Citi warned that the world is edging closer to “Q-day”—the moment when quantum computers become powerful enough to break the public-key cryptography underpinning modern finance, digital identity, and secure communications. What was once theoretical is now framed as a measurable, systemic risk.

Citi models a scenario in which a single-day quantum-enabled cyberattack targets a top U.S. bank’s access to the Fedwire payment system. The cascading disruption could expose up to $3.3 trillion in indirect economic losses, translating into a 10% to 17% drop in real GDP and potentially triggering a recession deeper than 2008.

The timeline is no longer distant. Citi estimates a 19% to 34% probability that widely used encryption could be broken by 2034. By 2044, that probability rises sharply to between 60% and 82%. Meanwhile, the “harvest now, decrypt later” threat is already active, as adversaries collect encrypted data today for future decryption.

The vulnerability extends beyond banks. Roughly $2.0–$3.3 trillion in GDP is at risk from systemic shock. The crypto sector faces particular exposure, with an estimated 25% of Bitcoin—worth $500–$600 billion—considered quantum-exposed due to legacy address structures.

At its core, the risk is not merely financial theft but a breakdown of digital trust. Payment authentication, interbank messaging, and digital identities all rely on cryptographic integrity. A successful breach could undermine confidence across sectors dependent on secure digital infrastructure.

Citi argues that solutions already exist in the form of Post-Quantum Cryptography (PQC). However, migration at scale—inventorying vulnerable systems, building crypto-agile architectures, deploying hybrid protections, and coordinating across cloud and supply chains—will be complex and costly.

This is not just a technology race but a security race. The economic consequences of delay could be historic, making quantum readiness an urgent strategic priority rather than a future upgrade.