Today the Accredited Standards Committee X9 Inc. (X9) announced the publication of a new report, “Post Quantum Cryptography Financial Readiness Needs Assessment.” The goal of this document is to provide a high-level view, targeted to managers and executives, of options, alternatives and guidance on how to mitigate the cybersecurity threats posed to the financial services industry by quantum computers. The new report was developed by the X9F Quantum Computing Risk Study Group, one of the two X9 groups working on quantum computing issues. It is available for download at no charge.

With this report, X9 seeks to educate financial industry management on how to identify, analyze, prioritize and manage the significant risks posed by future quantum computers and to offer guidance on how the industry can migrate to post-quantum cryptography (PQC) to protect sensitive data and networks against quantum-enabled cyberattacks. Besides the financial industry, government agencies and any other organization facing the quantum challenge will find this report useful.

The transition to PQC may not be quick or inexpensive. Following the guidance in the new report, implementing a companywide program to investigate internal security issues related to quantum computing and the creation of plans to address them provide the best opportunity for reducing migration expenses, creating an environment secure against quantum attack and reducing the probability of failing to identify weaknesses. This approach also offers the opportunity to correct long-standing problems.

The report details how migrating to PQC will require significant work in many areas, such as:

• Educating personnel on the issues related to how quantum computers can break cryptography
• Creating a cryptographic asset inventory to identify all cryptographic systems in use
• Prioritizing current systems for remediation based on a risk assessment
• Developing and implementing a plan to migrate to PQC solutions where required
• Working with vendors to develop and deploy PQC solutions in third-party products
• Using the PQC migration as an opportunity to investigate and incorporate features of an agile architecture, where appropriate

The findings and recommendations presented in this report will equip financial institutions with the knowledge and insights required to develop a robust crypto-agility strategy. Areas addressed in the report include:

• Cryptography policy management
• Design tradeoffs
• Implementations and interoperability
• Compliance assurance
• Deployment guidelines

“Our new report will be a vital resource for the financial industry to understand and prepare for the paradigm shift in cryptographic standards brought about by the advent of quantum computing,” said X9 Executive Director Steve Stevens. “The insights the industry can glean from this needs assessment report will be instrumental in building secure and resilient cryptographic infrastructures that protect against the uncertainties of the quantum-powered future.”

About the Accredited Standards Committee X9 Inc.

The Accredited Standards Committee X9 Inc. is a non-profit organization accredited by the American National Standards Institute (ANSI) to develop and maintain national and – through ISO – international standards for the financial services industry. The subjects of X9's standards include: retail, mobile and business payments; corporate treasury functions; block chain technology; processing of electronic legal orders issued to financial institutions; tracking of financial transactions and instruments; financial transaction messaging (ISO 8583 and 20022); quantum computing; AI, QR code secure payments; checks; cloud; data breach notification and more. In addition, X9 is the governing body for a family of X9 Financial PKI products issued by DigiCert.

X9 acts as the U.S. Technical Advisory Group (TAG) for ISO TC68 (Financial) and performs the secretariat functions for ISO TC68. Please visit our website (www.x9.org) for more information.

Follow ASC X9 on Facebook, LinkedIn, Twitter and YouTube

View source version on businesswire.com: https://www.businesswire.com/news/home/20250805362173/en/

"The insights the industry can glean from this needs assessment report will be instrumental in building secure and resilient cryptographic infrastructures that protect against the uncertainties of the quantum-powered future."