Media365
[The content of this article has been produced by our advertising partner.]
Quantum computing is no longer a distant theoretical risk. Financial institutions in particular face a narrowing window to strengthen cryptographic resilience before large-scale quantum computers arrive. The challenge is not only about future algorithms. It is about decisions being made today and how cryptography is implemented and managed over time.
A key concern is “harvest now, decrypt later.” Encrypted financial data intercepted today may remain secure for years, only to be exposed once quantum computing becomes sufficiently powerful. Given the long confidentiality horizons of financial records, customer data and transaction histories, this risk is immediate. The true vulnerability lies in delay. Organisations that postpone early discovery and validation, risk compressing years of complex migration work into an unsafe and unmanageable window as 2030 approaches.
Globally, 2030 has emerged as the benchmark against which cryptographic resilience should be demonstrated. That means institutions should already be able to identify where cryptography is used, upgrade algorithms safely and provide audit-ready evidence of control. This direction aligns closely with regulators’ growing emphasis on operational resilience, third-party risk management and technology governance.
In practice, the first priority is discovery and crypto-agility. Institutions should first establish a clear crypto system of record, with an understanding of where public-key cryptography underpins applications, networks, and trust services. From there, a phased, risk-based approach can follow, allowing organisations to reduce exposure now while preparing core systems for longer-term transition.
In Hong Kong, policy signals are becoming clearer. The Hong Kong Monetary Authority’s FinTech 2030 initiative explicitly references quantum resilience as part of the city’s vision for future financial infrastructure. While regulators are not mandating specific post-quantum algorithms at this stage, the direction is clear. Expectations are rising for stronger preparation and the ability to adapt securely as cryptographic standards continue to evolve.
Industry collaboration will be essential and Hong Kong has an advantage it can build on. As a government-funded and neutral applied R&D institute, Hong Kong Applied Science and Technology Research Institute (ASTRI) plays a coordinating role across government, regulators, critical infrastructure operators, industry and academia. It has been engaging stakeholders across Hong Kong to assess quantum risk exposure and transition readiness. While awareness has grown rapidly, many organisations remain at the early assessment stage, reinforcing the need for practical frameworks and staged implementation.
Ricky Leung, Deputy Director of Cyber Security & Analytics at ASTRI, observes that market sentiment has shifted rapidly:
“Awareness has turned into urgency. With global standards progressing and initiatives like FinTech 2030, organisations increasingly recognise that waiting for complete certainty is riskier than starting with a structured, adaptable plan today.”
Richard Chiu, Head of Sales Engineering at Thales, adds that preparation is fundamentally about resilience rather than replacement:
“Post-quantum migration is a multi-year journey. The priority today is building the foundations for visibility, testing environments and the ability to evolve cryptography safely so organisations can transition with confidence as standards and ecosystems continue to mature.”
To explore practical insights and real-world perspectives on post-quantum readiness, the Thales–ASTRI webinar “Navigating the Transition to Quantum-Safe Solutions” is available on demand.
