Quantum Computing Risk and Cyber Insurance for Indian Enterprises 2026: Harvest-Now-Decrypt-Later and Coverage Gaps

For most of the past decade, quantum computing sat in the same mental category as fusion power or general artificial intelligence: a long-dated possibility that risk managers could safely defer. That framing no longer holds in 2026. The reason is not that a cryptographically relevant quantum computer has arrived. It has not. The reason is that the timeline assumptions which justified deferral have compressed, and a class of attack that does not require a working quantum computer today is already in progress.

The specific concern has a deliberately blunt name: harvest-now-decrypt-later, often shortened to HNDL. An adversary captures encrypted data while it is in transit or exfiltrates it from a compromised system, then simply stores it. The attacker cannot read the data yet. The bet is that within the useful life of that data, a quantum computer capable of breaking today's public-key cryptography will become available, at which point the stored ciphertext is decrypted retroactively. For information with a long shelf life, the math is uncomfortable. Data encrypted and stolen in 2026 could plausibly be readable around 2034 to 2035 on current projections. If the data is a ten-year customer master, a set of trade secrets, source code, biometric records, or government-adjacent contracts, the breach effectively has a future detonation date.

This matters acutely for Indian enterprises for two reasons. First, exposure volume is high. By early-2026 estimates, organisations in India faced an average of roughly 3,254 cyberattacks per week, well above the global average, which means the harvesting opportunity is correspondingly large. Second, India's regulated sectors hold exactly the kind of long-lived, high-sensitivity data that HNDL targets. BFSI institutions hold decades of financial and identity records. Telecom operators hold metadata and lawful-intercept material. Healthcare and pharmaceutical firms hold clinical and patient data. Power, defence-adjacent, and digital-payment players hold infrastructure and transaction data that retains value for many years.

The credibility of the threat got a meaningful push in early 2026. Research published by Google in March 2026 indicated that future quantum computers may be able to break elliptic-curve cryptography, the foundation of much enterprise public-key infrastructure, TLS, and digital signatures, using substantially fewer quantum resources than earlier estimates had assumed. That is the kind of revision that shortens timelines: not a working machine, but a lower bar for the machine that eventually works. India has responded at the policy level. In February 2026, a task force under the National Quantum Mission outlined a national plan for a quantum-safe ecosystem, signalling that BFSI, telecom, defence, public-sector enterprises, healthcare, and the digital-payment stack will face rising expectations on quantum readiness.

For a risk manager or broker, the practical takeaway is not panic. It is sequencing. The right posture in 2026 is to treat quantum migration as a multi-year cryptographic transition programme that has already started, to understand which data assets carry the longest sensitivity horizon, and to ask a question that has not historically appeared in cyber renewals: does the current policy respond to a loss whose technical cause is quantum decryption, and when does the clock on that loss actually start?

The defensive response to quantum risk is not a single product purchase. It is a migration to new cryptographic algorithms and, more durably, the organisational capability to swap algorithms without re-architecting systems. That capability is called crypto-agility, and it is the concept that should anchor any board-level discussion.

The standards backbone arrived in August 2024, when the US National Institute of Standards and Technology (NIST) finalised its first three post-quantum cryptography (PQC) standards. The headline standard is FIPS 203, known as ML-KEM (derived from the algorithm previously called CRYSTALS-Kyber), intended as the primary mechanism for general encryption and key establishment. The companion finalised standards cover digital signatures. These are designed to resist attack by both classical and quantum computers, replacing the public-key schemes (RSA and elliptic-curve cryptography) that a sufficiently capable quantum computer would break. NIST has since signalled transition expectations, with broad guidance that legacy algorithms should be deprecated over the coming years and phased out around the early-2030s. While NIST is a US body, its standards are the de facto global reference, and Indian enterprises, vendors, and cloud providers will migrate to the same algorithms.

Crypto-agility is the more important idea for risk managers because it converts a one-time scramble into a manageable process. An organisation that has hard-coded specific algorithms across hundreds of applications, devices, and certificates will struggle to migrate. An organisation that has abstracted its cryptography behind well-defined interfaces, maintains a current inventory of where and how it uses encryption, and can rotate algorithms and keys centrally can adopt PQC, and adapt again if a PQC algorithm is later weakened. The honest 2026 picture is that very few enterprises are agile in this sense. A widely cited ISACA poll from 2025 found that while 62 percent of technology professionals were worried that quantum computing would break current encryption, only around 5 percent of organisations treated it as a near-term high-priority issue, and fewer than one in twenty had a defined quantum strategy or roadmap.

The practical migration roadmap for an Indian enterprise has a recognisable shape. First, build a cryptographic inventory: discover every place the organisation uses encryption, including TLS termination, VPNs, code signing, database encryption, hardware security modules, and embedded devices. This is harder than it sounds and is usually the long pole. Second, classify data by sensitivity horizon, because HNDL only matters for data whose value outlasts the arrival of quantum decryption; a session cookie that expires in an hour is irrelevant, a twenty-year medical record is not. Third, prioritise the highest-risk, longest-lived data flows for early migration to PQC or hybrid schemes (which run a classical and a post-quantum algorithm together so that breaking either alone is insufficient). Fourth, engage vendors and cloud providers, since most enterprises will inherit PQC through platforms rather than build it themselves.

For brokers, crypto-agility is also a differentiation lever. A client that can demonstrate a cryptographic inventory and a PQC migration plan is presenting a materially better risk than one that cannot, and that story belongs in the underwriting submission well before it becomes a hard requirement.

This is the question that turns an abstract technology debate into an insurance problem, and the honest answer for 2026 is: it is unclear, and that uncertainty is itself the exposure. Cyber wordings in the Indian market, whether placed with domestic insurers such as ICICI Lombard, HDFC Ergo, Bajaj Allianz, and TATA AIG or fronted into global capacity, were not drafted with quantum decryption in mind. That leaves several interpretive questions unresolved, and unresolved questions in a policy wording are where claims disputes are born.

The first question is the trigger. A typical cyber policy responds to a security breach, unauthorised access, or a data breach. If an adversary harvested encrypted data in 2026, that exfiltration is the breach event, and most policies would treat the breach as occurring then. The decryption that makes the data legible might happen in 2034. By that time the policy that was in force in 2026 has long since expired, any retroactive date may not reach back far enough, and the insured may never have known the harvest occurred. So the loss event and the loss manifestation are separated by years, and the policy architecture (annual policies, claims-made or claims-discovered triggers, retroactive dates, extended reporting periods) is poorly suited to a harm with a multi-year fuse.

The second question is characterisation. When quantum decryption finally exposes the harvested data, is the resulting loss a covered failure of network security, or is it something the policy treats differently? Global commentators have flagged the genuine ambiguity over whether quantum decryption should be read as a failure of security, an unforeseeable zero-day type event, or potentially even something an insurer might try to push toward a war or hostile-act framing if a state actor is involved. Each characterisation pulls the loss toward a different part of the wording, and at least one of them sits near common exclusions. Indian policyholders should not assume the most favourable reading will prevail by default.

The third question is exclusions and conditions. Many cyber policies condition cover on the insured maintaining reasonable security standards, and some now reference encryption explicitly. As PQC standards mature, it is plausible that insurers will treat the continued use of quantum-vulnerable cryptography, after a reasonable migration window, as a failure to maintain adequate controls, narrowing or excluding cover in the same way that unpatched systems or absent multi-factor authentication can today. There is also the long-tail problem for insurers themselves: a claim arising in the 2030s from a 2026 harvest is exactly the kind of latent, correlated, potentially systemic loss that reinsurers scrutinise, which over time will pressure wordings toward explicit quantum language, very possibly in the form of exclusions before it appears as affirmative cover.

For an Indian risk manager, the constructive response is to make these questions explicit at renewal rather than discovering the answers in a dispute. Ask the insurer in writing how the policy would respond to a loss whose technical cause is quantum decryption of previously harvested data. Clarify the retroactive date and whether it reaches back to the period when sensitive data may have been harvested. Understand whether any war, infrastructure, or systemic-event exclusions could be invoked. Document the security posture, including encryption standards and migration plans, so the insured can demonstrate it met the conditions in force. None of this guarantees cover for an event the market has not yet priced, but it removes the easy grounds on which a claim could later be contested.

Mapping the gaps precisely helps a broker structure a defensible programme rather than a single cyber policy that is silently assumed to cover everything. Quantum-related exposure does not sit neatly inside any one line, and several plausible gaps deserve attention in FY2026-27 programme design.

The first gap is temporal. Annual cyber cover with a claims-made or claims-discovered trigger is structurally mismatched to a harm whose causal event and manifestation are years apart. If the harvest happened during a policy period that has since expired, and the policy in force at decryption excludes or does not respond to quantum events, the insured can fall between two policies. Closing this gap is partly about retroactive dates and continuity of cover with the same insurer, and partly about maintaining clean records so that, if a future claim must be tied to a specific harvest event, the timeline can be evidenced.

The second gap is definitional. If the wording does not address quantum decryption at all, the insured is relying on a favourable interpretation of breach and security-failure language drafted for a pre-quantum world. The fix is to seek clarity now: either an affirmative statement that the policy responds to losses arising from compromise of encryption regardless of the cryptographic method used to break it, or at minimum a documented understanding of how the insurer reads the existing wording. Where insurers will not give affirmative comfort, the insured at least knows the boundary and can price the residual risk into its own decisions.

The third gap is the silent-cyber problem in reverse. Quantum exposure also touches other lines. A directors-and-officers programme could face claims that the board failed to address a known, well-publicised cryptographic risk, particularly for a listed or regulated Indian entity in BFSI or telecom, where regulators are signalling quantum-readiness expectations. Professional indemnity and technology errors-and-omissions cover could respond where a service provider's failure to migrate caused client loss. Crime or fidelity cover, business-interruption extensions, and contractual-liability exposures may all be implicated depending on the scenario. A broker who maps these adjacencies for a client is providing real value, because the client's instinct will be to assume the cyber policy is the only relevant line, and it is not.

The fourth gap is contractual. Many Indian enterprises sit in supply chains where they have committed to data-protection and security obligations. As PQC requirements begin appearing in contracts and procurement standards, a counterparty could allege breach of contract for continued use of quantum-vulnerable cryptography, and standard cyber policies often have narrow contractual-liability cover. Risk managers should review key contracts for emerging quantum or encryption-standard clauses and align insurance accordingly.

The constructive programme-design response is layered. Maintain strong, well-documented cyber cover with the clearest available position on encryption-compromise losses and a retroactive date that reaches back meaningfully. Coordinate the cyber, D&O, and PI lines so that responsibilities are clear and gaps are intentional rather than accidental. Treat the cryptographic inventory and migration plan as risk-quality evidence that improves the whole programme. And revisit the structure annually, because this is a market that will reprice and rewrite quantum language over the next few renewal cycles, almost certainly tightening before it loosens.

Cyber underwriting has followed a predictable pattern over the past several years: a control becomes recognised as material, early submissions treat it as a nice-to-have, and within a renewal cycle or two it becomes a hard requirement that gates capacity and pricing. Multi-factor authentication, endpoint detection and response, segregated and tested backups, and email security all moved along that path. Crypto-agility and quantum readiness are early on the same curve in 2026, and brokers who prepare clients now will avoid scrambling later.

The questions underwriters are likely to introduce, initially as discovery and later as conditions, cluster around a few themes. On cryptographic posture, expect questions about whether the organisation maintains a cryptographic inventory, what encryption standards it uses for data at rest and in transit, and whether it has any visibility into quantum-vulnerable cryptography in its environment. On migration, expect questions about whether the organisation has a PQC migration roadmap, an executive owner for it, and a timeline aligned to recognised standards. On data, expect questions about data-retention practices and data-sensitivity classification, because an organisation that retains long-lived sensitive data without a migration plan is the worst HNDL profile. On governance, expect questions about board-level awareness, particularly for regulated Indian entities where quantum readiness is becoming a supervisory theme.

The analogy worth internalising is the patch-management and MFA analogy. Underwriters do not expect a perfect environment, but they reward demonstrable process and penalise visible neglect. An applicant that can show a cryptographic inventory, a prioritised migration plan focused on long-lived data, and vendor engagement on PQC will present as a managed risk. An applicant that cannot answer the basic questions signals that, if a quantum-related loss ever crystallises, the insured will have been a poor steward of the exposure, which colours both pricing and any future claim.

There is also a pricing and capacity dimension specific to the latency of this risk. Insurers are aware that quantum exposure is potentially correlated and systemic: a breakthrough does not break one company's encryption, it breaks an algorithm used by everyone, simultaneously. That accumulation characteristic is exactly what makes reinsurers cautious and what historically leads to explicit exclusions appearing before affirmative cover. The realistic expectation for FY2026-27 and the renewals that follow is not that quantum cover becomes a priced add-on overnight, but that wordings become more explicit, that some insurers introduce quantum or encryption-failure language, and that better-prepared insureds preserve broader cover while less-prepared ones see it narrow.

For brokers, the action plan is concrete. Add quantum and crypto-agility questions to client risk reviews now, ahead of insurers asking them, so the client is never caught flat-footed at renewal. Help clients assemble the evidence (inventory, classification, roadmap, vendor commitments) and present it proactively in submissions, because a self-aware applicant earns underwriter trust. Track how each insurer's wording treats encryption-failure and quantum scenarios, since this will become a genuine point of differentiation between markets. And set client expectations honestly: the goal in 2026 is not to buy a quantum policy, it is to manage a multi-year transition while keeping conventional cyber cover as broad and as clearly worded as the market allows.

Quantum risk rewards organisations that act early and methodically, and it punishes those that wait for certainty, because the harvesting that creates future loss is happening during the wait. The practical programme for the year ahead is not exotic; it combines disciplined cryptographic hygiene with sharper insurance questions.

Start with visibility. Commission a cryptographic inventory and a data-sensitivity-horizon classification. These two artefacts answer the only questions that matter for scoping quantum exposure: where does the organisation rely on cryptography that a quantum computer would break, and which data stays sensitive long enough for harvest-now-decrypt-later to be a real threat. Without them, every downstream decision is guesswork. With them, migration can be prioritised toward the highest-value, longest-lived data flows first.

Move to planning. Establish a PQC migration roadmap with a named executive owner, a realistic multi-year timeline aligned to NIST standards and India's National Quantum Mission direction, and explicit dependencies on vendors and cloud providers. Most Indian enterprises will receive PQC capability through platforms, so vendor engagement and contract review are central, not peripheral. Where feasible for the most sensitive flows, prefer hybrid cryptographic schemes during transition so that a weakness in either the classical or the post-quantum algorithm does not by itself expose the data.

On the insurance side, treat the next renewal as the moment to remove ambiguity. Ask the insurer in writing how the cyber policy responds to a loss whose technical cause is quantum decryption of harvested data. Confirm the retroactive date and whether it reaches back to periods when sensitive data may have been harvested. Identify any war, systemic, or infrastructure exclusions that could be invoked. Coordinate cyber, D&O, and professional-indemnity cover so the lines are deliberately aligned rather than accidentally overlapping or gapping. And bring the cryptographic inventory and migration roadmap into the submission as evidence of risk quality, because in a market that has not yet priced quantum, demonstrable process is the strongest argument a buyer has for preserving broad cover at sensible terms.

Finally, build in cadence. This is not a one-year exercise. Standards will evolve, timelines will shift, insurers will rewrite wordings, and India's regulatory expectations for BFSI, telecom, healthcare, and digital payments will harden. A standing annual review that revisits the inventory, the migration progress, the contract landscape, and the policy wording keeps the organisation ahead of both the threat and the market.

Navigating quantum risk requires comparing how different cyber wordings handle encryption-failure triggers, retroactive dates, and emerging exclusions, which is precisely the kind of granular wording analysis that brokers struggle to do at scale. Sarvada gives commercial insurance brokers structured, searchable access to insurer policy wordings so they can pinpoint how each market treats encryption-compromise losses, war and systemic exclusions, and crypto-related conditions, and build defensible quantum-aware cyber programmes for their corporate clients. Brokers who want to lead these conversations with clients ahead of the market can Request Access to evaluate the platform for their cyber and emerging-risk practice.