Quantum-Resilient Banking: Strategies for a Secure Transition

The advancements in the field of technology and telecommunication have also evolved the cyber security threat landscape. Though Quantum computing brings a lot of opportunities, Quantum computers pose a significant risk to currently used Public Key Cryptography (PKC) algorithms (RSA, ECDSA, EdDSA, DH, ECDH), with NIST mandating their deprecation by 2030 and complete removal by 2035. This urgency is heightened by predictions that state actors might possess quantum decryption capabilities as early as 2028, creating a “harvest now, decrypt later” threat. The only way to stay ahead of these attacks is to be aware of security trends, anticipate advanced threats, and build resilient defences. This study investigates the cybersecurity preparedness of India’s Banking, Financial Services, and Insurance (BFSI) sector in response to the emerging quantum computing threat.
The research, which included an analysis of the banking ecosystem, its stakeholders, and supply chains, employed a survey of approximately 118 BFSI CISOs/CTOs to assess current cybersecurity postures, awareness of quantum threats, and readiness for migrating to Post-Quantum Cryptography (PQC). The survey revealed significant vulnerabilities: a substantial portion of respondents demonstrated only moderate understanding of quantum computing and a concerning lack of preparedness for PQC implementation (average score of 2.4 out of 5). While common security measures like access controls and encryption were widely implemented, more advanced techniques and future-proofing strategies were lacking. The most frequent threats in the past year were phishing (65%), DDoS (47.5%), and social engineering (40%) attacks. A majority of respondents (57.5%) believe quantum computing will pose a significant threat within three years. Most respondents rated the potential impact of quantum decryption on stolen data as extremely high.

This study also developed a framework for PQC migration within the BFSI sector, considering data shelf life across the ecosystem. Key advantages of this framework include minimal disruption to existing infrastructure through support for hybrid implementation, straightforward deployment across various environments, and a future-proof architecture designed to counter evolving quantum threats. This framework facilitates the adoption of quantum-safe protocols while minimising disruption.
The study results also highlighted key recommendations for accelerating PQC adoption. Most of the CIOs/CTOs believe that government action needs to prioritise establishing clear guidelines and standards (45%), fund research and development (27.5%), and facilitate stakeholder collaboration (17.5%). Around 42.5% of the CISOs/CTO feel the need for cybersecurity awareness and education, as well as certification programs. Government-funded audits and research grants were equally favored as incentives for financial institutions to prioritise PQC (30% each). Additionally, the respondents highlighted the need for a government-defined migration timeline (45%) and guidance on algorithm selection (27.5%). Finally, for enhancing collaboration, a dedicated forum or working group was strongly recommended (42.5%).
The findings underscore the urgent need for immediate action to mitigate the risks posed by quantum computing. Recommendations include prioritising PQC migration, implementing robust key management practices, enhancing staff training, developing crypto-agile systems, and creating comprehensive data breach response plans. The results emphasise the urgency of developing and implementing a quantum-ready business model within the BFSI sector.