Bringing Quantum to the C-Suite: The Role of Collaborative Conversations in the G7 Banks’ Quantum Reference Report

On May 11, the G7 central banks published its reference report covering the quantum threat, emerging quantum technologies, and the implications of both on the financial sector, with contributions from the Quantum Technologies Working Group (QTWG) including the Banque de France, the Bank of Canada, the Deutsche Bundesbank, the Bank of England, the Banca d’Italia, the Bank of Japan, the Federal Reserve Board, and the European Central Bank.

The report follows the G7 Cyber Expert Group’s publication of the G7 quantum roadmap on January 13. Yet, this time around, rather than mandating a sector-specific quantum migration timeline or prescriptive framework for financial institutions, the report prioritizes inter-vertical information sharing, as well as a cross-vertical mapping of quantum implications, indicating quantum’s rising prominence at the C-suite beyond the confines of purely technical or standards-focused conversations.

The paper’s authorship is a prominent indicator of its impact going forward; emanating not from technical or security experts on the cyber advisory group like the January 13 publication, but rather from those banks themselves. This is reflective of the shift happening within quantum preparedness: from a conversation confined to those operating at the cryptographic level seeking to strengthen their technological solutions to those consuming that cryptography at an enterprise or end-market level. This shift is palpable across not only the financial services industry, but throughout end markets and indicates that quantum is no longer designated a purely technical consideration within organizations. Rather, it is becoming a systemic, boardroom-level priority that demands the attention of the C-suite and also should be considered horizontally across organization departments.

Further, the G7’s QTWG’s reference paper reflects an approach to quantum that is both non-prescriptive and holistic in nature. With regard to quantum-focused regulation, standards, and prescriptive migration roadmaps, it avoids providing recommendations in place of providing an analytical framework through which financial institutions and other critical infrastructure should conceptualize the quantum threat. As a result, it avoids getting bogged down in the legal fine print or differing national timelines for migration. That conceptualization itself moves beyond exclusively technical or security considerations, outlining the operational challenges associated with quantum when it comes to interoperability, operational readiness, skills shortages, and issues of supply chain dependencies and access disparities.

The impact of this holistic conceptualization is threefold:

1. It emphasizes that the financial services industry is reaching a critical inflection point in the quantum migration: conversations of quantum risk and resilience are now a horizontal enterprise consideration. Conversations of risk and timeline are, thus, increasingly coupled with those of budget and strategy.
2. It offers validation of the criticality of the quantum threat within the financial sector on a region-wide, institutional level, providing the backing needed to secure C-suite buy-in and investment in resources and a strategy for quantum migration.
3. It serves as a critical reference point for other sectors to learn from, namely with regard to the importance of information sharing and inter- and cross-vertical collaboration both within and between different verticals if quantum resilience is to be achieved.

Given the simultaneous magnitude, technical complexity, and novelty of the quantum threat, temptation to defer to standardized timelines and technical experts is rife. Yet, viewing quantum strictly through the lens of technical considerations and mandated timelines runs the risk of blinkering organizations, inhibiting progress in the long run. Much of the G7 QTWG’s report can be adapted to other verticals, including:

• The Importance of Information Sharing: Modern interconnectedness demands strong information-sharing mechanisms. Without collaboration, uneven preparedness is likely and that uneven preparedness magnifies quantum risk; capping quantum resilience to the weakest link within an industry or supply chain. This includes collaboration within a sector—as reflected in the G7 QTWG—but also across different industries. Yet, a balance remains to be struck here. The QTWG’s report is labeled a “public adaptation of analytical work” that is ongoing within G7 central banks, implying that private information remains that has not been made public knowledge by the industry. Collaborative information sharing does not require organizations to expose industry secrets or confidential information. Rather, the magnitude of the quantum threat raises diverse issues across organizations that should be shared to bolster overall quantum maturity and awareness, while ensuring that information exchange is carefully considered alongside privacy and confidentiality considerations.
• Contextualization of Quantum Migration Timelines: As outlined in the QTWG’s report, the ever-moving timeline for a Cryptographically Relevant Quantum Computer (CRQC) is not the only goalpost that matters when it comes to quantum resilience. Contextualizing emerging standards, regulation, and quantum timelines is critical to mapping the quantum threat across verticals. For example, given the long shelf life of financial data, the Harvest Now, Decrypt Later (HNDL) threat is prominent in the financial services industry, bringing forward quantum readiness timelines and migration strategies.
• Acting Earlier Reduces, Rather Than Perpetuates Uncertainty: Many executives and enterprises remain ensnared by the prevalent “wait and see” approach when it comes to quantum resilience, often citing persisting unknowns pertaining to the quantum migration, as well as the potential for financial losses if preparatory actions are taken and prove unnecessary or ineffective. It is undeniable that the path forward for quantum preparedness is strewn with uncertainty; however, early movers can get ahead of that uncertainty in a way that “wait and see” advocates cannot. Acting earlier, rather than later also bestows more autonomy on organizations in terms of their approach to quantum resilience, whereas those that wait and see are more likely to be subject to stricter mandates and deadlines.
• Learning Best Practices and Benchmarks from Other Verticals: Although the G7 QTWG focuses primarily on the quantum threat in relation to financial institutions and services, its mapping of the quantum risk as it relates to various data types (e.g., financial logs, settlement records, Mergers & Acquisitions (M&A) material, and cross-border wire data), considerations beyond the technical implications of quantum, and acknowledgment of the opportunities that quantum technologies also introduce into the financial sector are all key components for any industry mapping the quantum threat and its broader implications. Learning from the work of various consortia and working groups is critical to addressing quantum as comprehensively as possible, making the G7 QTWG’s report a key resource for organizations across verticals preparing for quantum readiness.