Executive Summary

India's insurance sector is at a critical juncture, with unprecedented growth accompanied by escalating cyber threats and quantum computing risks. Key statistics highlight the urgency:

• Rising cyber threats: A 29% surge in ransomware attacks in India's financial sector in 2023, according to CERT-In.

• Data breach costs: An average cost of $4.8 million in 2024, with a 12.4% increase from 2023 (IBM, 2024).

• Quantum breakthroughs: Recent advancements by Microsoft and Google.

• Cybersecurity impact: 71% of organisations expect quantum computing to significantly impact their cybersecurity strategies (Deloitte, 2023).

• Encryption risks: 60% of cybersecurity professionals predict quantum computers will break current encryption standards within 5-10 years (Cybersecurity Ventures, 2023).

The convergence of artificial intelligence (AI) and quantum computing will revolutionise key areas, including risk assessment, data privacy, and portfolio optimisation. However, quantum computing also poses significant threats, particularly the Harvest Now, Decrypt Later (HNDL) threat, which could compromise long-term data.

To address these challenges, Insurtechs must take immediate action, including conducting thorough quantum risk audits, developing crypto-agility, and investing in quantum expertise. The Reserve Bank of India and Securities Exchange Board of India have taken the lead in implementing quantum-safe measures, with the IRDAI expected to adopt similar measures soon.

The stakes are high, with potential data breaches, regulatory non-compliance, and loss of market trust. Therefore, quantum readiness is not optional but existential for India's InsurTechs. The time to act is now.

Introduction

Whilst artificial intelligence (AI) has become commonplace, quantum computing remains enigmatic to many. Its relevance to insurance may seem obscure, yet its impact could be profound.

Quantum computers harness superposition[1] and entanglement[2] to perform complex calculations exponentially faster than classical computers. This offers immense potential for solving problems with unprecedented speed and precision.

Microsoft and Google have unveiled major quantum computing breakthroughs, with Microsoft's Majorana 1 chip using topological qubits to achieve stable quantum states at 1/100th the size of traditional approaches, while Google's 105-qubit Willow processor has demonstrated quantum supremacy by completing 300 million-year classical computing tasks in minutes. These advances, alongside Microsoft's ambitious goal of 1 million qubits by 2030 and Google's proven error reduction capabilities, suggest practical quantum computing applications in drug discovery, climate modeling, and cryptography may arrive years earlier than previously expected.

Data is the lifeblood of the insurance industry, powering everything from personalized policy pricing to AI-driven claims processing. Like oil, data is a valuable asset—but with a critical difference: it has an expiration date. Sensitive customer information, underwriting models, and claims histories stored today could become liabilities tomorrow if encrypted using methods vulnerable to quantum computing attacks.

For insurers, quantum computing promises enhanced risk assessment and portfolio optimisation. Insurers handle vast amounts of data on policies, claims, market trends and risk factors. Conventional computing often struggles to process this efficiently, leading to delays and suboptimal decisions. Quantum computers could assess risks more accurately and optimise portfolios for maximum profitability.

Cybersecurity represents a crucial domain for insurers. Quantum encryption algorithms offer unparalleled security for protecting sensitive customer data and financial transactions. However, quantum computing also poses threats. Its ability to solve problems like prime number factorisation endangers traditional cryptographic systems. The accelerated growth of quantum computing puts current encryption at risk.

"BFSI Sector: Adopt Quantum Transition Now to Avoid Catastrophic Breaches Later"

To mitigate this, insurers must swiftly adopt quantum-resistant encryption algorithms and develop cryptographic agility to switch methods as needed. A proactive approach is vital to remain secure and competitive as technology rapidly evolves. For India, delaying action risks exclusion from global insurance markets and losing client trust. 

India's insurance sector is experiencing unprecedented growth, with non-life insurance premiums reaching ₹1,14,972 crore in FY24. However, this growth brings new vulnerabilities in the quantum era. With cybersecurity breaches costing organisations an average of ₹400 crore (US$4.8 million) in 2024—a 12.4% increase from 2023—the need for quantum awareness has never been more critical.

As Ajai Chowdhry, Chair of India’s National Quantum Mission, states: “We must start working to make India quantum secure in the next two to three years,” he told TechCircle. “BFSI (banking, financial services and insurance) being a critical sector, banks and the RBI (Reserve Bank of India) must take a leadership position here, followed by securing electric grids and defence establishments.”[3]

By advancing post-quantum security technologies, insurers can protect sensitive information and maintain digital trust in an increasingly quantum world.

Q&As for Indian InsurTechs

Q1: How will quantum computing transform AI applications in insurance?

PwC reports that 68% of insurance companies globally are implementing AI, with this number expected to reach 90% by 2025. McKinsey projects that AI could create value worth approximately ₹91 lakh crore (US$1.1 trillion) annually for the insurance industry by 2030.

The convergence of AI and quantum computing will revolutionise several key areas:

• Risk Assessment and Pricing: Quantum Machine Learning can analyse complex climate models and genomic data to refine risk predictions, particularly valuable for India's growing parametric insurance market. For instance, crop insurance, which has driven significant growth in the non-life sector, could benefit from quantum-enhanced weather pattern analysis.

• Data privacy and compliance: Synthetic data generated by quantum computing can help insurers comply with privacy regulations by mimicking real-world data without containing personal identifiers[4].

• Fraud Detection: Traditional AI systems currently detect about 60% of insurance fraud. Quantum-enhanced AI could dramatically improve this rate by evaluating millions of claims simultaneously, potentially saving the Indian insurance sector thousands of crores annually.

• Portfolio Optimisation: Quantum algorithms can revolutionise investment strategies for India's insurance market, enabling real-time portfolio rebalancing across multiple risk dimensions.

• Quantum computing and AI will converge to transform the insurance industry, enabling faster, more accurate, and more agile processes that thrive in an increasingly digital landscape.

• Improved scalability: Quantum computing's ability to handle large-scale optimisation problems and process vast amounts of data from IoT devices enables insurers to manage increasing volumes of information more efficiently.

Q2: Why is data both an asset and a liability for insurers in the quantum era?

The insurance industry's digital transformation has made data its most valuable asset. With non-life insurance policies increasing from 253.1 million in FY22 to 301.8 million in FY23, and total direct premiums reaching ₹2.57 lakh crore in 2022-23, the sector faces unprecedented data security challenges.

Data drives modern insurance innovation—AI models analyse driving patterns for usage based auto insurance, telematics track health metrics for wellness-linked policies, and IoT devices monitor industrial equipment for real-time risk mitigation. However, the same data repositories also represent a “ticking time bomb” due to the Harvest Now, Decrypt Later (HNDL) threat. Bad actors are already stealing encrypted data, anticipating future decryption via quantum computers capable of breaking RSA-2048 and ECC algorithms in minutes.

Unlike oil, data’s value diminishes over time as newer datasets emerge, but its vulnerability persists.

The Mosca theorem, also known as the XYZ risk model, is a valuable framework for assessing an organization'sreadinessfor post-quantum cryptography. It can be applied to evaluate the data shelf life and cryptographic preparedness of insurance companies.

The Mosca theorem states:

If X + Y > Z, then worry.

Where:

• X = The security shelf life of your current cryptographic systems

• Y = The time required to transition to quantum-safe cryptography

• Z = The time until quantum computers can break current encryption

For example, a 25-year life insurance policy issued today could see its encrypted underwriting details cracked by 2040, exposing sensitive health records or financial histories. InsurTechs must adopt post-quantum cryptography (PQC) now to safeguard data with a decades-long shelf life.

Q3: How significant is the quantum threat to India's growing insurance sector?

The Harvest Now, Decrypt Later (HNDL) threat poses a particular risk, as cybercriminals are already harvesting encrypted data for future quantum decryption.

The Mosca theorem quantifies this risk through a simple equation: If X + Y > Z, then worry, where:

• X represents your cryptographic systems' security shelf life

• Y is the time needed for quantum-safe transition

• Z is the timeline until quantum computers can break current encryption

For Indian insurers managing long-term policies, this equation is particularly concerning. A 25-year life insurance policy issued today could see its encrypted data compromised by 2040, exposing sensitive health and financial records of millions of policyholders.

Q4: What makes quantum computing particularly threatening to Indian insurance cybersecurity?

The threat is amplified by recent developments in quantum technology such as Microsoft and Google have made significant quantum computing breakthroughs, with Microsoft's Majorana 1 chip achieving stable quantum states and Google's Willow processor. These advances could lead to practical applications in cryptography arriving years earlier than expected. These advancements are accelerating the timeline to quantum supremacy, with 60% of cybersecurity professionals expecting quantum computers to break current encryption standards within 5-10 years.

According to CERT-In, India's financial sector witnessed a 29% rise in ransomware attacks in 2023. This surge in cyber threats, combined with quantum computing's potential to break current encryption, creates a perfect storm for the insurance sector, which manages sensitive data worth lakhs of crores.

Q5: What quantum-safe measures are financial regulators like RBI and SEBI implementing, and how might IRDAI extend these to InsurTechs?

India’s financial regulators are spearheading quantum resilience through coordinated mandates and frameworks, creating precedents for IRDAI’s anticipated InsurTech guidelines:

• RBI’s Quantum Banking Mandates

The Reserve Bank Innovation Hub’s 2024 whitepaper mandates lattice-based PQC (CRYSTALS-Kyber/Dilithium) for all interbank transactions by Q4 20253.

• SEBI’s 2025 Cybersecurity and Cyber Resilience Framework (CSCRF)

The Securities and Exchange Board of India's, Cybersecurity and Cyber Resilience Framework stipulates comprehensive security protocols, including encryption standards and audit requirements. SEBI-regulated organisations must ensure timely implementation to avoid regulatory penalties and safeguard operational resilience, as non-compliance poses significant risks to both institutional reputation and data security.

Given the 2047 Vision, IRDAI will likely introduce enhanced cybersecurity regulations, with a focus on quantum resilience and preparedness. The regulator may consider several approaches to quantum readiness, including potential quantum-risk policy provisions and the implementation of standardised quantum-resistant algorithms like those of NIST[4].

Q6: What practical steps should Indian InsurTechs take?

The journey toward quantum readiness requires a comprehensive, structured approach. A recent report by Kquanta Research[5] highlights the key steps:

1. Insurers must conduct thorough quantum risk audits. This process involves a detailed assessment of all cryptographic assets, with particular attention to systems handling long-term data. The implementation of crypto-agility forms the second crucial step. Insurance companies must develop modular encryption architectures that can adapt to emerging quantum-safe standards. This flexibility ensures that as quantum computing evolves, security measures can be updated without disrupting core business operations.

   
   

2. Strategic partnerships represent another vital component of quantum preparedness. Insurers should actively collaborate with quantum technology providers, academia, and participate in industry working groups. These partnerships can provide invaluable insights into emerging technologies and best practices, helping companies stay ahead of quantum developments.

   
   

3. Investment in expertise stands as the third critical element. Companies must prioritise training existing staff in quantum-safe technologies while also recruiting specialists in quantum cryptography. This human capital development ensures organisations can effectively implement and manage quantum-safe solutions.

Q7: Why is immediate action imperative?

Y2Q or "Years to Quantum", represents the looming threat of quantum computers breaking current encryption. Unlike Y2K's fixed deadline, Y2Q's timeline is uncertain yet potentially imminent, with estimates ranging from 5 to 15 years. The impact of Y2Q is far more pervasive, affecting all encrypted systems and requiring continuous adaptation rather than a one-time fix.

Quantum supremacy is projected by 2029-2030, but migration to quantum-safe systems requires 5-10 years. Deloitte's research reveals that 65% of global financial institutions are investing in quantum-resistant technologies.

Given the technological landscape, InsurTechs in particular must approach quantum readiness with the same urgency as Y2K preparations, albeit with a broader scope and sustained commitment. This necessitates the adoption of post-quantum cryptography, thorough audits of existing systems, development of comprehensive migration strategies, and substantial investment in quantum expertise.

The stakes for InsurTechs are particularly high, as they often handle vast amounts of sensitive data and rely heavily on digital infrastructure. Failure to prepare could result in data breaches, regulatory non-compliance, and loss of market trust. As such, quantum readiness should be viewed not as a mere IT upgrade, but as a fundamental business imperative critical to long-term viability and competitive advantage in the rapidly evolving insurance technology sector.

Conclusion: From Awareness to Action

Quantum computing is not a distant sci-fi concept but a looming reality reshaping cybersecurity and computational efficiency. For Indian InsurTechs, the choice is clear: adopt quantum-aware strategies today or gamble with irreparable data breaches tomorrow. By integrating PQC, fostering AI-quantum synergies, and collaborating with quantum innovators, tech experts, academia; the sector can secure its digital future while pioneering innovations that redefine insurance itself.

For India's InsurTech sector, quantum readiness is not optional—it's existential. The sector must act now to secure its quantum future.

As the old adage goes,

"The best time to plant a tree was 20 years ago. The second-best time is now."

In the quantum era, that tree is quantum-safe infrastructure, and the time to plant it is today.

References:

• Superposition is a phenomenon in quantum computing that allows quantum objects to simultaneously exist in more than one state or location.

• Entanglement is where particles become connected, with the state of one instantly affecting the others, regardless of distance.

• https://www.techcircle.in/2024/09/04/india-must-become-quantum-secure-in-2-3-yrs-ajai-chowdhry

• https://insurance.nttdata.com/post/reimagining-insurance-underwriting-with-ai-and-quantum-computing/

• https://rbihub.in/wp-content/uploads/2024/12/RBIH-Whitepaper-Securing-Indian-Banks-in-the-Age-of-Quantum Computing.pdf

• https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards Kquanta Research Report ‘Unleashing the potential of Quantum Technology & AI in Financial Services’

Disclaimer: The opinions expressed within this article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of IIA and IIA does not assume any responsibility or liability for the same