A new InsurTech startup launched in California recently with the goal of pairing cyber insurance with cyber risk management to create "an insurance company for the digital age."
The team behind At-Bay (formerly CyberJack) announced their company rebranding campaign in November at the same time they began selling thorough cyber insurance policies that include coverage for data breaches, cyberattacks and extortion, and business interruption from such events. At-Bay is backed by The Hartford Steam Boiler Inspection and Insurance Company (HSB), part of Munich Re.
During a telephone interview, At-Bay CEO Rotem Iram said his team, which includes cyber security experts that previously worked in government intelligence, is in a unique position to cover cyber risk in a way that he believes is currently unmatched in the insurance marketplace.
"As businesses integrate technology in different ways, to unlock value for their customers in a more fundamental way, they’re also exposing themselves to risks unlike any they've ever managed before," Iram said. Such businesses, "need an insurance partner to not only help you transfer risk but also to help you think about your risk management program."
Cyber risk is unlike other types of risk, he said, so it defies traditional insurance industry projection models.
"The way that insurance works, usually you collect historical data and use it to predict future risk," Iram said. "That doesn’t work because cyber risk is so dynamic and fast-changing."
Related: Emerging cyber risks
Thinking like hackers
A press release about At-Bay's November launch characterized the insurer as having a bulked-up IT security department: "We match deep insights on a company’s IT security with financial exposures that cyber attack vectors create, to enable insurance brokers and risk managers to more clearly and accurately assess and manage cyber risk. Our insurance products and supporting risk management services provide organizations with the confidence that they can take on the challenges of tomorrow."
At-Bay also reflects the growing collaboration between InsurTech startups and insurance industry incumbents. (Photo: iStock)
"We are very excited about working with At-Bay and continue to be impressed by the technology and expertise they bring to customers," Dave Mercier, senior vice president for HSB, said in the press release. "At-Bay's data and knowledge-driven business model aligns with HSB’s own system of managing and underwriting cyber risk. Their offering truly leverages the strengths of both companies."
Cyber risk fundamentals
At-Bay analysts further make the case for their approach to cyberinsurance in a report the company compiled titled "The True Cost of Ransomware and the Role of Cyber Insurance." The study, produced with Researchscape from a survey of 123 business IT respondents, reveals cybersecurity insights gleaned from roughly 100 businesses. At-Bay analysts found that:
— 51% of respondents considered ransomware a very or extremely significant threat.
— Respondents expressed the least amount of confidence in their ability to stop a significant ransomware attack compared to other types of cyber-attacks.
— 83% are concerned about data breaches that result in the exposure of sensitive personal information.
— 69% of respondents stated they were very or completely concerned about the business interruption from a ransomware attack.
— 80% of respondents estimated that it would take only 12 hours before revenue was impacted by such an attack.
Related: Cyber risk and reputational harm
During a conversation at InsureTech Connect earlier this year, Iram joined fellow At-Bay founder Roman Itskovich in discussing why they believe the insurance industry is in a unique position to tackle cyber threats, particularly when the cyber insurance product is paired with security measures. "We can reduce the volatility of the risk while providing a more comprehensive price," Iram said.
Itskovich described a system and culture at At-Bay that mirrors tech companies. To that end, At-Bay inventories the technology stack of each policyholder in order to fundamentally understand the nature of that company’s cyber risk. This also will enable At-Bay to work with customers to forge a thorough response to cyber threats.
"We fundamentally understand the risk," Iram said. "What happens when you don’t understand the risk? You fight the claim."