Cyber Insurance Landscape

Part
01
of ten
Part
01

Cyber Insurance: Drivers of Growth

One of the quickest growing segments of the insurance industry is cyber insurance coverage, as revealed on page 11 of this report. Five drivers to this growth are an increasing number of cyber attacks, a rapidly growing number of IoT and IIoT devices and their related vulnerabilities, global enhancement of regulations on personally identifiable information loss (like GDPR and CCPA), increasing awareness of cyber thefts among small- and medium-sized enterprises, and a growing number of companies viewing cybersecurity insurance as a risk mitigation strategy.

Increase in Cyber Attacks

  • High profile data breaches and ransomware attacks such as the WannaCry and NotPetya attacks in 2017, have convinced companies they need protection.
  • Any company can fall victim and be a potential target of cyber attacks. From small town businesses to Fortune 500 companies, there is no business that is guaranteed immunity to cyber risk. In fact, while a company that is considered large is more likely to endure a cyber attack, "the proportion of small firms (less than 50 employees) reporting one or more incidents is up from 33 percent to 47 percent. For medium-sized firms with between 50 and 249 employees the proportion has grown from 36 percent to 63 percent."
  • Over the past five years, security breaches have increased by 67%, according to Accenture’s global survey.
  • Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 11 seconds by 2021.
  • Make UK and AIG surveyed manufacturers in the UK, and almost 50% of them said that they were victims of cybercrime or a cyber security incident at some point.

Rapid Growth of the Number of IoT and IIoT Devices and Their Related Vulnerabilities

  • The anticipated number of Internet of Things (IoT) devices that will exist by 2020 will be 20.4 billion, according to a press release from Gartner, Inc.
  • Routers accounted for 75% of IoT attacks in 2018, and connected cameras accounted for 15% of them.
  • Five minutes is the average amount of time it takes for an IoT device to be attacked once plugged into the Internet, according to a report from NETSCOUT.
  • There has been a significant increase in the number of attacks on both the industrial control systems (ICS) and the operational technology (OT) side of the Industrial Internet of Things (IIoT).
  • Sixty-eight percent of respondents stated that altering the function of IoT devices through malware or other attacks is a concern. Fifty-four percent of respondents said that remote control of a device by an unauthorized user is also a worry. These IoT security threats are included in this free downloadable 2019 Global PKI and IoT Trends Study.

Global Enhancement of Regulations on Personally Identifiable Information Loss

  • ZDNet reports that only 2% of companies’ IT expenditure last year was used on security measures.
  • According to HIgh-Bridge, 32% of American companies failed to properly implement SSL/TLS encryption, while 16% of European companies failed to do a proper job.
  • Paula Miller, a senior vice president in cyber practice for Marsh states that the imminent arrival of the new CCPA law is driving sales and moving companies that already buy cyber insurance to reach out to their brokers to ensure their policies are compliant with the new law. “This is prompting them to not only reevaluate their coverage, but the overall insurance limits that they purchase,” Miller said. “In some cases, this law will increase sales in the form of increased limits for existing buyers.”
  • Dan Burke, a national cyber practice leader with Woodruff Sawyer, states that clients are also thinking about higher limits. “I would say that it is driving some increased purchasing from a limit perspective for us,” Burke said, as something similar occurred just before Europe’s GDPR kicked in last year. "A lot of that buying activity happened right up until the regulation went into effect." He expects a similar experience up to and beyond the Jan. 1 implementation of the new law. “We’ll see an increase in those six months right prior to that,” Burke said.
  • A recent report by Goldman Sachs says that they are expecting cyber premiums to grow by double-digit numbers through the next 3-5 years and one of the drivers is the California Consumer Privacy Act (CCPA).

Awareness of Cyber Thefts Among SMB's

  • Eighty-nine percent of SMBs recognize that cybersecurity needs to be one of their top priorities, and seventy-nine percent are planning to buy into cybersecurity within the next year, according to a report from Vanson Bourne and commissioned by Continuum Managed Services.
  • This increased level of cybersecurity awareness among SMBs has been precipitated by the never ending assault of cyberattacks directed at them, coupled with a 59% increase in such attacks.
  • 67% of SMBs experienced a cyberattack, and 58% experienced a data breach in 2018, according to a Ponemon Institute report.
  • 43% of attacks still target small businesses, and 56% of breaches takes months or longer to discover, according to the 2019 Verizon Data Breach Investigations Report.
  • 71% of ransomware attacks are aimed at small businesses, according to a report from the Beazley group.
  • According to the latest Federation of Small Businesses research, small businesses in the UK experience almost 10,000 attacks per day.

Companies Viewing Cyber Insurance as a Risk Mitigation Strategy

Part
02
of ten
Part
02

US Cyber Insurance Industry: Competitors (Part 2)

The competitive landscape for Chubb, AXA XL has been provided below. Chubb had annual revenue of $32.71 billion in 2018. Conversely, AIG had revenue of $47.39 billion in 2018.

Chubb INA Group

  • Chubb is a property and casualty insurance company that also offers cyber insurance solutions. The company is publicly traded and has a presence in 54 countries.
  • The firm has four cyber products namely Cyber Enterprise Risk Management (Cyber ERM), DigiTech Enterprise Risk Management (DigiTech ERM), ForeFront 3.0: CyberSecurity, and Integrity+.
  • The company had total revenue of $32.71 billion in 2018.
  • Chubb’s competitive advantage lies in its expense management, which results in a lower combined ratio. The company is more efficient than its competitors as it has an expense ratio that is four to six percentage points lower than majority of commercial property and casualty insurers in the United States.

AXA XL US Group

  • AXA XL is a property and life insurance company that serves clients across 200 countries. The company provides claims, insurance, risk consulting, and reinsurance solutions.
  • AXA XL offers the Cyberiskconnect cyber policy that offers broader terms and expanded coverage to protect its clients against privacy risks, data risks, and emerging technologies.
  • The company's total revenue in the US was $18.39 billion in 2018. Globally, revenue was $102.87 billion.
  • To remain ahead of its competitors, the company is diversifying towards services. The company offers complementary services to its clients in addition to the insurance coverage it provides.

AIG

  • American International Group (AIG) offers retirement services, life insurance, and property-casualty insurance. The company serves individuals, institutional, and commercial clients.
  • The cyber insurance products that AIG offers include CyberEdge PC, CyberEdge Plus, and CyberEdge. Insurance coverage can be provided through a standalone policy or a part of property or casualty policies offered by the company.
  • AIG's total revenue in 2018 was $47.39 billion.
  • AIG's competitive advantage is in its ability to provide solutions in several product structures given that there is a high need for protected retirement income.



Part
03
of ten
Part
03

US Cyber Insurance Industry: Competitors (Part 1)

The key competitors in the U.S. cyber insurance market, considering direct premiums written, are the Chubb Group, AXA U.S., American International Group, Travelers Group, and Beazley Insurance. The following information presents the details of each competitor.

Top Cyber Insurers in the U.S. by Direct Cyber Security Premiums Written

  • Direct premium written (DPW) is a key metric usually used to measure an insurer’s growth and presence, as it indicates how many new premiums were written over the course of a given year.

Chubb INA Group

  • Chubb is the largest commercial insurer in the U.S., with 44 branch locations around the country. The company launched its first cyber risk solution in 1998.
  • Cyber DPW (2018): $325.8 million.
  • Market Share: 16%.

AXA U.S. Group

American International Group (AIG)

Travelers Group

Beazley Insurance Co, Inc.

  • Rounding up the top five, Beazley climbed from the sixth to the fifth position in 2018. It is the only insurer in the top five with a somewhat distributed share of standalone (77.2%) and packaged (22.8%) DPW.
  • Cyber DPW (2018): $110.9 million.
  • Market Share: 5.5%.

Research Strategy

The key cyber insurance companies were ranked by the 2018 total standalone and packaged cybersecurity DPW based on AM Best’s research.
DPW was used to identify the key players as it is the most commonly used metric by reputable sources, such as AM Best and the National Association of Insurance Commissioners (NAIC), to determine market share. We selected the AM report as our primary source since it presents the market share considering both policies, while the NAIC divides the companies into packaged and standalone policies.
To ensure accuracy, we utilized the NAIC report to further corroborated the AM Best evaluation. For instance, Chubb’s DPW reported by NAIC amounts to 320.7 million (factoring only packaged policies), while AM Best estimates Chubb’s total DPW (considering packaged and standalone policies) to be approximately $325.8 million. Further examination shows that AM states that around 98.4% of Chubb’s DPW consisted of packaged policies — 98.4% of 325 is roughly 320, the number presented by NAIC. In AXA’s case, 100% of the DPW consists of standalone policies, amounting to $255.9 million, the same number reported by both AM and NAIC. The market share and key players presented by each organization are different due to the policies used to determine market share; however, given that the total DPW is similar in both reports, the AM Best estimation was adopted, as it offered a more comprehensive view of the market.
Part
04
of ten
Part
04

Cyber Insurance: Technologies

Several of the latest technologies used by cyber insurance providers are prospective risk assessment tools, dynamic risk assessment technology, and artificial intelligence or machine learning. Additionally, cyber insurance providers are beginning to integrate their operations with more traditional cyber risk management solutions.

Prospective Risk Assessment Technology

  • Cyber insurance providers are increasingly moving from tools that assess cyber risk retrospectively, to technologies that enable a more prospective risk review, according to Seth Rachlin, the Executive Vice President and Chief Innovation Officer of Insurance at Capgemini.
  • Until recently, cyber insurers have relied on historical data combined with actuarial analysis to assess and price cyber security risk.
  • However, this backward-looking approach is far from perfect in the cyber insurance industry given that cyber threats are "new and ever-changing."
  • As such, startups including Switzerland-based CyQuant are beginning to offer risk assessment and pricing tools for cyber insurers that combine the latest technology and risk modeling skills to more prospectively price cyber risks.
  • Meanwhile, these faster and more accurate risk pricing tools have the potential to reduce risk premiums and thereby increase the capacity of the cyber insurance market.

Dynamic Risk Assessment Technology

  • Another new and "leading offering" in technology for cyber insurance providers are tools that enable the dynamic or ongoing assessment of cyber risks.
  • Specifically, insurtechs have developed new cyber analytics tools that continuously collect and integrate data relevant for cyber risk assessment, ranging from industry information to geography-specific news.
  • These new technology tools ultimately provide more "relevant and up-to-date insight" on cyber threats and pricing benchmarks, which in turn enable cyber insurance providers to meaningfully improve their rating accuracy.
  • Currently, startups such as SecurityScorecard and BitSight Technologies are lead providers of this technology.
  • Moreover, JLT Specialty executive Boris Ćorović expects other players to emerge based on the millions that venture capital funds are currently investing into these startups and technology tools.

Artificial Intelligence/Machine Learning Technology

  • However, the most widely discussed new technology used by cyber insurance providers are risk assessment tools that leverage artificial intelligence (AI) and machine learning (ML).
  • According to credible resources such as Coverager, Insurance Journal, Banking Technology Magazine and CPO Magazine, insurtechs are increasingly deploying AI and ML to leverage "huge amounts of live data" in forecasting cyber risks.
  • Notably, approximately 57% of insurance companies are already using AI-enhanced tools from startups, such as Darktrace, Cybereason and Versive, which have extensive track records for combining this technology with behavioral data to identify unknown threats.
  • For example, AIG recently partnered with cyber security consulting firm AXIO and Darktrace to enhance its cyber insurance assessments and offerings by leveraging Darktrace's AI-based tools.
  • Meanwhile, AI and ML technology tools are expected to boost probability for cyber insurance providers, according to Siobhan O’Brien, the CEO of Guy Carpenter’s Cyber Centre of Excellence for International and Global Specialties.

Combined Technology/Insurance Solutions

  • Meanwhile, a burgeoning trend in technology for cyber insurance providers is gaining access to more traditional cyber risk management solutions through partnerships and investments with other companies.
  • Notably, Capgemini's Seth Rachlin asserts that one of the most important developments within the cyber insurance industry is the rise of new partnerships between insurers and cyber technology firms to integrate indemnity coverage with risk mitigation and management services.
  • Among these new ventures is the partnership between Cisco, Apple, Aon and Allianz, which in 2018 spearheaded the adoption of more traditional cyber management technologies by insurance providers.
  • In this instance, Alliance offered "enhanced cyber insurance coverage" for customers who also used the cyber resilience and technology solutions of its partners to strengthen their overall data protection profile.
  • Similarly, AXA is moving towards a closer partnership with traditional cyber risk management solutions through recent investments in Security Scorecard and Contrast Security.
  • Meanwhile, industry experts such as Mr. O'Brien expect cyber insurance providers and cyber threat management solutions to ultimately merge, with insurance providers increasingly evolving to include "technology platforms," while traditional cyber technology companies will "morph in form closer to insurers."

Research Strategy

An extensive review of trusted media sources, industry reports and articles published by authorities and key players in the cyber insurance sector was conducted to ascertain the latest technologies used by cyber insurance providers. As part of this direct search, four significant technology developments were identified and detailed. However, this extensive search failed to provide the requested five to seven technologies. This is likely due to the highly specific nature of the request. Additionally, it is possible that the four identified technologies represent all of the major, latest technologies used by cyber insurance providers, given that each technology represents a step-change in the way this industry is using and partnering with technology products and companies.

With that said, several further attempts were made to identify additional latest technologies used by cyber insurance providers.

For example, a separate and detailed review of reports and resources covering the state of the overall insurance industry was conducted. Although these reports and resources included a much broader scope of information, it seemed reasonable that any emerging and significant technologies mentioned might also be applicable specifically within the cyber insurance industry. While sources such as Capgemini's 2019 World Insurance Report further reinforced the significance of the four technologies identified, they failed to mention other recent technologies that would be relevant to the cyber insurance space.

As part of a separate attempt to triangulate this information, a review of insurtech and other cyber insurance technology providers was conducted. The goal in this case was to identify other recent technologies used by cyber insurance providers by seeing what new technology offerings were available on the market. However, this review similarly highlighted the four technologies identified, and failed to mention other new tech tools used by cyber insurance providers. Ultimately, given the significance of the four technologies identified, as well as the fact that these latest technology developments were repeatedly and consistently referenced across credible resources, it was determined that providing this slightly smaller list of four technologies was reasonable and appropriate.

Part
05
of ten
Part
05

Cyber Insurance: Market Segments

The three primary types of market segments within the cyber insurance space are company size, industry and region.

Company Size

Industry

  • Industry is another key form of market segmentation within the cyber insurance space, according to market experts Grand View Research, Valuates Reports, Mordor Intelligence, Research Nester and Adroit Market Research.
  • While the exact segmentation by industry may vary, almost all experts highlight banking and financial services (BFS), healthcare, retail, and IT and telecommunications as key customer groups.
  • Notably, banking and financial services (BFS) represented the largest share of the cyber insurance market in 2018, driven by the fact that this industry was subject to the highest number of cybersecurity incidents and is considered a key security concern for governments.
  • However, healthcare is expected to grow at the highest CAGR through 2025 as the industry becomes increasingly digitized and vulnerable to cyberattacks.
  • For example, a HIPPA report noted that the US healthcare segment recently experience a 157.67% year-over-year growth in the volume of exposed healthcare records.

Region

  • Finally, the region or country of a customer is a major form of market segmentation within the cyber insurance space, according to researchers Grand View Research, Valuates Reports, Mordor Intelligence, Research Nester, Market Study Report and Adroit Market Research.
  • This regional focus primarily consists of North America (including the US and Canada), Europe (including the UK and Germany), Asia Pacific (including China, India and Japan), Latin America (including Brazil) and MEA (including countries from the Middle East and Africa).
  • Overall, the North America market represented the largest revenue share for the cyber insurance industry in 2018, driven by the preponderance of major industry players in the area and the revenue generated specifically from US customers.
  • While Asia Pacific currently represents a small market segment, it is expected to grow at the most significant CAGR through 2025 due to the increasing emergence of cybercrimes in countries such as India and China.
  • Moreover, Asia Pacific is currently seeing growth in the implementation of data breach regulation that is expected to drive sales in this region, with countries such as South Korea and Australia recently adopting legislation, while China, India, Malaysia, and Indonesia are preparing relevant bills.
Part
06
of ten
Part
06

Cyber Insurance: Investments

Ten examples of investments in the cyber insurance space from the past few years are capital raised by Arceo.ai, Coalition, Cowbell, Zeguro, CyberCube, Upstream Security, At-Bay, CoverHound, Lucideus Technologies and Kovrr.

Arceo.ai

  • In September, Arceo.ai closed a $37 million funding round.
  • It was led by Lightspeed Venture Partners and the Founders Fund, with investments also from CRV and UL Ventures.
  • Arceo.ai uses AI to collect cyber risk data from the customer's digital footprint which, in turn, connects with the insurance underwriting process. This makes the process faster, smarter and more efficient.

Coalition

  • Cyber insurance startup Coalition announced in May 2019 that it had raised $40 million in a Series B round.
  • The round was led by Ribbit Capital, with participation from Greenoaks Capital and Hillhouse Capital.
  • Coalition is a cyber insurance provider in the US.

Cowbell

  • In September of this year, Cowbell Cyber "emerged from stealth", revealing it had received $3.3 million in seed funding for its flagship product, Cowbell Factor.
  • Funding was provided by ManchesterStory Group, Holmes Murphy & Associates, Tri-Valley Ventures and the Global Insurance Accelerator.
  • Cowbell Factor is an AI-based risk detection service. It provides ongoing, automated risk assessments to better tweak cyber insurance coverage.

Zeguro

  • Zeguro closed a $5 million funding round in November 2018.
  • The primary investor was Mosaik Partners, but other contributors included Healthy Ventures, Munich Re/HSB Ventures, QBE Ventures, Social Capital, Plug and Play and Sparkland Capital.
  • Zeguro is a cyber safety platform designed specifically for SMEs in the US. It allows businesses to understand their risk, take preventative action and buy tailored cyber insurance.

CyberCube

  • In November of this year, CyberCube closed a $35 million Series B funding round.
  • Funding was led by HSCM Bermuda and ForgePoint Capital.
  • CyberCube is a platform offering "cyber aggregation modeling and individual risk underwriting".

Upstream Security

  • Israeli company Upstream Security received significant investment from automakers in North America and Europe in October 2019.
  • Volvo, Hyundai, Nationwide Insurance and the Renault-Nissan-Mitsubishi alliance helped raised over $30 million.
  • Nationwide Insurance specifically is looking to Upstream Capital to help develop its cyber insurance knowledge, as it feels autonomous vehicles present a new target in the coming years.

At-Bay

  • Californian company At-Bay reported a $13 million Series A funding round in May 2018.
  • Leading the funding were Keith Rabois of Khosla Ventures, Yoni Cheifetz of Lightspeed and Shlomo Kramer.
  • At-Bay is developing a proactive cyber monitoring system with related insurance products to accompany. It aims to find vulnerability to proactively insure against losses.

CoverHound

  • In February 2019, CoverHound raised $58 million in Series D funding.
  • Insurance company Hiscox led the funding, with additional investors of Chubb, Aflac Ventures and MS&AD.
  • CoverHound's CyberPolicy allows SMEs to receive quotes, compare policies and purchase cyber insurance easily and quickly online.

Lucideus Technologies

  • Just this month (December 2019), Indian start-up Lucideus Technologies announced $7 million in funding from MS&AD Ventures (the VC arm of one of Japan's largest insurance companies).
  • This helped the company double its valuation in just 10 months.
  • The company offers real-time cybersecurity assessments which then tie into existing technology to give enterprises a risk score. This then can facilitate better underwriting by insurers.

Kovrr

  • Israeli-based Kovrr announced $5.5 million in funding in September 2019.
  • This round was led by StageOne Ventures and Mundi Ventures, with help from Banco Sabadell and other private investors.
  • Kovrr is a cyber risk modeling firm that delivers insights to many players, including insurance carriers, "that enable them to quantify and manage their affirmative and silent cyber risk exposures across all lines of insurance."
Part
07
of ten
Part
07

Cyber Insurance Companies: Business Models (Part 2)

Coalition offers cyber insurance with coverage up to $10 million, as well as a set of cybersecurity tools. They make money off premium payments while offering tech solutions for free. Kovrr provides an artificial intelligence-based platform to predict and price cyber risk.

Coalition

  • Coalition is a cyber insurance startup founded in 2017, in San Francisco. It combines insurance services with comprehensive cybersecurity tools.

Products

  • The company's main product is cyber insurance with up to $10 million coverage.
  • It includes stolen funds, lost business income, breach response cost, bodily injury, cyber extortion, computer replacement, pollution damage, reputational harm loss, and reputation repair. A more detailed breakdown of what can be covered is available here.
  • Additionally, all customers get free access to a set of cybersecurity tools, such as credential monitor, security awareness training, ransomware prevention, patch manager, threat monitor, denial of service (DDoS) mitigation, HackerOne Response, and 24/7 security service.
  • Another product they offer is errors or omissions (E&O) coverage for tech companies. It covers costs of defense and liability in case their clients fill lawsuits against their software.
  • Coalition also has solutions that are tailored to specific industries (other than tech). The focus is on healthcare, retail & e-commerce, real estate, nonprofits, public sector, energy, legal, manufacturing, and cryptocurrency.
  • The product for healthcare companies is meant to protect the customers from patient data breaches.
  • The one for retail & e-commerce offers coverage in case of data breaches, denial of service attacks, and theft of credit card data.
  • The solution for manufacturing provides enhanced coverage of bodily injuries, pollution, and property damage.

Technologies Used

  • Coalition scans potential customers using third-party data, such as DNS records from email configurations.
  • The company offers a platform to manage insurance services and have easy access to cybersecurity apps. Screenshots from the dashboard can be seen here. The browser version is JavaScript-based.
  • It uses Curricula software for security awareness training. The app provides a phishing simulator, reporting capabilities, built-in marketing tools to drive engagement, as well as various forms of training content.
  • DDoS mitigation is offered in partnership with Cloudflare. Their app uses automation, fingerprint HyperText Transfer Protocol (HTTP), rate limiting, and "behavioral analysis of signatures and IPs across 20 million+ websites." They also have extensive data infrastructure with more than 190 data centers.
  • Coalition also provides vulnerability disclosure through HackerOne Response software. The app helps find issues with a company's security with the help of trained hackers. It prides itself on extensive reporting capabilities.
  • Additionally, the company partnered with Acronis to offer ransomware prevention. The app uses artificial intelligence to identify suspicious patterns.

Funding and Revenue Generation

  • So far, Coalition raised $50 million in two funding rounds. In 2018, they got $10 million in Series A, with Ribbit Capital, Valor Equity Partners, and Vy Capital as lead investors. A year later, they raised $40 million in Series B, mostly from Ribbit Capital.
  • Coalition generates revenue by selling insurance policies. All the cybersecurity tools are free for its customers.
  • It takes a fixed fee out of each premium payment. The rest of the premium is given to employees, the customer's insurance broker, and Coalition's carrier partners (Argo and Swiss Re). Some of it is also invested in technology.
  • Additionally, they are paid yearly by their carrier partners "based on the loss ratio."
  • The pricing of the company's products is dependent on many factors, including limits, coverages, and retentions. However, it starts at $50 a year.

Kovvr

  • Kovvr is a Tel Aviv-based startup that provides "a predictive cyber risk modeling platform." It was founded in 2016.

Products

  • One of their products is cyber risk selection and underwriting, which is meant to gain quantitative insights on cyber risk surrounding active policies.
  • Key elements of this solution are "real-time cyber threat landscape monitoring, actionable underwriting insights, contextual cyber risk assessment tools, and comprehensive data acquisition and augmentation."
  • Another product is portfolio accumulation management, which helps to deal with accumulated cyber risk.
  • The solution involves "insights into new emerging vulnerabilities, silent risk exposure, and monitoring portfolios' aggregations."
  • The third product Kovrr offers is cyber catastrophe modeling to gain insights into catastrophic cyber exposure in commercial insurance.
  • It encompasses "proprietary cyber catastrophe modeling framework, customized models, and quantifying exposure for a specific event."

Technologies Used

  • Kovrr uses advanced machine learning, data science, and predictive analytics.
  • Artificial intelligence-based algorithms are utilized to scan for incidents in real-time, as well as "predict and price risk models." Their solution combines third-party, proprietary, and open-source data.
  • The platform that the company offers is customizable to fit each customer's unique needs. It is able to create models that differentiate (re)insurers from their competitors.
  • Kovrr also prides itself on offering a solution that is transparent, allowing clients to access its modeling methodologies and data.

Additional Information

  • Earlier this year, Kovrr raised $5.5 million in Series A. Before, they had two funding rounds, but in both cases, the amount raised wasn't disclosed.
  • The company serves top insurance carriers, government regulators, and reinsurers.
Part
08
of ten
Part
08

Cyber Insurance Companies: Business Models (Part 1)

AIG, Chubb, and AXA XL are all established cyber insurance providers. These companies' cyber insurance product portfolios give interested individuals or organizations some level of flexibility as to the types of cyber risks they want covered. Analytics are used in underwriting, and either a mobile application or an online portal is used to give policy owners access to loss mitigation or loss control tools and services.

AIG

1. Product Offerings

  • AIG offers three cyber insurance coverages, namely, CyberEdge, CyberEdge Plus, and CyberEdge PC.
  • CyberEdge covers both breach-associated financial costs and first-party costs. First-party costs include event management costs, data restoration costs, financial costs paid to third parties, network interruption costs, and cyber extortion costs.
  • CyberEdge Plus covers physical world losses resulting from a cyber event such as a security failure, a privacy event, or a computer system breach. Physical world losses include business income losses arising from first-party property damage and third-party claims for bodily injury or property damage.
  • CyberEdge PC is an add-on to the standard property and casualty insurance coverage. This add-on is either a difference-in-conditions (DIC) insurance or a difference-in-limits (DIL) insurance.
  • AIG recently announced that, starting January 2020, it will switch to affirmative cyber coverage and exclusion. This means that its commercial property and casualty insurance coverages will expressly indicate whether non-physical or physical cyber exposures are covered or excluded.
  • Businesses with cyber coverage from AIG benefit from in-depth threat analytics and scoring, tools and services for proactive loss prevention, and global claims expertise.
  • Loss prevention complimentary services include blacklist internet protocol blocking, employee training, insurance portfolio diagnostics, domain protection, and pre-breach consulting, while claims services include immediate threat identification and restoration and recovery activities.

2. Technologies Used

  • For its underwriting process, AIG uses its CyberMatics technology, which was recognized as the Advisen 2018 Cyber Risk Innovation of the Year.
  • This technology offers both tailored analytics and timely cyber security insights such as risk scores, benchmarking data, and recommendations for improvement.
  • The data used in cyber underwriting are gathered by AIG's security partners, which include Darktrace and Crowdstrike. Darktrace has its Enterprise Immune System and Antigena products, while Crowdstrike has its Falcon Discover, Falcon Insight, Falcon Intelligence, Falcon Overwatch, and Falcon Prevent services.

Chubb

1. Product Offerings

  • Chubb categorizes its products and services into Cyber Products, Cyber Services, and Global Cyber Facility.
  • Its Cyber Products suite includes Cyber Enterprise Risk Management (Cyber ERM), DigiTech Enterprise Risk Management (DigiTech ERM), Integrity+ by Chubb, and ForeFront 3.0: CyberSecurity, while its Cyber Services suite includes Loss Mitigation Services, Incident Response Services, Premier Partner Network, and Cyber Alert.
  • Its Global Cyber Facility includes the following services: Global Cyber Facility: Suite of Multiline Peril Endorsements, Proprietary Global Cyber Facilitiy Assessment Process, Integrated Loss Control Services, and Comprehensive Claims Management & Post-Incident Services.
  • Compared to Cyber ERM, which covers basic enterprise risk issues, DigiTech ERM covers not only cyber liability but incident response and loss mitigation services as well.
  • ForeFront 3.0 adds five discretionary first-party coverages on top of the standard cyber liability coverage. Coverages for crisis management and privacy notification expenses are among most commonly added first-party coverages.
  • Integrity+ by Chubb offers first-party coverage for errors and omissions, privacy, data security, and infringement exposures, apart from broad cyber liability coverage.
  • Chubb offers cyber insurance for individuals and families as well.

2. Technologies Used

  • Chubb uses mobile-related technologies to give its cyber insurance policy owners access to its Cyber Alert mobile application. The mobile application provides 24/7 incident reporting services and incident response services.
  • Available through Android and iOS, the mobile application enables users to examine incident reporting history, and save or submit information that can help with the evaluation of a cyber event.
  • Since Chubb provides an array of tools for loss mitigation, including tools for simulating email attacks, testing networks for vulnerabilities, and benchmarking cyber security performance, it can be safely assumed that Chubb utilizes simulation, testing, and benchmarking technologies.
  • Chubb uses analytics, as can be seen in its proprietary risk evaluation framework Cyber COPE.

AXA XL

1. Product Offerings

  • AXA XL categorizes its cyber insurance products into Coverage for North America, International Coverage, and Technology Errors and Omissions Coverage. These coverages are flexible, meaning they can be adjusted to cover or exclude certain cyber risks.
  • The Coverage for North America provides coverage for cyber risks such as privacy liability, security liability, business interruption, cyber extortion, and system failures. Owners of this type of policy are entitled to benefits such as advanced endpoint protection, privacy awareness training, third-party contract review, incident response planning, computer forensics, and crisis management.
  • The International Coverage covers both third-party liabilities and first-party losses. These liabilities and losses include liabilities associated with data breaches and losses arising from business interruption, cyber extortion, and electronic asset destruction. Owners of this type of policy are entitled to benefits such as post-breach response services.
  • The Technology Errors and Omissions Coverage provides for negligence in the conduct of services and the production of technology products, and for the non-compliance of technology products as far as standards are concerned. Owners of this type of policy also have access to post-breach response services.

2. Technologies Used

  • AXA XL has developed a cyber insurance portal through which policy owners can access breach preparedness tools.
  • It has used the technology of Slice, an insurtech startup offering Insurance Cloud Services, an on-demand insurance platform, to develop an on-demand cyber insurance product for small and medium-sized businesses.
  • This on-demand cyber insurance product is considered the first of its kind. Slice's platform, which is powered by artificial intelligence, makes it possible for small and medium-sized businesses to purchase cyber insurance in just a few minutes.

Research Strategy

In identifying established cyber insurance providers, we referred to Market Watch's press release for a global cyber insurance market report. According to this press release, the top three players in the global cyber insurance market are the American International Group (AIG), Chubb, and XL Group, which was recently acquired by AXA. To determine the product offerings and technologies used by these three companies, we consulted the press coverage and websites of these companies.
Part
09
of ten
Part
09

Cyber Insurance Companies: Trends (Part 2)

The latest innovation trends in cyber insurance among startup insurance providers include the growing focus on small and medium-sized businesses, the bundling of cyber insurance and cyber security tools, the rise of the online cyber insurance comparison shopping platform, the growing use of artificial intelligence in cyber risk measurement, the emergence of on-demand cyber insurance, and the emergence of cyber security risk ratings and risk modeling solutions.

Growing Focus on Small and Medium-Sized Businesses

  • Cyber insurance products and services that are specifically designed for small and medium-sized businesses are emerging.
  • According to an article published by CB Insights, smaller businesses present a huge growth opportunity for cyber insurance providers for a number of reasons. Cyber attacks on smaller businesses has increased over time, and most smaller businesses do not have the resources to survive a cyber attack. Also, only around 15% of small businesses own cyber insurance.
  • Coalition is one example of a startup that is developing cyber insurance products for small and medium-sized businesses. Based in San Francisco, it has an online portal that retail brokers can use to distribute cyber insurance policies to small and medium-sized businesses. Coalition serves as a managing general agent.
  • According to Joshua Motta, chief executive officer of Coalition, smaller businesses are especially vulnerable to the following types of cyber attacks: phishing, denial of service (DOS) attacks, ransomware, credential stuffing, and attacks on old software.
  • CyberFortress is another example. The startup was founded in 2018 to address the cyber insurance needs of small e-commerce companies. It aims to protect small e-commerce companies from the risk of downtime arising from cyber attacks.
  • Cowbell Cyber, an insurance startup, also targets small and medium-sized businesses. It performs continuous underwriting to ensure cyber insurance is tailored to a company's own cyber exposures and risks.

Bundling of Cyber Insurance and Cyber Security Tools

  • Cyber insurance startups following the hybrid model are bundling cyber insurance with cyber security tools to encourage or incentivize businesses to take a more proactive and preventative approach to cyber security. Examples of these startups include At-Bay, Coalition, Paladin Cyber, and Zeguro.
  • At-Bay, a California-based startup with a research and development facility in Tel Aviv, offers both cyber insurance and cyber security monitoring. Unlike traditional insurers that utilize inappropriate actuarial data and standardized checklists in modeling risk, it focuses on providing real-time and customized risk modeling and reduction that, in turn, unlocks better prices and coverage for customers.
  • It takes into account emerging threats and vulnerabilities when predicting future risks. The risk management products it offers include the Data Breach Cost Calculator and the Security Score. The Data Breach Cost Calculator enables users to measure the potential financial cost of cyber deficiencies, while the Security Score enables users to identify top vulnerabilities and perform benchmarking.
  • Coalition also offers its customers both cyber security tools and cyber insurance. Businesses that use cyber security tools are given better insurance coverage and prices.

Rise of the Online Cyber Insurance Comparison Shopping Platform

  • Comparison shopping has found its way to the cyber insurance industry. There is now an online platform that individuals and businesses can use to find the best cyber insurance rates and coverage.
  • CoverHound, the San Francisco-based startup behind this platform, was recently able to raise $58 million in funding, which it will use for geographical expansion. It serves as an online broker.
  • CoverHound was founded in 2010, but it was only recently that it started listing cyber insurance products.

Growing Use of Artificial Intelligence in Cyber Risk Measurement

  • Artificial intelligence is increasingly being used in the measurement of cyber risk.
  • Cowbell Cyber, a cyber insurance startup touting continuous underwriting or risk assessment, makes use of artificial intelligence and machine learning in computing the Cowbell Factor, a cyber risk score that organizations can utilize in selecting the best cyber insurance coverage.
  • CyberFortress, a startup that offers parametric cyber insurance to small e-commerce businesses, utilizes machine learning in measuring these businesses' "risk of suffering downtime." Because its cyber insurance policy is parametric and narrowly-focused, it is capable of making payments within just 24 hours of a cyber event.

Emergence of On-Demand Cyber Insurance

  • On-demand cyber insurance products are emerging.
  • Slice, a startup offering cloud-based on-demand insurance, was recently contacted by AXA XL and XL Catlin to develop on-demand cyber insurance products for small and medium-sized businesses.
  • The objective of both partnerships is to make the cyber insurance process far simpler and easier for smaller businesses that do not have the dedicated information security resources that bigger companies have.
  • On-demand cyber insurance typically is subscription-based and can be purchased online in just a few minutes.

Emergence of Cyber Security Risk Ratings and Risk Modeling Solutions

Research Strategy

To identify the latest innovation trends in cyber insurance among startup insurance providers, we looked at the cyber insurance startups that were recently founded, the cyber insurance products and services that startups recently brought to market, the partnerships that startups in the space recently entered, and the trends that experts in the space have recently shared. With this strategy, we were able to gain a better understanding of the cyber insurance startup landscape. To ensure recency of information, we focused on sources that were published in the past 24 months.
Part
10
of ten
Part
10

Cyber Insurance Companies: Trends (Part 1).

The introduction of cyber insurance coverage for cryptocurrency theft, the introduction of cyber insurance tailored to manufacturers, the introduction of on-demand cyber insurance for small and medium-sized businesses (SMBs), the introduction of tools to help customers understand cyber risks better, and the use of tools to improve cyber risk underwriting are some of the latest innovation trends in the United States cyber insurance industry.

Introduction of Cyber Insurance Coverage for Cryptocurrency Theft

  • Large insurers are beginning to introduce coverage for cryptocurrency theft. Large insurers know that, despite the challenges that this move presents, the business of protecting businesses against cryptocurrency theft is too big an opportunity to pass up.
  • News of cryptocurrency hacks, fraud, and technical errors has made it clear that digital currency investors need protection. Large insurers are therefore feeling the pressure to find a reliable and cost-effective way to protect these digital currency investors.
  • The road ahead will not be easy for these insurers as they know very little about cryptocurrency and these digital currency investors, and they do not have the large volumes of data that they typically depend on when developing new insurance coverages.
  • A few large insurers, such as Chubb and XL Catlin, have started selling this type of cyber coverage, however. And several other large insurers, including AIG, have started exploring the viability of selling cyber coverage for cryptocurrency theft.

Introduction of Cyber Insurance Tailored to Manufacturers

  • Large insurers are rolling out cyber insurance plans that are designed specifically for manufacturers and the cyber risks these manufacturers face. They are doing this in answer to the increasing number of cyber threats (e.g., ransomware and data breaches) that manufacturers and industrial businesses in the United States face.
  • Manufacturers are emerging as attractive targets for cyber criminals, so they are requesting insurers for industry-specific insurance coverages.
  • Zurich and Beazley are two examples of large insurers demonstrating this trend. Zurich has recently launched new endorsements to amend and expand its cyber insurance policy for manufacturers. These new endorsements expand the coverage to include the protection of industrial control systems such as programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) systems, computer software, hardware, firmware and electronic data, computer peripheral devices such as mobile and wireless devices, and electronic backup facilities.
  • Beazley, in partnership with Marsh, has also introduced a new cyber insurance coverage for manufacturers in the United States. This new cyber insurance coverage, which was designed with manufacturers in mind, protects manufacturers from supply chain interruption, invoice manipulation, technology disruption, and e-crime losses. Beazley reports that hacking and malware were the primary causes of cyber loss among manufacturers in 2018.

Introduction of On-Demand Cyber Insurance for SMBs

  • On-demand cyber insurance designed specifically for small and medium-sized businesses is emerging.
  • It can be expected that more and more insurers will offer this type of insurance. Small businesses reportedly prefer to purchase their cyber insurance online. Additionally, according to the National Cyber Security Alliance, small businesses are targeted by cyber attacks 50% of the time, and of small businesses that have suffered a cyber attack, 60% have ceased operating within only six months of the attack.
  • AXA XL is one example of an established insurer that has started offering this type of insurance. The company has partnered with Slice Labs to come up with a cyber insurance coverage that small and medium-sized businesses can purchase online with ease. This coverage is available on a subscription basis, and the sign-up process for this coverage is relatively uncomplicated.

Introduction of Tools to Help Customers Understand Cyber Risks Better

  • Large insurers are launching new or improved tools to help cyber insurance policy owners understand cyber risks better and take a more proactive approach to cyber security.
  • Businesses will hopefully become better equipped to protect themselves against cyber threats.
  • Chubb, for example, has recently upgraded its Cyber Index to provide more helpful insights to customers. This improved index, which identifies cyber threats by organization size and industry, offers cost analysis and incident cost calculation. Cyber threat data is updated real-time and is inclusive of both current and historical threats.
  • Zurich has also recently launched its Cyber Fusion Center, a physical space that houses the company's cyber threat intelligence group. This group is tasked to detect emerging cyber threats and identify concrete steps for customers to follow.

Use of Tools to Improve Cyber Underwriting

  • To improve cyber risk underwriting, large insurers are partnering with other companies to leverage these companies' analytical capabilities. They expect that, by doing so, they will be able to quantify cyber risk better and design and price cyber insurance more accurately.
  • As a result of this trend, risk modeling tools that are designed specifically for cyber exposures are becoming more prevalent and more powerful.
  • Chubb has entered into an agreement with CyberCube that will allow the former to utilize the latter's analytics in understanding systemic cyber risks. CyberCube is unique in that it has access to large troves of cyber event data.
  • Zurich has also partnered with Cyence to improve how it underwrites cyber risk and prices cyber insurance. Cyence has an analytics platform that allows users to measure the financial cost or impact of cyber events. This platform leverages cyber security, data science, and economics.

Research Strategy

We began by researching what each key player in the global cyber insurance market has been doing recently. Since a United States focus is desired, we examined what each key player has been doing in the country specifically. We paid attention to the cyber insurance products and services that were recently launched, the partnerships that were recently entered, and the tools that were recently utilized or developed. This approach provided us with a holistic view of the direction large insurers are taking as far as innovation is concerned. Only sources published in the past 24 months were considered to ensure recency of information.
Sources
Sources

From Part 01
From Part 07