Preparing for the coming cryptographic crisis

Quantum computing’s rapid advancement presents a significant cybersecurity risk to the financial sector, yet most organizations, including those in the fast-paced fintech industry, are unprepared. Research from ISACA indicates a stark disconnect between the perceived threat and the lack of strategic planning to mitigate it.

The quantum threat to fintech

While quantum computing offers revolutionary potential, with 56% of cyber and IT professionals acknowledging its potential to create business opportunities, the cybersecurity risks are substantial. A key concern is quantum computing’s ability to break current encryption methods, which are fundamental to securing financial transactions, digital banking, and fintech platforms.

Chris Dimitriadis, Chief Global Strategy Officer at ISACA, highlights the urgency of the situation:

“Given recent quantum advancements and breakthroughs, we can expect quantum computing to be present in our day-to-day platforms and processes within the next few years. Whilst this will present great opportunities for innovation in several industries, significant cybersecurity risks emerge both in terms of quantum in a silo as well as through the rise of Quantum AI. For instance, cryptography is present in all businesses, industries and sectors, and quantum computing has the potential to break the cryptographic protocols that we use, rendering simple services useless. At the same time, quantum will substantially transform AI by boosting its capabilities, together with the risks associated with it.”

This poses a direct threat to the fintech sector, which relies heavily on secure data transmission and storage for everything from mobile payments to blockchain transactions.

A lack of preparedness

Despite these looming threats, ISACA’s research reveals a significant lack of preparedness among organizations.

• Only 4% of organizations have a defined quantum computing strategy.

• 52% have not integrated quantum computing into their formal strategy or roadmap and do not plan to.

• 40% have not even considered implementing post-quantum cryptography.

This lack of preparation is further compounded by a lack of quantum literacy. Only 2% of respondents strongly agree they have a good understanding of quantum computing capabilities, and only 5% have a strong understanding of the new NIST post-quantum cryptography standards. This represents a major vulnerability for the fintech sector, which is built on innovation but must prioritize security.

The way forward for fintech

The financial sector, particularly fintech, must take proactive steps to address the quantum computing threat. ISACA emphasizes the need for organizations to prioritize creating and implementing a quantum strategy, developing a quantum-literate workforce, and transitioning to post-quantum cryptography.

This includes:

• Assessing the regulatory and compliance implications of quantum computing.

• Exploring quantum-safe cryptography solutions.

• Investing in research and development and proof-of-concepts.

• Providing staff training and upskilling on quantum computing.

The UK government’s investment of over £60m in quantum skills programs until 2034 signals the recognition of the urgency of this issue. However, individual organizations, especially those in the fintech sector, must also take responsibility for their quantum readiness.

Ignoring the quantum threat is not an option.

As Rob Clyde, Crypto Quantique Chairman and past ISACA Board Chairman, warns, “Waiting until quantum computing is here is too late, especially given today’s harvest-now, decrypt-later threat.”

Fintech companies must act now to secure their operations and maintain the trust of their customers in a post-quantum world.