Cyber Ground

by Jay Cuthrell
Share and discuss on LinkedIn or HN

This week we take a look at the past, present, and future of cyber insurance and cyber risk marketplaces.

This week’s musical inspiration in title and lyrics:

Please Vote For My SxSW 2024 Proposal

I would be very grateful if you could vote for my SxSW 2024 proposal. It takes just three (3) quick steps.

  1. Sign up for a free SxSW account to vote: Screenshot 2023-08-13 at 1.08.59 AM.png

  2. Check your email and click the “Confirm my account” link Screenshot 2023-08-13 at 1.05.00 AM.png

  3. Cast your vote by clicking the up arrow icon ⬆️ until it changes to a checkbox ✅:

Before Screenshot 2023-08-13 at 1.10.58 AM.png

After Screenshot 2023-08-13 at 1.11.11 AM.png

Thanks in advance! Also, if you are a LinkedIn user and want to see what others are promoting, use this link to search for panel picker sorted by most recent references in the last month:"past-month"&\_SEARCH&sid=ax.&sortBy="date\_posted"

Screenshot 2023-08-12 at 8.05.07 PM.png

Oh, and feel free to leave comments. 🤓

Getting Informed

Insurance is simply a tool that attempts to protect against risks. In these modern times, the friction and time to acquire productized coverage forms of insurance has drastically reduced as technology from e-commerce to real-time risk ratings become part of end user consumer experiences on the web, via APIs, and increasingly on mobile platforms — truly, there is an app for that. 📲

By prepending the word cyber to insurance, we have a relatively recent modern tool (or at least as old as the web) that is meant to protect against the growing risks to our increasingly data intensive online IT infrastructure. Further, the evolution of quantifying risks of increasingly sensitive online data passing through online IT infrastructure is required as well to account for the when not if scenarios related losses during the data lifecycle — including considerations for companies and their customers as well as third-parties.

Now it’s time for reading 📖, watching 📺, and listening 🎧 suggestions:

I’m so glad that I know more than I knew then 🎶

If you’ve recently bought an expensive smart phone or even commercial airfare, you know that adding insurance is just a checkbox away — including monthly amortization or a lump sum payment option. Humans can now drop their phones after travel woes and feel economically protected no matter what breaks first — the device or their will — or both. 😩

All that modernity aside, the insurance industry is very very old. Insurance has existed at least as far as the first boats began carrying things of value from shore to shore… and losing those things or sinking of said boats.

Perhaps you’ve shopped for a common insurance policy for your home, rental, or vehicle. You might have noticed the checkbox options that could result in a policy rate reduction for simple things like a fire extinguisher, smoke alarm, or theft deterrence device or security monitoring service.

The question to ask might be as simple as wondering when (not if) a startup or large cloud service provider will make cyber insurance polity rate reduction and the underlying risk quantification a drastically more simplified process. In fact, if you follow Forrester, that cyber insurer M&A driven future is already here and Jeff Pollard believes there is more M&A coming to a cyber insurance firm near you.

Don’t you let nobody bring you down 🎶

Within the range of my 50-something lifetime, The Insurance Services Office (aka _the_ _other_ ISO) was created to provide actuarial support, ratings, and more. Today, ISO is part of Verisk and serves to enable fast-track for mergers and acquisitions (M&A).

As such, the insurance marketplace has some level of maturity to quantify the risks and to influence if not codify much of the language you might have read in your own insurance policy documents over the years. However, cyber insurance and assessment of cyber risk can still cause confusion.

Just consider this… the writers over at Dark Reading have been covering cyber insurance since 2006 to present. If that year sounds familiar, perhaps it is because it is the same year that AWS S3 and EC2 became publicly available.

So, if an answer to better balancing cyber risk and policy rates is to get the proper stack built (or brought / bought) into these cyber insurance companies, where is the deal flow taking place? Or, where is the likely consolidation via M&A as innovative firms spring forth to make dents in the cyber insurance universe?

Today, if you look for funding of startups in the cyber insurance and risk marketplace you’ll find several examples. Some recent VC funding for cyber insurance and risk startups from the past 12 months include:

As for my $0.02 on this topic… I believe that there is going to be time when ONLY machine learning and artificial intelligence real-time risk ratings are trusted to shift the cyber insurance market over time into niche pockets of bundled policies. For example, being able to a la carte the specific coverages will be a maturity not unlike what we see in vehicle coverage today where the app on your phone or an OBD-II device is real-time rating a driver’s driving habits — with some painfully learned lessons along the way.

Or, as I shared in a recent Fudge Sunday issue… in a future world, HAL may not be pleased with your infrastructure as code choices…

So, what will be the next big thing in the cyber insurance and cyber risk marketplaces?

Until then… Place your bets!


I am linking to my disclosure.



✍️ 🤓 Edit on Github 🐙 ✍️

Share and discuss on LinkedIn or HN
  • Get Fudge Sunday each week