Google’s recent warning that quantum computers could threaten current encryption systems by 2029 is not just another reminder that post-quantum security matters. What makes it notable is how much sooner that timeline is than many organizations may have expected.
The Guardian reports that most forecasts for a cryptographically relevant quantum computer still range from the 2030s to the 2050s, and the UK’s National Cyber Security Centre has urged organizations to prepare by 2035. Google’s message is more urgent: the encryption used to keep information “confidential and secure could easily be broken by a large-scale quantum computer in coming years,” and the company has said it is prioritizing post-quantum cryptography migration for authentication services—“an important component of online security and digital signature migrations.” Even if the exact date proves debatable, the warning raises the pressure on banks to treat quantum readiness as a live risk issue, not a distant technical project.
That makes it a good time to revisit ProSight’s Q&A last fall with Dean Yoost on what quantum could mean for financial institutions. His message was not that banks need to panic. It was that they need to prepare deliberately, and sooner rather than later.
Here are a few takeaways:
The real risk is not just when quantum arrives, but what can be exposed later. The Guardian piece notes the threat of “store now, decrypt later” attacks, in which data collected today could be unlocked once quantum capability catches up. Yoost highlighted the same issue from a banking perspective, pointing to concern over “harvest now, decrypt later” attacks that could expose sensitive data once quantum computers become powerful enough.
AI should not crowd this out. Yoost warned that “generative AI is dominating boardroom agendas today,” but added that letting that push quantum aside “would be a mistake.” His argument is that quantum presents both an opportunity and a risk: potential advantages in areas such as optimization and risk modeling, but also a serious threat to today’s public-key cryptography and a long migration path.
Banks need to start with inventory and vendor scrutiny. One of Yoost’s most practical points is that few financial institutions build their own cryptographic tools. Most depend heavily on third parties. That makes cryptographic inventory and vendor due diligence essential. He said banks should identify where they rely on vulnerable public-key algorithms, begin planning transitions, and start embedding quantum readiness into vendor requirements and longer-term cybersecurity governance.
Preparation is broader than cryptography alone. Yoost also called for internal task forces, training for directors and management, and closer engagement with regulators and standards efforts. In other words, this is not just an IT project. It is a governance, risk, and resiliency issue.
Quantum may still be developing, and timelines may shift. But the warning from both pieces is the same: waiting for perfect certainty is not a strategy.
