The G7 Cyber Expert Group (CEG), chaired by the U.S. Department of the Treasury and the Bank of England, has issued a statement addressing cybersecurity risks posed by quantum computing. The group highlighted the need for financial authorities and institutions to take proactive steps to mitigate these risks.
Quantum computers, which are being developed to solve complex computational problems beyond the capabilities of conventional computers, could offer significant benefits to the financial sector. However, they also pose unique cybersecurity threats. One major concern is that cyber threat actors might use quantum computers to break current cryptographic techniques, potentially exposing sensitive financial data.
“The G7 CEG looks to help support the responsible use of emerging technologies like Cloud, AI, and Quantum in the financial sector while balancing the risks to the global economy,” said Treasury Deputy Assistant Secretary for Cybersecurity and Critical Infrastructure Protection Todd Conklin, Co-Chair of the G7 CEG. “Cyber experts across the financial sector have developed internal plans related to quantum innovation and resilience, and it is critical that they obtain the support needed for their successful implementation. The G7 CEG believes that planning for the quantum transition is important to economic security and prosperity, and strongly encourages financial institutions to provide funding and other resources needed to support it.”
While there is uncertainty about when quantum computers with these capabilities will be available, they could emerge within a decade. Such advancements would not only jeopardize future data but also any previously intercepted data stored by adversaries intending to decrypt it later using quantum technology. Given this potential timeline, immediate planning for quantum-resilient technologies is essential.
Last month, an initial set of quantum-resilient encryption standards was released by the National Institute of Standards and Technology (NIST). Additional standards from NIST and other bodies are expected in due course. Financial entities must remain agile in adopting new encryption standards as they become available.
Some financial entities may already be able to implement these new standards; others may rely on vendors or third parties for development. Regardless of their current status in adoption timelines, the G7 CEG urges all financial authorities and institutions to start building resilience against quantum computing risks by:
- Developing a better understanding of these issues.
- Assessing risks specific to their areas.
- Creating plans for risk mitigation.
The CEG statement provides further details on specific actions that can enhance quantum resilience within the financial system.
Founded in 2015, the G7 CEG includes representatives from all G7 countries as well as the European Union. It serves as a multi-year working group coordinating cybersecurity policy across member jurisdictions while facilitating information sharing, cooperation, and incident response.
###
