Peer-reviewed Physical Review Research paper shows efficient preparation of financial distributions on quantum hardware
SHARE THIS STORY
Haiqu, a leading developer of quantum middleware, has announced the publication of joint research with HSBC in Physical Review Research demonstrating an efficient approach to encoding real-world probability distributions into quantum circuits.
Quantum State Preparation
Quantum state preparation, the process of encoding classical data into quantum states, is widely recognised as a major bottleneck when implementing many algorithms on hardware. This challenge is particularly relevant for applications such as financial risk modelling and simulation, where complex probability distributions must be loaded onto quantum devices.
The research uses matrix product state (MPS) methods to construct shallow circuits that encode smooth functions, including probability distributions, directly into quantum states. It also introduces a sampling-based workflow that avoids storing the full discretised dataset in classical memory, enabling larger encoding circuits to be generated.
The approach was validated on finance-relevant models including heavy-tailed Lévy distributions, commonly used to capture extreme market events.
On IBM quantum hardware, circuits up to 25 qubits produced samples that passed standard statistical tests, showing the method can accurately reproduce the probability distributions these models rely on in practice.
Sampling-Based Workflow
Using the sampling-based workflow, the researchers also executed circuits up to 64 qubits, reproducing qualitative features of the target distributions under realistic device noise and demonstrating feasibility at larger scales. Similar behavior was observed in simulations up to 156 qubits, indicating the approach can extend to substantially larger problem sizes.
“Preparing complex probability distributions efficiently is a key step in many quantum algorithms,” said Dr. Philip Intallura, Group Head of Quantum Technologies at HSBC. “This work shows how they can be implemented with much shallower circuits, bringing practical applications such as financial risk modelling closer.”
“One of the biggest practical barriers is getting realistic financial data onto today’s quantum hardware. This work shows a scalable path around that barrier and helps move quantum finance workflows from theory toward execution.” Mykola Maksymenko, Co-founder & CTO, Haiqu
Haiqu is an emerging leader in quantum software that supports the notion that near-term, commercially viable applications are achievable with the right software, even on current hardware. Haiqu’s hardware-agnostic software can run applications with up to 100x more operations on current devices compared to competitors. Headquartered in New York City in the United States, Haiqu’s expert team operates from US, Canada, Ukraine, UK, EU, and Singapore, contributing to the company’s mission to make quantum computing practical as soon as possible.
Lee Fredricks, Director – Solutions Consulting, EMEA at PagerDuty, on why technology leaders should see 2026 as a time for operational resilience to shift from ambition to accountability
SHARE THIS STORY
Technology leaders should see 2026 as a time for operational resilience to shift from ambition to accountability. In 2025, too many cloud services outages and disruptions took place across the public and private sectors, and now regulatory, technological and cultural pressures are converging to say that enough is enough.
Outages often translate into broader repercussions for the organisation, including revenue impact, customer churn, share price pressure and potentially regulatory reporting obligations. Operational metrics must now be discussed alongside financial KPIs at the board level. C-suite leaders understand accountability, especially within the very regulated financial sector.
DORA’s First Birthday
It’s now been one year since the implementation of the Digital Operational Resilience Act, or DORA, introduced by the EU to strengthen the digital resilience of financial institutions. By now, organisations have had time to consider moving from mere compliance to creating a competitive edge from their investments.
Enterprise tech leaders are in the middle of a balancing act. They’re managing ongoing modernisation and transformation initiatives while navigating multi-jurisdictional regulatory scrutiny. At the same time, they face constant pressure from the board and must meet evolving customer needs—all competing for immediate attention. The stakes have never been higher. Operations teams are no longer viewed as a back-office IT function. Their success in keeping the organisation running and driving revenue is now a board-level concern.
For organisations today, IT is business delivery.
A year of DORA has seen organisations make the shift from focusing solely on mere compliance to setting meaningful demonstrable testing, third-party risk visibility and strictly mandated incident reporting timelines. Financial firms have lessened their exposure to risky situations. Payments providers aren’t only reliant on a single cloud region or SaaS supplier, or unable to provide evidence of real time incident response efforts and auditable logs after a disruption.
One benefit of these overall systemic improvements is enhanced supply chain accountability. Financial institutions and their technology partners are both liable for potential penalties and reputational risk, which makes it highly critical that they can prove their resilience capabilities.
Nevertheless, operational resilience is a continuous discipline. A fragmented incident response can expose firms to regulatory and reputational risk again and again if not addressed systemically. As such, many organisations are looking toward AI agents as part of a move towards ‘no-touch’ operations.
From Autonomy to Self-Healing
Under set policies, autonomous agents can handle incident response and operational tasks, such as detection, triage and remediation. AI agents deployed in operations may become the backbone of L1 (first contact) and L2 (more skilled) support. Contrast this with the traditional, reactive, ticket-driven model of IT. The industry can move much faster and with a higher successful close rate. Leveraging intelligent automation reduces mean time to detection/resolution and KPIs around lower incident volumes reaching L3. Additionally, it can lead to improved service availability percentages. Well integrated agents that actually support existing operations teams also help manage the issues around talent shortages faced by many organisations.
A typical incident lifecycle with agentic processes includes several stages depending on the model, but can be summarised as: Anomaly detected, correlated with recent deployment, a remediation script triggered and a human notified if set thresholds were breached. Such no-touch operations are golden in any sector, but particularly with industries such as digital banking and retail, where peak traffic periods demand near-instant response and poor customer experience is a powerful motivator for users to instantly change providers.
IT Standardisation
In addition, consider standardisation as part of strategic infrastructure best practices. There is a role for central operations clouds and operational ‘golden paths’ as solid foundations for reliable operational scale and dependability. Standardisation enables consistent, scalable operational excellence especially across large, distributed enterprises. ‘There is one way and it is the right way’ can be a great time and stress saver for operational teams – particularly if a regulatory notification and clear evidence is required.
For example, a global bank might define a single golden path for deploying customer-facing applications with pre-approved monitoring, incident response workflows, and regulatory reporting templates built in. In an outage, teams follow the same process and automatically capture the evidence required for regulators, avoiding confusion, delays, and compliance risk.
All of these possibilities take us to an exciting new place for an evolved set of developer and operational roles. When organisations enable AI to reshape daily engineering work away from manual firefighting and low-value work it frees headspace and time for developers and engineers to move into more architectural thinking and intelligent oversight of automated systems. These augmented teams will be empowered to manage simple situations instantly and devote more time and attention to the more difficult issues – the edge cases and the strategic necessities.
Enabling Agentic AI
Using another lens, businesses with agentic IT operations capabilities support their current talent, extending their reach and the speed of their response. The winning organisations will be those who deploy agents strategically, freeing up humans for that higher-value work – i.e. L3 expert support – and setting new standards for operational excellence that customers can rely on. Ideally this means making commensurate investment in existing people, training and organisational change management. A culture of continual upskilling and forecasting that points humans to where they make the best impact will be just as important as the autonomous tech tools working alongside them.
Autonomous agents allow many new services, and one of those can be described as self-healing operations. This evolution of the operations world is where predictive detection, automated remediation and embedded resilience all coalesce. With an autonomous process of testing, maintenance and remediation, organisations can focus on finely measuring improved customer trust. They can also enjoy the productivity and revenue benefits of high business continuity and availability.
AI is still a new technology, and many are legitimately concerned with the concept of autonomous agents. There is a need for clear guardrails, audit trails and explainability in automated remediation, and many technology partners have invested in their ability to support across these areas. Moreover, firms must maintain direction with policy-driven automation rather than uncontrolled autonomy, particularly in regulated industries.
Mandate Operational Excellence
This year is very likely to reward organisations that treat operational resilience as core to their business strategy. Those investing in automation, standardisation and governance will set the pace for their industries in an AI-enabled and increasingly autonomous world.
Regulators are already expanding their scrutiny and reliability expectations beyond financial services firms. Across the world, jurisdictions are increasingly looking to strengthen their economies and digital services in particular through resilience and cybersecurity measures. At the same time, agentic operations, and the organisational performance benefits they support, will rapidly become table stakes technology in all sectors. Inevitably, customers will judge brands on digital reliability as much as price or product features when evidence of outages are a click or a headline search away.
Start now. Audit internal incident response maturity, review the potentially complex web of third-party IT dependencies and identify where automation makes clear business sense. While resilience is an investment in compliance, it is also critical to ensure customer trust and future stability.
Richard Ford, Chief Technology Officer at Integrity360, on why cybersecurity must move beyond control and embrace trust
SHARE THIS STORY
Cybersecurity has long been focused on building walls, but the biggest threat is already inside. Today, insider risk accounts for nearly half of all data breaches. This isn’t just about malicious actors, it’s about regular employees and trusted contractors who make simple, costly mistakes.
Remote and hybrid working has only intensified the problem. With teams distributed and work happening across cloud platforms and collaboration tools, it’s harder than ever to track what’s happening, let alone why. Although AI tools promise efficiency, they also introduce new vulnerabilities. Employees pasting code into chatbots or bypassing corporate tools to meet deadlines. All seemingly innocent, but highly risky.
Insider Risk
Ransomware gangs know this and are now skipping the technical breach altogether and going straight to the source – a company’s insiders. Whether through bribery or social engineering, attackers are finding that humans can be the weakest link in even the most well-defended environments. Despite this, most security budgets still focus outward.
Traditional tools like data loss prevention (DLP) struggle to keep up with today’s dynamic and unpredictable user behaviour. Meanwhile, simulated phishing tests and punitive training schemes often breed resentment, not resilience. It’s time to rethink the model.
Human Error, Human Fix
We need to stop treating employees as the problem and start making them part of the solution. Enter Human Risk Management (HRM), a behavioural approach to cybersecurity that recognises the complexity of modern work. HRM tools monitor real-world user behaviour, detect anomalies in context, and deliver just-in-time nudges to prevent risky actions before they happen. Instead of punishing mistakes, they help users avoid them in the first place.
Of course, technology alone won’t fix the issue, culture is key. Leadership must champion security as a shared responsibility, not an IT rulebook. Success should be measured by how quickly employees improve, not how often they slip up. Awareness campaigns need to be practical and rooted in real-world behaviour.
Organisations also need to understand how digital transformation has changed the risk landscape. Shadow IT is no longer a fringe issue, it’s how work gets done. Whether it’s a developer using an AI plugin or a marketer sharing files via a personal drive, employees will always find the fastest path to productivity. Security must meet them there, not block the way.
Cybersecurity Built on Trust
The smartest businesses are those that treat identity like infrastructure, and behaviour like a vital data stream. They invest in tools that adapt to people, not the other way around. This means a move away from a surveillance approach and embracing the nuance of human error and design systems that support.
In a world where threats are increasingly internal and AI is both a risk and a tool, cybersecurity can no longer be about control. It must be about trust, and that starts with understanding the humans behind the keyboards.
Pierre Noel, Field Chief Information Security Officer at Expel, on why security with community-based governance is a key business pillar that better positions organisations to become more resilient and target growth
SHARE THIS STORY
It’s been a particularly rocky start to 2026 for the global cybersecurity landscape. From the Substack data breach to PayPal credential-stuffing attacks in February, we are not looking at IT failures alone. These attacks are balance-sheet events: direct assaults on business value, triggering remediation costs and long-term impacts on financial health. Compounded with the conflict with Iran, leading to potential ramifications in the cyber realm, it’s more important than ever for the C-suite to be aligned on cybersecurity priorities.
Despite this, a glaring disconnect remains in planning and execution. Expel’s research found that while 85% of finance leaders view cybersecurity as a key component of business planning, only 40% express full confidence in security’s ability to align with business strategy. To bridge this gap, CISOs must move from reporting on activity and start reporting on resilience and unit cost.
Translating Alert Volume Into Unit Cost
CISOs must change how they present the value of their operations. CFOs are largely indifferent to technical metrics like the ‘millions of blocks pings’ or ‘SOC alert volume’ – to a finance leader, an alert is simply another form of disruption to daily operations.
To fix this, CISOs should introduce the ‘unit of cost protection’. By breaking down security spend into the cost required for a single transaction or business unit, CFOs can understand and manage it from experience. A tiered approach works best here: high-risk business units justify higher protection costs than low-risk ones. This allows CFOs to treat security as a scalable operational expense rather than a black hole of additional tooling – the kind of framing that also resonates in a boardroom.
Mapping Investment to Business Risk Exposure
Expel’s research shows that while 43% of finance decision-makers are confident that security can prioritise investments based on risk, only 46% are confident that security can deliver cost-efficient solutions. To move in the right direction, CISOs should shift from ‘vulnerability management’ to thinking about ‘business risk exposure’, requiring a different view of how threats unfold over time.
It’s all about asking the right questions. Instead of requesting more firewalls to protect a specific timeframe, start asking for the cost of securing diverse digital ecosystems across an extended risk window. The 2026 Winter Olympics is a good example: Russian-led cyber campaigns began raising concerns months before a single athlete arrived in Italy, proving that risk isn’t a one-day event but an ongoing operational cost.
For European organisations, this framing is increasingly non-negotiable. While NIS2 and DORA help make the cost of under-investment concrete and quantifiable, the upcoming Cyber Resilience Act (CRA), with key reporting requirements starting in September 2026, extends this pressure to anyone manufacturing or selling digital products in the EU. Even for purely domestic UK entities, the new UK Cyber Security and Resilience Bill is moving the goalposts toward these same high standards. Ultimately, CFOs must understand that cybersecurity isn’t just about preventing loss; it’s a prerequisite for safe and secure growth.
The Reputational Multiplier
So those are the questions to ask, but how do CISOs deal with the ‘unknown unknowns’, specifically long-term brand damage? While compliance fines under NIS2 or DORA may be straightforward (and important) to model, they rarely represent the full scope of the potential damage. In such scenarios, CISOs should propose a reputation multiplier: a framework for quantifying the financial fallout of brand damage in a language CFOs know and trust, looking past immediate recovery costs to factor in the long-term implications of re-establishing market trust.
The 2026 CarGurus breach illustrates this well. Impacting 12 million users, the cost wasn’t purely technical; it also came from the stock price dip and marketing spend required to repair the brand. For UK companies, where regulatory scrutiny is heightened, that multiplier effect is even more pronounced. This is the language of a CFO, and it helps CISOs better translate the urgency and relevance of a strong cybersecurity posture.
Standardising the Language of ROI
Closing the gap between CFOs and CISOs needs more than just better data; it needs a shared vocabulary. By standardising the language of ROI, CISOs transform cybersecurity from a vague insurance policy into a transparent value driver fully trusted by finance teams. Move away from complicated defensive jargon toward a unified framework of unit costs, and the gap between the CISO and CFO starts to close.
Security has become a key pillar of business operations, and in the current threat environment, it’s genuinely a community-based governance issue. The organisations that get this right aren’t just more resilient. They’re better positioned to grow.
