This profile of Trium Cyber is the first article in a regular series of Company Spotlights, published by Insurance Journal, covering insurance industry startups and innovators.
Trium Cyber is the industry’s first Lloyd’s-approved company to provide mono-line cyber coverage for US risks. Launched in January 2023, the full-stack excess insurer has joined the ranks of new entrants to the cyber market and incumbents who have expanded their market share over the past year.
While that’s an attractive prospect as premiums have skyrocketed, prices have recently begun to moderate. In fact, cyber insurance rate increases moderated to 28% in the fourth quarter of 2022, compared to 48% in the third quarter as new market entrants added capacity, according to Marsh̵7;s latest Global Insurance Market Index.
Still, Josh Ladeau, CEO of Trium Cyber, isn’t worried that the new capacity will once again drive prices down to unsustainable levels because cyber underwriters are keenly aware of possible system exposures and need to keep prices above the cost of risk.
“The market has really changed. I don’t think it’s just a temporary course correction. There is a recognition among carriers and reinsurers that interest rates a few years ago were not sustainable and would present us with significant difficulties if there are major cyber events in the industry,” said Ladeau in an interview with Insurance Newspaper.
“There will be some price fluctuations throughout the year, but I think there is sufficient understanding of the aggregate nature of the exposure, as well as the frequency and severity of attrition claims.”
At the reinsurance level, too, there has been a significant pullback, as concerns over aggregate exposure grow, he said. “Reinsurers have tried to limit losses at a lower connection level. So even as you see the direct insurance portfolios growing, there has been some level of contraction in terms of the loss caps that are available in reinsurance contracts.”
Ladeau noted that industry players are very aware that rampant growth and over-competition is not healthy, especially given the increase in cyber loss rates in 2020, he stressed.
“Despite revenue growth over the years, the cyber insurance market has experienced significant challenges at all points in the value chain,” Trium Cyber says on its website.
According to Swiss Re, a major driver behind the growth of the cyber insurance market has been the increasing frequency and severity of cyber attacks, which has increased awareness of the risk. “In the US, the largest cyber market, premiums grew by 74% in 2021. Stand-alone insurance premiums increased by 92%, driven by interest rate increases after ransomware incidents led to a peak in the loss ratio in 2020,” Swiss Re said in its report. entitled “Cyber Insurance: Strengthening Resilience for the Digital Transformation”, published in November 2022.
Swiss Re said the cyber market has huge growth potential as most losses are uninsured. “With estimates of annual global cyber losses at US$945 billion [according to a report from McAfee]almost all risk remains uninsured, says Swiss Re, noting that a Geneva Association estimate puts the protection gap at 90%.
Focus on larger insureds
Unlike some of its competitors who prefer to cover small and medium-sized enterprises (SMEs), Trium Cyber focuses on large enterprises with more than $1 billion in revenue, with robust security postures.
“Historically, it has served us very well in terms of performance relative to the industry,” Ladeau said.
In the large market segment, there is a greater emphasis and investment in security and their IT redundancies – or their ability to use secondary and tertiary solutions in the event of a cyber incident, he said. “Some companies have the ability to run their systems offline, which allows them to maintain business operations even during an outage.”
Some organizations have multiple layers of redundancy so if a major supplier goes down, “they can fail an additional supplier.”
On the other hand, small business — small and medium-sized businesses — is one of the more difficult areas of the market today, he warned. “I don’t know if there’s enough pace in the small business line yet. Obviously, time will tell if that’s the case.”
Smaller companies with homogenous networks, standard tools and systems and much less investment in security technology are more likely to be affected if there is a systemic or aggregate event, he said.
Many of these smaller companies do not have a Chief Information Security Officer (CISO) and have outsourced their IT and IT security, he continued. Their knowledge and control over their cybersecurity is likely to be less than it is for the mid-market, while the mid-market, in turn, also has less rigorous controls than supermarket customers, he said.
Also, there are far more SMEs than Fortune 1000 companies. As a result, if the limits were aggregated across all these smaller companies — which in the U.S. number in the millions — the cost would be much higher than for the Fortune 1000 companies — even with the higher limits purchased by large companies, Ladeau added.
“When you move upstream and get into the big market on an individual risk, there’s more loss potential in that account, on an individual account basis, because they’re buying higher limits.” The potential downside is more than offset by stronger controls and established redundancies, which support the segment’s profitability, he explained.
Swiss Re estimates that the total claim arising from a cyber incident targeting an SME is, in relative terms, three times higher than for large companies, with forensic costs typically ranging from $20,000 to $100,000 for a company with a turnover of less than USD 50 million. .
In the issuance process, downstream technology dependencies are carefully scrutinized – as they can create exposure to system events. “We develop an understanding of who is dependent on which technology and to what degree they are dependent, and then we position our book around that.”
A notable example of downstream aggregate exposure can be found in the airline industry. Ladeau said about 40% of airlines use some type of booking technology, or at least have that technology as one of their core booking components, increasing aggregation potential. “But shared dependencies like this can be found in industries as diverse as healthcare and financial institutions.”
Individual risk selection includes assessment of a customer’s security posture, system redundancies, incident response and disaster recovery capabilities, and downtime procedures, he explained.
“With our relatively narrow issue focus and strict risk selection criteria, I feel that from a loss perspective we have a certain level of insulation.”
As a cyberwarrant veteran, Ladeau knows what he’s talking about. “The only line I’ve ever written is cyber,” he said. “I’ve always been focused on the profitability of my industry, and I’ve been able to write sustainably profitable deals for the past 15 years, including the last three or four challenging years.”
After joining the startup in September 2022, he helped Trium Cyber navigate the Lloyd’s approval process to become the industry’s first monoline cyber syndicate, Syndicate 1322.
He previously led the global cyber platform for Aspen, and prior to that role was the practice leader for Allied World where he developed the company’s cyber risk platform.
About Trium Cyber
Trium Cyber is writing on behalf of Lloyd’s Syndicate 1322 using Lloyd’s ‘A’ rated paper with excess lines and is supported to write as much as $50 million in gross premiums in the cyber market for 2023.
An excess-only carrier that covers cyber and technology errors and omissions, the company can take up to a maximum line of $10 million and will regularly deploy a $5 million line, bringing about $1.5 billion in new capacity to the U.S. market.
Trium Cyber uses its own proprietary underwriting methodology, real-time claims platform and free cyber risk management services.
Ladeau said the company differentiates itself by being able to make decisions on issues and claims in the U.S., which is especially important in cyber where real-time loss scenarios are common.
This is different from third-party liability or professional liability claims where claims are resolved in weeks, months or even years, he said.
“In cyber, you often deal with that claim within hours of an incident. Being able to immediately engage with the claim is an important factor. Being US-based in a time zone closer to our distribution partners and customers is a very important differentiator for what we do,” added Ladeau.
“The syndicate is just writing through a cover for the American operating company. There is no open market writing from London.”
While Trium Cyber may eventually provide European coverage, Ladeau said, for 2023 and for the foreseeable future, it will remain focused solely on U.S.-domiciled risks.
The company is backed by Pelican Ventures and third-party capital providers.
What’s in a Name?
The name Trium Cyber has Latin roots. Trium is the inflected form of trēs (or three), according to the company’s website.
The insurer said it provides three key components to support its insureds, and more broadly promote market stability and effective management of cyber risk:
- Proprietary issuance methodology
- Comprehensive risk management capabilities
- Loss mitigation services in real time
Carriers Cyber Profit Loss InsurTech