How Will Banks Survive the Quantum Era?

The banking industry stands at a critical juncture as the transition to post-quantum cryptography (PQC) advances more rapidly than previously expected. A key indicator? Follow the trail set forth by new standards and legislation in this field, and it’s clear that quantum threats are no longer purely theoretical. Although the timeline for large-scale quantum breakthroughs remains uncertain, financial institutions must prioritize the security of their sensitive data, transactions, and mission-critical systems.

Structural Challenges in the PQC Transition

A unique set of challenges is present within the banking industry when it comes to PQC transition. Legacy systems and infrastructure are often built on decades-old encryption protocols. These must be thoroughly audited and upgraded to withstand the computing power of quantum computers. Furthermore, the massive volume of data and transactions that banks manage requires a coordinated effort to ensure a seamless and successful migration. This is not a simple task. Financial institutions must also navigate the complexities of regulatory compliance, even as new PQC standards develop.

Magnitude of Impact

For financial institutions, the risk posed by quantum computing extends far beyond a targeted breach of personally identifiable information (PII); the magnitude of risk lies in the potential disruption of essential infrastructure that, in many cases, is globally relied upon. The compromise of widely used cryptographic systems could impact payment processing networks, trading platforms, and other core financial services. The cascading effects of a successful quantum-enabled attack could ripple through the global financial system, impacting businesses and consumers alike.

A reported migration scenario of a single global investment bank illustrates the potential scale of exposure banks may face, with the case study institution operating in 40 countries, processing $500 billion in daily transactions, and managing more than 47,000 cryptographic assets (Costa, 2025).Legacy Infrastructure: The Central Challenge

The migration to post-quantum cryptography poses unique challenges for large banks that rely heavily on legacy mainframe systems and infrastructure. These systems, although considered stable and reliable, were designed decades ago embedded with encryption protocols that are mathematically vulnerable with the advent of quantum computing. Upgrading them is a meticulous and resource-intensive process and is further complicated by the fact that even minor disruptions can have cascading operational impacts. In addition to upgrading mainframe systems, banks must address the security of their extensive networks of ATMs and point-of-sale terminals, many of which continue to operate on outdated software.

An IDC research paper reports that more than 95% of global non-cash transactions are processed on mainframes, and that 20% of banks surveyed in a November 2023 Financial Insights study expected to keep at least half of their workloads on dedicated on-premises mainframes through 2025 (Silva, 2025).From Migration to Crypto-Agility

Much post-quantum cryptography discussion emphasizes replacing vulnerable algorithms. While critical, the more durable objective for banks is achieving crypto-agility. Crypto-agile systems are designed so cryptographic components can be updated, replaced, or layered with minimal disruption to production environments. Since PQC standards, implementation guidance, and performance considerations are still evolving, this “agility” is essential. Rather than treating the transition as a one-time migration, financial institutions will benefit from systems that continuously adapt as new algorithms are validated and threats evolve. In short, PQC readiness is not simply a security upgrade. Sufficient PQC readiness must involve a structural shift in how banks design and maintain cryptographic infrastructure.

Preparing for a Quantum-Secure Future

Although practical quantum attacks may be years away, banking and financial sectors must be proactive in their strategy. This approach allows banks to transition deliberately rather than reactively, reducing operational risk and saving capital, while maintaining trust in the financial systems that underpin the global economy. Institutions that take early, strategic action and include PQC in their enterprise risk management (ERM) process will be best positioned to safeguard their infrastructure and ensure long-term resilience in the emerging quantum era.

Sources

Costa, Daniel Bruno Corvelo. Quantum-Safe Financial Infrastructure and the Post-Quantum Cryptography Transition. 2025.

Silva, Jerry. Mainframe Still Plays a Critical Role in Financial Services. IDC Financial Insights / IDC Perspective, 2025.