In 2023, financial institutions worldwide faced an alarming rise in ransomware and cyberattacks, with India experiencing a 29% increase in financial sector breaches according to CERT-In. Adding to this challenge is the looming threat of Harvest Now, Decrypt Later (HNDL), a strategy where hackers capture encrypted data today, intending to decrypt it using powerful quantum computers in the near future.
Globally, leading financial institutions are taking proactive steps. JPMorgan Chase has successfully piloted quantum-resistant encryption for secure payment networks, while the European Union has committed €1 billion to quantum-safe research. In Asia, China's 2,000-km quantum network has already secured critical government and financial data, highlighting the urgency for nations and organizations to act. Without adopting quantum-safe encryption now, this data could become vulnerable, undermining trust in India’s financial ecosystem and exposing organizations to regulatory and reputational risks.
1. Financial and Operational Risks
For SEBI-regulated entities handling ₹10 trillion in annual transactions, the stakes are even higher. Sensitive data, including KYC details, transaction records, and regulatory filings, requires protection for decades.
2. Rising Cyber Threats in India
According to CERT-In, the financial sector saw a 29% rise in ransomware attacks in 2023, underscoring the growing cybersecurity risks. The "Harvest Now, Decrypt Later" strategy adds to these challenges, as attackers capture encrypted data today to decrypt in the quantum future. Coupled with the rising threat of Man-in-the-Middle (MITM) attacks, where communication channels are intercepted, these vulnerabilities could lead to catastrophic breaches without quantum-safe encryption.
3. Regulatory Compliance and Trust
SEBI’s Cybersecurity and Cyber Resilience Framework (CSCRF) mandates strong measures like encryption and regular audits to secure India’s financial ecosystem. With deadlines of January 2025 for existing entities and April 2025 for new adopters, compliance is crucial. Non-adherence risks penalties, reputational damage, and loss of client trust, making it vital for SEBI-regulated entities to act now to protect sensitive data and maintain operational integrity.
To mitigate risks posed by quantum computing, SEBI-regulated entities must adopt cutting-edge solutions like Quantum Key Distribution (QKD) and Post-Quantum Cryptography (PQC):
The Bank of Japan implemented QKD for secure inter-bank communications, ensuring tamper-proof payment instructions. A similar approach can secure India’s stock exchanges and depository systems, preventing interception or manipulation of sensitive trading data.
Meanwhile, global leaders like Visa are already integrating quantum-resistant algorithms, such as CRYSTALS-Kyber, to protect stored customer data. Similarly, Indian financial institutions must act now to not only secure long-term assets like archived filings and sensitive records but also maintain compliance with evolving regulatory standards and build resilience against emerging cybersecurity challenges.
According to a Deloitte survey, 65% of global financial institutions are already investing in quantum-resistant technologies, while only 20% of Indian entities have taken similar steps, exposing a significant gap in preparedness. With Gartner predicting that 60% of regulated organizations will require quantum-safe encryption by 2025, and quantum decryption potentially causing $3 trillion in global annual losses, the urgency to act has never been greater. The quantum era is not a distant future, it is unfolding now.
For SEBI-regulated entities, acting today means avoiding future breaches, ensuring compliance, and reinforcing client trust. By adopting quantum-safe encryption, India’s financial institutions can protect their operations while leading the way in securing the country’s digital economy.
Don’t wait for the threat to materialize—secure your future today with quantum-safe solutions.