By Steve Harrick and Alex Lim
Quantifying risk is a difficult exercise. Whether you are buying a house, making a loan, or investing in start-ups, the assessment of risk is a complex, multivariate equation. In fact, there are entire professions dedicated to using data, statistical methods, intuition, and experience to quantify risk for everyday financial situations. However, in recent years, we have witnessed the emergence of a new category of risk, one that follows no discernable pattern and cannot be quantified by any existing methods. Enterprises, governments, and financial institutions alike are now increasingly concerned by Cyber Risk, the likelihood they will be targeted and hacked by malicious actors.
Today, IVP is excited to announce its investment in Cyence, the leading economic modeling platform for assessing Cyber Risk. Concurrent with this announcement, Cyence is emerging from stealth and is announcing partnerships with some of the most important organizations in the insurance space, Cyence’s first target market.
Right now you might be asking yourself: “But what does Cyence actually do? And why is IVP investing?”. Here are a few reasons why IVP is enthusiastic to add Cyence to our portfolio.
A Large Market … Doubling Each Year
Enterprises spend billions of dollars on IT security every year to protect their data and customers, but breaches are still occurring at an alarming rate – creating massive remediation, business interruption, and legal costs. And while Enterprises should, and will, keep increasing their security budgets, cyber insurance is emerging as an effective, complementary financial solution for enterprise security. As a result, the US Data Breach Insurance market (standalone policies which protect an organization against the financial implications of a hack) was approximately $4BN in premiums in 2015, and doubled in size when compared to 2014. Insurers are eager to write these policies and take advantage of an attractive growth opportunity, but their efforts have been hampered by their inability to measure cyber risk. Since they don’t understand cyber risk, most insurers can only write policies with low liability limits that don’t begin to cover the potential financial loss of a hack. When you also consider that various other types of policies (e.g. P&C, D&O, Equipment) increasingly contain cyber breach clauses, there is a desperate need for a solution that can evaluate this new risk category.
A Radical Solution
Most insurance is underwritten based upon historical data. Know the average life expectancy in the US? You can underwrite US life insurance. Know the average number of auto accidents in a year? You can underwrite auto insurance. Cyber is different. Historical data is not predictive in the cyber world because the parties involved are dynamic: hackers are constantly improving their methods, and organizations are always working to strengthen their networks. In addition, risks are highly correlated across organizations, because a vulnerability within one network can often be found within others using similar technology or infrastructure. Cyence solves this problem with a completely novel approach. The Cyence platform collects a variety of proprietary and public data and processes it through a data science framework which combines both machine learning and econometric models. This technology is able to predict the incidence of a cyber event for organizations with astonishing accuracy and also evaluate the severity, accumulation, and exposure of a particular policy. Cyence’s platform is completely unique, and we are seeing its technology advantage playing out in the market. Cyence is essentially enabling insurers to accurately measure risk within their own portfolios and accordingly underwrite new policies, allowing their customers to mitigate the downside risk of a cyber breach.
Cyence is pioneering a unique solution and market adoption for the platform has been extremely strong. A who’s who of insurers and reinsurers have signed up, and Cyence is expanding its reach both domestically and internationally. In addition to traction with risk carriers, Cyence has established several partnerships with key insurance channel leaders, such as Marsh, the world’s leading insurance broker, who is helping expand the use of Cyence’s economic risk modelling framework.
An Exceptional Team
Cyence is led by its exceptional founding team, Arvind Parthasarathi (CEO), George Ng (CTO) and Akin Dirik (VP Engineering). This team has spent their careers at the cutting edge of data science and have worked together before, bringing together experience from Informatica, Yarcdata (now part of Cray), DARPA, DHS, and Oracle. Thanks to their deep experience and networks, they have recruited an incredible team of proven big data technologists, cyber security experts, and world-class economics and risk modelers. We are also pleased to be joining a mature and highly capable board comprised of experienced investors and insurance industry luminaries.
Given the importance of measuring cyber risk, it’s not hard to see that Cyence’s technology would be applicable in a number of other financial markets. While Cyence is not currently discussing specific future expansion plans, we believe that Cyence has the potential to become the de facto standard for measuring cyber risk and enabling better decision making across the financial services industry.
Steve Harrick is a General Partner and Alex Lim is a Senior Associate at IVP