The time is now to build quantum defences

In the next 10-15 years – or possibly sooner – quantum computers will be capable of breaking the encryption standards underpinning our digital world.

Current encryption methods like Rivest–Shamir–Adleman (RSA) and elliptic-curve cryptography (ECC) will become obsolete.

This means that new quantum-safe encryption standards, such as those from the US National Institute of Standards and Technology, must be adopted as soon as possible.

For sectors such as banking, energy and healthcare – where sensitive information is critical – ignoring the quantum threat could lead to disastrous consequences.

Click to display more information about image

Philip Intallura, Group Head of Quantum Technologies, HSBC

While there’s debate around exactly when a reliable quantum computer of sufficient size will be able to break some of the most widely used cryptosystems, the time to build defences is now - we cannot take any chances.

Whatever you might believe about quantum tech and timescales, preparing now is prudent risk management.

Complex process

There’s a 19-34% chance that cryptography might be broken in the next 10 years and there’s a roll-of-the-dice chance that might happen in the next 5 years, according to the Quantum Threat Timeline Report.

One of the main reasons why organisations should start preparing now is that transitioning to quantum-safe cryptography is a complex, multi-year process.

It takes time to identify vulnerable systems and data, to integrate quantum-safe solutions such as post-quantum cryptography, ensure cryptographic agility, and to explore and potentially implement other quantum-safe technologies like quantum key distribution.

Large global organisations such as HSBC also need to comply with regulations and cryptographic standards in all of the geographies in which they operate.

Cyber threat

Another reason to build quantum defences now is the phenomenon known as harvest now, decrypt later.

According to the G7 Cyber Expert Group, encrypted data that is transmitted or stored today could be harvested and decrypted by quantum attackers in the future.

Data with a long shelf life - that is, data that is still relevant in say five to 10 years’ time - must be protected as a priority against retrospective decryption.

Taking action

At HSBC, we believe it’s crucial to stay one step ahead.

We were the first bank to join BT and Toshiba’s quantum-secured metro network, to pioneer quantum protection for AI-powered foreign exchange trading and to trial the application of quantum-secure technology for buying and selling tokenised physical gold.

Our efforts are global. We’re also collaborating with the Monetary Authority of Singapore and other banks on quantum security.

These are just some of the reasons why we secured the number two spot in two new global indexes tracking the adoption of quantum technology in the finance sector.

We’re embracing this technology and preparing, in a safe and secure way, for the future quantum economy. We want to encourage others do the same.