Quantum computing presents an emerging threat to Switzerland’s financial sector, but despite its growing relevance, there is currently no dedicated quantum-safe framework.
To address this gap, the Swiss Financial Innovation Desk (FIND), an independent unit within the Swiss State Secretariat for International Finance tasked with promoting financial innovation in the country, has proposed an action plan for Switzerland’s financial institutions to implement.
This plan is designed to help financial institutions in Switzerland to mitigate quantum risks and position the country as a global leader in quantum-safe financial services.
FIND’s action plan for a quantum-safe future
FIND’s action plan, outlined in a report released in March 2025, offers a strategic framework for financial institutions to become quantum resilient. It comprises seven steps.
The first step involves formally putting quantum security on the organizational agenda. Financial institutions should appoint and empower internal roles to drive and oversee related activities, and should create an overview of business and technology components, as well as processes and policies potentially impacted by quantum threats, in addition to determining interdependencies.
Next, organizations should limit the creation of new systems vulnerable to quantum attacks, and should establish general quantum safe requirements for procurement and internal software development processes.
Financial institutions should also identify elements exposed to so-called “harvest now, decrypt later” attacks and initiate mitigation actions. Harvest now, decrypt later attacks involve hackers collecting and saving encrypted data today with the intention of decrypting it in the future using more powerful technologies including quantum computing.
The fifth step outlined in the action plan involves implementing a migration plan to quantum safe in alignment with internal change portfolios and supplier technology action plans. This plan should consider requirements such as crypto-agility and the buildup of a crypto-inventory.
Organizations should also collaborate with industry stakeholders and align with standardization bodies and regulatory guidance. Finally, as quantum computing and cryptographic techniques evolve, financial institutions must regularly review this seven-step action plan and adjust as necessary. They should also keep up with developments in quantum computing and quantum-safe cryptography to maintain preparedness.
In the face of increased quantum risks, FIND recommends that financial institutions adopt an approach comprising three lines of defense. The first line involves establishing a process for identifying, managing and mitigating risks from quantum attacks. Organizations may use the action plan as a starting point for more advanced approaches.
The second line of defense should focus on ensuring that policies, procedures and controls are developed, while supporting the first line of self-assessments.
Finally, the third line of defense should assess quantum-related risks and incorporate them into a risk-based internal audit plan to evaluate the completeness and effectiveness of controls.
Quantum threat accelerates
Quantum computers are arriving sooner than previously anticipated. Recent research and industry reports indicate that the timeline for quantum computing threats is accelerating, with predictions standing as early as 2028.
Quantum computers leverage the fundamental principles of quantum physics to perform computations in ways that classical computers cannot. These computers’ ability to process and analyze complex data at unprecedented speed holds transformative potential across a wide range of industries, from drug discovery and energy optimization, to artificial intelligence (AI), financial modeling, and advanced manufacturing.
In the financial services industry, McKinsey projects an estimated US$622 billion in value from quantum computing by 2035, thanks to improvements in current processes and the emergence of new ones.
Major tech companies are making significant strides in the field. Amazon, IBM, Google and Microsoft, for example, have already launched commercial quantum-computing cloud services. They’ve also made significant investments in new players, such as Photonic, which secured in November 2023 a US$100 million round that included an investment from Microsoft.
While quantum computing promises tremendous opportunities, the technology also introduces new security risks. In particular, quantum computers are able to break encryption methods at an alarming speed, including asymmetric cryptography, which is how global financial transactions, authentication processes and digital contracts are currently secured.
Gartner predicts that by 2029, advances in quantum computing will make asymmetric cryptography unsafe. By 2034, asymmetric cryptography will be fully breakable.
Though quantum computing is still in relatively early and experimental stage, some attackers are already embracing harvest now, decrypt later, accelerating the timeline for quantum computing threats.
Regulators’ responses
Governments around the world are beginning to respond to the growing cybersecurity risks posed by quantum computing.
In April 2024, the European Commission (EC) recommended an action plan to implement post-quantum cryptography in the European Union within two years. Post-quantum cryptography, or quantum-proof cryptography, is a field of cryptography that uses complex mathematics to protect data and systems from quantum computing attacks.
The EC encouraged its member states to develop a comprehensive strategy for the transition to quantum-safe cryptography. Governments should ensure the security of digital infrastructure for public administrations.
The commission also emphasized the need for coordinated implementation to ensure cross-border interoperability and mitigate quantum computing risks.
In Switzerland, however, there is no explicit legislation mandating a quantum-safe action plan. In the financial sector specifically, the Swiss Financial Market Supervisory Authority (FINMA) only requires individual licensed financial institutions to proactively and appropriately manage technological risks.
This is despite Switzerland being home to a rich and diverse quantum computing ecosystem.
Featured image credit: edited from freepik
