Fitch Ratings: Quantum Computing a Potential Cyber Risk for US Insurance Cos



The anticipated evolution of quantum computers, estimated to run 100 million times faster than current technology, poses seemingly unlimited long-term benefits for a broad range of organizations in research efforts, new product development and operating efficiencies. However, quantum computing also has the potential for more nefarious objectives, Fitch Ratings says. This could add significantly to challenges in addressing cyber risk, with broad economic implications across industries, including non-life (re)insurers that sell cyber insurance coverage, as well as health and life insurers as prime targets of a cyber attack.


Press release from Fitch Ratings
November 8th 2019 | 2325 readers

Photo by Ulises Baga on Unsplash
Quantum computing's disruptive potential lies in its speed in comparison to a conventional computer. Google recently laid claim to "quantum supremacy" with a prototype of the Sycamore, a 54-qubit quantum processor. While there are questions regarding Sycamore's accomplishments and scale potential, this development provides an indication that returns on quantum technology investments are imminent. 

The processing power and speed of quantum computers create the theoretical ability to undermine current encryption standards that have served as the lynchpin protecting online commerce. Encryption provides protection via highly complex mathematical formulas that cannot be solved at current computer speeds for many, many years. 

However, quantum computers could decrypt those formulas in less than a day. Thus, if quantum computers are first fully developed and made operational by "bad actor(s)," the risk of compromises to current encryption is real. If quantum computers are first employed by friendly governments, major cloud providers or other friendly technology firms, quantum technology could be used to enhance encryption before the bad actors are able to attack. 

Exposure for all organizations to cyber threats from events ranging from data theft, property destruction and ransomware attacks and corresponding economic costs has expanded, while regulatory fines and penalties following a cyber incident are also mounting. 

Risk management efforts have led to the growth of new industries geared to data and system protection and breach response efforts. Insurers are increasingly offering coverage to indemnify policyholders from losses tied to cyber events. The potential for loss of data privacy may have far-reaching adverse implications in nullifying these activities, compounding the cyber threat and leading to large insured losses. 

Industry pundits are mixed as to when the disruption to encryption will take place, with estimates ranging from imminent to 30 years out. Temporary measures such as deploying longer encryption strings could slow down quantum decryption, as could other long-term solutions tested by the National Institute of Standards and Technology. 

Insurers are viewed as rich targets for cyber attacks given the access to large volumes of personal healthcare and financial data. Individual medical records are known to be among the most valuable personal records available to cyber criminals. An individual's claims data can be used for extortion, as well as a wide range of identity theft-related activities, including insurance fraud to obtain prescription drugs, medical care or expensive medical equipment. 

The value of medical records is also elevated because it often takes longer to discover related criminal activity compared to credit card or bank information theft. On the other hand, over the past two decades, advancements in research and medicine have benefited from greater availability of patient data and continuous advances in computer processing. As personalized healthcare becomes increasingly important, quantum computing could be critical for collecting and processing huge amounts of data for clinical use. 

The loss of data privacy would be far-reaching and could significantly disrupt cyber insurance as the costs of any breach would be significantly higher and attempts on data-rich sectors such as financial institutions would increase significantly.

You can read too...