The Financial Services Information Sharing and Analysis Center (FS-ISAC) recently warned the industry against “crypto-procrastination”—delaying preparation for the quantum era. Its September white paper urges global coordination on post-quantum cryptography (PQC), noting: “The time to prepare for quantum computing is arguably growing shorter, and the risks to security and resilience are clear.”
Dean Yoost, author of “Exponential Technologies Require Critical Thinking in the Boardroom” and a former board member at MUFG Union Bank, told ProSight that quantum’s dual nature—as both a strategic opportunity and a systemic risk—demands board-level attention now. Here are some takeaways from our recent Q&A:
Don’t Let AI Steal the Spotlight
“Generative AI is dominating boardroom agendas today,” Yoost said. “There is a growing risk that the near-term focus on AI could crowd out attention to quantum computing. That would be a mistake.” While 65% of businesses say they’re ready to adopt quantum within two to three years, Yoost warns that most board discussions are still stuck at the awareness stage. Directors and management should benchmark against peers to avoid falling behind on quantum readiness.
Make Quantum Risk a Governance Priority
Quantum computing could eventually break the encryptions that protect banking systems and transactions—an existential threat to trust and resiliency. Yoost highlighted regulators’ calls for migration to post-quantum cryptography and scenario analysis to assess vulnerabilities, including the risk of “harvest now, decrypt later” attacks. Boards, he said, should be pressing management for quantum-safe transition roadmaps, risk mapping, and vendor diligence plans.
Build a Readiness Plan—Starting With the Basics
Yoost advises banks to begin developing a quantum readiness plan that aligns with broader cybersecurity goals. That means:
- Creating a task force to track quantum’s implications for encryption and data protection.
- Inventorying cryptographic systems to identify those most vulnerable to quantum attacks.
- Testing NIST-recommended PQC algorithms under real operational conditions.
- Engaging third-party vendors to ensure their tools and contracts are quantum-ready.
- Educating leadership and staff so quantum literacy spreads across the organization.
Expect the First Threats From the Top Tier
Yoost said early quantum-enabled attacks are likely to come from nation-states and advanced cybercriminal networks capable of exploiting the gap between current encryption and quantum-safe replacements.
Quantum advantage may still be years away—possibly in the 2030s—but the work to protect against it must start now. As Yoost put it: “Boards that only address AI will be late to the quantum opportunities and unprepared for the risks.”
