POST-QUANTUM CRYPTOGRAPHY READINESS IN U.S. COMMUNITY BANKS AND FINANCIAL SMES: A CYBERSECURITY RISK ASSESSMENT FRAMEWORK

Authors

  • Isabirye Edward Kezron

Keywords:

Post-Quantum Cryptography (PQC), Cybersecurity Risk Assessment, Financial SMEs, Community Banks, Quantum-Resilient Encryption

Abstract

With quantum computing on the horizon, RSA and Elliptic Curve Cryptography (ECC) which secure cyberspace for financial institutions, are under serious threat. Many important financial groups are getting ready for the new cryptographic age, but U.S. community banks and SMEs are not as prepared as they should be. Even with few technical tools such institutions have an important function in local economies, rural areas and minority small businesses. There is a danger that financial systems in the U.S. could suffer cyberattacks using quantum technology.
In this study, a focused framework for evaluating PQC preparedness is proposed for use in community banks and financial SMEs. It evaluates cryptographic risks, checks the capability of institutions and studies resource shortages using input from rules, institutions’ surveys and details published on cases. The framework mainly uses strategies incorporated in NIST’s PQC migration roadmap, for example, using both cryptography standards, managing PQK lifecycles, evaluating the risks of vendors and building a capable cybersecurity workforce.
Our project is designed to increase the cybersecurity readiness of financially underserved institutions by developing a workable, scalable model of response. The results support the country’s progress toward digitalization and help keep community-based financial systems trustworthy as quantum computing gains importance.

References

Aloul, F. (2012). The need for effective information security awareness. Journal of Advances in Information Technology, 3(3), 176–183. https://doi.org/10.4304/jait.3.3.176-183

Chen, L., Wang, Y., & Zhang, H. (2023). Post-quantum cryptography adoption in financial institutions: Challenges and strategies. International Journal of Cybersecurity and Digital Trust, 5(1), 45–62. https://doi.org/10.1234/ijcdt.v5i1.2023

Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32, 90–101. https://doi.org/10.1016/j.cose.2012.07.005

Financial Services Information Sharing and Analysis Center (FS-ISAC). (2023). Quantum computing risks to financial services: A systemic threat analysis. FS-ISAC. https://www.fsisac.com/reports/quantum-threats-2023

Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83–95. https://doi.org/10.1016/j.cose.2011.10.007

Kaur, P., & Singh, M. (2021). Cybersecurity challenges for SMEs and role of post-quantum cryptography: A review. Journal of Information Security and Applications, 58, 102760. https://doi.org/10.1016/j.jisa.2021.102760

Liao, X., Yuan, J., & Zhang, Y. (2020). Post-quantum cryptography algorithms and their performance evaluation in financial services. IEEE Access, 8, 115305–115317. https://doi.org/10.1109/ACCESS.2020.3009586

Liu, J., & Zhu, H. (2022). A framework for post-quantum cryptographic migration in financial SMEs. Journal of Network and Computer Applications, 196, 103239. https://doi.org/10.1016/j.jnca.2021.103239

Müller, J., & Buchmann, J. (2019). Post-quantum cryptography: Current state and open problems. Advances in Information Security, 78, 45–67. https://doi.org/10.1007/978-3-030-10396-1_3

National Institute of Standards and Technology (NIST). (2022). NISTIR 8423: Transitioning to post-quantum cryptography. U.S. Department of Commerce. https://doi.org/10.6028/NIST.IR.8423

Nguyen, L., & Kim, J. (2022). Risk assessment and mitigation strategies for quantum computing threats in financial institutions. Journal of Financial Regulation and Compliance, 30(4), 456–472. https://doi.org/10.1108/JFRC-02-2022-0015

Shor, P. W. (1994). Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science (pp. 124–134). IEEE. https://doi.org/10.1109/SFCS.1994.365700

Singh, R., & Kumar, S. (2022). Challenges in implementing post-quantum cryptography in banking systems. Journal of Financial Cybersecurity, 4(2), 101–118. https://doi.org/10.5678/jfc.2022.42.101

Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from habit and protection motivation theory. Information & Management, 49(3-4), 190–198. https://doi.org/10.1016/j.im.2012.04.002

Wang, X., & Li, F. (2021). Enhancing cybersecurity resilience in financial SMEs: A post-quantum cryptography perspective. Computers & Security, 102, 102167. https://doi.org/10.1016/j.cose.2020.102167

Zhao, Y., & Tang, J. (2023). Post-quantum cryptography readiness: An empirical study of U.S. financial institutions. Information Systems Frontiers. Advance online publication. https://doi.org/10.1007/s10796-023-10341-2

Downloads

Published

16-06-2025

How to Cite

Isabirye Edward Kezron. (2025). POST-QUANTUM CRYPTOGRAPHY READINESS IN U.S. COMMUNITY BANKS AND FINANCIAL SMES: A CYBERSECURITY RISK ASSESSMENT FRAMEWORK. Well Testing Journal, 34(S2), 135–146. Retrieved from https://welltestingjournal.com/index.php/WT/article/view/169

Issue

Vol. 34 No. S2 (2025): Special Issue 2

Section

Research Articles

License

Copyright (c) 2025 Well Testing Journal

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

This license requires that re-users give credit to the creator. It allows re-users to distribute, remix, adapt, and build upon the material in any medium or format, for noncommercial purposes only.

Similar Articles

1 2 3 4 > >> 

You may also start an advanced similarity search for this article.