For many businesses, the COVID-19 pandemic led to a dramatic acceleration in the use of digital technologies, from expanded remote work to increased cloud utilization. As more employees and assets move online, the attack surface for cyber criminals has rapidly increased. As a result, cybercrimes have grown sharply over the past few years – the number of ransomware attacks (malware designed to cripple businesses by making their computer systems unusable until they pay a ransom) increased over 100% in 2021.
Due to an increase in frequency of attacks, along with several high-profile attacks (Colonial Pipeline, Solar Winds, and Log4j), cyber security has become top of mind for businesses. In recent surveys by Allianz and Morgan Stanley, companies ranked cyber security as one of their top 3 risks; a top 2 category where software spend will increase the most; and the top area they were least likely to decrease investment in during a recession.
A massive underinsured market
Cyber protection is not exclusively an enterprise issue — over 40% of cyber attacks are aimed at small and medium-sized businesses (“SMBs”). Unfortunately, SMBs often lack the resources or the knowledge to protect and insure themselves from these incidents. In fact, more than 60% of small businesses go out of business within six months of a breach. Especially in the absence of a cyber insurance policy.
Despite cyber being one of the fastest growing lines within commercial insurance, the SMB segment remains largely underinsured. There are over 30 million small businesses in the US, yet fewer than 15% have a cyber policy in place. Historically, this has been driven by a lack of awareness; but today, as more and more small businesses seek out cyber insurance, they are being turned down by cyber insurance providers who are hesitant to provide coverage when proper security hygiene is often lacking.
The friction in acquiring coverage
As the cyber market has hardened, insurers are tightening their risk aperture and mandating that businesses have proper security measures in place in order to receive coverage. The list of prerequisites for a cyber policy can be daunting (MFA, data backups, VPN, endpoint detection, etc.), especially for small business owners juggling other business responsibilities and with limited experience or familiarity with the world of cyber.
SMBs who elect to procure their own security tools face an overwhelming process. With a multitude of virtual CISOs and other service providers using technical jargon, it is challenging to make an informed decision around cyber tools. Moreover, it is time consuming – customers must find a service provider, vet the service provider, and then have their insurer verify that the service provider satisfies their standards. And finally, it is cost prohibitive, with expenses to procure the required security often reaching thousands of dollars
on top of insurance premiums.
This process can be so onerous that some customers simply push off the decision to another day, and in so doing, push off getting cyber insurance coverage. This creates a vicious cycle. Vulnerable small businesses, without technical or financial protection, become the easiest targets for attacks.
What the market has been missing is a bundled solution for cyber security and insurance. Until Elpha Secure.
Elpha Secure is a one-stop-shop for cyber insurance and cyber security software. Operating as an MGA, every Elpha Secure policy not only includes comprehensive insurance coverage, but also includes proprietary cyber security software called Elphaware. This software suite provides a set of critical security tools necessary to protect every SMB, including multi-factor authentication, encrypted data backups, endpoint detection and response, and software version controlling.
What excites us most about Elpha Secure is its unique value proposition for all ecosystem participants — SMBs, brokers, and insurance carriers.
For SMBs, the process of acquiring controls – once a time and resource-intensive process – can now be accomplished in a matter of seconds through Elpha Secure, all at a competitive price. Installing Elphaware is similarly seamless, requiring less than 60 seconds. This bundled approach also reduces friction for brokers and helps reduce their quote-to-bind ratios.
Brokers, rather than having to redirect their customers to a multitude of third-party security providers, can now offer an improved experience for SMBs who might not otherwise meet prerequisites for cyber policies.
Elpha Secure not only better serves brokers and their customers, but also offers a differentiated solution for insurance carriers. While many cyber insurance providers today rely on outside-in vulnerability scans to assess and monitor risk, Elpha Secure uniquely offers an inside-out vantage point. By embedding its own controls into its policies, Elpha Secure not only protects its customers, but can also collect a unique set of data. And over time, as Elpha Secure learns what kinds of behaviors tend to predict (or forestall) cyber incidents, the team can ultimately generate industry-leading loss performance for Elpha Secure’s insurance carrier partners who assume the loss risk.
Securing the banks
For many of our Canapi Alliance banks, small businesses represent a major customer segment. Securing these customers – from a cyber perspective – has historically been challenging, and losses for a customer can result in losses for the banks. But with Elpha Secure, ensuring that customers are risk protected is easier than ever; this, in turn, helps mitigate risks for their financial institutions.
This virtuous cycle can be recognized even further from banks with commercial insurance arms, who can finally offer an all-in-one solution to their SMB customers and reduce frictions in acquiring security. This enhanced customer experience is also an enhanced broker experience, and adds further value to the product suite that banks can offer.
An unparalleled team
Elpha Secure’s ability to build these solutions independently is thanks to a deep bench of technical talent. Co-founder and CEO Preetam Dutta, as well as CTO David Williams-King, hold PhDs in Cybersecurity from Columbia University, and have spent extensive time researching and developing cybersecurity systems.
But Elpha Secure has more than just technical expertise – they also know the insurance market inside and out. Co-founder Gordon Malin has nearly 20 years of global insurance investment experience, and Chief Underwriting Officer Josh MacDonald is touted as one of the most respected underwriters in the industry, having led cyber teams at both Beazley and Chubb.
A bright future
It has been a delight to spend the last several months getting to know Preetam, Gordon, and the entire Elpha Secure team. As the need for cyber insurance continues to grow, we firmly believe that Elpha Secure will emerge as one of a handful of winners in the cyber race. Brokers continue to seek out cyber offerings that bring value to their platform and their customers, and Elpha Secure’s bundled solution will only become more relevant and more valuable.
We couldn’t be more excited to partner with Elpha Secure alongside insurance industry veterans Axis Capital, State Farm, The Hartford, Stone Point, Fermat and Eos Ventures as they continue to bring forward the future in cyber insurance. We look forward to supporting Preetam, Gordon, and their colleagues in ensuring that businesses – no matter their size, can protect themselves from cyber threats.