum‑10 directs agencies to mitigate as much quantum risk as feasible by 2035, a federal target that industry and international roadmaps are aligning their migration timelines to meet. (bidenwhitehouse.archives.gov)
