Nearly $470 trillion in assets held within the City of London’s financial sector are currently reliant on encryption standards developed half a century ago, leaving critical global infrastructure exposed to escalating threats. This vulnerability gap is widening as nations and corporations rapidly adopt artificial intelligence on digital foundations unprepared for modern cyberattacks and, eventually, quantum-powered supercomputers. “We used to lock the front door at night,” a senior executive at a leading financial services institution remarked, “Now Tom Cruise is shimmying in through the chimney but we’re still arguing about which lock to buy.” The growing disconnect between technological progress and protection is prompting calls for systemic cyber resilience, including building quantum-safe encryption directly into network hardware.
Legacy Systems Vulnerability to AI and Quantum Threats
This reliance on aging infrastructure is particularly concerning given the rapid advancements in artificial intelligence and the looming potential of quantum computing to break existing encryption. The scale of exposure extends beyond finance, impacting energy, telecommunications, retail, healthcare, and industrial operations, all interconnected by technology ill-equipped to handle contemporary risks. AI adoption is accelerating globally, building a future on digital foundations not designed for the sophistication of emerging attacks. One major financial institution reported unresolved security liabilities numbering in the low thousands, despite years of effort to gain control. The threat isn’t solely theoretical; “harvest now, decrypt later” attacks are already underway, collecting data in anticipation of quantum computers capable of cracking current encryption. Google has established a deadline for post-quantum migration to secure future systems, recognizing the urgency of the situation.
While investment in software-based cybersecurity measures like firewalls and AI-powered detection continues, the fundamental need is to embed quantum-safe encryption directly into the network layer, the underlying infrastructure, to ensure sustainable, efficient, and cost-effective protection. Research by Sitehop indicates that regulators currently lack the capacity to enforce necessary changes, despite guidance mandating cryptographic inventory, migration of critical assets, and complete asset migration.
Financial Sector Exposure and $470 Trillion in Assets
The financial sector’s reliance on outdated encryption poses a systemic risk to the global economy, with nearly $470 trillion in assets currently underpinned by technologies developed decades ago. This vulnerability isn’t merely theoretical; the accelerating adoption of artificial intelligence is exacerbating the gap between technological advancement and robust security measures, creating opportunities for increasingly sophisticated attacks. Sitehop research, based on freedom of information requests, reveals a concerning lack of regulatory capacity to enforce necessary migrations to post-quantum encryption, despite national commitments. Conversation at board level has shifted from preventing attacks to minimizing recovery time, signaling an acceptance of inevitable breaches. These attacks proactively collect encrypted data, anticipating the future availability of quantum computers capable of decryption. Protecting the network layer, the fundamental infrastructure through which data travels, is therefore paramount; regulators advise building cryptographic inventory, migrating critical assets, and all assets. Establishing this, particularly for vulnerable VPN connections, is seen as a crucial first step toward a more secure financial future and could encourage broader adoption across other critical sectors.
We used to lock the front door at night,” a senior executive at a leading financial services institution remarked to me recently. “Now Tom Cruise is shimmying in through the chimney but we’re still arguing about which lock to buy.”
Senior Executive at a leading financial services institution
Sitehop, a cybersecurity firm, is actively researching the preparedness of critical infrastructure for post-quantum encryption, revealing a concerning lag between technological advancement and security implementation. However, the most immediate vulnerability lies in data in transit, specifically VPN connections, which represent an opportunity for proactive protection.
Network Layer Resilience via Hardware-Based Encryption
The escalating sophistication of cyber threats demands a fundamental shift in how networks are secured, moving beyond software patches to embed resilience directly within hardware. Current cybersecurity strategies often resemble attempts to reinforce outdated defenses against increasingly agile adversaries, as one senior financial executive observed. The rapid integration of artificial intelligence further exacerbates the problem, building a future on digital foundations ill-equipped to withstand the scale and speed of emerging threats. Hardware-based encryption offers a more sustainable, efficient, and ultimately less costly approach than relying solely on software, and regulators advise cryptographic inventory be completed by a certain date, critical assets be migrated by another, and all assets by a final date. This provides a crucial foundation for defending against increasingly sophisticated attacks and maintaining operational stability in a rapidly evolving threat landscape.
The guidance from regulators is crystal clear: build cryptographic inventory by , migrate critical assets by and all assets by .
