The $600 Billion Blind Spot: How Quantum is Rewriting Banking — and Why Most Banks Aren’t Ready
4 min read
The word “quantum” gets thrown around a lot in financial services circles, often with the vague promise that it will make everything faster, smarter, and more profitable. But beneath the hype lies something more concrete — and more urgent. Quantum computing is not a future technology banks can safely watch from the sidelines. It is already reshaping what’s possible in finance, and simultaneously dismantling the security foundations that underpin the entire system.
The question is no longer if quantum transforms banking. It’s whether banks will be architects of that transformation — or casualties of it.
The Opportunity: A New Competitive Terrain
The economic case is striking. McKinsey estimates the potential value of quantum computing in the finance industry at between $400 billion and $600 billion by 2035. That’s not a speculative figure — it’s grounded in the sheer computational advantage quantum machines offer for the kinds of problems that sit at the heart of banking.
Take Monte Carlo simulations. These are the backbone of financial modelling — used for pricing derivatives, stress-testing portfolios, and assessing regulatory capital. Classical computers run them at scale, but with hard constraints on accuracy and speed. Quantum algorithms can accelerate these simulations substantially, enabling more precise scenario analysis in real time. For trading desks and risk managers, that’s not an incremental improvement; it’s a different game entirely.
Portfolio optimisation is another frontier. Today’s optimisation models are approximations — the true optimisation problem across a large asset universe is computationally intractable for classical machines. Quantum computers, using approaches like the Quantum Approximate Optimization Algorithm (QAOA), can navigate these solution spaces in ways classical hardware cannot. JPMorgan Chase demonstrated quantum speedup using QAOA as recently as May 2025, in collaboration with Argonne National Laboratory and Quantinuum — with direct applications to financial modelling.
The competitive implications are real. Early adopters are filing intellectual property, developing proprietary quantum architectures, and building specialist teams. Over 15 global banks are now running active quantum research programmes covering portfolio optimisation, risk modelling, derivative pricing, fraud detection, and Monte Carlo simulations. The institutions that treat quantum as a research curiosity today may find themselves structurally disadvantaged within a decade.
The Threat Nobody Wants to Name Out Loud
Here is where the article takes a turn — because the most important quantum story in banking right now is not the opportunity. It’s the threat.
The encryption systems that protect virtually every transaction, customer record, and interbank communication today rely on the mathematical difficulty of factoring large numbers. That difficulty is the entire premise of RSA encryption and elliptic curve cryptography — the twin pillars of modern financial security. Quantum computers, running Shor’s algorithm at sufficient scale, can crack both.
The Cloud Security Alliance has been counting down to April 14, 2030 — the date by which it estimates a quantum computer will be capable of breaking present-day cybersecurity infrastructure. The Global Risk Institute’s 2025 Quantum Threat Timeline Report, drawing on surveys of 26 global experts, noted that the timeline for this threat has accelerated compared to previous years.
This is not a distant scenario. PwC’s assessment is blunt: “This is a now problem — not a five or ten years from now problem.”
What makes it particularly insidious is the “harvest now, decrypt later” (HNDL) attack vector. Adversaries — state actors, sophisticated criminal groups — are already harvesting encrypted financial data today, storing it, and waiting for quantum capability to mature so they can decrypt it retrospectively. Data that looks secure today may be fully readable within years. Customer records. Interbank settlement data. Sovereign debt transactions. None of it is safe from an attacker with patience and a future quantum machine.
Operational Resilience: The Governance Gap
Banks have invested heavily in operational resilience frameworks — from the UK’s FCA/PRA requirements to the EU’s DORA regulation. But those frameworks were designed around a world of classical cyber threats, system outages, and third-party dependencies. They were not designed for a world where the cryptographic layer underneath the entire system becomes vulnerable.
The EU roadmap recommends that critical financial systems be technically migrated to post-quantum cryptography by the end of 2030, with the risk of regulatory consequences for institutions with inadequate risk management. In Germany alone, €3 billion has been allocated to quantum technology development under the national quantum strategy.
Yet the migration challenge is enormous. Banks run on systems that have accumulated decades of technical debt. Cryptographic dependencies are embedded in payment rails, VPN infrastructure, TLS connections, digital signatures, and blockchain/DLT systems. Identifying them all — building the cryptographic asset inventory that post-quantum migration requires — is itself a major programme of work. HSBC and PayPal have joined working groups on quantum-safe cryptography in payments; most institutions have not.
The governance question is stark: who in the bank owns quantum risk? It sits awkwardly across CISOs, CTOs, CROs, and boards. Boards that scrutinise conduct risk, credit risk, and operational risk with rigour have been slower to engage with quantum risk — perhaps because it feels technical, or because the timeline feels comfortable. It no longer is.
What Good Looks Like
Banks that are taking quantum seriously are doing three things simultaneously.
First, they are investing in quantum advantage — building hybrid classical-quantum capabilities for risk modelling, optimisation, and fraud detection, even before fully fault-tolerant quantum hardware matures. Hybrid approaches allow institutions to capture value today without waiting for the technology to fully scale.
Second, they are migrating to post-quantum cryptography. NIST finalised its first set of post-quantum cryptographic standards in 2024. The institutions that began their cryptographic asset inventory early are already in the migration queue; those that haven’t started are falling behind.
Third, they are treating quantum as a board-level risk, not a technology project. The questions boards should be asking are direct: Which of our systems use cryptography vulnerable to quantum attack? Are we exposed to harvest-now-decrypt-later risk? What is our migration timeline, and does it beat 2030?
The Bottom Line
Quantum computing presents banking with a rare simultaneous challenge: a profound competitive opportunity and an existential operational risk, arriving on roughly the same timeline. The institutions that capture the opportunity while managing the risk will look very different from those that pursue one at the expense of the other — or worse, ignore both.
The $600 billion opportunity is real. So is the threat to the encryption that every bank on earth depends on. The question is not whether quantum will transform banking. The question is whether your institution will be ready when it does.
Sources: McKinsey Quantum Technology Monitor (June 2025); Global Risk Institute Quantum Threat Timeline Report (2025); PwC Quantum Computing Cybersecurity Risk Analysis; JPMorgan Chase / Quantinuum research collaboration (May 2025); Cloud Security Alliance countdown to April 2030; ISACA Journal Vol. 6 (2025); Banking.Vision — The Year of Quantum Computing (2026).