Tag: EC insurtech

Posted on

Cyber insurance audit: Painful necessity, or a valuable opportunity?

Ilia Sotnikov Contributor
Ilia Sotnikov is a security strategist and VP of user experience at Netwrix.

Not that long ago, few companies even considered purchasing insurance to mitigate their financial exposure from a cyber incident, and for those that did, obtaining a policy was as easy as filling out an application and writing a check. Those days are now squarely in the rearview mirror. Today, companies everywhere are rushing to get cyber insurance — the value of the global cyber insurance market reached $13.33 billion in 2022 and is projected to soar to $84.62 billion by 2030.

However, the increased number of policies combined with the sharp uptick in costly attacks led to higher costs for cybersecurity insurance providers. To stem their losses, insurance companies now often require proof that an organization has implemented a variety of security measures in order to be eligible to purchase a policy.

Rather than resisting or resenting risk assessments from potential cyber insurance vendors, IT leaders should regard them as an opportunity to strengthen their organization’s security posture.

Cyber insurance involves risk assessment

Across the insurance industry, policy requirements and premiums vary according to risk assessment. For instance, installing an anti-theft system might reduce the cost of insuring an expensive sports car. A person living in a flood plain can expect to pay more for a homeowner’s policy than someone with a similar house on higher ground — or they might not be able to purchase a policy at all, as homeowners in states like Florida are discovering.

It is the same for cyber insurance. An insurance provider may impose more security demands on a company that hosts large volumes of personally identifiable information (PII) than it does for a company of similar size with far less PII. And organizations that lack sufficient security controls to bring risk down to a level acceptable to an insurance provider might not be eligible for any policy at any price.

What cyber insurance actually covers

The main focus of cyber insurance is obviously on covering the financial risks of an incident. Typically, you can expect the insurance to cover the firsthand costs to the business that are the direct result of the cyber event, such as:

  • Forensic analysis and incident response. Some insurers require that you engage specific managed incident response services.
  • Recovery of data and systems caused by actual loss and destruction.
  • Cost of the downtime due to the cyber event.
  • Costs incurred from sensitive data breaches, such as handling PR activities, notifying impacted clients, or even providing credit monitoring services to customers.
  • Legal services and certain types of liability for regulated data, including covering the costs of the civil lawsuits.

It is important to note that insurance rarely or never covers some of the longer-lasting impacts of the event, such as any future profit loss due to theft of intellectual property or the need to invest in cybersecurity program improvements after the event.

There is no consensus on reimbursement for paying a ransom. Not all insurers cover this type of expense. Some experts argue that it can encourage further attacks and fund criminal activities. In some jurisdictions, the discussion is going back and forth on whether paying ransom should be banned altogether.

As with any insurance policy, you can expect extra clauses. These may include the top amount they cover, the requirement to go through a due process with the law enforcement agencies, or involvement in professional ransom-negotiation services.

The must-have security measures for cyber insurance

A recent Netwrix study reveals useful details about the process of qualifying for cyber insurance today. It found that 50% of organizations with cyber insurance implemented additional security measures either to meet the requirements of the policy they selected or to simply be eligible for a policy at all. The figure below shows the specific requirements they reported having to meet:

Image Credits: Netwrix/Netwrix Hybrid Trends Security Report 2023

Don’t take this list as comprehensive or authoritative. For instance, implementing MFA does not necessarily mean requiring MFA for all users; an insurer might require additional authentication only for users with privileged access to sensitive data and systems. In addition, remember that these controls are interrelated. For example, in order to require MFA for access to particular types of data, you need to know where sensitive and regulated data resides and have control over user and administrative privileges.

Posted on

Everything you need to know about cloud outage insurance

Companies collectively spent $61 billion on cloud infrastructure in Q4 2022, and there’s more growth to come. Yet, businesses are poorly protected from losses caused by cloud downtime.

“Cloud service providers typically offer service level agreements (SLAs) that outline their commitments to service availability and performance,” AV8 general partner Amir Kabir told TechCrunch+. But while penalties are usually involved should agreed-on service levels not be achieved, these rarely cover full losses that a cloud outage could cause its customers.

Case in point: After millions of websites went offline after a major data center fire in France, a small online seller complained in the press that her cloud provider, OVHcloud, was only offering her a voucher worth a few months of free hosting — around $30, when she estimated the actual damage as closer to $2,000.

For e-commerce businesses large and small, it is easy to see how cloud downtime can result in a loss of revenue. But cloud outages can have a negative revenue impact on businesses of all kinds, whether it is because of productivity loss, or because they have their own SLAs with customers to whom they may owe compensation.

The usual corollary of risk is insurance against it, but when it comes to cloud downtime, the insurance sector hasn’t fully caught up yet.

Everything you need to know about cloud outage insurance by Anna Heim originally published on TechCrunch

Posted on

Everything you need to know about parametric insurance

Insurance is one of the few industries that have remained largely unchanged over the past few decades at a low level: You suffer losses as a direct result of something going south, and you get paid by your insurer.

But that old model doesn’t always work. For example, a construction company in a region regularly affected by hurricanes might see its projects surviving these storms mostly unscathed, but it might still see losses in terms of time and other potential costs because crews simply couldn’t make it to work.

Your traditional indemnity policy might pay this company based on the magnitude of its losses, but wouldn’t have to pay for those unforeseen, follow-on costs because they aren’t “damages” in the usual sense. One could argue the company is getting the short end of the stick here.

Parametric insurance, on the other hand, ensures that everyone can win. Instead of insuring customers based on the magnitude of the losses incurred, parametric contracts insure customers against the magnitude of events. So in our example, the construction company may see a payout if there is a certain “trigger event,” such as the area is hit by a Category 4 hurricane or higher, or if the wind speed reaches a certain, pre-specified mark.

Investor Nina Mayer, a principal at Earlybird Venture Capital, defined it quite succinctly in our recent insurtech survey:

“Parametric insurance (as opposed to traditional indemnity insurance) is an insurance type that pre-specifies the amount of payout based on concrete ‘trigger’ events. For example, the payout could be linked to a certain weather event, such as the height of a river above the flood point.”

This type of insurance is also called index-based insurance because it relies on data and automation, a combination that explains why this approach is enjoying tailwinds. Instead of filing and reviewing claims, both parties can rely on information showing that a trigger event occurred.

Leveraging data in this way makes the process more efficient for both the insurer and the insured. “The key advantages of parametric insurance are fast payouts, high flexibility and the option to provide coverage for losses that are difficult to model,” Mayer said.

The fast payouts that this model facilitates make it particularly useful for weather-related insurance, where those affected are most benefited by quick access to funds. And that is clearly evidenced by the number of insurtech startups building parametric solutions for this space.

Everything you need to know about parametric insurance by Anna Heim originally published on TechCrunch

Posted on

6 VCs explain why embedded insurance isn’t the only hot opportunity in insurtech

If you think embedded insurance is the only hot thing in insurtech these days, we’ve got a surprise in store for you: While it’s true that startups that help sell insurance together with other products and services are enjoying tailwinds, there are plenty of other opportunities in the space, several investors told TechCrunch+.

You see, insurtech startups often need to take into account the myriad rules and regulations in place when they seek to innovate and embed insurance into products, which might make it difficult to pull it off. And given the current emphasis on achieving cost efficiency to extend runways in the broader startup ecosystem, it appears investors are open to insurtech startups that can build a sustainable business model, regardless of it including embedded insurance.

“Insurtech startups that do not offer embedded insurance, and rather provide other innovative solutions will still attract VC funding this year, especially if they can show cost-efficient and sustainable growth,” said Nina Mayer, a principal at Earlybird.

And according to David Wechsler, a principal at OMERS Ventures, “having an embedded strategy is not required for venture funding.”

Meyer added that there is particular interest in products that go beyond embedded insurance. “We are generally open to startups innovating any part of the value chain as long as the problem and market are big enough.”

This focus on cost efficiency instead of growth at all costs is driven by the same factors that affect startups more broadly. “It’s been a turbulent few months for all tech sectors, including insurtech,” said Stephen Brittain, director and co-founder of Insurtech Gateway.

There’s another reason why fundraising is harder for insurtech founders in 2023. Wechsler said, “Many firms who dabbled in insurtech (A.K.A. “tourist investors”) have left the space. This makes it much more challenging to close subsequent rounds.”

On the flip side, he predicts that corporates with venture capital arms that are “committed to the insurance sector will likely step up their involvement.”

This also seems true more broadly of venture funds with a strong insurtech thesis. “We are still bullish on insurtech and we have been active in 2023,” said Hélène Falchier, a partner at Portage Ventures.

But investors are being careful to not put all their eggs in one basket. “Beyond embedded insurance, we are also particularly excited by solutions tackling claims prevention or underwriting in verticals such as climate or cyber,” Mayer said.

Artificial intelligence will likely take longer to demonstrate its full potential for the insurance sector, but its current applications are already being tracked actively by venture capital funds.

Talking about generative AI and insurance, Astorya.vc’s founding partner, Florian Graillot, reported seeing a lot of enthusiasm around that topic. He thinks that early use cases may center on customer service, but is certain that more will follow.

“There is a lot more to expect from these generative AI solutions not only to smoothen the engagement with customers, but also to get a sense of customers’ risks, collect documents in the claim process, or maybe deliver reporting to the regulator. We are clearly in the early days, whatever the industry!”

Read on to find out what insurtech investors think about where the sector is heading in 2023, why they feel IoT and parametric insurance are a hot opportunity, how Apple will change the game if it ends up launching its insurance product and more.

We spoke with:

Florian Graillot, founding partner, Astorya.vc

Embedded insurance is growing in popularity as more companies find ways to bundle insurance products with their offerings. How important will it be for insurtech startups to have an embedded insurance product to attract funding this year?

It’s true we’ve seen a lot of insurtech startups rebranding themselves towards that positioning. I’d even say it became a buzzword. But there are few players really offering third parties a way to seamlessly add insurance solutions to their customer journeys (that’s how I would define embedded insurance).

I believe the time is past when claiming such a positioning was enough to raise money. Investors have matured and the market knows B2C and embedded insurtech are two very different companies. Hence, you cannot switch from one to another overnight.

But for startups that have the right balance between tech/product and insurance, there is a huge opportunity, as more and more platforms, e-commerce and marketplaces are looking for additional revenues on their existing customer base. That’s what such insurtech startups can offer them! We have long been pushy on such an indirect distribution, having invested in four embedded insurance startups in property and casualty, bancassurance, life, and SME insurance.

How has your approach to the insurtech industry changed since the last time we spoke in Q3 2022?

Since astoryaVC’s inception, we have been investing in tech-based startups and have done a lot of B2B / enterprise software deals in the insurance space. That hasn’t changed. And the current market is rather reinforcing our investment thesis.

By the way, that makes a lot of sense when you remember that insurtech is three to four years behind fintech in terms of investments, and insurers usually lag behind banks in digital adoption rankings.

In terms of maturity, we haven’t changed our seed focus, as this is where the market is the most active (almost half of deals announced last year in [Europe’s insurtech sector] were below €3 million, see here), and anyway, insurtech is still a very young industry.

Apple is reportedly launching health insurance in 2024, for which it may leverage data from its other offerings. What impact would this have on interest for data-driven approaches in the insurtech sector?

First, let me share: I’m very excited about that perspective, as we’ve long been very pushy towards third parties entering the insurance industry. The rationale behind that is if insurance claims it is all about data, usually platforms own more data on their (vertical) market! Who owns health data? The Apple watch, not insurers. Hence, it makes perfect sense that such a company considers entering that space.

Florian Graillot, founding partner, Astorya.vc. Image Credits: Florian Graillot

Obviously, there are many challenges to tackle, but at least they have the data and customers’ trust to share this data with them. Let’s see how they are delivering. And their huge customer base could be a competitive edge. See how they are doing in the payment space with Apple Pay!

Every time a big name enters insurance, there is always a mix of skepticism from incumbents and a reminder that change is needed. In the short term, I don’t expect any impact, but if the first figures of adoption are nice, re/insurers will probably kick off similar projects. It’s worth reminding that there is already such a project, live on the market: Vitality.

Do you expect B2B companies to follow Apple in this and leverage wearables data as well?

At least they should, as I believe they have three strengths to support such initiatives:

  1. they have a lot of customers;
  2. they own a lot of data on their customers;
  3. they have regular touch points with these customers.

We’re actually seeing more and more third parties launching insurance products. I’m thinking about Tesla in the car insurance market. In France, for instance, we have Blablacar, a ride sharing platform, and Ornikar, an online driving school, which have launched their own insurance solutions at scale. To make the link with the first question, we expect that move to accelerate as insurtech is developing “embedded insurance” solutions, which is the tech infrastructure required to plug insurance solutions to third-party platforms. For instance, it’s gaining momentum in the SME space!

As parametric insurance becomes a reality, which areas of insurance do you see extracting the most value from IoT applications?

Parametric insurance is a very exciting space: we’ve been discussing it for a few years now, but there are still only a few players delivering it at scale. Nevertheless, that addresses a real need in the market around what we call “new risks.” Not every insurer is offering such products: the risk didn’t exist a few years ago, and it is growing fast. Hence, there is a real challenge to spot relevant data sets and get a sense of them through algorithms. This opens the door to more insurtech / insurance partnership rather than competition.

In terms of use cases, weather insurance has been the hottest topic so far both in terms of the number of startups launched in that space, and by the scale of the most advanced players. But there are many other opportunities to tackle. I think about cyber insurance, which was hot recently. I also have in mind Cloud outage — we have invested in Riskwolf in that space. I think about digital assets as well: one can add new ways of working, etc.

When do you think that ChatGPT will start to have a tangible effect on insurance?

That’s a very good question. We see a lot of enthusiasm around that topic. The first use cases may be around the customer experience, and I even believe major attempts at leveraging ChatGPT in insurance recently are what we’ve long been expecting from “chatbots.”

But there is a lot more to expect from these generative AI solutions not only to smoothen the engagement with customers, but also to get a sense of customers’ risks, collect documents in the claim process, or maybe deliver reporting to the regulator. We are clearly in early days, whatever the industry!

6 VCs explain why embedded insurance isn’t the only hot opportunity in insurtech by Anna Heim originally published on TechCrunch

Posted on

Pay as you drive, or pay how you drive?

Welcome to The TechCrunch Exchange, a weekly startups-and-markets newsletter. It’s inspired by the daily TechCrunch+ column where it gets its name. Want it in your inbox every Saturday? Sign up here.

Having talked to many insurtech investors lately, I found myself thinking about usage-based insurance (UBI, which in this case doesn’t refer to universal basic income). On a surface level, this approach makes a lot of sense: For instance, why should drivers pay the same premiums regardless of how many miles they drive? But differentiating users also raises all sorts of questions on what’s fair, and where UBI is heading next. — Anna

Stop paying for others?

“There has been a lot of noise around UBI […] over the past few years. It was supposed to be the next big thing, but it hasn’t really taken off yet,” New Alpha Asset Management associate Clarisse Lam told TechCrunch.

AV8 VC‘s partner Amir Kabir concurred with Lam, noting struggles among startups and legacy insurance providers alike: “Early startups operating the UBI space had a hard time creating meaningful moat,” he said. Meanwhile, he added, “incumbents have been operating in the UBI space for decades and have yet to see major adoption.”

Coincidentally, or perhaps not, one of the insurtechs that was most badly hit by the stock market sell-off was Metromile, which went public in 2021 and saw its valuation decline over 85% before getting acquired by fellow former startup Lemonade. Metromile’s focus was pay-per-mile car insurance, a self-explanatory concept in which drivers get charged less if they drive less.

Pay as you drive, or pay how you drive? by Anna Heim originally published on TechCrunch