Parametric cyber: turning the market on its head

If you’re going to launch a new managing general agent (MGA), it makes sense to do it with an attention-grabbing product in a growing class of business, with backing from a major insurance player.

Intangic MGA did exactly that when it launched earlier this month (March 2023) with a parametric policy called CyFi.

The policy flips the accepted approach to cyber cover on its head, leaders at the underwriting firm told Intelligent Insurer.

“When we started looking at this, we saw that the insurance industry thinks of cyber as a catastrophe-type risk—it’s low frequency. Our view was that cyber is actually high frequency. It’s happening all the time,” said Ryan Dodd (pictured), CEO and founder of Intangic, the company that launched Intangic MGA as a joint venture with Acies managing general underwriter (MGU).

The assumption of high-frequency cyber risk may not hold true for a lot of small enterprise products, he admitted, but large corporations are being attacked every day. This product is aimed at them or, more specifically, at UK public corporations.

Explaining the thinking behind this reversed approach further, Dodd pointed to surveys about insurance risk that find cyber is a top risk. A quick internet search reveals a number of surveys with such findings.

“It leads to the question, if cyber is always a top risk, how is it a low-frequency risk?”

By turning the conventional theory around and designating cyber as a high-frequency risk, the MGA opened up a very large and robust dataset, which is a key element that cyber risk often lacks. It is this huge cache of data that underpins the new cyber parametric policy.

No standard rulebook

Until now parametrics have been well known but have been used only for natural catastrophes, said Mark Heath, the MGA’s head of insurance and chief underwriting officer.

Speaking very generally, Heath said: “No-one’s been able to use a parametric for cyber. There’s been lots of press and anticipation, but how would you actually do that if there isn’t much data on cyber?”

The MGA’s approach addresses this issue by using primary proprietary technology to track the constant cyber attacks that are happening across thousands of companies. It then uses an algorithm to crunch this data to reveal patterns and relationships that show how that constant attrition hurts companies financially.

The trigger for the parametric cyber policy is a certain level of malicious cyber activity combined with the financial impact. This is defined as whether the insured customer’s share stock price drops more than 15 percent relative to the parametric index.

“The index triggers the payment as it’s the evidence of the financial impact,” explained Heath. The MGA is so confident in its methods that it shares its parametric cyber trigger data with customers via a dashboard.

The team behind the MGA and its parametric cyber product is just as unconventional as its ideas. The majority has little or no grounding in insurance.

Dodd’s background is in data science and managing hedge funds.

“That was typically doing complicated risk situations that didn’t have a standard rulebook in terms of how you measure this risk,” he said. “With cyber, we took the same approach, which was to start from scratch and build this thing from the ground up.”

The startup’s chair is former Pentagon chief information officer Dana Deasy, and it boasts more senior leaders in cyber, who are “in the trenches in terms of threat intel”, Dodd added.

There are, of course, a couple of notable insurance industry insiders. Heath has a lengthy industry career and is the co-founder of Acies MGU. Debbie Durkan, commercial director and growth leader at the MGA, also has a substantial insurance background, and the business is backed by AXA XL. It is this marrying of different approaches and experiences that enabled the team to create CyFi.

Dodd said that when the team found relationships in the data that were statistically significant, they knew they “could tune the algorithm” and that “we had a product that could be innovative and help solve some of the problems in the market”.

Heath added that Dodd’s data science and modelling enabled them to link a lot of malicious activity data with the productivity interruption of large companies. This flows through to the impact on finances, “and that was where we were able to put together the parametric”, he said.

Could this way of thinking about cyber cover be the start of a much bigger trend? Dodd said he expected many others to look at what Intangic MGA is doing and potentially try to mimic it.

What next? Following the MGA’s launch in the UK, the plan is to start rolling CyFi out nationwide in the US in May, with more countries in Europe after that.

But the team was clear that there is a “learning curve” they must navigate with customers as they look at this high-frequency approach and begin to think about cyber differently.