Quantum computers can break current cryptographic keys, allowing stored or intercepted data to be viewed in the future – the so-called "store now, decrypt later" scenario. Without a timely transition to quantum-safe cryptography (PQC), systems and customer data can no longer be reliably protected in the long run. This also affects insurers, where data sometimes has to remain confidential for decades and systems have a long lifespan. So prepare now.
Practical tips for preparation
Organizations, including insurers, are urgently advised to start now with a planned approach towards quantum security:
-
Make an inventory of your cryptographic assets: map out which cryptography is currently used within systems and processes.
-
Analyze the risks: Conduct a risk analysis specifically focused on the quantum threat. Assess which systems and data – especially those that need to remain confidential for a long time – have extra priority.
-
Draw up a migration plan: Use the PQC migration handbook of AIVD, CWI and TNO for concrete steps to move to post-quantum cryptography. Define a roadmap with phases of diagnosis, planning and implementation.
-
Take 'no-regret' measures: implement measures that increase resilience anyway – such as centralising cryptographic management and supporting cryptographic agility.
-
Involve partners and suppliers: Discuss with IT suppliers whether their products support quantum-safe algorithms and what the roadmap is for switching to them.