ProteQC launched today as a cryptographic resilience advisory firm to help banks and financial institutions prepare for the post-quantum cryptography transition. The firm offers vendor-independent guidance, addressing pressures from EU DORA regulations and finalized NIST post-quantum standards. ProteQC aims to bridge the gap in internal expertise and build cryptographic agility for organizations.
EU DORA & NIST Drive Financial PQC Readiness
Financial institutions are facing converging pressures requiring immediate attention to post-quantum cryptography (PQC). EU DORA regulations now explicitly demand cryptographic agility, while finalized NIST PQC standards provide a framework for implementation. Compounding this, threat actors are already actively harvesting encrypted data, anticipating future decryption with quantum computers – a practice known as “harvest-now, decrypt-later.” These factors are driving a need for proactive preparation rather than reactive responses.
ProteQC highlights that most banks are in the early stages of their PQC journey, lacking both internal expertise and a clear understanding of their existing cryptographic landscape. The firm’s services address this gap by providing strategy and guidance for assessing risk, developing roadmaps aligned with emerging standards, and supporting compliance efforts with regulations like EU DORA and NIST guidance. This proactive approach aims to reduce disruption and associated costs.
The urgency stems from the “harvest-now, decrypt-later” threat targeting long-lived or sensitive data. While fully quantum-capable adversaries may still be years away, currently encrypted data remains vulnerable. ProteQC emphasizes that building crypto-agility now isn’t simply a security decision, but a strategic advantage, allowing organizations to minimize future costs and maintain a competitive edge in the evolving threat landscape.
ProteQC Delivers Vendor-Independent Crypto-Agility Strategy
ProteQC differentiates itself as a vendor-independent consultancy, offering objective cryptographic strategy guidance to banks and financial institutions. Unlike firms tied to specific product sales, ProteQC focuses solely on advisory services, avoiding potential conflicts of interest. This approach enables ProteQC to provide tailored assessments and roadmaps aligned with emerging standards like NIST PQC guidance and EU regulations, addressing the complex transition to post-quantum cryptography.
The firm’s services specifically address a critical gap in internal expertise currently faced by most banks. ProteQC provides training, risk evaluations, and migration strategy development, encompassing supply chain considerations. They help organizations assess cryptographic exposure across critical areas like workloads, applications, and data flows. This proactive approach aims to minimize disruption and associated costs during the shift to quantum-resistant security measures.
ProteQC emphasizes building “crypto-agility” not just as a security decision, but as a strategic advantage. They acknowledge the active “harvest-now, decrypt-later” threat, where current encrypted data is vulnerable to future decryption by quantum computers. By proactively preparing, organizations can reduce long-term risk and position themselves favorably in the evolving threat landscape, minimizing future migration costs.
As quantum innovation advances, cryptographic risks are shifting from theoretical to operational.
Steve O’Sullivan, CEO of ProteQC
“Harvest-Now, Decrypt-Later” Risks Demand Early Preparation
The increasing threat of “harvest-now, decrypt-later” attacks is driving the need for proactive preparation amongst financial institutions. Currently encrypted data, utilizing vulnerable algorithms, is being actively targeted with the anticipation of future decryption once quantum computers mature. ProteQC highlights that this isn’t a distant concern; it’s an existing risk impacting long-lived or sensitive information, making early action crucial to mitigate potential damage and ensure data security.
ProteQC emphasizes that addressing this threat isn’t simply a security measure, but a strategic advantage for organizations. Building “crypto-agility” now will position companies to face less disruption and lower costs compared to those forced into reactive migrations when quantum capabilities advance. This proactive stance allows institutions to minimize future expenses and maintain a competitive edge in an evolving threat landscape.
Specifically, ProteQC assists organizations in assessing cryptographic exposure across critical areas – workloads, applications, and data flows – to develop targeted migration strategies. They provide training and evaluations to help leaders understand their exposure and build roadmaps tied to business outcomes, ultimately reducing quantum-era risk and achieving crypto-agility.
