Ben Hunter, Regional Sales Director EMEA, Gigamon
Technology is evolving at an unprecedented rate, and this is frequently accompanied by both excitement and apprehension. No technology better embodies this than quantum computing, which leverages the laws of quantum mechanics to solve problems that are currently beyond the reach of classical computers. Facilitating breakthroughs in fields like drug discovery, financial modelling and materials science, it’s impact will no doubt be transformative. But as quantum capabilities accelerate, so does the urgency for all industries to prepare for a future where current encryption standards become obsolete, particularly mission-critical ones such as financial services.
Concerns about quantum computing’s potential to break today’s encryption standards are no longer speculative. The UK’s National Cyber Security Centre (NCSC) has issued clear advice: quantum computers will eventually be capable of unravelling the conventional cryptographic safeguards that we currently employ. Leading analysts forecast that this could be as early as 2030 and the NCSC has advised that by 2028 migration plans should be in place.
For financial institutions, the risk is imminent. Encryption underpins their services and is relied upon to secure transactions, protect customer data and ultimately maintain trust. A breach caused by outdated cryptographic protocols could result in catastrophic financial and reputational damage, financial institutions must act now to prevent immediate and future dangers.
Harvest Now, Decrypt Later: Why Inaction Is Dangerous
The race to develop quantum computing capabilities can be likened to the Cold War-era space race. State actors such as China, the UK and the US are all investing heavily in quantum research in the hopes of gaining a strategic advantage. Reports have already emerged of China having successfully employed a D-wave device to crack classic encryption.
The phrase “harvest now, decrypt later” describes the practice of exfiltrating unreadable data now, with a plan to decrypt it once the technology is available. Sensitive information such as financial records, personal data and intellectual property remains valuable long after it is created and with recent research underscoring that 82% of financial services firms suffered a data breach in the last 12 months, this data must be protected now.
With the threat of an attack so high, they can ill afford to gamble on their security. The industry is built on trust and if outdated encryption is responsible for a breach, the damage will be irreversible. Institutions must adopt the mindset that even if a breach doesn’t expose them today, it will in the future and quantum computers threaten to undermine critical aspects of financial operations from data security and communication privacy to the integrity of transactions.
TLS 1.3: The First Line of Defence in a Quantum World
To prepare for the quantum future, financial institutions must upgrade all encryption protocols to Transport Layer Security (TLS) 1.3. This version is not only faster and more streamlined, it is more secure, with longer and more complex keys that are significantly harder to crack. Older versions like TLS 1.1 and TLS 1.2 will eventually be broken by quantum computers in a matter of hours, minutes, or even seconds. While that capability isn’t here yet, the threat is.
The biggest challenge? Creating a comprehensive asset inventory. Financial services need visibility into how cryptography is used, how data flows and what assets are at risk. Weak cipher suites, expired certificates and non-compliant encryption methods must be exposed to ensure that all encryption operates securely and efficiently.
Without this visibility, the risk of running legacy systems and placing sensitive data at risk is severe. You cannot protect what you don’t know exists and discovery is the first step in any PQC strategy.
Metadata’s Role in Post-Quantum Readiness
Some banks have already begun taking action and 73% plan to implement PQC or Quantum Resistant Cryptography (QRC). However, they currently rely on agent-based solutions that primarily focus on data at rest, overlooking the fact that they should be prioritising cryptographic data in transit, which is most exposed to harvest-now attacks. It is evident a new strategy is needed: leveraging network-derived intelligence and metadata to gain a precise view of where encryption is actively used, which cryptographic protocols are deployed and what is truly at risk and needs upgrading. For financial services, preparing for the post-quantum world will be a costly undertaking, requiring both software and hardware upgrades. As such, having a complete and accurate post-quantum inventory is essential to plan targeted remediation and optimize budgets.
Financial services must also consider the broader ecosystem. Third-party networks play an extensive role in their day-to-day operations and ensuring those partners are also quantum-ready is essential. TLS 1.3 must be mandated across the entire supply chain and if cryptographic standards aren’t met, ties may need to be severed.
Quantum computing may still feel abstract, but its implications are concrete and 2026 should be the year financial institutions take quantum risk seriously. This means gaining visibility into encrypted traffic, using network derived telemetry and application-level context, allowing for the identification and elimination of insecure cryptographic practices and the successful migration to TLS 1.3. It also means educating stakeholders, from CISOs to board members, about the real and present danger of quantum threats.
The “harvest now, decrypt later” threat is already unfolding and financial institutions can’t afford to ignore it: quantum computing is not a future concern, but a current risk that must be mitigated.