Quantum computing - Asia's next big cybersecurity risk

Conventional wisdom tells us to lock up our most valuable possessions, but what if thieves are forging our keys as we speak? Quantum computing promises to help cybercriminals do exactly that – performing calculations at speeds beyond classical computers’ reach, decrypting standard encryption keys within seconds. 

While quantum computing technology remains largely within the conceptualisation stage, recent breakthroughs in Artificial Intelligence (AI) show just how suddenly technological advancements can sneak up on us. 

In fact, AI itself is rapidly compounding the quantum computing threat. Its pattern recognition capabilities, in particular, make it the perfect “partner in crime” for fine-tuning quantum computing performance. For businesses in Asia – where the world’s fastest growing AI industry boasts 351% revenue growth¹ – guarding against the looming threat of encryption-neutralising quantum computers has become non-negotiable.

Quantum computing might make current cybersecurity obsolete

Modern data security is enabled by a cryptography method known as Public Key Infrastructure (PKI), such as the Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (EEC). 

Unfortunately, quantum algorithms are beginning to exploit these PKIs. For example, Shor’s algorithm has already cracked conventional PKI codes, albeit requiring a million years to do so. Add the right processing power and that timeframe can be shrunk down to mere seconds. 

Returning to the breaking-and-entering metaphor, savvy cybercriminals already have their keys slotted in thanks to quantum computing. They just lack the power to twist your locks open. 

Anticipating a near future when more accessible quantum computing becomes a reality, many crooks are biding time with a Harvest Now, Decrypt Later strategy, where inaccessible encrypted files are stolen and stored for future use. Think of it like a Freeze Now, Revive Later scheme in cryogenics – but instead of bringing humans back to life, we’re talking about future access to personal chat histories, medical records, and even bank accounts!

Organisations governed by compliance-driven data retention policies are ironically the most vulnerable to this threat, possessing terabytes of juicy archives waiting to be exposed the moment quantum computing matures. The writing has long been on the wall: encryption alone won’t safeguard private data in the long run.

The eventuality of quantum computing

This “long run” may be shorter than you think. Day by day, researchers are making breakthroughs in temperature control, noise, vibrational exposure, and other roadblocks that once prevented quantum computing from becoming a practical reality.

Even the likes of IBM and Google have set targets to build machines with over one million qubits by 2030². Qubits are the basic unit of information used to encode data in quantum computing, and computer scientists estimate that 1 million qubits is the baseline required to decrypt common public-key encryption standard RSA-2048³, rather than the previously assumed 20 million.

If you haven’t started insuring yourself against quantum threats, you’re already falling behind.

Asia’s digital hotbed for quantum cyber threats

No other region is advancing as rapidly and as attractively to cybercriminals as Asia. According to research by Temasek⁴, the ASEAN digital consumer economy’s value alone could reach US$1 trillion by 2030. This includes lucrative streams of information across e-payments, online services, and digitally connected supply chains, all ostensibly safeguarded by cryptographic standards that are quickly fading into obscurity.

The threat is even more pronounced when you consider how 70 million small and medium-sized businesses account for at least 97.2% of establishments in ASEAN states⁵, the majority of which have minimal safeguards against increasingly sophisticated bad actors. 

Compounding this risk further is Asia’s fragmented regulatory environment, where discrepancies in encryption methods and government regulations create exploitable inconsistencies within networks. With Harvest Now, Decrypt Later operations well underway, the threat turns from theoretical to inevitable once quantum computing crosses the 1 million qubit threshold.

Should we be worried about Q-day?

Specialists have put an ominous name to the proverbial day when quantum computers can crack cryptographic methods within seconds: “Q-day”. No one knows exactly when this day will come, but until then, businesses still have the tiniest timeframe to prepare. 

Step one requires evaluating whether existing guardrails align with standards set by local regulators such as the Monetary Authority of Singapore (MAS). It's important to use these audits to identify systems that are most vulnerable to decryption, whether it's data in storage, transit, or integrated into third-party systems.

From there, businesses can begin planning migration paths to post-quantum cryptographs according to prevailing guidelines. While still in early development stages, the US National Institute of Standards and Technology (NIST) has already published its first suite of post-quantum cryptographic algorithms⁶. More recently, MAS successfully demonstrated a successful proof-of-concept for safe transfer of sensitive data using Quantum Key Distribution (QKD)⁷. Provided by SPTel and SpeQtral, the QKD solution was tested across prominent Singapore banks such as DBS, HSBC, OCBC, and UOB, providing a clearer roadmap on how institutions can build up quantum-safe protections.

Conducting critical tests within controlled environments at this stage will be significantly less taxing than managing the expenses of disruptions and hasty changes in the future.

The best time to upgrade was yesterday

Any cybersecurity professional worth their salt will tell you that no organisation can be 100% secure 100% of the time, especially against threats as complex as quantum computing. This is where cyber insurance becomes vital.

At Howden, we provide you with the safety nets required for business continuity in the face of unexpected data breaches – complete with expert advisory on incident response and forensic investigation so that you can navigate regulations and liabilities with ease, on the eve of Q-day and beyond.
 

¹ Digitalisation World, Asia has fastest growing AI industry
² Technology Magazine, Google & IBM: New Age of Quantum Computing is About to Begin
³ Quantum Insider, Google Researcher Lowers Quantum Bar to Crack RSA Encryption
⁴ Temasek, What Will the Southeast Asian Consumer Look Like in 2030?
⁵ ASEAN.org, Development of Micro, Small and Medium Enterprises in ASEAN
⁶ NIST, NIST Releases First 3 Finalized Post-Quantum Encryption Standards
⁷ Monetary Authority of Singapore, MAS and Industry Partners Publish Technical Report on Proof-of-Concept Sandbox for Quantum-Safe Communications within the Financial Sector