Financial Regulators Urged to Reprioritise Cyber Threats
WFE: Gen AI a Present Danger, Quantum a Future Challenge
The World Federation of Exchanges (WFE) argues that regulators are spending disproportionate attention on quantum computing risks compared with the immediate hazards posed by generative AI. The WFE frames cryptographically relevant quantum computers as a multi-year to decade-plus risk rather than an imminent operational crisis. In contrast, generative AI is already changing attack surfaces across trading, customer onboarding, fraud detection and market manipulation.
Why Generative AI Is More Urgent
Generative AI introduces rapid, practical threats: automated social engineering, deepfake-driven fraud, synthetic identities and faster exploitation of software flaws. These threats affect day-to-day resiliency and can scale quickly. Regulators and firms are therefore being pushed to strengthen detection, governance and incident response now.
Balancing Long-Term Preparedness with Immediate Action
Financial institutions should treat the debate as a resource-allocation problem. Short-term priorities include strengthening cyber defences, hardening model risk management, improving monitoring for AI-enabled attacks and sharpening playbooks for incident response. These steps reduce immediate operational risk and support regulatory expectations for cyber resiliency.
Maintaining a Practical Post-Quantum Path
Planning for post-quantum cryptography remains necessary. Practical actions are inventorying cryptographic assets, assessing vendor readiness, adopting crypto-agility principles and running small-scale PQC pilots. That approach keeps long-term migration on track without diverting urgent resources from active threats.
In sum, the WFE recommendation is not to ignore quantum. It is to prioritise present, high-probability threats from generative AI while running disciplined, phased programs to prepare cryptographic systems for a future quantum era. For regulators and financial leaders, that balance aligns defensive spending with the timing and severity of real-world risks.
