Post-Quantum Cryptography Is Becoming a Cyber Insurance Requirement

In 2020, cyber insurers started requiring multi-factor authentication. Organizations that could not demonstrate MFA deployment faced sub-limits, exclusions, or outright declinations. Within two years, MFA went from a best practice to a table-stakes requirement for insurability. The same pattern is beginning with post-quantum cryptography.

The signals are early but unmistakable. Underwriting questionnaires from major carriers now include questions about cryptographic agility, quantum readiness assessments, and migration planning for post-quantum algorithms. Some Lloyd's syndicates have begun explicitly asking about harvest-now-decrypt-later exposure in their submissions. Reinsurance treaties for 2027 are expected to include quantum risk language that flows down to primary carriers.

This is not a prediction. It is a description of what is already happening in the market.

The MFA Precedent

Understanding how PQC will become a requirement requires understanding how MFA became one. The trajectory is instructive because the insurance market follows a predictable pattern when a control becomes essential to risk selection.

Phase one is awareness. Insurers recognize that a specific control strongly correlates with breach outcomes. For MFA, this recognition came after years of claims data showing that compromised credentials were the leading attack vector and that MFA significantly reduced the success rate of credential-based attacks.

Phase two is differentiation. Insurers begin using the control as a pricing factor. Organizations with MFA receive better terms; those without pay more. During this phase, the control is not required for coverage but influences pricing.

Phase three is mandate. After sufficient loss data demonstrates that the control is essential, insurers make it a hard requirement. No MFA, no coverage. This is where MFA stands today for most cyber policies.

Post-quantum cryptography is entering phase one. The awareness is building rapidly, driven by three converging forces: NIST's finalization of post-quantum standards (FIPS 203, 204, and 205), increasing evidence of state-sponsored harvest-now-decrypt-later operations, and growing regulatory pressure on financial institutions and critical infrastructure to begin quantum migration planning.

What Underwriters Are Asking

The shift is visible in the underwriting process itself. Over the past twelve months, several changes have appeared in cyber insurance applications and supplemental questionnaires.

The most common addition is a question about cryptographic inventory. Underwriters want to know whether the applicant has cataloged their cryptographic dependencies: which algorithms are in use, where they are deployed, and which are vulnerable to quantum attack. This question does not yet trigger coverage declinations, but it is being used to assess security maturity.

Some carriers have added questions about data classification relative to quantum risk. They want to know whether the applicant handles data with a sensitivity lifespan that extends beyond the expected arrival of cryptographically relevant quantum computers. Healthcare records with decades of sensitivity, financial records with long retention requirements, and government data with classification lifespans are all flagged as high-risk categories.

A smaller number of carriers are asking directly about post-quantum migration plans. Do you have a timeline for migrating to NIST-approved post-quantum algorithms? Have you conducted a quantum risk assessment? Are you implementing crypto-agility in new deployments? These questions are currently informational, but the inclusion of them on the application creates the same legal framework that MFA questions created: the applicant must attest to their quantum readiness posture, and that attestation becomes a potential basis for claim denial if it proves inaccurate.

The Harvest-Now-Decrypt-Later Problem

The quantum threat to cryptography is often framed as a future problem. Quantum computers that can break RSA and elliptic curve cryptography do not exist yet. Therefore, the argument goes, there is no urgency.

This framing ignores the most immediate quantum risk: harvest-now-decrypt-later (HNDL). Nation-state adversaries and sophisticated criminal organizations are intercepting and storing encrypted communications today, with the intention of decrypting them when quantum computers become available. The data does not need to be decryptable now. It needs to be valuable when it is decryptable.

For the cyber insurance market, HNDL creates a unique risk profile. A breach that results in the exfiltration of encrypted data may not trigger a claim today, because the data is encrypted and unusable. But when quantum decryption becomes available, that same data becomes exposed, potentially triggering claims years after the original exfiltration.

This creates a long-tail liability that underwriters are beginning to model. A policy written in 2026 that covers data encrypted with RSA-2048 may face claims in 2035 when that data is quantum-decryptable. The insurer's exposure extends far beyond the policy period, and the risk cannot be adequately priced without understanding the insured's quantum vulnerability.

Carriers that write long-tail cyber coverage are particularly exposed. Errors and omissions policies, directors and officers policies with cyber extensions, and any coverage that does not have a strict discovery period are all vulnerable to HNDL-related claims that emerge years after the policy incepted.

The NIST Standards Trigger

NIST's publication of FIPS 203, 204, and 205 in 2024 was a turning point for the insurance market. Before standardization, post-quantum cryptography was a research topic. After standardization, it became an implementable technology with a defined migration path. This distinction matters enormously for underwriting.

Underwriters cannot penalize organizations for failing to implement technology that does not have approved standards. But once standards exist, the expectation shifts. FIPS 203 defines ML-KEM for key encapsulation. FIPS 204 defines ML-DSA for digital signatures. FIPS 205 defines SLH-DSA for stateless hash-based signatures. These are not draft proposals. They are finalized federal standards that apply to all federal agencies and federal contractors.

For insurers, the existence of approved standards creates a defensible basis for including PQC in underwriting criteria. An insurer that asks "have you implemented NIST-approved post-quantum algorithms?" is asking about a well-defined, standardized capability. The question is no more burdensome than asking "do you encrypt data at rest?" Both refer to established standards with clear implementation paths.

The federal government's own timeline accelerates the insurance market's adoption of PQC requirements. Executive orders and agency directives requiring quantum migration for federal systems create a cascading effect: federal contractors must migrate, their supply chains must migrate, and their insurers must evaluate the migration status of all of these entities.

Premium Impact

The premium impact of PQC readiness will follow the same pattern as MFA. Initially, PQC readiness will serve as a positive differentiator that earns modest premium credits. Organizations that can demonstrate a PQC migration plan, crypto-agility in their infrastructure, or partial deployment of NIST-approved algorithms will receive favorable consideration from underwriters looking for indicators of security maturity.

As the quantum threat timeline becomes clearer and more claims emerge from HNDL exposures, PQC readiness will shift from a credit factor to a pricing factor. Premiums will diverge based on quantum preparedness, with PQC-ready organizations paying significantly less than those with no migration plan.

Eventually, PQC will become a coverage requirement. Organizations that rely entirely on RSA, ECDSA, and other quantum-vulnerable algorithms will face coverage exclusions for quantum-related losses, sub-limits on data breach coverage for data protected only by classical encryption, or outright coverage declinations.

The timeline for this progression is difficult to predict precisely, but the MFA precedent suggests it could move faster than expected. MFA went from "nice to have" to "required" in approximately three years. PQC may follow a similar trajectory, particularly if a high-profile HNDL incident demonstrates the quantum risk in concrete terms.

The Three-Family Approach

When insurers evaluate PQC implementations, they will inevitably assess the robustness of the approach. Not all PQC deployments are equal. An organization that has deployed a single post-quantum algorithm is in a fundamentally different risk position than one that has deployed multiple algorithms based on independent mathematical hardness assumptions.

H33's approach uses three independent signature families: ML-DSA (based on module lattices), FALCON (based on NTRU lattices), and SLH-DSA (based on stateless hash functions). This means that the security guarantee holds unless MLWE lattices, NTRU lattices, and stateless hash functions are simultaneously broken. These are three independent mathematical bets.

For underwriters, this multi-family approach reduces the residual risk of algorithm obsolescence. If a breakthrough compromises one post-quantum family, organizations using the three-family approach remain protected by the other two. This is analogous to the way insurers view defense-in-depth for traditional controls: multiple independent layers of protection reduce the probability of a complete control failure.

The HATS standard incorporates this multi-family requirement into its verification framework. HATS-certified systems must demonstrate that their post-quantum attestations use multiple independent cryptographic families, providing continuous verification that the multi-family approach is operational and correctly implemented.

HATS Certification as Underwriting Evidence

HATS is a publicly available technical conformance standard for continuous AI trustworthiness; certification under HATS provides independently verifiable evidence that a system satisfies the standard's defined controls. For cyber insurance underwriting, HATS certification serves as verifiable proof that an organization's PQC implementation meets defined technical requirements.

Unlike self-reported attestations on insurance applications, HATS certification is machine-verifiable. The certification includes continuous monitoring of cryptographic controls, automated verification that post-quantum algorithms are correctly deployed and operational, and cryptographically signed attestation records that demonstrate compliance over time.

For underwriters, HATS certification reduces the risk of the attestation gap that plagues self-reported controls. Instead of trusting that an applicant's claim of PQC deployment is accurate, the underwriter can verify the claim through the HATS attestation record. The record shows not just whether PQC is deployed, but whether it has been continuously operational, which algorithm families are in use, and whether any compliance deviations have occurred.

As PQC moves from a differentiator to a requirement in underwriting, HATS certification will provide the evidentiary basis that underwriters need to verify compliance. Organizations with HATS certification will be able to demonstrate PQC readiness with machine-verifiable proof rather than checkbox attestations.

Preparing for the Transition

Organizations that want to stay ahead of the PQC insurance requirement should begin with three concrete steps.

First, conduct a cryptographic inventory. Catalog every cryptographic algorithm in use across your infrastructure, including TLS configurations, certificate authorities, key management systems, encrypted storage, VPN concentrators, and code signing infrastructure. Identify which implementations rely on RSA, ECDSA, or other quantum-vulnerable algorithms. This inventory is the foundation for any migration plan and will be increasingly requested by underwriters.

Second, assess your data sensitivity timeline. Classify your data by sensitivity lifespan. Data that must remain confidential for less than five years may not need immediate quantum protection. Data with a sensitivity lifespan of ten years or more is a candidate for immediate protection against harvest-now-decrypt-later threats. This classification helps prioritize migration efforts and demonstrates to underwriters that you understand your quantum exposure.

Third, implement crypto-agility in new deployments. Every new system, API, or service should be designed with the ability to switch cryptographic algorithms without rebuilding the system. This does not require deploying PQC immediately. It requires ensuring that PQC can be deployed when the time comes without a forklift upgrade. Crypto-agility is the most cost-effective quantum risk mitigation and the easiest to demonstrate to underwriters.

For organizations ready to move beyond preparation, the H33 overlay approach provides a path to PQC deployment without rebuilding existing infrastructure. The overlay adds post-quantum attestation to existing systems as an additional layer, preserving the existing classical cryptography while adding quantum-safe protection on top. This approach minimizes deployment risk, reduces migration time, and provides the continuous verification that underwriters will increasingly demand.

The Competitive Advantage

The organizations that adopt PQC before it becomes a requirement will have a structural advantage in the insurance market. They will demonstrate security maturity that influences underwriting favorably. They will have established PQC operations and worked through implementation challenges while their competitors are scrambling to deploy under insurance deadlines. They will have HATS-certified attestation records that provide longitudinal evidence of PQC compliance.

The MFA transition taught the market a clear lesson: the organizations that moved first paid less, faced fewer disruptions, and had stronger relationships with their carriers. The PQC transition will teach the same lesson. The question is not whether PQC will become a cyber insurance requirement. The question is whether your organization will be ready when it does.