Joint authored article from Martin Charbonneau, Head of Quantum-Safe Networks at Nokia alongside Dr Michele Mosca, CEO of evolutionQ and Donna Dodson, Senior Strategist at evolutionQ
Financial services organizations have grown accustomed to managing calculated risks, but what is on the horizon is a step-change in complexity. Market volatility, regulatory shifts and operational disruptions are all serious challenges but follow familiar patterns. Quantum computing, however, represents something entirely different: a threat that could simultaneously undermine the cryptographic foundation protecting the global financial system. Add to this AI-enabled attacks and this could create unexpected vulnerabilities leading to systemic risk across entire digital ecosystems.
The World Economic Forum’s recent emphasis on cyber resilience offers a roadmap for navigating this unprecedented challenge. Rather than simply preventing attacks, the WEF framework focuses on minimizing impact when incidents inevitably occur. For banks and financial institutions, this shift from ‘if’ to ’when’ thinking becomes crucial as quantum capabilities advance.
Resilience applied to cryptography
Consider what happens when quantum computers mature enough to break RSA encryption. Unlike typical cyber incidents that affect isolated systems, this scenario threatens every encrypted transaction, customer record, and trade secret simultaneously.
The cascading failures wouldn’t just disrupt operations, they could also fundamentally erode the trust that enables financial services to function. Let’s not forget, RSA is a widely used public-key cryptosystem for secure data transmission. This would not be an isolated incident, millions could be impacted.
Going forward, we also need to consider advances in code breaking, especially in a world where AI can already accelerate and enhance the discovery of new attacks.
This reality has sparked growing interest in what security experts call ‘crypto-resiliency’ – the ability to maintain cryptographic protection even when existing algorithms fail. While some institutions have begun addressing this challenge, many remain unaware and unprepared.
The dual-track approach to quantum readiness
The path to quantum safety requires comprehensive action across multiple fronts. Application-level migration to post-quantum cryptography (PQC) remains the cornerstone of any quantum defense strategy.
Financial institutions must systematically identify cryptographic dependencies, evaluate NIST-approved post-quantum algorithms, and implement PQC and/or hybrid cryptographic approaches that combine quantum-resistant methods.
These application-level transitions are essential but complex. Each system requires careful analysis, extensive testing, and gradual deployment to ensure security is safeguarded without disrupting critical operations. The process typically spans years, sometimes decades, particularly in environments with outdated legacy systems or especially stringent regulatory requirements. Adding to the complexity is the necessity to adopt agile crypto management frameworks to rapidly respond to code breaking advances.
That said, however, forward-thinking institutions are recognizing that application-level migrations alone may not provide sufficient sustained protection, especially within compressed quantum timelines.
To address this, they’re also implementing a complementary strategy: adding quantum-safe encryption at the network infrastructure level.
The network advantage: complementary protection
This network-centric approach, whether through private networks, managed services, or enhanced retail connections, delivers a more immediate additional protection for all data in transit while application-level migrations proceed. Rather than replacing comprehensive application-level PQC / Hybrid implementations, network-level quantum safety provides essential risk reduction during the vulnerable transition periods while also adding persistent additional line(s) of defense.
This strategy proves particularly powerful when combined with multiple cryptographic methods. Post-quantum algorithms validated by standards bodies work alongside proven symmetric key infrastructure (SKI) techniques and emerging quantum key distribution (QKD) technologies.
This layered defense ensures that even if application-level PQC / Hybrid cryptography faces unexpected vulnerabilities, today or tomorrow, SKI and/or QKD network-level protection maintains a level of data security.
This diversified approach can also address data sovereignty concerns that complicate compliance frameworks. Advanced architectures can integrate with national cryptographic requirements while preserving operational flexibility across jurisdictions.
Practical impact on institutional resilience
The WEF’s “shrinking the V” concept, minimizes both the depth and duration of an incident’s impact and finds direct application in this complementary network-level crypto-protection. When quantum-safe encryption operates across network infrastructure, critical services continue functioning normally even if individual applications face cryptographic compromises during or after the transition period.
Early movers in crypto-resilience aren’t just protecting against future threats, they’re positioning for competitive advantage. Institutions implementing both comprehensive PQC / Hybrid migration strategies and complementary network-level quantum safety demonstrate sophisticated risk management that regulators and customers will increasingly value.
As quantum algorithms and AI capabilities advance and regulatory requirements tighten, organizations with layered quantum defenses stand to gain in market confidence and customer loyalty.
The financial sector has weathered technological transitions before, from mainframes to distributed computing; and from paper to digital transactions. Crypto-resiliency represents the next such inflection point.
Organizations building quantum-safe capabilities today, both at application and network levels—aren’t just surviving technological disruption; they’re building layers of trust and preparing to lead the financial system’s evolution into the quantum age. They are being proactive and demonstrating a sound understanding of the unknown risks.
We must be aware that cybercriminals are organized, intelligent and resourceful groups. If there is a crack in the defences, it will be found and exploited. The question facing the financial sector now isn’t if quantum computers will threaten current cryptography, but whether institutions will implement sufficiently comprehensive defenses when that moment arrives.
Beyond survival: building cyber-resilient financial institutions in the quantum age
