How the Lion City is racing to secure its financial heart before quantum computers break the encryption protecting trillions in assets
Singapore stands at a digital crossroads. As one of the world’s premier financial hubs, the city-state has built its reputation on being ahead of technological curves. But recent research from cybersecurity firm Surfshark reveals a sobering reality: only 8% of the world’s most popular applications have implemented post-quantum cryptography (PQC), leaving digital infrastructure vulnerable to a looming threat that could unravel the encryption protecting everything from bank transfers to state secrets.
For Singapore—where financial services account for 14% of GDP and critical infrastructure underpins a hyper-connected society—this isn’t just a cybersecurity concern. It’s an existential challenge to the nation’s economic security and technological leadership.
The Quantum Clock Is Ticking
The threat isn’t hypothetical. Industry experts now predict that quantum computers capable of breaking current encryption standards could emerge within 5 to 10 years—a timeline that has compressed dramatically from earlier estimates of 15 to 20 years. Nearly two-thirds of organizations consider quantum computing the most critical cybersecurity threat they’ll face in the next three to five years, according to a July 2025 Capgemini Research Institute report.
“Quantum computing is advancing rapidly, and it poses a threat to current encryption methods used to secure data online,” explains Donatas Budvytis, Chief Technology Officer at Surfshark. While powerful quantum computers aren’t yet widely available, the technology’s development is accelerating at a pace that could soon enable machines to solve in seconds what today’s supercomputers would need thousands of years to process.
The mathematics is stark: RSA-2048 encryption, the standard protecting bank transfers and state secrets, would be broken within hours by a sufficiently powerful quantum computer, not millennia as current technology requires.
The “Harvest Now, Decrypt Later” Dilemma
Perhaps the most insidious aspect of the quantum threat is already underway. Sophisticated adversaries are employing “harvest now, decrypt later” tactics—intercepting and storing encrypted data today with the expectation that quantum computers will be able to crack it in the coming decade.
This means sensitive information being transmitted right now—medical records that need to stay confidential for decades, financial documents with long-term sensitivity, defense communications—could be retroactively compromised. For a nation like Singapore, where banking assets exceed trillions of dollars, the implications are staggering.
“Imagine someone making a bank transfer. Even if they use a VPN with post-quantum protection that encrypts the entire process, their data remains vulnerable if the bank itself lacks similar protection,” Budvytis warns. “Hackers equipped with quantum computing capabilities could easily decipher the data, though the process itself might remain secure. This may lead to major financial losses both for the individual and the bank.”
Singapore’s Quantum Readiness: A Mixed Picture
The Banking Sector’s Alarming Vulnerability
Surfshark’s analysis of 40 commonly used apps across social media, messaging, banking, and shopping categories revealed a troubling pattern: none of the popular banking apps analyzed have implemented PQC yet, with only 20% taking proactive steps toward quantum resistance. Shopping apps face the same dire situation.
This is particularly concerning for Singapore, given its status as a global financial center. The city-state’s four major banks—DBS, OCBC, UOB, and HSBC—handle massive daily transaction volumes and safeguard trillions in assets. A quantum breakthrough that compromises their encryption could trigger cascading failures across the financial system.
Consumer Apps: Minimal Protection Across the Board
The broader consumer technology landscape fares little better. Among messaging apps—which handle vast amounts of personal and business communications—only 18% are quantum-resistant, with 27% researching quantum resistance and 55% having no plans regarding PQC.
In the social media category, TikTok stands alone as the only quantum-resistant platform among those analyzed. While both Google (which owns Google Messages) and Meta (which owns WhatsApp and Messenger) have acknowledged potential threats from quantum computers and are taking proactive measures, the slow pace of implementation leaves users vulnerable.
Approximately 65% of analyzed apps have no public information available regarding PQC adoption plans—a silence that suggests either unawareness or unpreparedness for the quantum transition.
Singapore’s Proactive Response: Leading from the Front
While the global picture remains bleak, Singapore has emerged as a rare example of proactive quantum security leadership. The nation has committed over S$400 million through 2030 to quantum technology, with a clear focus on security infrastructure rather than abstract research.
Government-Led Initiatives
In October 2025, the Cyber Security Agency of Singapore (CSA) released two critical resources: a Quantum-Safe Handbook and Quantum Readiness Index (QRI). Developed in collaboration with GovTech Singapore, the Infocomm Media Development Authority, and leading technology companies, these initiatives aim to guide Critical Information Infrastructure owners and government agencies through the complex transition to quantum-safe cryptography.
The Quantum-Safe Handbook provides practical guidance for organizations preparing for the quantum-safe transition, explaining what’s at stake and setting out concrete considerations for building readiness. The QRI serves as a self-assessment questionnaire allowing organizations to evaluate their preparedness levels and prioritize migration actions.
Both documents were put up for public consultation through December 31, 2025, reflecting Singapore’s characteristically consultative approach to major technological transitions.
The Monetary Authority’s Quantum Sandbox
The Monetary Authority of Singapore (MAS) has taken an even more hands-on approach. In February 2024, MAS issued an advisory to all financial institutions on the cybersecurity risks associated with quantum technology, providing recommendations for safeguarding against identified threats.
But MAS didn’t stop at guidance. Between September 2024 and March 2025, the regulator conducted a proof-of-concept sandbox to evaluate Quantum Key Distribution (QKD) for secure communications in the financial sector. The sandbox involved Singapore’s four major banks—DBS, HSBC, OCBC, and UOB—along with technology partners SPTel and SpeQtral.
The trials connected bank data centers across the city-state using existing fiber-optic infrastructure to test whether quantum cryptography techniques could be integrated into real-world banking IT systems without overhauling existing network topologies. The initiative evaluated key generation rates, latency impacts under production traffic patterns, and scalability challenges for expanding QKD to wider metro and intercity links.
In September 2025, MAS published a technical report consolidating the findings. While the report highlighted that QKD has strong potential for securing sensitive data exchanges in finance, it also identified the need for stronger interoperability standards, tamper-resistant trusted nodes, and greater industry investment to become viable at scale.
This pragmatic, learning-by-doing approach stands in stark contrast to the more cautious stance of Western security authorities. While the U.S. National Security Agency and the UK’s National Cyber Security Centre have expressed skepticism about QKD, recommending that organizations focus primarily on post-quantum cryptography, Singapore is exploring every tool in the quantum security toolbox.
The National Quantum-Safe Network Plus (NQSN+)
Building on more than 10 years of quantum research efforts from the Centre for Quantum Technologies at the National University of Singapore, the National Quantum-Safe Network (NQSN) was launched in 2022 to conduct nationwide trials of quantum-safe communications technologies.
Following successful testbed trials, the Infocomm Media Development Authority’s NQSN+ now supports network operators in deploying quantum-safe networks nationwide. Starting with Singtel and SPTel, together with SpeQtral, the NQSN+ grants businesses easy access to quantum-safe solutions that safeguard critical data.
In August 2024, Singtel launched Southeast Asia’s first Hybrid Quantum-Safe Network, integrating Quantum Key Distribution with Post-Quantum Cryptography. This layered approach delivers cost-efficient, flexible, and globally extensible protection against emerging quantum threats, extending protection beyond core data centers to branch offices, remote facilities, cloud environments, and overseas operations.
Critical Infrastructure at Risk
Singapore’s hyper-connected infrastructure makes it particularly vulnerable to quantum-enabled attacks. The nation’s Critical Information Infrastructure sectors—energy, water, finance, transportation, government, telecommunications, and emergency services—all depend heavily on current encryption standards.
In July 2025, Coordinating Minister for National Security K. Shanmugam disclosed that the China-linked advanced persistent threat group UNC3886 was conducting ongoing cyberattacks against Singapore’s critical infrastructure. The group, known for exploiting zero-day vulnerabilities in firewalls and deploying custom malware for long-term access, represents the kind of sophisticated adversary likely to exploit quantum computing capabilities.
Suspected APT incidents in Singapore surged more than fourfold from 2021 to 2024, underscoring the urgency of implementing quantum-resistant defenses before adversaries gain access to quantum decryption capabilities.
The Banking Sector’s Race Against Time
Singapore’s banks are not waiting for the quantum threat to materialize. Beyond participating in MAS’s QKD sandbox, individual institutions are building comprehensive quantum readiness programs.
OCBC has developed a quantum roadmap since 2021 as part of a multi-year strategy to advance its technological capabilities. About 50 employees, mostly from its technology team, now possess intermediate proficiency in quantum concepts. In July 2025, OCBC embarked on a year-long research collaboration with the National University of Singapore, Nanyang Technological University, and Singapore Management University to explore quantum applications in derivative pricing, data security, and fraud detection.
HSBC Singapore is building crypto-agility and visibility across core functions, forming the basis for subsequent PQC and hybrid-model pilots. UOB identified quantum-safe transition as an emerging risk years ago, enabling earlier planning and governance structures that now extend across the bank’s ASEAN operations.
These institutions understand a crucial reality: migration to quantum-safe cryptography is not a quick software update. It’s a complex, multi-year effort requiring cryptographic inventories, system architecture reviews, supply chain coordination, and ecosystem-wide standardization.
The Global Context and Singapore’s Strategic Calculus
Singapore’s aggressive pursuit of quantum security reflects broader strategic considerations. As a small nation dependent on digital infrastructure and international trust in its financial systems, Singapore cannot afford to be reactive.
The National Quantum Strategy allocated nearly S$300 million from the Research, Innovation, and Enterprise 2025 plan. The Monetary Authority of Singapore added S$100 million specifically for financial sector quantum capabilities. In March 2025, another S$24.5 million went to the Hybrid Quantum Classical Computing initiative.
But crucially, this isn’t money going to research papers. It’s funding production deployments—real networks, real trials with actual banks, real-world testing of quantum security solutions.
This approach reflects Singapore’s aspiration to be both a global financial hub and a technology innovation center. Embracing new security technologies early allows the nation to build expertise and influence emerging standards. When the quantum transition becomes mandatory globally, Singapore intends to be among the leaders, not the laggards.
Regional Leadership and ASEAN Implications
Singapore’s successful trials are already informing neighbors across Southeast Asia. The potential for harmonized quantum-safe standards across ASEAN financial hubs could create secure cross-border payment rails protected by quantum-resistant algorithms, strengthening regional economic integration.
Forrester forecasts that over 90% of Asia Pacific enterprises will prioritize post-quantum security technologies in 2026, driven by government initiatives like Singapore’s NQSN+ and India’s National Quantum Mission. This regional momentum could accelerate corporate adoption of quantum-safe infrastructure, with particular emphasis on migration planning and cryptographic inventory management.
Singapore’s 730 square kilometers make it an ideal testing ground for quantum security infrastructure. What works across Singapore can scale regionally, providing proof-of-concept for ASEAN markets watching Singapore’s progress.
What Needs to Happen Now
Despite Singapore’s leadership, significant challenges remain. The Surfshark research makes clear that consumer-facing applications—the banking apps, shopping platforms, and messaging services millions use daily—are woefully unprepared for the quantum transition.
For Singapore to truly secure its digital future, several critical steps are necessary:
Regulatory Mandates: While guidance and handbooks are valuable, mandatory timelines for quantum-safe migration in critical sectors may be necessary to accelerate adoption. The EU’s PQC Roadmap requires all member states to develop comprehensive national plans by the end of 2026, providing a potential model.
Supply Chain Coordination: One of the biggest challenges identified by banking executives is the risk of incompatible hybrid deployments. If institutions combine classical and quantum-safe algorithms in inconsistent patterns, they could disrupt interoperability across payment networks—especially as systems become more interconnected.
Consumer Protection: Banking institutions may need to implement quantum-safe protections even if consumers continue using vulnerable applications, creating quantum-safe “tunnels” that protect transactions regardless of endpoint security.
Talent Development: OCBC’s investment in training 50 employees in quantum concepts represents a start, but Singapore will need hundreds, if not thousands, of professionals with quantum security expertise to manage the transition across all critical sectors.
International Standardization: Singapore is actively participating in efforts by the International Telecommunication Union and the European Telecommunication Standards Institute to publish QKD interface specifications and compliance guidelines expected in 2026-2027.
The Window Is Closing
The quantum threat operates on a ruthless timeline. Data being harvested today could be decrypted in five to 10 years. Financial records, medical data, and state communications that must remain confidential for decades are already potentially compromised.
Professor Alexander Ling, principal investigator at Singapore’s National Quantum-Safe Network, advises organizations to monitor trends and adopt standards endorsed by regulators. But monitoring alone won’t be enough.
The World Economic Forum estimates quantum computing could generate up to $622 billion in value by 2035 in financial services alone. That value accrues to organizations preparing infrastructure now, not those scrambling to retrofit quantum security while competitors are already running quantum-optimized algorithms.
For Singapore, the stakes are existential. The nation’s economic model depends on digital trust—trust that financial transactions are secure, that critical infrastructure is resilient, that data sovereignty is respected. If quantum computers break that trust before Singapore’s defenses are ready, the consequences would ripple far beyond cybersecurity.
With only 8% of major apps currently quantum-resistant, and 65% having no apparent plans for the transition, Singapore’s proactive stance offers a blueprint for national quantum security. But blueprints mean nothing without implementation.
The quantum clock is ticking. The harvest has already begun. And in the race between quantum computers and quantum-safe cryptography, Singapore cannot afford to finish second.
Based on research from Surfshark, the Monetary Authority of Singapore, the Cyber Security Agency of Singapore, and industry reports from Capgemini, Forrester, and the World Economic Forum.