Cybersecurity in finance must evolve as quantum computing nears

The world is edging closer to practical quantum computing, with experts warning that current encryption systems used in accounting and finance could soon be obsolete. A new study published in FinTech examines how quantum computing will transform cybersecurity in financial systems, setting out a roadmap for both challenges and opportunities.

The paper, titled Quantum Computing and Cybersecurity in Accounting and Finance in the Post-Quantum World: Challenges and Opportunities for Securing Accounting and Finance Systems, highlights the urgency of adopting quantum-resistant technologies. It also lays out a conceptual framework that combines technology, organisational readiness, and stakeholder cooperation to secure critical accounting and financial infrastructures.

Why are current systems vulnerable to quantum threats?

Today’s financial systems rely on public key cryptography such as RSA and elliptic curve algorithms. These have proven robust against classical computers but are expected to fall quickly once quantum computers reach sufficient scale. Quantum algorithms like Shor’s and Grover’s could crack widely used encryption, exposing banking transactions, audit trails, and blockchain-based assets to unprecedented risks.

The authors stress that the window for preparation is narrowing. Institutions cannot wait until quantum systems arrive, because encrypted data stolen today could be decrypted later – a threat known as “harvest now, decrypt later.” This means that sensitive accounting records and financial communications are already at risk if not future-proofed.

In this environment, post-quantum cryptography (PQC) becomes critical. PQC algorithms are designed to resist quantum attacks while running on classical infrastructure. The study highlights the importance of the U.S. National Institute of Standards and Technology (NIST) standardisation process, which is developing the next generation of cryptographic tools.

What quantum tools offer secure alternatives?

The study identifies two core solutions: quantum-resistant algorithms and quantum key distribution (QKD). PQC provides an upgrade path for existing systems, allowing financial institutions to transition without a full overhaul. QKD, by contrast, uses the physics of quantum mechanics to secure key exchanges. Any attempt at eavesdropping disturbs the system, making intrusions immediately detectable.

While QKD is theoretically powerful, the authors caution that cost and scalability remain barriers. Implementing QKD across global financial networks would require massive investment in infrastructure, as well as standards to ensure interoperability. At present, PQC is seen as the more practical step, though QKD pilots are being tested in some high-security environments.

The study also notes that blockchain technologies face unique risks. Many cryptocurrencies and smart contracts rely on signatures and hashing vulnerable to quantum attacks. Hybrid models, quantum-resistant hashing, and migration plans will be essential to safeguard these systems.

To guide adoption, the authors propose a structured framework that combines technical solutions with organisational factors. They define constructs such as Quantum-Resistant Accounting Algorithms (QRAA), Quantum Key Distribution Integration (QKDI), Organisational Quantum Readiness (OQR), and Stakeholder Interdependence (SI). These components provide a checklist for firms to assess readiness and resilience.

How should finance and accounting institutions prepare?

The study stresses that cultural and organisational change is vital. Many firms lack the skills, resources, and awareness to begin preparing for the post-quantum world. Quantum readiness will require investment in training, recruitment of specialist expertise, and alignment of IT, compliance, and auditing functions.

The researchers warn that cost and complexity will be major barriers, especially for smaller institutions. Early adoption may be concentrated in large, systemically important firms, leaving others exposed. Policymakers and regulators must therefore create roadmaps, subsidies, and cooperative frameworks to support sector-wide transition.

The study also identifies a role for regulators in harmonising standards. Without global cooperation, fragmented adoption could create vulnerabilities across interconnected financial markets. Integration with existing frameworks such as ISO 27001 and the NIST Cybersecurity Framework will be critical.

The authors call for further research into practical applications of PQC and QKD, middleware to connect legacy systems, and cost–benefit analyses of quantum adoption. They also suggest developing a global Quantum Security Index to benchmark progress and identify lagging sectors.