How pioneering public-private collaboration in the financial sector can help secure its quantum future
Advances in quantum computing are increasing the likelihood of quantum security threats. Image: Getty Images
Charlie Markham
Senior Associate, Emerging Tech & Research, Data Technology & Innovation, Financial Conduct Authority- Recent advances in quantum technology are bringing the economy closer to realizing its trillion-dollar value add to the global economy.
- With progress comes risk, and global collaboration is essential to harnessing quantum benefits while mitigating quantum security risks.
- The World Economic Forum and Financial Conduct Authority (FCA) have created award-winning tools that guide industry and regulators toward a secure quantum transition.
Recent advancements in quantum computing have raised the technology’s role as a disrupter, significantly increasing the potential for actors in the financial sector to gain a competitive edge.
Quantum technology promises breakthrough capabilities in algorithmic methodology such as portfolio optimization, Monte Carlo simulations and complex calculations, fueling projected investment growth from $80 million in 2022 to $19 billion by 2032.
An increasing number of collaborations and research and development highlight financial services as a first mover in quantum computing. For example, JPMorgan Chase and PayPal are using IBM Quantum, to research optimization problems related to fraud detection.
The benefits to the sector are clear, including improved computation and modelling, with the potential to revolutionize the industry.
At the same time, these technological advancements are accelerating the likelihood of quantum security threats materializing. Financial institutions are acutely aware of potential risks, with threats like “Harvest Now, Decrypt Later” – where attackers harvest data now and store it for when they can decrypt it with quantum computing ability – posing immediate and long-term challenges to data security.
Furthermore, expert forecasts and government advisories urge industry stakeholders to proactively adopt robust encryption and global regulatory frameworks to ensure readiness for an anticipated heightened quantum threat by 2035.
The Forum’s Quantum Economy Network and the Financial Conduct Authority (FCA) are leading initiatives such as the Emerging Technology Research Hub to advance quantum governance and security.
Through public-private partnerships and frameworks, we are setting cross-industry standards, inviting global collaboration to address quantum-era cybersecurity risks and fostering resilience in financial infrastructures worldwide.
Our white paper, Quantum Security for the Financial Sector: Informing Global Regulatory Approaches, which lays out the guiding principles and roadmap for a quantum-secure financial industry, has been acknowledged by Central Banking in their 2024 FinTech RegTech Global Awards.
Jeremy Jurgens, managing director at the Forum, said the award “is a testament to the importance of public-private cooperation and international dialogues in developing forward-leaning approaches to ensure resilience across the sector.
“We commend the leadership of the Financial Conduct Authority on this important issue and look forward to partnering with other sectors to develop similar approaches to enable a secure transition to the quantum economy.”
Global consensus and coordinated action on quantum security
As part of this programme of work, we have united key stakeholders – regulators, central banks, industry leaders and academic experts – to develop tools that support organizations in mitigating these emerging risks.
This initiative fosters critical global dialogue, aiming to build regulatory clarity and create interoperable frameworks for quantum security. Coordinated roundtables and discussions have enabled the exchange of insights and best practices, helping align diverse approaches to quantum cybersecurity across jurisdictions.
This collaborative groundwork is essential to secure and responsibly unlock quantum technology’s transformative potential.
Since this work, several significant developments have occurred to move the needle on a quantum-secure transition in the industry. The European Union (EU) has also issued a memorandum recommending a coordinated approach to Europe’s transition to quantum-safe digital infrastructure.
Most recently, on 25 September, the Group of Seven Cyber Expert Group recommended action to combat financial sector risks from quantum computing. They stated:
“No matter where entities are in their adoption timelines, the G7 CEG strongly encourages financial authorities and institutions to begin taking the following steps to build resilience against quantum computing risks:
1. Develop a better understanding of the issue, the risks involved, and strategies for mitigating those risks.
2. Assess quantum computing risks in their areas of responsibility.
3. Develop a plan for mitigating quantum computing risks.”
In August 2024, The US Department of Commerce’s National Institute of Standards and Technology (NIST) finalized its principal encryption algorithms to resist quantum computer cyberattacks.
The NIST standards are pivotal for organizations planning their transition to quantum-secure systems as regulators and industry stakeholders examine how these standards impact their regulatory remits.
The benchmark has also motivated global entities to develop their own action plans. However, fragmented regulatory approaches across jurisdictions create complexities for multinational firms, adding compliance burdens and heightening risks due to inconsistent security measures.
Coordinated international guidelines would allow for a more cohesive, manageable transition and support smaller markets in building quantum resilience across the financial sector.
This work places us at the forefront of thinking about the global financial sector’s transition to post-quantum security.
”Achieving quantum security in the financial sector
As a result of the Forum and FCA’s pioneering work, we established four guiding principles for managing quantum security risks across the financial sector that organisations and regulators can use to inform global regulatory approaches for a quantum-secure transition. The guiding principles are:
- Reuse and repurpose – Use existing tools and frameworks and adapt current best practices from other fields, such as DevOps and cryptographic management.
- Establish non-negotiables – There should be a consistent baseline security requirement that prioritizes customer protection and industry-wide interoperability.
- Increase transparency – Open information-sharing between industry and regulators is encouraged to enhance collective security insights.
- Avoid fragmentation – A globally coordinated approach is needed for regulatory harmonization and to reduce complexities for firms operating across multiple jurisdictions, ultimately enabling robust, unified cybersecurity.
Additionally, we outlined a roadmap for financial sector firms to head towards a quantum-secure future:
- Phase 1: Prepare – This foundational phase involves raising awareness, building internal capabilities and conducting a comprehensive assessment of cryptographic infrastructure across the sector. By identifying quantum computing’s potential impacts, institutions build baseline readiness and set initial action plans.
- Phase 2: Clarify – Here, industry and regulatory bodies refine their understanding of quantum cybersecurity challenges. Collaborative efforts and mapping of regulatory gaps are key to preparing the sector for cohesive action.
- Phase 3: Guide – In this stage, practical guidelines are developed to close regulatory gaps, adopt technical standards and implement standardized quantum-safe protocols. Collaboration between global stakeholders ensures that actions align internationally.
- Phase 4: Transition and monitor – This phase emphasizes the modernization of cryptographic practices, moving from preparatory to proactive measures, including preparing for accelerating threats in the future. Ongoing monitoring, iterative policy development and a “resilience by design” approach are needed.
Jessica Rusu, chief data, information and intelligence officer at the FCA, said: “This work places us at the forefront of thinking about the global financial sector’s transition to post-quantum security.
“In an era where cybersecurity threats are evolving faster than ever, this research ensures we remain ahead of the curve, preparing for the challenges posed by quantum computing and its potential to disrupt conventional encryption methods.”
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Cybersecurity
Forum Stories newsletter
Bringing you weekly curated insights and analysis on the global issues that matter.
More on CybersecuritySee all
Kate Whiting
December 12, 2024