EDGE
Book a demo

Cyber Insurance

The latest line of defense against rising cyber attacks

Overview

Cyber insurance provides additional defense against rising cyber threats

Cyber insurance is a specialty insurance product that protects organizations from liabilities arising from cybersecurity incidents. General liability insurance policies provide very limited coverage for such events, giving rise to specialized products to cover both first- and third-party liabilities arising from cyber incidents.

AI and machine learning are helping insurers better assess and quantify risk across an ever-evolving threat landscape. These tools assist in pricing and underwriting while helping insurers continuously monitor client systems (and by extension, their portfolio risk) and obtain insights to improve security posture.

Data breaches and ransomware extortions can potentially cost a company millions, making cyber insurance an attractive investment at just a fraction of the cost. Such policies are particularly helpful for smaller businesses, which often lack adequate resources for strong cyber defense, as an attack can threaten their existence in most cases. While not a complete replacement for standalone cybersecurity solutions, the insurance policy and its bundled value-additions help companies by cushioning the financial impact, helping with incident response, and improving their overall security health.

What's driving this industry?
Market Sizing

Cyber insurance premiums in the US could reach USD 8.1–11.7 billion by 2025

Conservative case

USD 8.1 Bn

Base case

USD 9.9 Bn

Expansion case

USD 11.7 Bn

USD billion024681012202020212022202320242025
View details

COVID-19 IMPACT

Pandemic-induced remote working trends expose new vulnerabilities

  • Remote work was a contributing factor for over 17% of all data breaches and has added USD 1 million to the average breach bill.

  • Companies that had a majority of their workforces working remotely, saw an incremental data breach cost of up to USD 1.3 million per breach between May 2020 and March 2021.

  • Cyber claims increased significantly in 2020, bringing loss ratios to 73%. Breach response triggered nearly half of cyber insurance claims.

Demand soars despite rising premiums; disruptors cash in

  • Changing risk profiles have driven up industry premiums, with a 25.5% year-over-year (YoY) hike as of Q2 2021

  • Coalition: 800% YoY growth in gross written premium run rates

  • At-Bay: 800% YoY growth in annual recurring revenue

  • Corvus Insurance: 250% YoY growth in gross written premiums

  • Security Scorecard: 61% YoY growth in revenue and 89% growth in customer base

View detail

Market Mapping


The cyber insurance industry features companies that provide cyber insurance (either as a pure play startup or as part of a wider commercial offering) as well as companies that offer risk assessment, rating, and modelling services. Most disruptors in this space are pure play insurance providers—a segment that also accounts for the highest funding, with companies such as Coalition and At-Bay being among the highest funded. 

Companies in the commercial insurance segment mainly offer commercial property and casualty insurance policies and have introduced cyber insurance to complement their existing product portfolio. Most incumbents, being larger commercial insurers (such as Allianz, AIG, AXA), fall under this segment.

Both pure play players and commercial insurers follow a hybrid model, where cyber insurance policies are bundled with value-added services such as technologies and human experts to help policyholders manage cyber risks and post-incident response.

Companies that offer risk assessment, rating, and cyber risk modelling solutions, help cyber insurance brokers and underwriters to assess and quantify risks of both potential and existing clients. These services help with underwriting and ongoing portfolio management decisions. Incumbents in these segments have entered this industry mainly through acquisitions.

Incumbents
Growth
Early
Seed
Pre-Seed
Pure play cyber insurers
?
Commercial insurers
?
Risk assessment and rating
?
Cyber risk modelling
?
SecurityScorecard
SecurityScorecard
SecurityScorecard
SecurityScorecard
Microsoft
Coalition
At-Bay
Corvus Insurance
Cowbell Cyber
Resilience
Boxx Insurance
Measured Insurance
Zeguro
CyberDot
Evolve MGA
CyberBee
Stoïk
Baobab
Allianz (AGCS)
Liberty Mutual Insurance
AIG
Beazley
AXA
Munich Re
Aon
Chubb
AMTrust Financial
Brown & Brown (CyberPolicy)
Vouch
Embroker
Boost
Blackfire Cyber Insurance
Mastercard (Risk recon, Cytegic)
BitSight
SecurityScorecard
Cowbell Cyber
CyberCube
KYND
Corax
Guidewire (Cyence)
Mastercard (Risk recon, Cytegic)
Broadcom (Bay Dynamics)
BitSight
CyberCube
Envelop Risk
Kovrr
Corax
Cyberwrite
PivotPoint Risk Analytics
VivoSecurity

The Disruptors


Nearly 70% of the disruptors we have identified in the cyber insurance industry were established over the last five years. Almost half of all disruptors were pure play providers of cyber insurance policies. Companies in this segment account for the lion’s share of the total funding that came into the industry, with over USD 813 million in funds raised by September 2021. 

Coalition is the highest-funded and most valuable startup across the insurance provider segments, raising USD 315 million by September 2021 with a USD 1.75 billion valuation. Pure-play insurer At-Bay and risk ratings startup Security Scorecard are the other key unicorns, having fetched valuations of USD 1.35 billion (July 2021) and USD 1 billion (March 2021), respectively. Security Scorecard is also the highest funded company in the risk assessment and ratings segment, with BitSight leading the pack of risk modeling startups.

Pure play cyber insurers

?

Disruptors

?
Funding in USD Millions
Coalition
520
At-Bay
292
Corvus Insurance
161
Cowbell Cyber
123
Resilience
117
Boxx Insurance
10
Watchlist
?
Measured Insurance
Zeguro
Stoïk
CyberDot
Evolve MGA
CyberBee
Baobab

Commercial insurers

?

Disruptors

?
Funding in USD Millions
Vouch
160
Embroker
142
Boost
37
Watchlist
?
Blackfire Cyber Insurance

Risk assessment and rating

?

Disruptors

?
Funding in USD Millions
BitSight
401
SecurityScorecard
292
Cowbell Cyber
123
CyberCube
35
Watchlist
?
KYND
Corax

Cyber risk modelling

?

Disruptors

?
Funding in USD Millions
BitSight
401
Envelop Risk
136
CyberCube
35
Watchlist
?
Kovrr
Corax
Cyberwrite
PivotPoint Risk Analytics
VivoSecurity

Coalition

Coalition offers cyber insurance to cover cyberattack-related incidents such as stolen funds, lost business income, ransomware extortion, computer replacements, breach response costs, and even costs related to reputation harm and repair. Coalition offers its services to industries such as healthcare, retail, e-commerce, technology, real estate, energy, manufacturing, the public sector, and even novel industries such as blockchain and cryptocurrency. The company offers insurance with maximum coverage of USD 15 million to companies with up to USD 1 billion in revenue. 

Coalition also offers technology errors and omission (E&O) insurance for protection against legal liability resulting from errors in the technology products they sell. It also offers cybersecurity solutions of its own, including an endpoint detection and response platform (EDR), managed services, risk assessment, and staff training services. Coalition combines its cybersecurity offering with its insurance business line to provide threat monitoring and real-time intelligence as well. The company’s managed response teams act as the first line of defense, preventing attacks before they turn into insurance claims while helping companies assess losses and providing additional support during the claims process. 

Coalition’s insurance policies are underwritten by insurance giants such as Swiss Re Corporate Solutions, Argo Group, and Lloyds of London, and by September 2021, the company had served over 52,000 customers globally with a gross written premium run rate of USD 325 million, up 800% year-over-year, and employed 265 staff. 

In 2019, Coalition acquired internet scanning platform provider BinaryEdge for an undisclosed sum. The acquisition was to allow the company offer policyholders the ability to scan and identify potentially vulnerable devices. The company has also acquired commercial insurance agency Attune Insurance in October 2021 for an undisclosed sum. The acquisition will enable the company to expand the reach of its cyber insurance products through Attune’s insurance marketplace and also leverage its own developments in machine learning and analytics to expand Attune’s product offering over time.

In September 2021, Coalition raised USD 205 million in a Series E funding round that valued the company at USD 3.5 billion—double what it fetched during its Series D in March 2021. The Series E was co-led by Durable Capital, T. Rowe Price, and Whale Rock Capital. The company expects to use the funding to enter into new insurance lines, expand into new markets, and increase its headcount to 315 by the end of the year.

Segment:
Pure play cyber insurers
Total funding:
USD 520.0 million
Competitors:
At-bay, Corvus Insurance, Embroker, Vouch, Resilience
Disruptor Funding History

Pure play cyber insurers:

Coalition
At-Bay
Corvus Insurance
Cowbell Cyber
Resilience
Boxx Insurance
Measured Insurance
Zeguro
Stoïk

Commercial insurers:

Vouch
Embroker
Boost

Risk assessment and rating:

BitSight
SecurityScorecard
Cowbell Cyber
CyberCube
KYND
Corax

Competitive Analysis


Filter by a segment or companies of your choice
Pure play cyber insurers

Incumbents


Established insurers enhance cyber insurance capacity and technologies through partnerships

The incumbents in the cyber insurance industry mostly consist of large, established commercial insurers who offer cyber insurance to complement their existing commercial insurance products. Similar to disruptors, the incumbents also follow a preventative approach to cyber insurance by bundling value-added services such as tools to identify threats and manage risks, along with access to cybersecurity professionals to assist in response strategies.

Incumbents such as Aon and Brown & Brown have acquired smaller commercial insurtech startups to absorb technologies and accelerate their entry into the cyber insurance market. Additionally, partnerships have also been prevalent, with the most common partnerships being with 1) other insurers— to share capacity and best practices (Liberty Mutual and AIG), 2) technology companies— to offer insurance as a combined offering (Allianz and Apple, Munich Re and Google), and 3) cybersecurity providers— to provide bundled solutions (Allianz and Check Point Software).

Incumbents in the risk-related segments of risk rating, assessment, and modeling have entered the industry through acquisitions, in a bid to launch cyber risk services, on top of their existing product offerings.

In-house development

Acquisition

Investment

Partnerships

Allianz (AGCS)
check
check
Liberty Mutual Insurance
check
check
check
AIG
check
check
Beazley
check
check
AXA
check
Munich Re
check
check
check
check
Aon
check
check
check
Chubb
check
check
AMTrust Financial
check
Brown & Brown (CyberPolicy)
check
Guidewire (Cyence)
check
Microsoft
check
Mastercard (Risk recon, Cytegic)
check
Broadcom (Bay Dynamics)
check
Allianz (AGCS)

Established in 1890, Allianz is a German multinational financial services company with a focus on insurance and asset management. As of 2020, Allianz was the second largest insurer in the world, with total assets amounting to USD 1.1 trillion. Allianz Global Corporate & Specialty (AGCS), the corporate insurance arm of the Allianz Group, provides property and casualty insurance, risk consultancy, and alternative risk transfer solutions. As of September 2021, AGCS operated in more than 30 countries, but had an effective reach in over 200 countries through its partner network, collectively employing around 4,400 employees.

ACGS provides cyber insurance as a standalone product through Allianz Cyber Protect that offers first and third-party cyber insurance coverage to cover consequences of cyberattacks, such as business interruption, restoration costs, data breaches, network security liability, and notification expenses. ACGS also offers prevention and incident response services, and 24/7 access to IT forensic experts such as Mandiant, and crisis communications support.

Together with Cisco and Apple, Allianz introduced a cyber risk management solution in February 2018 to protect businesses from ransomware and malware-related threats. The solution comprises cyber resilience evaluation, incident response services, and cyber insurance coverage to Cisco and Apple business customers underwritten by AGCS. AGCS also teamed up with Google Cloud in March 2021 (along with Munich Re) to provide the Cloud Protection + solution for Google Cloud customers. Cloud Protection + is a cyber risk insurance solution designed for businesses with annual revenue ranging between USD 500 million and USD 5 billion. It offers a maximum coverage of USD 50 million in potential losses. The Cloud Protection + solution also includes a tool that enables businesses to measure the overall cyber risk exposure on Google Cloud and creates an individualized report based on the findings, which can then be used to simplify risk assessment and eligibility processes to determine coverage.

AGCS also has a partnership with cybersecurity company, Check Point Software Technologies, since October 2019, which allows it to bundle its cyber insurance policies with Check Point’s advanced threat prevention solutions for customers and businesses based in Denmark, Finland, Norway, and Sweden.

Notable Investors


No investor data is available

Funding data are powered by Crunchbase
arrow
menuarrow
Talk to sales to learn more
Book a demo

By using this site, you agree to allow SPEEDA Edge and our partners to use cookies for analytics and personalization. Visit our privacy policy for more information about our data collection practices.