Quantum computing is often treated as a distant, theoretical cybersecurity issue. According to Ronit Ghose, Global Head, Future of Finance of Citi Institute, that mindset is already putting financial institutions at risk.
The biggest misconception, he says, is that quantum threats begin on a single future Q-day, when quantum machines suddenly crack encryption. In reality, adversaries can harvest encrypted data today and decrypt it later, creating long-term exposure for banks handling sensitive identity and transaction data. Ghose argues that quantum risk is both an immediate confidentiality problem and a systemic trust crisis.
When you talk to financial leaders about quantum risk, what is the most common misconception you hear, and why does it persist?
The most common misconception is that quantum risk is a single future date problem: a switch that flips when a cryptographically relevant quantum computer arrives. In that framing, leaders assume there is time to wait for clearer signals, firmer regulatory deadlines, or vendor maturity.
The reality is that from a risk-management perspective, the quantum era has already begun through harvest-now, decrypt-later activity: adversaries can collect encrypted traffic today and decrypt it later once quantum capability is available. That means the most acute exposure is not only “future breach,” but retroactive loss of confidentiality for long-lived sensitive information.
This misconception persists for three reasons. First, Q-day is easy to communicate as a milestone, but it hides the continuous nature of risk and the fact that migration programs take years, not months. Second, cybersecurity teams are used to responding to exploitability that is demonstrable today. Quantum risk asks institutions to act on a probability distribution and on consequences that are systemic rather than localized. Third, organizations often conflate “standards exist” with “implementation is straightforward.” In practice, post-quantum cryptography is deployable today, but implementing it at scale across thousands of applications, identity layers, and integrations is the hard part.
Do you see quantum as a near-term cyber risk or more of a strategic “balance sheet risk” that firms are failing to quantify properly?
It is both, but the distinction is useful. In the near term, the cyber risk is confidentiality erosion via harvesting and long retention horizons. That is particularly relevant for institutions that process data whose value persists for years or decades: identity attributes, biometrics, long-lived credentials, and sensitive transaction metadata. Once that privacy is lost historically, it cannot be reversed by later migration.
At the same time, quantum is a strategic, balance-sheet risk because it challenges trust infrastructure that underpins financial intermediation: authentication, signatures, secure communications, and the integrity of software supply chains. If digital signatures can be forged at scale, you are no longer dealing with isolated fraud incidents. You are dealing with compromised authenticity: counterfeit system messages, malicious updates that appear legitimate, and identity impersonation that is cryptographically convincing.
Where firms struggle is quantification. Cyber losses are often modeled as operational events with historical priors. Quantum scenarios can be low-probability yet high-severity, with contagion across counterparties and critical market infrastructure. That pushes it into the realm of systemic resilience and “GDP-at-risk” thinking, not just breach-cost accounting.
If you had to name the first place quantum breaks the financial system, what is it? Payment rails, interbank messaging, identity systems, or something else entirely?
If we are forced to pick the most systemically dangerous first break, it is anything that disrupts high-value payment settlement and the trust fabric around it, because the downstream effects propagate quickly across markets and the real economy. One illustrative scenario analyzed in the public literature is a single-day quantum attack aimed at a top-five U.S. bank’s access to Fedwire Funds Service, with estimated indirect impacts measured in trillions of dollars of GDP-at-risk and a multi-month recessionary overhang.
However, operationally, the “first break” may not look like a dramatic payments outage. It may look like compromised authenticity: forged digital signatures, impersonated privileged identities, or software updates that validate as trusted. Those are enabling failures. Once signatures and identity are unreliable, payment systems, interbank messaging, and treasury workflows become unsafe even if the rails are technically available.
So, the practical priority is to treat identity, PKI, and signature integrity as foundational, while also addressing payment infrastructure and external-facing secure communications where harvesting risk is acute.
What is the real quantum threat timeline that CISOs and boards should plan around, not the timeline vendors market?
The timeline to plan around is not “when a quantum computer definitely exists,” but “when your data stops being safe given your confidentiality horizon and your migration duration.” That forces two parallel clocks:
The probability clock: credible estimates place the probability of widespread breaking of public-key encryption by 2034 in the 19 to 34 percent range, rising materially by 2044. These are not certainties, but they are not negligible either.
The program clock: large institutions need multi-year change cycles to inventory cryptography usage, remediate integrations, re-issue certificates, and retrain teams. Waiting for certainty compresses execution into an unrealistic window, especially given the dependency on vendors and partners across the ecosystem.
Regulatory momentum matters as a forcing function. Even where there is not yet a single “drop-dead” date for financial services, regulators are pushing planning and risk management, and multiple jurisdictions have published transition roadmaps or directives. In the U.S., federal migration milestones such as carrying out high-risk migrations by 2030 and full quantum-resistant security by 2035 are shaping broader market expectations, particularly for regulated ecosystems and critical infrastructure.
If quantum-safe migration is inevitable, what is the most realistic path forward: phased hybrid cryptography, complete replacement, or crypto agility that can be swapped on demand?
The most realistic path is a phased migration that uses hybrid approaches where appropriate, anchored by crypto-agility as an architectural goal. The reason is practical: replacing cryptography across a large organization is a multi-year effort, and the main challenge is implementation at scale, not the absence of standards.
A pragmatic execution approach has five elements, with planning, analysis, and piloting undertaken in parallel:
- Identify where public-key cryptography is used across the organization.
- Prioritize critical systems and long-lived data, such as identity systems, payment infrastructure, and digital signatures.
- Enable crypto-agility and hybrid approaches so classical and post-quantum methods can operate side-by-side during transition.
- Migrate via a phased plan aligned to vendor readiness and regulatory guidance.
- Sustain continuous key management and rotation so you can respond as standards evolve.
Download: Tines Voice of Security 2026 report
