Insurtechs that specialize in cyber risk can take numerous paths — with their future dependent at least in part on their investors’ patience — but not all will survive, experts say.
Possible options for the companies, many of which operate as managing general agencies, include remaining independent, being acquired, or establishing partnerships with traditional insurers (see chart).
It will take time to determine the insurtechs’ success, said Catherine Mulligan, New York-based global head of cyber for Aon PLC’s reinsurance solutions. “We have to let the losses roll through.”
Not all will endure, said Peter Taffae, managing director at Los Angeles-based wholesale brokerage Executive Perils Inc. “There’s going to be a cleansing, if you will,” he said.
“You’ll see a lot of these companies being sold off,” said John A. Coletti, former New York-based chief underwriting officer for cyber and technology in North America for Axa XL, a unit of Axa SA, who is joining Swiss Re as head of global cyber. “That’s sort of the nature of this business,” that investors want “to be able to cash out and make their money.”
At the same time, continuing investor interest means more cyber insurtechs are likely to be launched, as the overall market slowly reaches a consensus on which are viable.
“There’s a need for more capacity in the market” and “a lot of investor appetite right now,” said Anthony Dagostino, New York-based executive vice president, global cyber and technology practice, at Lockton Cos. Inc.
Globally, insurtechs of all types raised $7.38 billion in the first half of this year, surpassing the $7.12 billion raised for all of 2020 by $268 million, according to a report issued in July by Willis Towers Watson PLC.
Given the demand for coverage, “the insurtechs have room to grow,” said Vikram Sidhu, New York-based partner at law firm Clyde & Co. Many will remain independent for the next two to five years but, based on past history, they may later be absorbed by larger entities.
Jim Auden, managing director at Fitch Ratings Inc. in Chicago, said the private equity firms that own many of the companies may plan to have them go public or find another exit strategy in five to seven years, “so you can see larger insurers as likely candidates to provide those investors with liquidity.”
“Consolidation will occur,” said Erica Davis, New York-based managing director, global co-head of cyber, at Guy Carpenter LLC, the reinsurance broking unit of Marsh & McLennan Cos.
“A transaction will be an effective way either for a nonwriter of cyber currently to enter the space, or for an existing insurer to obtain proven technology without time and cost commitments,” she said.
Some could be acquired by traditional insurers that “have that kind of M&A strategy,” while others could build themselves up to full-stack insurers, Ms. Mulligan said.
Richard May, Redmond, Washington-based managing principal at EPIC Insurance Brokers & Consultants, said, “As long as their business model remains profitable, most of them, I believe, will want to remain standalone.”
Cowbell Cyber Inc., a Pleasanton, California-based managing general agency, will become a full-stack insurer, said founder and CEO Jack Kudale. “The MGA model is an amazing model, but the growth in this market is so big, so huge,” that a transition to a full-stack insurer is called for, he said.
He added, “I would forecast there is space for three to four companies to go public as cyber insurers in the market.” At least for now, Cowbell will remain a monoline insurer, he said.
Cyber insurtechs will not necessarily remain monoline. Rotem Iram, founder and CEO of At-Bay Inc., a Mountain View, California-based cyber insurtech MGA, which raised an additional $185 million in venture capital in July, said, “We’re seeing cyber risks cross over into other lines of professional liability,” most notably, E&O and crime.
“We think that trend will continue, and as a result we plan to continue and develop our suite of products to provide support to brokers and customers across multiple lines of business,” Mr. Iram said. This will also help build “a balanced and more stable book of business,” he said.
Initial public offerings may also be in cyber insurtechs’ future.
IPOs are “becoming a bigger part of the insurance ecosystem, and being a public company is a great way to access capital,” said Jason Barg, a partner with Radnor, Pennsylvania-based Lovell Minnick Partners LLC, a private equity company.
“I believe in the alliance model” between insurtechs and traditional companies, where different capabilities can be brought together, said Ed Chanda, national sector lead, insurance, at KPMG LLP in Columbus, Ohio.
Tim Zeilman, global cyber product owner at Hartford Steam Boiler in Simsbury, Connecticut, said HSB has provided capacity for both At-Bay and San Francisco-based cyber risk management company Zeguro.
“There are a lot of ways insurtech and traditional insurance companies work together, “ he said. Many are MGAs that “essentially are working on behalf of traditional insurance companies” in effective partnerships.
Newcomers, incumbents face off, with each offering pros and cons
Cyber-oriented insurtechs and standard insurers that cover cyber each have their own strengths and weaknesses, experts say.
Insurtech companies that either write cyber directly or as managing general agencies can offer nimble service unimpeded by standard insurers’ legacy issues, but they do not have standard line competitors’ financial resources, they say.
Another difference is their segment focus. Many insurtech companies have found a niche in catering to small and medium-size companies, which arguably have been underserved, and have a more streamlined underwriting process because they rely on automated processes for these often relatively uncomplicated risks.
In contrast, standard line insurers, with their large bandwidth and resources, may be more capable of handling larger accounts, although there is not necessarily a strict demarcation between the two models.
Cyber insurtech Cowbell Cyber Inc. can arrange for coverage in under five minutes for policyholders with less than $250 million in coverage, which is its market focus, said Jack Kudale, founder and CEO of the Pleasanton, California-based company.
“It’s really hard for traditional insurers to do that, so it’s an advantage for newcomers such as ourselves,” Mr. Kudale said.
Shawn Ram, head of insurance for insurtech Coalition Inc., a San Francisco-based managing general agency that specializes in cyber insurance and security, said the insurance industry “historically has struggled” with legacy systems, leading to a slower operating pace and difficulties in implementing advanced technology.
Phil Edmundson, founder and CEO of Boston-based Corvus Insurance Holdings Inc., an insurtech managing general underwriter, and a long-time industry executive, said commercial insurance normally relies on historical data.
“We find that to be less compelling in cyber insurance because of the nature of the risk. Both the types of attacks and tools have changed so much recently,” he said. “Having a view of the present vulnerabilities and present cyber ecosystem is much more powerful here than in other types of insurance.”
Traditional insurance companies “are not the most forward thinking” and, especially with respect to technology, are “more reactive than proactive,” said Michael Dion, vice president and senior analyst with Moody’s Investors Service Inc. in New York.
John A. Coletti, former New York-based chief underwriting officer for cyber and technology in North America for Axa XL, a unit of Axa SA, who is joining Swiss Re as head of global cyber, said, however, that “when something goes awry, like ransomware is now, (standard line companies) have reserves to cover those claims, whereas insurtechs have not built up reserves yet,” and so their participation in the market could be short-lived.
Richard May, Redmond, Washington-based managing principal at EPIC Insurance Brokers & Consultants, said the cyber insurtechs and traditional insurers are moving closer together in how they approach cyber, at least for the somewhat larger risks.
Many traditional insurers now use the scanning technology adopted by insurtechs as part of their underwriting process, while cyber insurtechs “have started to ask more questions because they can’t get the answers they’re after from those scans,” Mr. May said.
“Cyber as a line of business presents, probably, the most even playing field between insurtechs and incumbents, just on the basis it’s a relatively new risk class, and so incumbents don’t have an inherent advantage” because of their access to decades of data, said Andrew Johnston, Nashville-based Willis Re insurtech global head. And insurtechs are competitive on price, he said.
A key factor in cyber insurtechs’ future is investors’ patience in waiting for a return on their investment.
Private equity investors are accustomed to technology’s more rapid pace compared with the insurance sector, “so it will be incumbent on the insurance arms of these insurtechs to really articulate a clear strategy and explain how it works,” said Catherine Mulligan, New York-based global head of cyber for Aon PLC’s Reinsurance Solutions.
Michael Dion, vice president and senior analyst with Moody’s Investors Service Inc. in New York, said, “You would probably have to worry about some of these investors looking for the next hot idea” if their investments do not generate a high enough return in the expected time-frame. Others “can be a little more patient with it,” he said. “It depends on who the investors are.”
While initially investors may have had shorter investment horizons, “there’s a view there are good returns to be had in the medium term,” beyond two to five years, which will give insurtechs breathing room, said Vikram Sidhu, New York-based partner at law firm Clyde & Co.
“My sense of the marketplace is, investors have felt comfortable” with the cyber insurtechs, which have so far not suffered losses that would lead them to question their investment strategy, he said.
“Our investors are thoughtful about the challenges of building new models in a traditional industry like insurance,” said Phil Edmundson, founder and CEO of Boston-based Corvus Insurance Holdings Inc., an insurtech managing general underwriter.
“They have been very successful in banking and related activities, and I think they will be very successful in our business, too,” he said.
Corvus investor Vishal Vasishth, co-founder and managing director of San Francisco-based tech venture capital firm Obvious Ventures, said, “We are planning on building companies from the ground up, so we can have a little longer horizon as compared to a private equity fund,” which prefer investing in more established companies.
“There are various breeds of venture capital partners,” said Vishaal Hariprasad, CEO of San Francisco-based program manager Resilience Cyber Insurance Solutions, which is supported by a unit of Toronto-based Intact Financial Corp. The ones that succeed generally are the ones that have patience and a long-term vision, he said.