Cybercrime is on the rise, and today an insurance startup that’s built an artificial intelligence-based platform to help manage the risks from that is announcing a big round of funding to meet the opportunity. Cowbell Cyber, a full-stack insurance company that provides cyber insurance to SMEs, has closed a Series B of $100 million, which it will be using to continue investing in its data science and “risk engineering”, as well as underwriting tech, claims management, its reinsurance business Cowbell Re and expanding its go-to-market channels.
The company — based out of Pleasanton and active so far only in the U.S. market — is not disclosing its valuation, nor how many customers it has today, nor what its revenues look like at the moment. But Jack Kudale, the founder and CEO, tells me that it’s projecting its policy holder base to grow three-fold in the next 12 months, to 35,000-40,000 customers (which would imply something around 17,000-20,000 businesses currently), and that its premium run rate (the insurance industry’s revenue run rate equivalent) has grown 40x this year, to $200 million, in what is still a very nascent market, with less than 10% of small businesses in the country currently taking out cyber insurance policies.
“We believe that the first wave of cyber insurance growth was high but constrained,” he said, but he believes that wider themes in the market have changed the game both for potential customers, and for companies like his. “The threat landscape has evolved dramatically. COVID-19 expanded the attack surface and [even] the Russian invasion of Ukraine has expanded that a great deal.” That, he said, is because the heightened efforts to introduce more hacking and malware around that conflict essentially puts more malicious tools into the market, not to mention more active participants looking for opportunities.
On top of all this is the age-old issue with small and medium businesses. They are largely overlooked in comparison to larger enterprises, so anyone looking to build solutions specifically catering to them will have a lot of opportunities. “Underwriting cyber insurance for SMEs is a more dire prospect than for large enterprises,” he said.
The company’s approach is fascinating, as it sits very much at the heart of big data analytics, the idea of “tech” in the category of “insuretech” and also taps into a bigger trend I’ve been noticing among insurance companies overall, where they appear just as focused on providing tools for prevention to mitigate risk as they are in snagging customers and getting them into regular premium payment cycles.
Kudale tells me that the basis of Cowbell’s system is a massive data ingestion operation, where it monitors about 71% of the companies in the U.S. market, or 23 million businesses, to figure out larger trends in usage and SMB behavior, covering some 1,000 data points. This in turn goes into a wider algorithmic evaluation platform that he referred to as Cowbell Factors. Alongside this, it provides monitoring analysis of its individual customers to assess their individual risk profiles.
“This is continuous in nature, where you monitor both the business and the wider market,” he said. This is in contrast to other kinds of business insurance, which are typically based around industry risk guidelines published by third parties, combined with number of employees and revenue. “This is okay for any other kind of insurance but not for cyber risk. You have to assess each business in its uniqueness.”
These details then are not just used to determine a company’s premium but also to give it guidance around its practices and policies and how to improve them. (This is not unlike how, say, life insurance companies now also focus on wellness; or even when home insurance providers give guidance on home security and charge users more when homeowners do not invest in better security systems.)
Kudale acknowledges that this approach places the company closer to cybersecurity than insurance in some ways, although the company also sells through and collaborates with some 45 different cybersecurity vendors as well in its approach to the market. (This makes a lot of sense, when you consider how, for example, Apple will sell Apple Care alongside its hardware.) These sell the product alongside a channel network of 14,000 brokers. Cowbell does not intend to license its technology or white label its product to be sold through other business insurance providers, he added, believing that the opportunity for it lies in building out its own business on its own rails. He describes the company as insure-tech, cybersecurity provider, and actually financial services company rolled into one.
“We already offer security services at no cost, since we are already providing cybersecurity and insurance bundled together in one product. The better posture that our business customers have, the better they are to select and underwrite. But we are also a fintech because we have our own reinsurance operation [Cowbell Re] and take a small risk in that because it’s been very profitable to us.”
One thing that it will continue to do is not move into providing services to consumers or larger businesses alongside its SMB focus. “The market is so big, and we don’t want to de-focus ourselves,” he said.
Cowbell forecasts that cyber insurance “in-force premiums” in the U.S. will total $100 billion by 2030 — a figure that will cover both large enterprises and SMBs, which is one reason that investors are interested.
“With its unique approach to cyber risk underwriting and continued collaboration with cybersecurity suppliers, Cowbell Cyber has positioned itself as the leader in the cyber insurance space for SMEs,” said Matthew Jones, managing director at Anthemis Group, in a statement. “The company has accomplished stellar results to date and we are thrilled to be a part of their next chapter. We look forward to the innovation they’ll continue to bring to the cyber insurance market.” Jones is joining the board with this round.