Cyber insurance is a specialty insurance product that protects organizations from liabilities arising from cybersecurity incidents. General liability insurance policies provide very limited coverage for such events, giving rise to specialized products to cover both first- and third-party liabilities arising from cyber incidents.
AI and machine learning are helping insurers better assess and quantify risk across an ever-evolving threat landscape. These tools assist in pricing and underwriting while helping insurers continuously monitor client systems (and by extension, their portfolio risk) and obtain insights to improve security posture.
Data breaches and ransomware extortions can potentially cost a company millions, making cyber insurance an attractive investment at just a fraction of the cost. Such policies are particularly helpful for smaller businesses, which often lack adequate resources for strong cyber defense, as an attack can threaten their existence in most cases. While not a complete replacement for standalone cybersecurity solutions, the insurance policy and its bundled value-additions help companies by cushioning the financial impact, helping with incident response, and improving their overall security health.
Pandemic-induced remote working trends expose new vulnerabilities
Remote work was a contributing factor for over 17% of all data breaches and has added USD 1 million to the average breach bill.
Companies that had a majority of their workforces working remotely, saw an incremental data breach cost of up to USD 1.3 million per breach between May 2020 and March 2021.
Cyber claims increased significantly in 2020, bringing loss ratios to 73%. Breach response triggered nearly half of cyber insurance claims.
Demand soars despite rising premiums; disruptors cash in
Changing risk profiles have driven up industry premiums, with a 25.5% year-over-year (YoY) hike as of Q2 2021
Coalition: 800% YoY growth in gross written premium run rates
At-Bay: 800% YoY growth in annual recurring revenue
Corvus Insurance: 250% YoY growth in gross written premiums
Security Scorecard: 61% YoY growth in revenue and 89% growth in customer base
The cyber insurance industry features companies that provide cyber insurance (either as a pure play startup or as part of a wider commercial offering) as well as companies that offer risk assessment, rating, and modelling services. Most disruptors in this space are pure play insurance providers—a segment that also accounts for the highest funding, with companies such as Coalition and At-Bay being among the highest funded.
Companies in the commercial insurance segment mainly offer commercial property and casualty insurance policies and have introduced cyber insurance to complement their existing product portfolio. Most incumbents, being larger commercial insurers (such as Allianz, AIG, AXA), fall under this segment.
Both pure play players and commercial insurers follow a hybrid model, where cyber insurance policies are bundled with value-added services such as technologies and human experts to help policyholders manage cyber risks and post-incident response.
Companies that offer risk assessment, rating, and cyber risk modelling solutions, help cyber insurance brokers and underwriters to assess and quantify risks of both potential and existing clients. These services help with underwriting and ongoing portfolio management decisions. Incumbents in these segments have entered this industry mainly through acquisitions.
Nearly 70% of the disruptors we have identified in the cyber insurance industry were established over the last five years. Almost half of all disruptors were pure play providers of cyber insurance policies. Companies in this segment account for the lion’s share of the total funding that came into the industry, with over USD 813 million in funds raised by September 2021.
Coalition is the highest-funded and most valuable startup across the insurance provider segments, raising USD 315 million by September 2021 with a USD 1.75 billion valuation. Pure-play insurer At-Bay and risk ratings startup Security Scorecard are the other key unicorns, having fetched valuations of USD 1.35 billion (July 2021) and USD 1 billion (March 2021), respectively. Security Scorecard is also the highest funded company in the risk assessment and ratings segment, with BitSight leading the pack of risk modeling startups.
Coalition offers cyber insurance to cover cyberattack-related incidents such as stolen funds, lost business income, ransomware extortion, computer replacements, breach response costs, and even costs related to reputation harm and repair.
The company offers insurance with maximum coverage of USD 15 million to companies with up to USD 1 billion in revenue. Coalition’s insurance policies are underwritten by insurance giants such as Swiss Re Corporate Solutions, Argo Group, and Lloyds of London.
Coalition also offers technology errors and omission (E&O) insurance for protection against legal liability resulting from errors in the technology products they sell. It also offers cybersecurity solutions of its own, including an endpoint detection and response platform (EDR), managed services, risk assessment, and staff training services. Coalition combines its cybersecurity offering with its insurance business line to provide threat monitoring and real-time intelligence as well. The company’s managed response teams act as the first line of defense, preventing attacks before they turn into insurance claims while helping companies assess losses and providing additional support during the claims process.
In 2019, Coalition acquired internet scanning platform provider BinaryEdge for an undisclosed sum. The acquisition was to allow the company to offer policyholders the ability to scan and identify potentially vulnerable devices. The company has also acquired commercial insurance agency Attune Insurance in October 2021 for an undisclosed sum. The acquisition enabled the company to expand the reach of its cyber insurance products through Attune’s insurance marketplace and also leverage its own developments in machine learning and analytics to expand Attune’s product offering over time.
Key customers and partnerships
Coalition offers its services to industries such as healthcare, retail, e-commerce, technology, real estate, energy, manufacturing, the public sector, and even novel industries such as blockchain and cryptocurrency.
Coalition entered into a multi-year partnership with Allianz in June 2022. Allianz provided its products and distribution network to back a share of Coalition’s Active Cyber Insurance programs for SMEs and mid-sized companies in the US and UK (to launch later in 2022). Coalition combined its cyber insurance coverage with AI-powered security solutions to allow Allianz customers to detect and respond to cyber risks, with 24/7 access to its incident response experts.
Funding and financials
As of September 2021, the company had an employee headcount of 265. Coalition reported that its revenue grew nearly 200% YoY and the run rate gross written premium (GWP) exceeded USD 775 million, as of July 2022. During the same period, the company served more than 160,000 customers and had partnerships with brokers in all 50 US states.
In June 2022, Coalition raised USD 250 million in a Series F funding round, bringing the total funding raised to more than USD 755 million. The round valued the company at USD 5 billion from the USD 3.5 billion valuation achieved during its Series E raise in September 2021. The funds were expected to be utilized to expand its services, to accelerate its growth, and on international expansion.
Pure play cyber insurers:
Risk assessment and rating:
The incumbents in the cyber insurance industry mostly consist of large, established commercial insurers who offer cyber insurance to complement their existing commercial insurance products. Similar to disruptors, the incumbents also follow a preventative approach to cyber insurance by bundling value-added services such as tools to identify threats and manage risks, along with access to cybersecurity professionals to assist in response strategies.
Incumbents such as Aon and Brown & Brown have acquired smaller commercial insurtech startups to absorb technologies and accelerate their entry into the cyber insurance market. Additionally, partnerships have also been prevalent, with the most common partnerships being with 1) other insurers— to share capacity and best practices (Liberty Mutual and AIG), 2) technology companies— to offer insurance as a combined offering (Allianz and Apple, Munich Re and Google), and 3) cybersecurity providers— to provide bundled solutions (Allianz and Check Point Software).
Incumbents in the risk-related segments of risk rating, assessment, and modeling have entered the industry through acquisitions, in a bid to launch cyber risk services, on top of their existing product offerings.
No investor data is available