SIFMA’s Quantum Dawn VIII After-Action Report

SIFMA’s Quantum Dawn VIII After-Action Report

Disruption no longer comes one crisis at a time

3 min read

Financial institutions are operating in an environment where severe weather, cyber threats, third-party failures, and infrastructure disruption increasingly collide – forcing leaders to make critical decisions with incomplete information, across systems they don’t fully control.

That reality was tested in SIFMA’s global Quantum Dawn VIII exercise, where Protiviti worked alongside more than 1,000 participants from the public and private sectors to examine readiness for true polycrisis conditions.

Download Report

The scenario at a glance

Over three days, participants navigated a deliberately compounded scenario:

A category 5 hurricane, a transatlantic communications cable cut, a financial market infrastructure outage, and a state-attributed zero-day cyberattack.

The purpose: test end-to-end response and recovery when physical, cyber, operational, and geopolitical risks unfold simultaneously.

What the exercise confirmed

Quantum Dawn VIII demonstrated meaningful progress across the sector:

Nearly two-thirds of participants expressed high confidence in their organization’s ability to respond to a polycrisis
Over the past decade, the financial services industry has made notable progress in strengthening operational resilience, driven largely by lessons learned from Superstorm Sandy and other major disruptions.
Quantum Dawn VIII validates that the industry has embraced polycrisis planning and the public-private collaboration imperative.
Public‑private partnerships have also become a cornerstone of resilience, enabling faster coordination, clearer information sharing, and more effective collective response.

Where risk concentrates during a polycrisis

The findings mirror what many organizations are navigating today:

Hidden third- and fourth-party dependencies across telecommunications, cloud, and market utilities—exposing gaps in traditional third-party risk oversight
Concentration risk that intensifies during crossborder disruptions, challenging enterprise-level risk assumptions
Disconnect and reconnect decisions that test operational resilience when speed, evidence, and coordination collide
Access and credentialing gaps that limit response effectiveness during regional emergencies
AI’s expanding role in resilience—accelerating detection and continuity planning while raising new governance questions

These challenges are not isolated. They emerge at the intersections between firms, vendors, sectors, and geographies.

Why this matters now

Polycrisis is no longer theoretical. It is becoming the baseline risk environment.

Quantum Dawn VIII reinforced that resilience depends not only on internal preparedness, but on an organization’s ability to:

Anticipate interdependencies and systemic risk
Coordinate effectively with third parties and public sector partners
Operate under degraded technology and communications
Align governance, decision rights, and people in real time

Looking ahead

The after-action findings validate that the industry has embraced polycrisis planning—but also highlight the need for practical, interoperable, and continuously tested resilience capabilities.

Priorities include deeper visibility into critical dependencies and concentration risk; more disciplined disconnect and reconnect protocols; the responsible use of AI to support threat detection and continuity planning; and stronger people-centric preparedness through improved access, credentialing, and geographic dispersion.

Download the Quantum Dawn VIII After Action Report to explore the full findings and recommendations shaping the next phase of financial sector resilience.