Bitesize InsurTech: CyberCube

May 31, 2019

CyberCube offers a SaaS platform to insurers for modelling cyber risk. 

The business was established in 2015 and was initially incubated by cyber security company Symantec. It came out of ‘stealth mode’ in February 2018.

CyberCube’s SaaS platform combines public data with proprietary insight into microsegments of companies to provide underwriters with analytics and insights to help them understand and price cyber risks more accurately. An example of proprietary data is phishing statistics for a particular type of SME. The company’s insight benefits from its ongoing strategic partnership with Symantec.

CyberCube’s public clients include Munich Re, CNA and Chubb, and Pascal Millaire, CEO, noted that around 40% of all cyber insurance premium in the US is underwritten by their clients.

The start-up is based in San Francisco but operates in Europe as well as North America. It has an office in London and is planning to open another office in Tallinn Estonia, which is the headquarters of NATO’s Cyber forces. 

CEO Pascal Millaire has experience in both the start-up and cyber insurance worlds having worked at hotel software company Fingi and in cyber insurance at Symantec. 

Read our recent Q&A with Pascal Millaire, CEO of CyberCube.

The Oxbow Partners view

Cyber insurance has been hot for years. The global market is generally estimated at around $5bn in 2017, likely to grow to $20bn in the next five years or so. Insurers famously love a growth opportunity and it is no surprise that the number of providers is currently ballooning.

But how well is the risk understood? Depending on who you believe, the answer is somewhere between “very well” and “not at all”. Data is generally hard to access, “events” are hard to define, and losses hard to predict, particularly aggregations. 

It is not obvious that many insurers are well placed to generate the necessary insight, let alone differentiated insight, for cyber underwriting without help. Insurers are not cyber security specialists in the same way that many of them are, say, experts in flood risk or hurricane loss aggregation. Can a mid-sized insurer (or even a large one) really build the cyber capabilities that allow them to select and price risk effectively? 

We think it is only possible with the help of specialist partners – and in some ways hurricane loss aggregation is a good analogy. Even in this core area, almost all insurers rely on the outsourced modelling services of businesses such as RMS and AIR. We think it is highly likely that insurers will come to depend on specialist modelling firms in the cyber space.

This is all part of a general theme in insurance around ‘debundling’ of the value chain. Whilst discussion often focuses around the excessive number of participants in the insurance value chain – for example Lloyd’s recent strategy paper – the reality is that the value chain is extending in many areas. These new links are specialised companies like CyberCube, which allow insurers to outsource more and more of their core capabilities to partners. 

Whilst this makes strategic sense in the short term, we have also written about the risk of “AWS moments” in a previous blog post – an excessive level of dependence by the industry on critical service providers. Go forth – but with your eyes open.