Community Banking Connections

Home > First Release 2026 > The Future Is Now – The Quantum Risk of Quantum Computing

Print Article

February 2026

The Future Is Now – The Quantum Risk of Quantum Computing
by James Gilbert, Former Lead Risk Management Specialist, Supervision and Regulation, Federal Reserve Bank of Chicago,* Ahmed Hussain, Senior Risk Management Specialist, Supervision and Regulation, Federal Reserve Bank of Chicago, and William Mark, Lead Examiner, Supervision and Regulation, Federal Reserve Bank of Chicago

Quantum computing is a fast-growing technology that uses the laws of quantum physics (i.e., quantum mechanics) to solve complex problems that are impossible for classical computers to solve. It is a kind of computation that can, in mere minutes, solve a problem that would take a modern computer one million years to solve. For example, a quantum computer could determine the optimal route from location A to location B and instantly identify the best alternative when a major storm disrupts a flight by evaluating millions of possible routes simultaneously, factoring in myriad weather-related variables using its enhanced computational capabilities.

Quantum computing is expected to markedly transform operations across various industries, including the financial sector. It presents many opportunities as well as threats and challenges. Experts in the public and private sectors warn that quantum computers have the potential to emerge as the world’s largest cyberthreat, with computational capabilities that could break most existing encryption algorithms, fostering significant financial losses. The future of cybersecurity will be largely based on the defense readiness of targeted organizations. Quantum technology continues to develop, with mainstream use by technology firms expected by 2030.

This article provides the basics of quantum technology and details the federal government’s efforts to prepare businesses, including those in the financial services industry, for its impact. It lays the groundwork for steps that community banks should consider taking to address the risks arising from the use of quantum computers for nefarious purposes.

Quantum Dynamics

Traditional computer transistors process data to complete a task using binary digits or just two states: 0 (off) and 1 (on). Quantum computers, on the other hand, use quantum bits, or qubits, that can exist in multiple states simultaneously. This is because information is encoded in the quantum properties such as electrons. Qubits hold electrons to become artificial atoms, allowing a qubit to represent 0, 1, or a combination of both simultaneously. Think of it like a flipped coin spinning in the air. While spinning, it is not just heads or tails, and you will only see the result when it lands. This fluid integration of 0s and 1s is at the heart of quantum computation and allows quantum computers to process exponentially more data than traditional computers. Unlike transistors that are used in traditional computers in which each additional input increases power linearly, each added qubit doubles computational capability. For example, 20 qubits are one million times more powerful than one qubit, whereas 20 transistors are only 20 times more powerful than one transistor. To gain a better understanding of the fundamentals of quantum technology, refer to the Principles of Quantum Computing (see box).

Principles of Quantum Computing

Quantum Basics

Source: SN Computer Science, from ResearchGate

Superposition

At its foundation, quantum computing changes the rules of probability, which is the source of its remarkable power. The use of qubits allows for inputs to be any linear combination between 0 and 1. This fluid combination is called superposition, which refers to the ability of a qubit to be in multiple states at the same time. As such, superposition describes the ability of quantum systems to exist in multiple states simultaneously.

Interference

Interference is used to measure a qubit or a group of entangled qubits to get a desired output. To extract an answer from a quantum system, a quantum engineer uses interference to maneuver the quantum state to perform computations.

Entanglement

When qubits are in a superposition state, they relate to each other by the phenomenon of entanglement. Entanglement is the correlation among the different quantum particles even when they are separated by a long distance. The outcome of entanglement, when measured, will be correlated, enabling quantum computing, which can perform multiple calculations simultaneously, doubling its computational power. Therefore, the key concept of quantum computing can be characterized as power derived from quantum entanglement.

Coherence

Coherence is the process for maintaining the relationship phases between quantum states. Coherence (or decoherence, as it is sometimes called) represents the lifetime of quantum mechanical properties or superposition of the qubit. It measures how long a qubit retains its information.

Quantum Algorithms

A quantum algorithm is the sequence of steps necessary to transform an input state into a desired quantum state. It is a mathematical procedure that uses quantum mechanics to perform computations on quantum computers, which rely on algorithms to perform calculations. Quantum algorithm development is a complex and evolving field. The goal of an algorithm designer is to produce a desired quantum state from a classical input state. In the early 1990s, Peter Shor, a physicist, introduced the first quantum algorithm, but there was no quantum hardware available to run it. In 2002, Shor’s algorithm was successfully used for cryptoanalysis, proving effective in finding prime factors.¹ Factoring large integers on a classical computer requires substantial computational power, but using Shor’s algorithm, factoring the same integers on a quantum computer would take only a matter of seconds. These algorithms employ techniques such as entanglement, superposition, and interference to explore exponentially large problems.

There are different types of quantum algorithms, each designed to solve a specific class of problems. From a banking industry and financial sector perspective, Shor’s algorithm is most relevant because of its ability to compromise current encryption methods based on factorization (as discussed later in this article).

Quantum Promise, Quantum Impact

A recent industry study forecasts that quantum computers will contribute $1 trillion in value to the global economy by 2035.² Quantum computers are not expected to replace classical computers; however, they will affect numerous industries, including healthcare, finance, manufacturing, and transportation. Large corporations are leveraging quantum technology to explore a wide range of applications, while smaller businesses and newer start-ups are highly devoted to this niche technology.

Quantum computers offer a wide range of possibilities when it comes to applications, from optimization to innovative financial forecasting. The potential to transform many industries by offering new processing, machine learning, trade optimization, and problem-solving capabilities exists in ways that are not possible with classical computers. Optimization algorithms can aid in discovering improved methods for managing complex systems, such as traffic, logistics, and manufacturing. Some of these uses are already happening in limited ways, while others are still developing. For example, quantum simulations can be employed to understand and precisely model the behavior of atoms and molecules, facilitate the discovery of drugs, understand diseases, and develop new medicines. Biomarkers for the early detection of diseases such as Alzheimer’s can be identified and used to help create therapeutic strategies. In the next section, we will explore some of the key benefits of quantum computing in the financial sector.

Quantum Prospects

One of the largest markets for quantum computing is the financial sector, which would benefit from improved financial modeling, leading to better strategic planning and risk management. Quantum computers could provide holistic simulations of liquidity and facilitate well-informed credit decisions. They could also provide banks with loan underwriting models for early default risk identification.

As suggested in a September 2024 public statement released by the G7 Cyber Expert Group (CEG),³ “quantum computing may support more efficient payment processing as well as dynamic optimization of portfolio holdings.”⁴ Quantum computers can optimize market trading and streamline investment processes by exploring different strategies for reallocating investments and scenarios for executing trades or options while projecting the portfolio’s performance. Alternative methods of banking and money movement will be able to be conducted at increased speed because quantum computers can process data 10 million times faster than current supercomputers, a pronounced expansion of capacity.⁵

With research already showing increasing adoption of its concepts, quantum computing has the potential to revolutionize the financial sector. It is estimated that, by 2035, quantum computing use in the financial sector could generate $622 billion in value (see Figure 1).⁶

Figure 1: Quantum Use

Source: Excerpted from “Quantum Technology Use Cases as Fuel for Value in Finance,” October 2023, McKinsey & Company, www.mckinsey.com. Copyright (c) 2025 McKinsey & Company. All rights reserved. Reprinted by permission.

Quantum Risk, Quantum Ramifications

The most significant risk highlighted in the September 2024 G7 CEG statement is that cyberthreat actors could use quantum computers to circumvent cryptographic techniques used to secure communications, which could potentially expose financial institution data, including customer information.⁷

Powerful quantum computers could potentially render the current encryption standards that safeguard all financial information in the banking industry obsolete. Banks protect their transactions, trade secrets, and every other piece of their business with classical encryption, although that is not the only layer of protection in use.⁸ Financial institutions also use authentication mechanisms and data fragmentation to protect their customers’ data.

The primary challenge is that encrypted data in transit may have already been intercepted by malicious actors with the intention of decrypting the data at a later time using quantum computers. This type of attack, known as “harvest now, decrypt later,” is especially pernicious when the data involved will remain relevant and valuable for years. Therefore, data must be protected with postquantum encryption standards as soon as possible.

Because quantum technology can potentially compromise current cryptographic keys and modern encryption algorithms, community banks are particularly vulnerable as a result of their heavy reliance on third-party vendors and absence of in-house expertise. The use of outsourced core banking systems that employ modern encryption mechanisms to process monetary transactions and consumer data could render community banks highly susceptible to quantum-based attacks. In addition, legacy technology and reliance on web communication could leave community banks substantially more exposed to other types of cyberattacks as well. Similarly, research published by the Federal Reserve Bank of New York suggests that an attack on a community or midsize bank could disrupt the entire financial system.⁹

Research indicates that the threat from quantum computing to the financial industry in its current state could result in $2 trillion to $3.3 trillion in indirect losses. For example, a single quantum attack disrupting access to the Fedwire Funds Service payment system for one of the five largest financial institutions could lead to cascading financial failures as measured by gross domestic product–at–risk.¹⁰

Quantum Standards and Guidance

In August 2024, the National Institute of Standards and Technology (NIST) released three postquantum encryption standards “designed to withstand cyberattacks from a quantum computer.”¹¹ Efforts to create these standards began in 2016, with NIST officially asking the public for help in defending against the threat from quantum computers that could potentially compromise modern encryption. NIST spent the next eight years gathering and testing new algorithms, culminating in the publishing of three Federal Information Processing Standards (FIPS) based on these algorithms. FIPS 203, FIPS 204, and FIPS 205 are “designed for two essential tasks for which encryption is typically used: general encryption, used to protect information exchanged across a public network; and digital signatures, used for identity authentication.”¹²

The National Quantum Initiative (NQI) Act, which was signed into law in 2018, calls for a “coordinated Federal program to accelerate quantum research and development for the economic and national security of the United States.”¹³ The NQI Act authorizes NIST, the National Science Foundation, and the Department of Energy to manage a national approach to quantum information science (QIS) research and development, coordinated across the civilian, defense, and intelligence sectors.

Quantum Readiness for Banks

Before the official release of the updated cryptographic standards in 2024, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and NIST created a fact sheet¹⁴ to advise organizations about the impacts of quantum capabilities and lay out a road map for transitioning to postquantum cryptographic (PQC) standards. Researchers believe that migration to a PQC environment will be a lengthy process for many organizations (see Figure 2).

Figure 2: Quantum Timeline

Source: Graphic reproduced from “Transitioning to a Quantum-Secure Economy,” World Economic Forum, in collaboration with Deloitte, September 2022. Timeline created by Michele Mosca and Marco Piani. (c) 2022 World Economic Forum. Licensed under CC BY-NC-ND 4.0. No modifications were made. https://creativecommons.org/licenses/by-nc-nd/4.0/

Recognizing this challenge and the importance of these efforts, CISA, the NSA, and NIST are encouraging organizations to create their own quantum-readiness road map¹⁵ to assist in early planning. As part of this road map, the agencies recommend a multipronged approach that includes the following:

• Establishment of a Project Management Team: A team should be formed to plan out the organization’s migration to the PQC environment. This project team should assess current reliance on quantum-vulnerable cryptography, which includes identifying systems and assets involved in creating and validating digital signatures and ensuring software and firmware updates.
• Preparation of a Cryptographic Inventory: Organizations may not be aware of the extent to which products, applications, and services deployed in their environments are dependent on public key cryptography. Creating an inventory of these assets and dependencies, developed in conjunction with cybersecurity and privacy risk stakeholders, is important to manage the risks from the most vulnerable assets.
• Discussion of Postquantum Road Maps with Technology Vendors: Organizations should engage with their technology vendors to learn about their vendors’ preparedness for migration to the new PQC standards. Vendors should also create their own PQC road maps that consider on-premise and cloud-based products, new technologies, and plans to upgrade older products.

Along with the release of the new PQC standards in August 2024, NIST is also providing guidance to incorporate the standards into products and systems. As a NIST mathematician heading the PQC standardization project stated, “We encourage system administrators to start integrating them [the standards] into their systems immediately, because full integration will take time.”¹⁶

Conclusion

As technology firms demonstrate steadfast commitment to harnessing quantum innovation, quantum computers will continue to advance toward mainstream use in the not-so-distant future. Quantum computing is expected to provide benefits such as improved computational modeling and many other impactful possibilities. However, it is also expected to bring about potentially dire outcomes, as quantum computers could have the ability to quickly circumvent current cryptographic keys and encryption algorithms.

By their very nature, community banks are highly vulnerable to cyberattacks based on their typically limited resources and expertise and less sophisticated information technology (IT) infrastructure. Therefore, understanding the potential risks of a postquantum future will help community banks protect their financial and consumer confidential data. CISA encourages banking organizations to engage with their respective technology vendors now to understand the extent of their vendors’ quantum-readiness road maps and preparedness for quantum-related cyberattacks.¹⁷

Quantum computing can usher in a new phase of cyber risk. By understanding and responding to the risks associated with postquantum cryptography, IT teams at financial institutions can help keep their organizations safe.

What Does a Quantum Computer Look Like?

Quantum computers are not portable and typically require more space than traditional computers. The quantum processor (as shown), the central element of the quantum computer, consists of the qubit, quantum chips, and ancillary electronics, which are housed together within a supporting structure.

Source: NQI

The processor needs to be kept at very low temperatures to operate. Dilutional refrigerators are used to store chips with qubits for cooling to near absolute zero (minus 460°F) to observe quantum properties.

• ^* James Gilbert was a lead risk management specialist at the Federal Reserve Bank of Chicago when this article was written.
• ¹ See Chris Bernhardt, Quantum Computing for Everyone, Cambridge, MA: The MIT Press, 2019, and BTQ, “Quantum Computing: A Timeline,” April 4, 2024.
• ² See “The Quantum Insider Projects $1 Trillion in Economic Impact from Quantum Computing by 2035,” Quantum Insider, September 13, 2024.
• ³ The international working group G7 CEG was formed in 2015 and is composed of representatives from Canada, France, Germany, Italy, Japan, the United Kingdom, the United States, and the European Union; its purpose is to advise G7 finance ministers and central bank governors on cybersecurity policy and to facilitate information sharing, cooperation, and incident response across the member organizations.
• ⁴ See the September 2024 G7 Cyber Expert Group statement.
• ⁵ See Alex Clere, “How Quantum Computing Could Transform the Banking Sector,” FinTech Magazine, November 1, 2023.
• ⁶ See Martina Gschwendtner, Nicole Morgan, and Henning Soller, “Quantum Technology Use Cases as Fuel for Value in Finance,” Tech: Forward (blog), McKinsey & Company, October 23, 2023.
• ⁷ See the G7 CEG statement.
• ⁸ See Carter Pape, “How Worried Should Banks Be About the Dangers of Quantum Computing?” American Banker, May 22, 2023.
• ⁹ See Thomas M. Eisenbach, Anna Kovner, and Michael Junho Lee, Cyber Risk and the U.S. Financial System: A Pre-Mortem Analysis, Federal Reserve Bank of New York, January 2020; revised May 2021.
• ¹⁰ See Arthur Herman and Alexander Butler, Prosperity at Risk: The Quantum Computer Threat to the U.S. Financial System, Hudson Institute, April 3, 2023.
• ¹¹ See the announcement from NIST.
• ¹² Additional information about the FIPS can be found in the announcement from NIST.
• ¹³ See the act and the government website outlining research and development in the field of QIS and related activities.
• ¹⁴ See the alert from CISA, the NSA, and NIST announcing the release of the fact sheet.
• ¹⁵ See the joint issuance from CISA, the NSA, and NIST.
• ¹⁶ See the announcement from NIST.
• ¹⁷ For more information, see CISA, “Post-Quantum Cryptography Initiative.”