Quantum computing - Asia's next big cybersecurity risk

Conventional wisdom tells us to lock up our most valuable possessions, but what if thieves are forging our keys as we speak? Quantum computing promises to help cybercriminals do exactly that – performing calculations at speeds beyond classical computers’ reach, decrypting standard encryption keys within seconds. 

While quantum computing technology remains largely within the conceptualisation stage, recent breakthroughs in Artificial Intelligence (AI) show just how suddenly technological advancements can sneak up on us. 

In fact, AI itself is rapidly compounding the quantum computing threat. Its pattern recognition capabilities, in particular, make it the perfect “partner in crime” for fine-tuning quantum computing performance. For businesses in Asia – where the world’s fastest growing AI industry boasts 351% revenue growth¹ – guarding against the looming threat of encryption-neutralising quantum computers has become non-negotiable.

Quantum computing might make current cybersecurity obsolete

Modern data security is enabled by a cryptography method known as Public Key Infrastructure (PKI), such as the Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (EEC). 

Unfortunately, quantum algorithms are beginning to exploit these PKIs. For example, Shor’s algorithm has already cracked conventional PKI codes, albeit requiring a million years to do so. Add the right processing power and that timeframe can be shrunk down to mere seconds. 

Returning to the breaking-and-entering metaphor, savvy cybercriminals already have their keys slotted in thanks to quantum computing. They just lack the power to twist your locks open. 

Anticipating a near future when more accessible quantum computing becomes a reality, many crooks are biding time with a Harvest Now, Decrypt Later strategy, where inaccessible encrypted files are stolen and stored for future use. Think of it like a Freeze Now, Revive Later scheme in cryogenics – but instead of bringing humans back to life, we’re talking about future access to personal chat histories, medical records, and even bank accounts!

Organisations governed by compliance-driven data retention policies are ironically the most vulnerable to this threat, possessing terabytes of juicy archives waiting to be exposed the moment quantum computing matures. The writing has long been on the wall: encryption alone won’t safeguard private data in the long run.

The eventuality of quantum computing

This “long run” may be shorter than you think. Day by day, researchers are making breakthroughs in temperature control, noise, vibrational exposure, and other roadblocks that once prevented quantum computing from becoming a practical reality.

Even the likes of IBM and Google have set targets to build machines with over one million qubits by 2030². Qubits are the basic unit of information used to encode data in quantum computing, and computer scientists estimate that 1 million qubits is the baseline required to decrypt common public-key encryption standard RSA-2048³, rather than the previously assumed 20 million.

If you haven’t started insuring yourself against quantum threats, you’re already falling behind.

Asia’s digital hotbed for quantum cyber threats

No other region is advancing as rapidly and as attractively to cybercriminals as Asia.

According to research PCMI⁴ , Hong Kong's digital consumer economy is a growing sector, with the e-commerce market projected to reach US$30.5 billion by 2027. Key drivers include a high penetration rate of internet and digital devices, significant growth in e-commerce B2C sales, and increasing adoption of digital payment and financial services, all ostensibly safeguarded by cryptographic standards that are quickly fading into obscurity.

The threat is even more pronounced when you consider how 360,000 small and medium-sized businesses account for at least 98% of total enterprises in Hong Kong⁵, the majority of which have minimal safeguards against increasingly sophisticated bad actors. 

Compounding this risk further is Asia’s fragmented regulatory environment, where discrepancies in encryption methods and government regulations create exploitable inconsistencies within networks. With Harvest Now, Decrypt Later operations well underway, the threat turns from theoretical to inevitable once quantum computing crosses the 1 million qubit threshold.

Should we be worried about Q-day?

Specialists have put an ominous name to the proverbial day when quantum computers can crack cryptographic methods within seconds: “Q-day”. No one knows exactly when this day will come, but until then, businesses still have the tiniest timeframe to prepare. 

Local regulators such as Hong Kong Monetary Authority (HKMA) recognises high performance quantum computing as an emerging technology with significant potential to disrupt and transform financial services. The regulator will highlight the importance of quantum safety in the financial sector, particularly through the practical adoption of post-quantum cryptography.

From there, businesses can begin planning migration paths to post-quantum cryptographs according to prevailing guidelines. While still in early development stages, the US National Institute of Standards and Technology (NIST)⁶ has already published its first suite of post-quantum cryptographic algorithms⁶.

The best time to upgrade was yesterday

Any cybersecurity professional worth their salt will tell you that no organisation can be 100% secure 100% of the time, especially against threats as complex as quantum computing. This is where cyber insurance becomes vital.

At Howden, we provide you with the safety nets required for business continuity in the face of unexpected data breaches – complete with expert advisory on incident response and forensic investigation so that you can navigate regulations and liabilities with ease, on the eve of Q-day and beyond.
 

¹ Digitalisation World, Asia has fastest growing AI industry
² Technology Magazine, Google & IBM: New Age of Quantum Computing is About to Begin
³ Quantum Insider, Google Researcher Lowers Quantum Bar to Crack RSA Encryption
⁴ PCMI, Current State of E-Commerce in Hong Kong
⁵ Trade & Industry Dept. - HKSAR, Small and Medium Enterprises in Hong Kong
⁶ NIST, NIST Releases First 3 Finalized Post-Quantum Encryption Standards