Will quantum computing break encryption?
culture
Inclusion and Diversity
Corporate Social Responsibility
Team BRIT
Environmental, Social & Governance
Insurance
accident and health
contingency
event cancellation
non appearance
film
prize indemnity
cyber
cpr
xdr
bcap industrial
xdr pro tech
first50
cyber claims
delegated authority
commercial property
flood
financial property
homeowners
small commercial general liability
directors & officers
energy
e-trading
financial institutions
fine art and specie
general liability
public and products liability
employers liability
environmental liability
healthcare liability
marine
cargo
hull and marine war
keel
marine and energy liability
political risk trade credit
political violence / terrorism
political violence/london
private client
home
motor
travel
professional liability
small north american liabilty
north american professional liability london
programs
property
north american open market property
international property
uk property
transportation
Reinsurance
casualty treaty
international casualty treaty/london
north america casualty treaty/london
property treaty
property treaty
property treaty bermuda
Claims
Claims Philosophy
Claims Innovation
Cyber Claims
industries
aerospace
aquaculture, equine and livestock
architects and engineers
commercial
construction
consumer goods
education
energy
events & entertainment
farming and agriculture
financial services
healthcare
municipalities
personal lines
professional services
real estate
religious and not-for-profit
retail
technology
transportation
utilities and industrial
careers
Why join Brit?
our business areas - speaking for ourselves
business area - actuarial
business area - claims
business area - finance
business area - internal audit
business area - operations
business area - risk
news
Brit Group
Brit Global specialty
Brit Global Specialty Bermuda
Brit Re
Camargue
Ki
financials and governance
Financials
Governance
executive & board
Risk
History of Brit
Working with FinTechs and InsurTechs
Fair Value Assessments
brokers and coverholders
leadership
innovation
contact
Complaints
Privacy Notice
Modern Slavery
Terms and Conditions
The latest from Brit

Financials

Results for the year ended 31 December 2023

find out more

news

find out more
Image of binary code

news

Quantum computing is changing the way we think about encryption and security

In the past, the concept of quantum computing was largely theoretical. Computing scientists have theorised about the idea of quantum mechanics being applied to computing since the eighties. However, we are edging closer to the sometimes mind-boggling world of quantum computing becoming a reality.

In light of quantum computing developments by various tech giants and quantum start-ups, even conservative estimates have imagined this innovation being commonplace as early as 2035. Consequently, Information Security or 'Info Sec' professionals need to understand the implications of the proliferation of quantum computing and what it means for encryption and security.

Download this article

What do we mean by quantum computing?

Before we delve into the specifics of how quantum computing will change the way we approach cyber security, let’s start with some basic concepts. The theoretical side of quantum computing has been discussed for around 40 years. Here’s a basic definition to get us started;

“Quantum computing is an area of computing focused on developing computer technology based on the principles of quantum theory (which explains the behaviour of energy and material on the atomic and subatomic levels). Computers used today can only encode information in bits that take the value of 1 or 0—restricting their ability.

Quantum computing, on the other hand, uses quantum bits or qubits. It harnesses the unique ability of subatomic particles that allows them to exist in more than one state (i.e., a 1 and a 0 at the same time).”

What do we mean by quantum computing?

Quantum VIDEO Poster

What do we mean by quantum computing?

Quantum computing is a complex subject that many of us won’t encounter in our day-to-day lives, but the main takeaway is that the technical possibilities are enormous. Several applications are beginning to be fully realised across a number of different industries;

Quantum Healthcare 638X621

Healthcare

Quantum computing can be used in drug development, simulating interactions between experimental drugs and the fully mapped human genome.

Quantum Meteorology 638X621

Meteorology

Quantum computers could be used to predict weather more accurately through pattern recognition and generating more detailed climate models.

Quantum Finance 638X621

Finance

Algorithmic trading could be developed with quantum computers to automatically trigger share dealings based upon a variety of market variables at scale.

Technology companies including Google, Microsoft and IBM are all working to bring quantum computing to the mass market across a variety research projects. In 2021, a major step forward was secured as British firm Orca claimed to have used photonics to make the adoption of quantum computers more commercially viable. As the reality of quantum computers is now a question of “when”, rather than “if”, we need to think about the knock-on effect this will have for computer security.

Quantum DIVIDER LGE

How will traditional systems be threatened?

InfoSec specialists have traditionally created security systems and protocols to protect from the threat posed by existing computer hacking systems. When looking at quantum systems and their potential for nefarious activity, a few points should raise alarm bells.

Firstly, as quantum computers are complex systems, they will likely be accessed via the cloud remotely. This creates low barriers to access that may be easy for hackers to exploit.

Additionally, as quantum theory sets to increase the capabilities of computers, the points of vulnerability within current security measures will also increase. It’s thought that in a matter of seconds, quantum computers will be able to solve problems that would take traditional computer years. Cyber tech specialists are coming to the realisation that even the most advanced security systems in place today could be easily toppled by a quantum computer.

Managing the Future Risk

It’s the duty of infosec professionals to manage the future risk that the development of quantum computer systems might present. Expert insight from the Wall Street Journal included a number of steps that can be implemented and considered alongside the roll-out of quantum computer systems;

Build Awareness of the risks of quantum to security

Prepare cryptographic systems for the quantum era

Become more agile to the developing threat from quantum computers

Practice good cyber hygiene

Creating these new future-proof protocols is known within the industry as post-quantum cryptography or PQC. These protocols will spread awareness of the problem that needs addressing but are by no means a silver bullet to solving what issues might come over the horizon.

The Challenge Ahead

While PQC is one of the best precautions we can take for the world of quantum computing vulnerabilities, there is a two-fold problem with implementing the necessary protection.

Firstly, there is a high cost associated with updating to a new security standard. Upgrading legacy systems can be costly for businesses. This is often down to the incompatibility of existing protocols, the inadequacy of a company’s inventory of all the vulnerable nodes in their IT system that require upgrading (made even more difficult when third party vendors are involved), along with efforts to make these changes over longer periods to help manage costs. This is exacerbated further when we consider any possible resistance from management, who might question the need to trade out existing security systems for a risk that isn’t fully realised yet.

The second challenge is the question of data interception where data has been stolen, but not decrypted. The concept of a “harvest today, decrypt tomorrow” hack has given cause for concern for infosec professionals as information that has previously been compromised might risk decryption from a quantum computing system in the future. Paolo Cuomo, our Director of Operations, believes this to be an issue for the security specialist of today, not a few years down the line when quantum computers become more prevalent.

In a recent piece for LinkedIn, Paolo shared his thoughts:

“What if fully-encrypted data was stolen and held onto? As long as the data expiry period is longer than the period before decryption is possible, there is value to the thief and damage to the original owner.

Furthermore, when a hack becomes public, changes are made to stop the problem. If data is being stolen and no noise made about it, how long might the security hole remain open allowing a continual syphoning off of that data?

This concept of harvesting data today and then decrypting it in the future is what makes this top one of real urgency. Urgent for information security teams to think about; and urgent for cyber underwriters to consider.”

Paolo Cuomo Director of Operations

Paolo states that the decade or so we have before the power of quantum computing is fully realised, might not be enough time, asking, “how long does it actually take to replace encryption protocols built into hugely complex IT and communications systems?” We can’t know for sure if famous security breaches for brands like MySpace, the Marriott, or MyFitnessPal could rear their heads again if quantum computing solutions can decrypt the stolen data. But we made be behind in the race for protection.

So, even though cyber security professionals may feel too busy to consider longer-term risks, the threat posed by quantum computing is not something they can completely ignore. At the very minimum, infosec professionals should:

  • Include quantum computing in their risk assessment and develop a roadmap for managing this risk.
  • Identify whether quantum computing is being investigated elsewhere in the business (for positive purposes) to use that expertise.
  • Define the route to cryptographic agility within their organisations to ensure a swift transition to PQC protocols once they are standardised and available.
  • Factor in that encrypted data today is not guaranteed to remain safe in the case of a breach.

 

How Brit are Preparing

There is a lot to think about a prepare for over the next decade as quantum computing systems become more prevalent in our daily lives. We are preparing our clients to respond to the evolving risk landscape through our knowledge of this technological innovation.

Get in touch with our Cyber team to be more proactive about managing your clients’ full range of cyber risks.

Ransomware negotiation: Don’t try this at home

18-03-2024 |Cyber
Read more

Brit launches Brit Cyber First50 to expedite placement of large cyber risks

13-03-2024 |Cyber
Read more

Addressing The Cyber Gap With SMEs

29-01-2024 |Cyber
Read more

Brit - NIS2: What does it mean for cyber security?

30-11-2023 |Cyber
Read more

Why do cyber insurers insist on IT security?

26-05-2023 |Innovation & Insights
Read more
London Footer White

A Fairfax Company

©2024 Brit Group Services. All rights reserved.

We Brit Insurance Services USA, Inc. d/b/a Brit Global Specialty USA, are a service company that is part of the Brit Global Specialty group of companies. We are regulated by state departments of insurance in our capacity as a Managing General Agent. We have authority to enter into contracts of insurance on behalf of the Lloyd’s underwriting members of Lloyd’s syndicates 2987 and 2988 which are managed by Brit Syndicates Limited. This material is intended to provide general information about Brit Insurance’s products and services. It is neither an offer to sell nor a solicitation to purchase any specific insurance product. Coverage may not be available in all US jurisdictions and are subject to legal and underwriting requirements. Any availability is on a surplus lines basis only through duly licensed producers. Inquiries about the products and services described herein should be directed to producers duly licensed in the relevant US jurisdiction.