Cyber Tips Cyber Insurance 101

Is Your Small Business as Prepared as Cybercriminals for Quantum Computing?

AI is accelerating cyberattacks now. Cybercriminals are stealing your data for quantum computing later. Here’s what American businesses need to know to prevent today’s cyber threats and prepare for tomorrow’s.

On June 9, 2026, Anthropic released Claude Fable 5, a new Mythos-class model with capabilities that were available only to a small group of vetted cyber defenders and critical infrastructure operators. Up until that launch, such advanced AI tools were locked away in research labs. Now they’re available to anyone. And cybercriminals are taking note. 

BOXX’s cybersecurity experts have been watching this trajectory closely. The concern for American small businesses, they say, is what happens when powerful AI gets into the wrong hands. 

“If Anthropic can build a model like this, a criminal group can build their own version,” says Jack Brooks, BOXX Insurance’s virtual Chief Information Security Officer (vCISO). “The point isn’t that any one tool is going to break the internet, but that we’ve crossed into territory where advanced AI can accelerate both attack and defence.” 

Cyberattackers aren’t necessarily coming up with new categories of attacks, but these tools enable them to become a lot more successful, targeting more small businesses, more of the time, explains Marcus Fluellon, BOXX’s cybersecurity lead. “What it has done is radically change the speed, scale and customization of existing cyberattacks,” he says. 

That’s the threat small businesses are already experiencing. According to a Deloitte poll, nearly 26% of American executives reported their organization experienced at least one deepfake incident targeting financial or accounting data in the past year, and half expect attacks to keep rising. Deepfake fraud losses in North America exceeded $200 million in the first quarter of 2025 alone. 

But there’s a second threat most businesses aren’t thinking about yet. Quantum computing won’t arrive overnight, but when it does, it will have the ability to break the encryption protecting virtually everything your business sends, stores and signs. And some attackers are already getting ready by harvesting your data now. 

AI is making that harvesting a lot more valuable for cyberattackers. The same tools that power phishing and fraud also help attackers process and correlate enormous data sets today, turning scattered fragments into complete, valuable profiles worth decrypting later. 

What Quantum Computing Means for Small Business Cyber Risk

As a small business owner, you don’t need to understand the physics. Here’s what matters. 

Today’s encryption technology that protects your passwords, your banking, your client data and your emails, works because the math behind it is too complex for any computer to crack. Quantum computers change that. They process information in a fundamentally different way, one that can run through those calculations far faster than anything that exists today. 

This isn’t just about data sitting in a database. The same encryption underpins the digital certificates that verify websites, the systems that sign and authenticate software, the VPNs employees use to connect remotely and the identity systems that confirm someone is who they say they are. Quantum computing threatens all of it, not just stored files. 

“The good news is quantum computers capable of breaking encryption don’t exist yet. They’re still years away from being powerful enough to pose a real threat,” says Brooks. “The bad news is that some attackers aren’t waiting.” 

Security researchers have documented a tactic called “harvest now, decrypt later.” Sophisticated threat actors, including state-sponsored groups, are intercepting and storing encrypted data today, with the intention of decrypting it once quantum capability arrives. “They’re playing a long game,” Brooks says. 

Not all data is worth holding onto, however. Old payment credentials expire. But think about what your business stores or transmits that needs to stay confidential for years: contracts, client records, intellectual property, strategic plans, regulated personal information. According to Verizon’s 2025 Data Breach Investigations Report, ransomware was involved in 88% of breaches at American SME businesses, compared to 39% at larger organizations. If that data is being collected now, the damage doesn’t show up until much later. 

That’s why quantum risk is a “now problem with a long fuse”, Brooks says. 

What SMEs Can Do About Cyber Risk Now 

Many small business owners assume quantum risk is a problem for governments and large enterprises, not them. That thinking misses how this kind of data collection actually works. 

“Attackers don’t need to target your business specifically. They collect data at scale, indiscriminately, because storage is cheap and AI makes sorting through it cheap too,” Brooks says. “Your customer records, employee data or business communications can end up in a much larger collection simply because they were reachable, not because anyone singled you out.” 

BOXX recommends the following practical prevention steps for SMEs: 

Train Staff to Spot AI-phishing 

In the near-term, AI is making familiar cyberattacks much harder to catch. 

Phishing emails that used to give themselves away with bad grammar, odd formatting or implausible requests, are now polished, contextually accurate and written for a specific person. AI phishing emails now achieve click-through rates of 54%, compared to 12% for standard attempts. Voice cloning can replicate a CEO’s voice from a handful of audio clips. A finance manager can receive what sounds like a legitimate vendor call and approves a payment. No breach required. 

“Most incidents are still essentially confidence tricks that were being done long before computers,” Brooks says. “Technology, including AI, just makes them faster and more convincing.” 

Doing regular phishing training and simulations for staff is a proven way to reduce phishing related attacks. 

A global study showed organizations that run regular, consistent simulated phishing training see an 86% drop in employee click rates within a year. 

Protect Your Supply Chain 

Supply chain risk is also worth watching closely. According to SecurityScorecard’s 2025 Global Third-Party Breach Report, 35.5% of all breaches in 2024 involved a third-party vendor, a number researchers call conservative due to underreporting. 

One vendor being hit with a cyberattack can bring your business down too. 

Strengthen Defences 

Strong passwords and multi-factor authentication on every account. Endpoint detection that can catch threats fast. Disciplined patching. Call-backs and dual approvals before any high-value payment goes out. Backups that are tested and isolated from your main systems. Attack surface management to find the gaps in your defences before attackers do. Dark web monitoring to catch exposed credentials before they’re used against you.  

Quantum Prep 

On the quantum side, you don’t need a technical team to get started. Know what sensitive data your business holds and how long it needs to stay protected. Some data is only valuable to attackers for a short window. Other data, like client records, contracts and personal information, can stay sensitive for five, ten or even twenty years, which makes it a target for harvest now, decrypt later attacks. Many businesses hold onto data far longer than necessary simply out of habit. It’s worth challenging what you assume needs to be kept and for how long, since the real requirement is often shorter than people think and in some cases the data doesn’t need to be retained at all. Ask your software vendors, cloud providers and bank what their plans are for quantum-resistant security. 

Take stock of where encryption is used across your business systems — your website, email, VPN, banking portal and any customer-facing tools. Knowing where your vulnerabilities sit makes it easier to prioritize what needs updating first when quantum-resistant security becomes available. 

Most small businesses won’t manage this alone. You’ll be relying on your bank, cloud provider, software vendors and IT partners to handle the technical side. Businesses that fare best choose partners already preparing for quantum-resistant security. BOXX Hackbusters® expert breach response team can help you understand where you stand and build that readiness now. BOXX’s virtual CISO (vCISO) service also gives small businesses access to senior security guidance without the cost of a full-time hire.  

How a Modern Cyber Insurance Policy Protects Your Small Business 

Cyber insurance is only useful if it reflects how losses actually happen. For small businesses in the US, that means coverage built to handle multiple incidents, not just one. 

All-in-one cyber solution 

Cyberboxx® Business is BOXX’s all-in-one cyber insurance and protection solution, combining comprehensive coverage with always-on Cyberboxx Assist® services, including attack surface management, dark web monitoring and access to cybersecurity expertise that’s designed to predict and prevent risk before it turns into a loss. 

When an incident does occur, BOXX Hackbusters® provides immediate 24/7 expert breach response, with costs covered outside the main policy limit. Hackbusters prevent more than 80% of incidents from escalating into insurance claims and early reporting can result in the retention being waived. 

Every loss covered 

Cyberboxx® Business also includes BOXX’s First Party Each and Every Loss structure, which reinstates the policy’s aggregate limit after each separate cyber incident within the policy term. Cyberattacks don’t always come one at a time. A business can face a fraud incident, then a ransomware attack, then a supply chain disruption, all in the same year. A policy with a single aggregate limit can be wiped out by the first claim, leaving you with nothing for the next one. Each and Every Loss means your coverage stays intact across the full policy period. 

Next-gen protection 

For technology companies, including SaaS providers, AI developers, digital infrastructure businesses, the exposure goes beyond cyber into professional liability. Tech E&O by BOXX covers AI and large language model errors, data misuse and integrity failures, technology discrimination claims and software or service failures. It’s built for how tech companies get hit today, with broader triggers, fewer exclusions and Cyberboxx® Business included by default. 

Prevent Today’s Cyber Risks, Prepare for Tomorrow’s

The Fable 5 launch is a warning for businesses that the gap between defenders and attackers narrows every time a new tool enters the ecosystem, Brooks says. 

“With quantum computing, the stakes will be higher,” adds Fluellon. 

The encryption protecting what most American businesses do online today has an expiry date. Businesses that start understanding their cyber exposure now and build toward quantum-resistant security and protection will be far better prepared when that day arrives. 

Related posts

Cyber Tips Cyber Insurance 101 The AI Risks Insurance Brokers Need to Advise Clients About

The AI Risks Insurance Brokers Need to Advise Clients About

AI is creating new cyber threats for small businesses and individuals. Learn the key AI exposures insurance brokers should be discussing with clients and how to close coverage gaps with modern cyber insurance and Tech E&O policies.

12/06/2026
Cyber Tips Cyber Insurance 101 A Sales Guide for How Insurance Brokers Can Sell Cyber

A Sales Guide for How Insurance Brokers Can Sell Cyber

A practical guide for brokers to sell cyber insurance, overcome common objections and deliver value with modern cyber solutions for small business and personal clients.

13/04/2026

Sign up for the BOXX Insurance Newsletter

Get the latest updates about Cyber Insurance and Protection with our newsletter.