Workshops Insurance PQC Migration for Policy and Claims

Insurance Full Day Workshop

PQC Migration for Insurance Policy and Claims Systems

Insurance policy administration and claims platforms depend on cryptographic primitives that a fault-tolerant quantum computer will break. This workshop maps those dependencies system by system and builds a migration plan that respects operational constraints, regulatory timelines, and legacy integration realities.

Full day (6 hours + Q&A)

In person or online

Max 30 delegates

Commission This Workshop View Agenda

Proud to recommend our expert members

Workshop Description

Policy administration platforms such as Guidewire PolicyCenter, Duck Creek, and Majesco use TLS 1.2/1.3 for API communication, RSA or ECDSA certificates for digital signatures on policy documents, and AES-256 for data at rest. Claims processing adds payment rail encryption (PCI DSS scope), FNOL intake channel security, and adjudication workflow signing. Every one of these cryptographic touchpoints requires assessment and migration planning under the NIST post-quantum standards finalised in 2024.

The challenge specific to insurance is operational continuity. Policy administration systems typically run on 12-to-18-month release cycles. Claims platforms integrate with dozens of external parties (loss adjusters, repair networks, medical providers, payment processors) whose own PQC readiness varies. A migration plan that ignores these constraints will fail. This workshop builds a Cryptographic Bill of Materials (CBOM) for each participant's environment, sequences migration by regulatory priority (EIOPA/PRA submission channels first, then payment rails, then internal systems), and addresses the hybrid deployment patterns needed for backward compatibility during transition.

What participants cover

NIST FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA), and draft FIPS 206 (FN-DSA): algorithm characteristics, key sizes, and performance trade-offs for insurance workloads
CBOM methodology applied to insurance software stacks: policy administration, claims processing, bordereaux exchange, and regulatory reporting
Solvency II Pillar 2 ORSA integration: incorporating quantum cryptographic risk into Own Risk and Solvency Assessment
PRA SS2/21 operational resilience: classifying cryptographic dependencies as important business services
Lloyd's Market Bulletin Y5381: cyber risk governance expectations and cryptographic upgrade planning
Hybrid deployment patterns (ML-KEM + X25519, ML-DSA + ECDSA) for systems that must maintain backward compatibility during migration

Preliminary Agenda

Full day workshop structure with scheduled breaks. Content is configurable to your organisation's policy administration platform, claims technology stack, and regulatory jurisdiction.

#	Session	Topics
1	Insurance Cryptographic Landscape Where cryptography sits in policy and claims infrastructure	TLS in policy administration platforms: Guidewire, Duck Creek, Majesco cipher suite dependencies Claims processing pipelines: FNOL intake, adjudication engines, payment rail encryption Bordereaux and EDI: ACORD XML/JSON message signing, Lloyd's Market Association electronic placement
2	NIST FIPS 203/204/205 for Insurance Systems Algorithm selection against insurance operational constraints	ML-KEM (FIPS 203): key encapsulation for policy data at rest and bordereaux in transit ML-DSA (FIPS 204): digital signatures for claims authorisation workflows and audit trails SLH-DSA (FIPS 205): stateless hash-based signatures for long-retention regulatory archives FIPS 206 (FN-DSA, draft): performance trade-offs for high-throughput claims batch processing
Break, after 60 min
3	Cryptographic Inventory for Insurance Mapping dependencies across policy lifecycle systems	CBOM (Cryptographic Bill of Materials) methodology applied to insurance software stacks Policy administration system inventory: underwriting, binding, endorsement, renewal cryptographic touchpoints Claims system inventory: FNOL, reserve setting, subrogation, payment gateway integrations Third-party integrations: reinsurance treaty platforms, broker portals, regulatory reporting (EIOPA, PRA)
4	Interactive Demonstration: Insurance CBOM Walkthrough Facilitator-led inventory exercise on a representative policy administration stack	Mapping a Guidewire PolicyCenter deployment: certificate chains, key stores, API gateway TLS Identifying high-priority migration targets: claims payment rails, regulatory submission channels Hybrid deployment patterns: ML-KEM + X25519 for backward compatibility during migration
Break, after 75 min
5	Regulatory Compliance and Migration Sequencing Solvency II, PRA, and Lloyd's requirements for cryptographic transition	Solvency II Pillar 2 ORSA: incorporating quantum risk into Own Risk and Solvency Assessment PRA SS2/21 operational resilience: cryptographic dependencies as important business services Lloyd's Market Bulletin Y5381: cyber risk governance and cryptographic upgrade expectations Migration sequencing: regulatory submission channels first, then claims payment, then policy admin
6	Case Studies: Insurance PQC Migration Lessons from early movers in insurance and adjacent financial services	HSBC-Quantinuum hybrid key exchange trial: applicability to insurer-bank payment channels Deutsche Boerse post-quantum securities settlement: parallels for insurance clearing Common failure patterns: certificate pinning in legacy claims systems, HSM firmware constraints
7	Q&A and Migration Roadmap Planning

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and insurance systems.

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

Insurance workshops are co-delivered with sector specialists who bring direct operational experience in Lloyd's syndicates, composite insurers, and specialty lines. This ensures workshop content is grounded in the regulatory, operational, and technical realities of policy administration and claims processing.

Commission This Workshop

Sessions are configured around your policy administration platform, claims technology stack, and regulatory jurisdiction. Get in touch to discuss requirements and schedule a date.

Insurance Workshops All Consulting Services All Workshops