Add quantum computing to the futuristic list of things insurance CEOs should lose sleep over. All that money you spent updating your systems? Useless. All your “proprietary AI” underwriting? Outdated. All the security practices your cyber insured use? Vulnerable.
Stop worrying about insuretechs or even self-driving cars. The real threat is quantum computers. Sure, they’re a decade away or more but they will change everything we know about the business model of insurance. Let’s explore…
First, I should explain what quantum computing is (or more accurately, what it intends to be given it’s future is still very uncertain). Probably the most basic way to explain it is that while a traditional computer does operations one at a time, a quantum computer can run multiple operations simultaneously.
The reason for this is because traditional computers are binary, so any process has to evaluate a strings of 1s and 0s to perform a task. In quantum computing, a value is not fixed (at least not until you measure it). Sometimes it will be 0 and sometimes it will be 1. I will skip a lot of the details for brevity but this flexibility allows for a lot more outcomes to be measured simultaneously.
While there are technological challenges to quantum computing (qubits – the building blocks of quantum computers – are inherently unstable) related to temperature and storage of data, in time, smart minds will solve these issues.
As with all new technologies, there will be good and bad aspects we will discover. Unfortunately for insurance companies, the bad aspects are future losses and the good aspects mean spending a lot of money to gain the benefits. Let’s go through a few potential issues.
Cyber Losses Will Be Monumental
This is the most obvious place to start. Very simply, current encryption techniques are not 100% safe. And no, I’m not talking about the risk that someone can guess your password is “password1234”. I mean that all encryption is based on the standard of “make it too hard for today’s computing power”.
Encryption is based on using algorithms that are really hard to solve. Anyone with infinite time and patience can crack any encryption technique. Because nobody has infinite time (or unlimited computing power), most of today’s encryption techniques are practically unbreakable.
You can think of it as similar to a PML approach. Everyone may be comfortable taking on the risk of a 1 in 10,000 year event. The risk is that something new comes along that turns your 1 in 10,000 into a 1 in 10.
Quantum computers – because they can solve mathematical equations exponentially faster than today’s computers – change that “practically” unbreakable into “quite likely” broken.
Will security experts develop new ways to encrypt data to make it safe again? Most certainly, but there will be an interim period of high risk. A $100B industry event seems very plausible and that’s probably a low end number (Stephen Catlin might call it $500B or more!).
Bye, Bye Bitcoin
On a similar note, Bitcoin’s existence is based on encryption. When its encryption fails, your bitcoins are no longer safe. Note, this also will apply to your bank account passwords and everything else of value you have access to online. That $100B industry event is likely a $1T+ economic event. So yeah, we will have bigger problems than insurance losses.
Legacy IT Systems
What do you do in the early years of quantum computers being commercially viable? They’ll be crazy expensive and possibly not 100% reliable yet, but they can price a reinsurance program in minutes not hours. Or think how much faster they can issue certificates or verify customer data or any other cumbersome administrative task.
So if you’re a CFO, are you cutting that check to replace all your legacy IT with new quantum computers? I’m going to guess you will, mainly out of fear someone else will do it if you don’t and gain an advantage. So we’re looking at a massive upgrade cycle and suddenly most of your IT employees don’t have the requisite skills required for the job anymore.
So part of the reason I’ve been skeptical about insuretech is that there is no real reason for it to exist other than cheap capital looking for something to do.
However, in a world where there is a real change, there is an opportunity for real disruption. Think of how Progressive and GEICO changed auto insurance with the internet DTC model. Now, imagine what quantum might allow. I don’t have all the answers, but I can speculate on some possibilities.
There will be new tools to price policies, you can truly quote someone in minutes, without exception, costs of policy administration should tumble, virtual AI agents may be more useful than humans. Whatever it may be, established business models will face new threats.
The Internal Opportunity/Risk
So I don’t want to be all alarmist. As I said upfront, there is good and bad that can come from change. Some of the opportunities I mentioned above could be implemented by existing companies. Others will be slow to recognize the shift and miss out and get adversely selected.
The most interesting area to me is the potential for vastly better underwriting models. AI will be able to analyze data exponentially faster and thus develop much better models of risk and loss. There will likely be a golden age for nimbler companies who can establish advances first and roll them out quickly.
There should be a growth opportunity as models learn to price perils humans are afraid to underwrite (e.g. residential flood or emerging market cat).
The Metromile approach to auto could evolve into something resembling live cat – before you get in the car, you plug in your destination and the model determines the risk on the fly, accounting for local weather and traffic, and charges your account.
My sense is distribution will be challenged as there is less need for advice if a machine can determine your insurance needs based on what you tell it about yourself. On the other hand, there are likely huge efficiency opportunities in better processing times for policy issuance and less re-work.
Shouldn’t This Be an IAN’s Alert?
No, it is too far out in the future to issue an alert. Alerts are for known dangers we pretend not to know about. This is a possible future danger. It may be worthy of an ALERT someday, but not yet.
However, if I were a CEO, I’d probably form a working group of my CTO, head of strategy, and head of ERM to start monitoring developments in quantum technology so they can react quickly to any large advances (I almost said “quantum leap”, but thought better of it).
A Final Thought
In case some of you think this note came across as too dystopian, I want to make one thing clear. I, for one, welcome our new quantum overlords.