Somewhere, in a data center whose location remains classified, foreign intelligence operatives are stockpiling encrypted financial records. Not to read them now – they can’t. The encryption is too strong. But these adversaries are patient. They’re betting that within the next decade, quantum computers will crack open these digital vaults like tin cans. By then, your account numbers, trading strategies, and confidential transactions will spill out into the open, years after they were “protected.”
This is not science fiction. It’s happening right now, and it has a name: Harvest Now, Decrypt Later.
The global financial system stands at what might be its most precarious cryptographic moment since the dawn of electronic banking. Every digital transaction you make, from tapping your card at a coffee shop to a billion-dollar interbank settlement over SWIFT, relies on mathematical puzzles that today’s computers find impossibly hard. Quantum computers, however, will solve them in minutes.
The Countdown Has Already Begun
The day a quantum computer first breaks mainstream encryption is called Q-Day. Unlike Y2K, which came with a fixed deadline, Q-Day’s arrival remains uncertain. But its consequences would be far more devastating. Experts surveyed in a recent quantum threat assessment placed better than even odds on a cryptographically relevant quantum computer existing by 2038. Others believe it could arrive by 2033. One prominent advisor suggests the window is “less than ten years but more than five.”
The uncomfortable truth is that the exact date matters less than we think. The Federal Reserve itself has published research confirming that adversaries are actively harvesting encrypted data from distributed ledger networks, including Bitcoin, where all historical transactions remain permanently exposed to future quantum decryption. Unlike a conventional hack, where you can patch the vulnerability after discovery, HNDL damage is retroactive. Once quantum computers mature, everything already stolen becomes readable. There’s no taking it back.
The asymmetric encryption methods securing our financial infrastructure, RSA, elliptic curve cryptography, Diffie-Hellman key exchanges, would all crumble against Shor’s algorithm running on a sufficiently powerful quantum machine. The mathematics behind these systems, which has protected digital commerce for decades, becomes trivially solvable. Hours of classical supercomputer work would compress into moments.
The Architects Strike Back
Recognizing this threat years ago, the National Institute of Standards and Technology launched an eight-year global competition to identify replacement algorithms. In August 2024, NIST delivered: three quantum-resistant cryptographic standards that represent humanity’s best mathematical defenses against quantum attack. These new approaches, built on lattice mathematics rather than factoring large primes, would require even the most powerful theoretical quantum computers to work for time periods longer than the age of the universe.
The performance surprised skeptics. Initial concerns that quantum-safe encryption would cripple network speeds proved unfounded. Kyber, the new standard for secure key exchange, runs roughly three times faster than RSA-2048. Dilithium, the digital signature algorithm, outpaces its classical predecessor by about twenty percent. The trade-off comes in size rather than speed: digital signatures and encryption keys balloon to several times their current dimensions, creating headaches for protocols never designed to carry such payload.
But feasibility has been proven. In Singapore, JPMorgan Chase operated a quantum-secured network connecting two data centers across twenty-nine miles of fiber for forty-five continuous days at blistering 100-gigabit speeds. HSBC has tested quantum-safe protection on tokenized gold transactions. The Bank for International Settlements, working with European central banks and SWIFT, successfully ran quantum-resistant encryption through the Eurosystem’s actual payment infrastructure – the TARGET2 system that settles trillions in real-time gross settlement daily.
The technology works. The problem is adoption.
A Chasm Between Knowing and Doing
The numbers are startling. Despite roughly seven in ten organizations acknowledging the quantum threat, only five percent have implemented quantum-safe protections. A mere three percent of banking websites currently support post-quantum cryptography. The BIS reports that eighty-six percent of organizations are simply not ready.
Meanwhile, regulators aren’t waiting. The NSA now mandates that new National Security Systems equipment must be quantum-safe by January 2027, with full transition by 2035. The European Union has published a coordinated roadmap targeting critical infrastructure protection by 2030. The Cyber Resilience Act will require crypto-agile firmware capabilities by December 2027. Financial institutions face the peculiar prospect of regulatory exposure before they face quantum exposure – non-compliance penalties arriving years before the threat they’re meant to address.
The migration challenge is immense. Financial networks process trillions daily through systems where cryptography is embedded not like a door lock that can be swapped, but like a skeleton woven through flesh. Many core banking platforms run on decades-old mainframes where encryption is hard-coded into application logic written in COBOL. Industry estimates suggest large enterprises face migration timelines of twelve to fifteen years. Retrofitting could exceed one hundred million pounds per institution.
And here’s the coordination nightmare: the interconnected nature of global finance means no bank can transition alone. SWIFT links over eleven thousand institutions across two hundred countries. A single unprotected entity becomes a weak link for the entire system. One laggard forces everyone into perpetual hybrid operation, maintaining both classical and quantum-safe systems simultaneously.
The Race Against Time
The leading banks understand what’s at stake. Morgan Stanley has disclosed a seven percent ownership stake in quantum computing company IonQ – a clear signal of strategic positioning. Goldman Sachs reported achieving twenty-five times faster risk analysis using quantum algorithms. The financial industry’s quantum investments surged fifty percent in 2025 alone, reaching roughly $2.25 billion.
But the gap between leaders and laggards threatens the entire ecosystem. It’s not enough for JPMorgan to be quantum-ready if a counterparty bank in a SWIFT transaction isn’t. The weakest link determines the chain’s strength.
What the research makes brutally clear is this: the window for orderly migration is closing. With expert consensus placing cryptographically relevant quantum computers at better than fifty-fifty odds by 2035, and with complex financial infrastructure requiring a decade or more to upgrade, institutions that haven’t started planning are already behind.
The data being stolen today will still be valuable when quantum computers mature. Account numbers don’t expire. Trading patterns reveal strategy. M&A communications expose competitive intelligence for years. The adversaries understand this, which is why they’re investing in storage now.
The question isn’t whether to act. It’s whether institutions will act fast enough to matter – or whether the silent heist will succeed.
Sources available upon request
Read our full Report Disclaimer.
Report Disclaimer
This report is provided for informational purposes only and does not constitute financial, legal, or investment advice. The views expressed are those of Bretalon Ltd and are based on information believed to be reliable at the time of publication. Past performance is not indicative of future results. Recipients should conduct their own due diligence before making any decisions based on this material. For full terms, see our Report Disclaimer.