Cybersecurity is critical for the financial sector, and with the growing threat of quantum computing, there’s an increasing urgency when it comes to financial institutions and policymakers navigating the transition to quantum-safe cryptography.
That’s certainly the message of the European Cybercrime Centre’s advisory group, the Quantum Safe Financial Forum (QSFF) who this month released new guidance in ‘Quantum-Safe Finance: A Call to Action‘.
QSFF consists of experts from major commercial and central banks, as well as other financial service providers and experts, and it aims to be a space for collaboration and development towards the transition to PQC (post-quantum cryptography). Their voice in the conversation is certainly one to take notice of.
It’s a timely report, highlighting the quantum threat, the real problem of harvest-now-decrypt-later attacks, and the particular risks for the financial sector. While the exact timeline is uncertain, quantum computers are expected to pose a cryptographic threat within the next 10-15 years, and as this publication points out, it’s a timeline that could easily accelerate with interest from both the public and private sector.
In addition, QSSF points to a 2023 survey that indicates that “86% of organizations acknowledge their unpreparedness” meaning that post-quantum cybersecurity remains one of the biggest issues ahead for the sector.
There’s a prescient need for awareness, but also for collaboration and co-ordination. The report emphasizes that success requires interdependence between vendors, policymakers, law enforcement, and the financial ecosystem – a point echoed very clearly by many similar agencies and experts, including PQShield.
The QSSF outlines five key recommendations:
- Prioritize and actively support implementation. This includes making the transition to PQC a high priority by raising awareness, upskilling IT teams, and specifying resources
- Co-ordinate among stakeholders. It’s important to work towards alignment of roadmaps, establishing common goals and a shared view of requirements
- Work in a voluntary framework. While legislation might be forthcoming, it’s important to establish a voluntary framework between regulators and the private sector, by monitoring guidelines, promoting standardization and leveraging some existing frameworks such as DORA and GDPR. QSSF also recommends the use of hybrid PQ/T (combined post-quantum and traditional cryptography) solutions.
- Enhance cryptography management. It’s also an excellent opportunity to be forward-looking and crypto agile, integrating cryptography management with an inventory of cryptographic assets and components, developing contingency plans and compliance checks.
- Promote collaboration. Knowledge-sharing is seen as a key aspect of the transition, and it’s critical to adopt a cohesive approach, particularly between private and public sector actors.
For us at PQShield, this is yet another point in the road where we can see awareness of the quantum threat now giving way to action. The report’s emphasis on collaboration, planning, cryptographic management (crypto agility) and proactive decision-making resonates with our own view that 2025 is the year for PQC adoption, and in the financial sector, there’s no longer any doubt that the time for action is now.