Quantum computing is advancing rapidly, and with it comes a new set of cybersecurity challenges. While the technology holds promise for solving complex problems, its capabilities could also be exploited by cybercriminals.
One of the biggest concerns is its potential to break traditional encryption methods, a development that could have far-reaching consequences for businesses, governments, and individuals.
John Farley, managing director of Gallagher’s cyber liability practice, is closely watching this evolution and its implications.
“Quantum computing is the next formidable challenge to those tasked with defending their networks from threat actors,” Farley said. “Some experts believe that quantum computers will eventually be able to defeat encryption. While we don't see quantum computers posing an immediate threat today, it may become the tool of choice for cyber criminals.”
Unlike traditional computers that process data sequentially, quantum computers use qubits, which allow them to perform complex calculations at speeds beyond the capability of current technology.
“They’ll be able to absorb and process vast data sets to perform a wide variety of tasks simultaneously,” he explained.
“The biggest concern is encryption vulnerability,” Farley said. “Our traditional encryption methods use complex mathematical equations to make the data unreadable to all but the sender and recipient. Some believe that this common defence strategy may be susceptible to the immense power of quantum computers.”
Farley also pointed to the “harvest now, decrypt later” strategy used by cybercriminals. “Hackers hold on to stolen but encrypted data, intending to decrypt it later when they can leverage the power of quantum computers,” he said.
The potential risks of quantum computing extend across multiple areas, including privacy, legal liability, intellectual property theft, and national security.
“Without adequate encryption, web-based communications and our most sensitive personally identifiable information may become exposed,” he warned. “Organizations may become subject to legal liability and regulatory risk due to non-compliance with data protection standards.”
He also noted that “highly sensitive intellectual property could be stolen” and that nation-states “could leverage quantum computing to defeat cybersecurity controls that protect our critical infrastructure.”
To prepare for these risks, Farley emphasized the importance of following guidance from the National Institute of Standards and Technology (NIST).
“NIST has already taken steps to provide guidance on quantum-safe practices,” he said. “Their Post-Quantum Cryptography (PQC) project has set standards designed to help organizations withstand a quantum attack.” By adopting these measures early, businesses can enhance their security posture against future quantum threats.
Cyber insurance is another tool that organizations can use to mitigate potential losses. “Cyber liability insurance, and other insurance policies, may help organizations transfer risks associated with losses stemming from the latest emerging cyber threats, including quantum attacks,” he said.
Many cyber insurance policies also offer access to crisis response services, such as IT forensics investigators and legal experts.
“Those with cyber insurance should be mindful of claim reporting obligations, requirements to use insurance panel breach response vendors, evidence preservation, and issues that may impact attorney-client privilege,” Farley advised.
“As quantum computing develops, we expect the associated threats of quantum attacks to become a focus of cyber insurance underwriters,” he said. “Cyber insurance applicants should be prepared to implement NIST defence strategies provided and other generally accepted controls as they become available.”
While quantum computing is still in development, Farley stressed the importance of proactive measures. “By proactively addressing these risks and implementing robust strategies, organizations can better protect their data and maintain security in the face of advancing quantum computing capabilities.”
What are your thoughts on this story? Please feel free to share your comments below.
