Envelop Risk: analysing emerging cyber threats

Twitter icon
Facebook icon
LinkedIn icon

Henry Gale speaks with Envelop Risk Co-Founders, Jonathan Spry and Paul Guthrie, to discuss emerging distribution trends in cyber insurance, the increase of cyber attacks resulting from the war in Ukraine and the biggest opportunities in cyber risk insurance in the coming years. 

Henry Gale: Paul and Jonathan, as the Co-Founders of Envelop Risk, can you introduce yourselves to the InsTech community?
Jonathan Spry: I have a background in insurance, reinsurance and investments, having spent time at Lloyd’s focusing on innovation and the insurance-linked securities markets. My role as a co-Founder and company’s CEO is to bring industry subject matter expertise. 
Paul Guthrie: I am currently the COO (Chief Operating Officer) at Envelop Risk. Before founding the company, I worked in aerospace and defence advising organisations like NASA and US military on strategy and technology. I also founded an analytics and quantum company, QxBranch, that was building artificial intelligence and quantum computing software systems for large global financial institutions. 
Henry Gale: What is the history of Envelop Risk?
Paul Guthrie: The big opportunity that Envelop Risk recognised is that the world is becoming cyber-physical. Emerging cyber-physical systems integrate sensing, computation, control, and networking into physical objects and connect them to the internet and each other. Examples of this include but are not limited to smart cars, physical chips in corporate buildings or satellites. The insurance industry needs to have solutions in place that help to better understand risks and exposures associated with these cyber-physical vulnerabilities and triggers. Big datasets can be used to study and predict the nature of these vulnerabilities and our previous experiences meant that we were familiar with how big datasets can be combined with machine learning techniques and human expertise for better predictions outcomes. 
The company was founded in 2017, and after building the underlying technology, the insurance team began underwriting in 2018. Today, Envelop Risk has underwritten over 400 million businesses through partnering with MS Amlin and several other capacity providers.
Henry: What products do you currently offer?
Paul Guthrie: We are operating across three lines of cyber oriented business. The first is treaty reinsurance which we underwrite out of Bermuda. Envelop Risk also has a reinsurance division operating out of London where reinsurance contracts are combined with the technology that supports primary underwriting. Finally, in the US, our quote-and-bind platform for brokers, Data Stream, is being used to build relationships and new distribution channels with cybersecurity firms. These relationships facilitate the exchange of data analytics relevant to cyber insurance.
Henry: What specific analytics is Envelop Risk using that are key in your underwriting process?
Paul Guthrie: Dozens of datasets, including economic, technical and threat intelligence, are input into the company’s models. Data is then assessed through over 20 sub-models and aggregated into a prediction on the performance of a particular portfolio. 
Envelop Risk was one of the first companies to apply an economic model to analyse cyber risk before studying its impact on insurance. This analysis allows Envelop Risk to answer who the attackers are, why they are attacking and what their motivations are against the target companies. This is because there is a wide variety of elements to cyber risk such as vulnerabilities of the underlying technology infrastructure, nation-state events or terrorist events. Then, the technology diffusion pattern is also analysed. This means looking at the tactics and techniques on the attack side and how the defences are maturing on the defence side. Analytics is in place to understand the correlations between companies, industries and governments so that the company can predict the potential economic loss of these events. 
Henry: Are you seeing any trends in the cyber risk landscape after studying these analytics? 
Paul Guthrie: On the attack side, I am seeing groups that are operating like SaaS companies, selling ransomware packages. On the defence side, companies are shifting to acquire the technologies that are needed to prevent ransomware attacks. 
In 2019, there were huge ransomware attacks where hackers were effectively freezing and stealing companies’ data. This signified a change in the way that the industry defines the structure of cyber risk insurance. Hackers were able to attack almost anybody and turn a business interruption event into something profitable very quickly.
With this greater awareness, there has been a rapid diffusion of technologies that are effective in protecting from ransomware attacks. This has led to somewhat more predictable behaviour on the attack side, whereby very secure companies are unlikely to be attacked. As a result, an underwriting strategy is easier to configure because there is a confidence that the security of a particular company does matter. 
Henry: Do you think that a cyber insurance-linked securities (ILS) market is going to emerge?

Jonathan Spry: Cyber-linked ILS is one of the biggest topics within the ILS industry now. Members of this community have noticed that revenue growth in property is limited given catastrophic climate risks so have looked to cyber risks as another line of liability with potential growth. Envelop Risk are keen to help facilitate that, but this must be done pragmatically with bilaterally negotiated solutions. 
Henry: Do you see the increased cyber activity because of the war in Ukraine affecting the cyber (re)insurance market?
Paul Guthrie: There is a huge increase in cyberattack activity due to the events in Ukraine, although the attacks are limited at the moment to Russia and Ukraine. However, an infrastructure based cyber attacks in the NATO environment are not beyond the realm of possibility due to potential Russian retaliation against NATO companies. Hacktivist organisations like Anonymous are also specifically targeting Russia. This has taken resources away from the day-to-day hacks that are normally insured by the insurance industry.
Henry: What do you see as the biggest opportunities for Envelop Risk in the coming years?
Paul Guthrie: Cyber insurance is likely to grow as the world becomes more cyber-physical. Collaboration across geographies is also likely to support market growth. For example, collaboration between cybersecurity firms in the US and Canada will help improve the connectivity between the insurance and cybersecurity industries. 
One area where Envelop Risk will be active soon is digital assets. These are assets that are stored digitally and are identifiable as having value to an organisation. There is a huge demand for insurance for digital assets. The company has models in development to meet these needs and will be launching in the next six months. 
Henry: Envelop Risk raised $130 million USD last year, what have you been focusing on growing within your business?
Paul Guthrie: We have been focused on improving the models that measure cyber risk. Envelop Risk has also been building its own capital vehicles so that it is large enough to take risks alongside its MGA partners.  

Henry: What companies are you looking to connect with?
Jonathan Spry: Envelop Risk has a particular focus on data-driven distribution, underwriting and cyber insurance. It is always interesting to talk to companies that are developing more efficient ways to transact (re)insurance whether through a marketplace or on a parametric basis.