July 6, 2026
Quantum Risk Series | Q-Day Is Coming: How Quantum Computing Could Reshape Cyber Insurance Claims
Quantum computing threatens the cryptographic foundations of our digital world, posing an unprecedented challenge for the cyber insurance industry. The primary danger lies in the capacity of future quantum computers to break current encryption standards, compromising everything from secure communications and digital identities to blockchain assets. This risk is already active through “Harvest Now, Decrypt Later” attacks, where threat actors siphon sensitive, encrypted data today with the intent to decrypt it once quantum technology matures. For insurers, this translates into an aggregation of risk, long-tail claim exposures, and critical coverage ambiguities surrounding how quantum-related breaches will be handled.
While full-scale quantum decryption remains on the horizon, Q-Day—the day a cryptographically relevant quantum computer (CRQC) cracks modern cryptography standards such as RSA or ECC—is rapidly approaching. How will this systemic shift look in a real-world claims scenario, and what pressing issues should cyber insurers be evaluating today?
To understand this changing landscape, we will first review standard cyber insurance coverage, walk through a hypothetical claims scenario to highlight current policy gaps, and finally outline the key quantum risks that carriers must begin to address.
The Scope of Current Cyber Coverage
Typical cyber insurance policies encompass both first-party coverage (direct losses sustained by the insured) and third-party coverage (claims brought by outside parties affected by an incident).
First-party coverage is generally triggered by unauthorized access to the insured’s systems or data. It typically covers the costs of incident response and forensic investigations, lost profits resulting from business interruption, and legal obligations tied to state and federal data breach notification laws. Conversely, third-party coverage addresses liabilities such as the unlawful collection of data and class-action lawsuits against the breached organization.
So, how does the integration of quantum cyber risk disrupt the cyber claims framework?
A Quantum Claims Scenario
Consider a hypothetical scenario where a threat group targets a widget manufacturer using a CRQC capable of breaking modern encryption. Previously, these bad actors intercepted and harvested remote traffic between the manufacturer’s IT manager and the company’s main systems. This traffic contained encrypted usernames, passwords, session tokens, and other highly sensitive data.
Leveraging their quantum capabilities, the attackers retroactively decrypt this payload, extracting the exact credentials needed to access the network completely undetected. Once inside, they escalate their privileges by monitoring encrypted internal key exchanges, specifically hunting for keys related to the Certificate Authority (CA). Because the internal CA was not secured against quantum threats, the attackers successfully compromise every digital identity within the manufacturer’s ecosystem.
The company is left entirely breached. To survive, the manufacturer must pay a ransom to expel the attackers and incur a costly rebuild of its security architecture. Even after regaining control, the organization must fund an extensive forensic investigation to determine its legal notification obligations.
Rebalancing the Risk Partnership
This profound level of vulnerability creates a severe imbalance in the risk management partnership between cyber insurers and their policyholders. To stabilize this dynamic and navigate the uncertain future, both parties must take proactive measures.
Actions for the Insurance Carrier
- Education on Quantum Threats: Because Post-Quantum Cryptography (PQC) transformation will be a lengthy process, carriers must actively educate their clients on the realities and timelines of quantum cyber risk.
- PQC Readiness Questionnaires: Insurers should integrate PQC readiness evaluations into their underwriting processes. This ensures their portfolios remain profitable while directly incentivizing prospective clients to begin their quantum transition.
Actions for the Insured
- Comprehensive Asset Inventory: Organizations must audit all owned or controlled digital assets to establish a clear baseline of what is currently vulnerable to a quantum attack.
- Establish Crypto-Agility: Cryptographic algorithms should be decoupled from applications and managed centrally. This architecture allows for the seamless deployment of new, quantum-resistant algorithms as they become standard.
- Hybrid Deployment Strategy: Since a total “rip and replace” of legacy systems is impractical for most, organizations should adopt a hybrid approach that runs classical and quantum-resistant algorithms in tandem.
- Supply Chain and Vendor Alignment: Companies must ensure that vendors within their digital ecosystem (e.g., cloud storage, TLS, VPN providers) offer quantum-resistant options. Moving forward, post-quantum readiness should be a strict procurement requirement.
- Systematic, Phased Rollout: PQC updates can take years to execute. Organizations should prioritize their rollout systematically, migrating assets from most to least critical based on their function and public-facing exposure.
Novel Coverages
- PQC Migration Coverage: Following a quantum-related cyber event, insurers might offer narrowly tailored coverage to help fund a targeted PQC migration. This addresses the root cause of the vulnerability by encouraging the insured to complete their quantum transformation while helping the carrier reduce aggregate risk across the lifetime of the policy.
Recent White House Executive Order
- Legal Claims Arising from Corporate Decisions: The White House’s recent executive order launches a push to accelerate US quantum computing, sensing, and cryptography readiness, including updating the National Quantum Strategy, deploying quantum sensors, developing a national quantum computer, and strengthening counterintelligence protections around quantum technologies.With this, there will be increased expectations that corporate leaders proactively address quantum related risks, especially post quantum cryptography, data protection readiness, and supply chain security. As regulators emphasize safeguarding sensitive technologies and preparing for these threats, companies may face heighted scrutiny, potential liability for failing to modernize encryption or policies, and expanded disclosure obligations. This can ultimately affect both a Cyber and Directors and Officers liability policy.
The Path Forward
Quantum cyber risk is already here, and cyber insurers are uniquely positioned to shepherd organizations through this complex journey. Q-Day is no longer merely a theoretical milestone; it is an active threat requiring immediate preparation. The shift to post-quantum cryptography will be a marathon, demanding a modernized partnership where carriers incentivize readiness through smart underwriting, and policyholders prioritize crypto-agility from the top down.
Because threat actors are operating under a “Harvest Now” mentality, the insurance industry cannot afford a “prepare later” approach. By taking decisive, collaborative action today, cyber insurers can stabilize this impending imbalance and transform a systemic vulnerability into a manageable, insurable risk.
Need a refresher on Quantum Risk? View the first post in this series:
Quantum Risk: Cyber and D&O Exposure
Meet the Authors

Jessica Centeno, CPLP, ExecPLP, RPLU, CLCS
Senior Vice President, Cyber & Data Resilience
Jessica Centeno is Senior Vice President in the Cyber and Data Resilience practice, based in New York.
Jessica leverages more than eight years of experience in brokering cyber, media, technology errors and omissions insurance and professional liability for clients in various industries and the Fortune 1000 to manage Kroll’s relationship with the cyber insurance marketplace, including cyber response counsel, cyber insurers and cyber digital solutions providers. Jessica is responsible for providing cyber resilience advice, consultation, data, incident response services, and tools to partners and clients.
Before joining Kroll, Jessica was Senior Client Manager at Lockton. Prior to that, Jessica served as Account Executive at Gallagher.
Jessica holds a BA in English Language and Literature/Letters from Pace University.
Jessica is Chief Marketing Officer for 501(c)(3) not-for-profit organization, the International Women’s Cyber Alliance, which is dedicated to supporting women through educational and networking resources to be leaders in the cyber and tech industry. She is also the Chair of Career Path Programming for the Professional Liability Underwriting Society.

Brandon Welch
Managing Director, Ankura
Brandon Welch is a Managing Director at Ankura, based in Los Angeles. He has over 7 years of experience working in cyber insurance, cybersecurity, AI, and data privacy.
He is an industry leader in the world of incident management, data privacy, and cybersecurity. As a Managing Director at Ankura, Brandon is responsible for cyber insurance relationships, strategy for incident response offerings, and collaboration with all internal/external stakeholders.
Brandon leads a team of business development professionals intended to drive revenue through deep partnerships with insurance carriers, brokerage firms, privacy counsel, and other organizations by finding the appropriate cyber solution for their issue.
News Type
PLUS Blog
Business Line
Cyber Liability, Professional Liability, Risk Manager/Insurance Buyer
Contribute to
PLUS Blog
Contribute your thoughts to the PLUS Membership consisting of 45,000+ Professional Liability Practitioners.
Related Podcasts
Managing Cybersecurity Threats in 2026 Episode 1
Law Firm Cyber Attacks & the New Financial Sector Regulatory Landscape Law…
Related Articles
Quantum Risk Series | Q-Day Is Coming: How Quantum Computing Could Reshape Cyber Insurance Claims
Quantum computing threatens the cryptographic foundations of our digital world, posing an…
Are Insurance Brokers Exempt from the New Jersey Consumer Fraud Act?
Are insurance brokers considered learned professionals exempt from the New Jersey Consumer…
The Impact of the One Big Beautiful Bill Act on Professional Liability Exposures for Healthcare Entities – Webinar Recap
The One Big Beautiful Bill Act, signed into law in July 2025,…