CyberInsurance & CyberSecurity

INTRO

On episode 24 of the InsurTech Geek Podcast, talking about CyberInsurance and CyberSecurity with Sidd Gavirneni from Zeguro.

The InsurTech Geek Podcast powered by JBKnowledge is all about the technology that is transforming and disrupting the insurance world. We will be interviewing guests and doing deep dives into specific technologies we see changing the industry. We are taking on a journey through insurance tech. So, enjoy the ride and geek out.

INTERVIEW

JAMES: You know there’s songs about summertime. And I am convinced they were written by people who did not live in the South in the summer. You know what I mean? Summertime… It is like, that was not written by a southerner. Because a Southern was just saying, how do I get out of the heat, right? They are not singing songs about summer, right, Rob? I mean, come on.

ROB: Yeah. So, I grew up in Michigan. A lot of our listeners know that, and I was always outside every day during the summer, right. Because summers in Michigan are beautiful, but they last for two months in the winters last six months. And when I moved to Texas, in the middle of summer, I would be like laying down in the grass. People are like, what are you doing? It is a 100 degrees. You got fire ants everywhere, like this is not the time to by laying on the ground. So, it has taken me years, but, yeah, like spring and fall, like those are the times that I am out like early morning or late evening and the summer is not bad either, but yeah. During the day, definitely stick it inside in the heat of Texas.

JAMES: Yeah, just not right now. That is the thing. Not right now. Now I will say of course, I bail out on the Texas heat, Rob and I have the Michigan, Texas connection. He was born in Michigan. I married into Michigan. But I come up here in the summertime. I am up here, and it is 74 today. It is nice and there is no fire ants. They do not have a concept of fire ants. It is hilarious. People walk around barefoot on grass here all the time. In Texas that is a death sentence. You cannot do that there. It is wild. Now, I do not know. Now, we have a guest here. who grew up in a small village of India? Not so small village of 8 million people. Sidd Gavirneni, how are you doing today?

SIDD: Alright, I am doing fantastic. Enjoying the summer here in San Francisco.

JAMES: Well, San Francisco is pretty nice in the summertime. I mean, it can get cool and foggy.

SIDD: Yeah, exactly. And then you see all of the tourists from Europe in their shorts and t-shirts lining up outside Uniqlo trying to buy a jacket. That is summer.

JAMES: Yeah. Except no tourists right now.

SIDD: Nope. None.

JAMES: Not so much for the tourism today. Yeah. Everybody’s kind of hanging out the house. Is it locked down there? So, it is currently, as we record this, it is July 17th, 2020. We are middle of Coronavirus. So if you’re listening to this two years from now and you’re going through our back catalog, you can, if the world is not in the total nuclear meltdown by the time you’re listening to this and you’re listening to it on like the last vestiges of your iPod that still has some power left on it before the whole world collapses, you can kind of giggle about Coronavirus, but right now we’re in the middle of it. No one’s going anywhere. California’s back on lockdown? Is that what I hear?

SIDD: Well, to some extent, I think some counties are.

JAMES: Yeah.

SIDD: San Francisco County, I think right here, restaurants are open, but only for outside seating.

JAMES: There you go.

SIDD: But then counties like Alameda, they closed them back up.

JAMES: Tell you what, people who invested in outdoor seating, geniuses. Geniuses. And what a time, you know what has been interesting, we are all about the same age. We are in our early forties. We are all kind of from the same generation. And, we have gotten to watch the world without the internet. And now we see a world with the internet in our teenage years, right, is when the internet commercializes. And we get to watch the.com boom and subsequent bust. Then we get to see the rise and advent of mobile devices. And we arrive at this point in time where a really bad ass individual, Elon Musk is launching a ton of crap into space, including hundreds of communication satellites that he is going to interconnect the world with a global multi gig network, which said you’ve got to be a little bit excited about. I know I am. Pretty much everything Elon does is like, holy crap, did he just do that?

SIDD: Yup.

JAMES: And, and he is in your neck of the woods. Of course, he says, he is leaving your neck of the woods and coming to our neck of the woods, but that is beside the point. And then you have Steve Jobs, in 2007, pioneers the iPhone and create some mobile world. And, and then we have 4G, now 5G. All of these technologies converging in the year, 2020. 5G satellite connectivity, really powerful mobile devices, LIDAR on iPads now. I have a new iPad with LIDAR. It is amazing, which is going to be huge for claims. Like, we will talk about that sometime. We will talk about why LIDAR and iPad is great for claims, like not cyber claims, like that is not going to help you, but it is great for property claims. Great for auto claims, right Rob? If you can laser scan, I mean holy crap!

ROB: Absolutely.

JAMES: I mean all this is coming together at once. And then we get hit with another pandemic. The last one a hundred years ago. My great grandfather died in it. It was pretty wild. Pandemic far more lethal than this one, much higher fatality rate, but we have this convergence of technology and I feel like InsureTech has this amazing convergence of tech technology that led to a bunch of digital MGA’s.

Like you said, that are really upending. You are upending, traditional carriers. Your investors are traditional carriers and you are backed by traditional carriers. So, you are upending them, but you are really forcing change on them from the outside. They are partnering with you to change themselves rather than changing from within. And so, you are doing all this crazy stuff in InsureTech and at the same time in the outside world, the retail consumer world, there is this sea change going on right now, where all these mobile delivery services in order everything online. And I mean, what is really crazy for me, and I would be interested in your thoughts before we get into your background.

You know the retail apocalypse was already happening. I mean, it was already happening. But it just got literally, you know the world just put it foot on the gas on the retail apocalypse. And so, we have just hundreds of retail stores closing permanently, which obviously impacts insurance, right? This is going to impact insurance big way. And everyone would be in mass to buying things online and having them delivered, I mean Sidd, we are within months of being born at the exact same time. Have you ever seen such a transformational period in your lifetime?

SIDD: No, not at all. I think is definitely one of the really unprecedented times as I have said. At least in my lifetime. I am 40 years, still not that old, but in the short lifetime, this is the first time I am seeing anything like this. The dot.com boom was great. It was in a different direction versus where it is right now. Both are leading to more online usage and internet usage, but the scale is quite different.

JAMES: Yeah. This is like, I thought it was big Rob, when everyone moved to high speed internet, right? We are talking about like the late 90’s, early 2000’s, we rolled off dial up onto high speed. And then we thought it was big when mobile devices, really smart mobile devices came out with the advent of Android and the iPhone in 2006 to 2009. But those were multi-year transformational periods Rob. This is, this is like a three-month crash course in transition.

ROB: Yeah, no, you are right. And I think you are really touching on something James, where it is accelerating so many trends that were already there, but probably would have taken years to play out and it has just compressed them overnight. It is just accelerated. And so, I agree with Sidd. I think this is unprecedented. We use that term a lot. But, yeah, there is no doubt. I think we will look back and just to see change, both from a societal standpoint, as well as the technology standpoint. And again, the term new normal, right, it has been overused a ton, but absolutely right. I think whenever we get past this virus, we are not going back to the old ways of life. Some will return, hopefully, right. Meeting people in person, being able to dine inside again. But not everything is coming back. And so, yeah, and obviously the longer this plays out, the farther we are going to be from our pre-virus life.

JAMES: Yeah. I just extended my, my lease. Of course, I have a few leases around the world on office space and I said, I will extend it for a year. The guy was like, I want three years. I am like, you are not getting a three-year lease extension. I said, I will give you a year. Like, I do not even know if we are going to work… I do not know. I do not know what we are going to do. I am not even going to pretend to understand what we are going to do. You know what I mean? It is, it is really interesting Sidd, and when I look at insurance, brokers are having a hard time with this time right now. Cause they really like face to face lunches. I even had to like turn some burgers down. Like they really wanted to have one I am like, I am not going to have a face to face meeting with you. We are going to have to close this business right now like this. It is a really transformational time. And I do not like using those used up clichés at this point already because they were used so often.

But it is true 1919 altered the planet. We just do not remember it. Cause it was our great grandparents. But it did it altered the planet. This is much better documented because we have social media logging everybody’s daily life. We have like a handful of photographs from them. So, it is interesting. Sidd, I want to talk about you for a second. You grew up in Hyderabad. City of 8 million over in India. You came over and you did a couple of degrees here, I think. And you have gotten involved in a really interesting side of the business that I got involved in for a few years, and that’s cyber security. I did my time in pen testing and fixing applications. I was paid to browse. I was a white hat guy. I was paid to break into systems and then fix them. My favorite systems to break into were always the HR systems. I loved breaking into HR systems. I would go in and change the HR director’s title to Chief Jerkward or something like that in their HR system and all kinds of fun things you can do. I broke into all kinds of funny HR systems like SAP HR, and others. This was 1999, 2000, 2001. CyberSecurity literally was not even a word that we used. Security was kind of something we generally talked about.

At PricewaterhouseCoopers, we had a practice. I was in a brand-new practice called SAS that had to rebrand later, because SAS became something else. But it was a security practice. Walk me through, childhood and hydro bod. What did you want to do growing up? Like did you want to be a firefighter, policeman? What did you want to do? And then why would you come to the States? What would you study? How did you wind up in InsureTech?

SIDD: Yeah, I never dreamed that would be an insurance growing up. I do not think anybody does.

JAMES: Nobody does.

SIDD: No one does. And I had absolutely no idea what insurance was about until I bought my first car I guess and then I got to learn. So, growing up, I had all these dreams. First, I wanted to be a doctor. Like I could do some cool things being a doctor. I did not know what that meant, but everyone was like, well, well maybe. It will take you forever to be a doctor. You have to study way too much. You have to work way too hard. I was like, okay, well, I will be an engineer. I will be a chemical engineer. I love chemicals playing around with those. And then it is like, well, you might never make enough money. I was like, okay, well, okay. The next school thing is to be a computer engineer and there I was. But, in my undergrad, my last year project was about a firewall and I had no idea about CyberSecurity till then. And as you mentioned, it was not a term used as much at the time. So, I did that project. And that was when I was just really fascinated by the whole concept. So, after undergrad I decided to move to the US for my masters. I moved to Kansas, all the way from Hyderabad to go to a tiny little town.

JAMES: That is hilarious. So, India comprises the largest foreign student population at Texas A & M. Little old College Station, Texas. We have 1100 students from India, and I get to hang out with them. I am a part of a program called Prem Milan, which feeds them once a month that we hang out. And I get to see them fresh off the airplane, right? I mean, they come off the airplane, and their eyes are really wide. And they are in this little town in the middle of the pastures of Texas, you know? And, I mean, this had to be culture shock to go from Hyderabad to Kansas. University of Kansas has a beautiful campus, mind you.

SIDD: Yes, it’ is amazing.

JAMES: Oh, that is awesome. I mean, I just got to go there a couple of years ago to speak at a conference there. I mean, wow! But it had to be culture shock for you.

SIDD: Yes and no. So, Hyderabad is not a tiny place.

JAMES: No, it is huge!

SIDD: So, growing up, I grew up on American television and movies and British television. So, to me, going to Kansas was like, oh yeah, this is what I have seen on TV and the movies. Not exactly like that. No one jumping off of cliffs or anything, but it is a flat line. But it was, it was fun. It was exciting for sure, to say the least, living in a tiny town.

JAMES: That is awesome. So, you where there getting your Master of Computer Engineering, Networking & Security at UK. What, what do from that? You ended up going to IE business school, International MBA, did some exchange work at Dartmouth. I mean, what was the path like? And how would you wind up in insurance from there?

SIDD: Yeah. So, after Kansas, I started being a typical coder, but in CyberSecurity and quickly realized that I do and did enjoy a lot of the business side of things, the strategic aspects. So quickly at my first job at Mitel networks, I started leading their oral product security strategy. And so just being the coder there. But my fascination about business, I was like yeah, it is time for me to quit. I have enough experience. I will go move to Spain for a little bit, get my MBA there and why not? I lived in a few other countries, so it was time to try something new. So, got my MBA and after that, I was trying to figure out the best combination or the players for tech and business and obviously San Francisco comes to the top of the list. Moved here with my two suitcases and a secondhand used car and decided to start the life here. And when I moved here, I was a strategy consultant for companies like Symantec, McAfee, still in the security realm. And ended up at Polycom, the telecom company. At Polycom, I was leading their oral product portfolio and innovation management but was also on their information security board. And as any company would have it, they had a data breach. Typical spear phishing attack.

JAMES: Yep.

SIDD: All employee data sent out. And that is when I started working with the cyber insurance company. And that was my exposure to cyber insurance. So, I never dreamed of it, but here I am.

JAMES: That is awesome. My grandmother was an immigrant from Nicaragua, kind of pull in through Nicaragua to here in the United States. And my other grandmother was from France. I love talking about immigration stories. We have a huge contingent of our employee population that is in Latin America. I have a ton of friends in India. It is fascinating to watch the movement of people around the world and what they are doing. In particular, the rise of Indians in tech has been amazing to watch. And this is something we have not got to talk about on the show. I just want to mention this in case you are in InsureTech and you have not looked up.

CEO of IBM, Arvind Krishna. Let us keep going. CEO of Google, Sundar Pichai, CEO of Microsoft, Satya Nadella, who by the way, other than Bill Gates, my favorite person at Microsoft, is Satya Nadella. I am a huge fan of his. He has brought tech back at Microsoft. He got the sales guy out and got the engineer in the C-Suite there. Let us keep going. I mean, CEO of Adobe, CEO of Mastercard, CEO of Arista networks. Do not forget about her. That is Jayshree Ullal. CEO of Nokia, Rajeev Suri, CEO of Netapp, George Kurian, CEO of Palo Alto Networks, who you have got to be a fan of Palo Alto. I am hoping you are a fan of Palo Alto. Make some of the best security devices on the planet. Nikesh Aurora, Dinesh Paliwal, CEO of Harman international. You can keep going. Sonjay Mehrotra, the CEO of Micron. It has been a really amazing transition over the last…. And it has really been the last decade that these guys were senior vice presidents or vice president at their organization, and they rose to the CEO spot very quickly. And so, this has got to be exciting for you to see your fellow countrymen and women, come over and really kick butt in tech.

SIDD: Oh, yeah, for sure. It is amazing. As you mentioned, it has been this trend in the last 10 years or so. It is surprisingly the, good to see, right? I did not really expect it as much, but that is that is happening. A big part of that really comes from the competition back in India. I remember growing up, my classes would start at 4:00 AM in the morning.

JAMES: Wow.

SIDD: So, I just studied all day long. That is all we did. And that should compete against the billion other people. So, you end up just working hard and just learning a ton. And when you are in someplace else, you need to prove that everything that you have done and learned, is useful.

JAMES: So, it is almost Darwinian you are saying? Like, it is the survival of the fittest. You come out of this 1 billion-person, ultra-competitive scenario, and it prepares you well to come over and really kick bud.

SIDD: Yup.

JAMES: Yeah, man. That is awesome. So before, before I hand it over to Rob, I just want you to describe you are a digital MGA, right? So, you are, you are an MGA, but you also do not just partner with CyberSecurity professionals. You are CyberSecurity professionals, and we are seeing folks like Coalition that offer CyberSecurity services, but they offer it from partner companies of theirs. Whereas you are actually, your staff is doing the cyber security assessments, threat detection, pen testing, you are doing the cyber security services and you are as an MGA through your carrier partners, providing the paper to cover cyber events.

SIDD: Yes, that is right. So, we see ourselves as this holistic cyber risk management company, not one or the other. Not a cyber security company and not just a cyber insurance company. And that is because at the end, everything needs to be connected. And that is who we are. So, with our focus on smaller businesses who have absolutely no idea about CyberSecurity, it is about making security and insurance approachable and easy. And that is our mission.

JAMES: Yeah. That is awesome, Rob?

ROB: Yeah. I wanted to keep going a little bit more on that theme, SIDD, cause this is something that we see, kind of happening in the InsureTech space where I described this way, right, insurance is a feature, right and not necessarily the end product in and of itself. And so, sometimes the way I phrase it is, hey, our company is going to offer you, benefits A, B, and ConTechCrew, and if the worst happens, right, worst case scenario, we have this insurance component to help you out. To recover from loss, etcetera. But we do not hope you ever get to that point and we are going to help you prevent those losses from happening through some of these services.

Is that similar, I guess, to what you guys are doing at Zeguro, and maybe you could even share with our audience a little bit of history on cyber insurance would. How relative to a lot of other lines ,within the personal lines space and commercial, right? Like cyber is a relatively new line. And I feel like it is really matured a lot over the last decade. So maybe you can talk a little bit about the history of cyber, but then kind of continue on a little bit of exactly where you were going and what makes you guys different.

SIDD: Yeah. Cyber insurance I believe is about 20 years old. So, in the insurance world at hundreds of years off a history, this is a baby, it is a newborn. And it is still good growing drastically because the industry is still nascent, and the adoption is still quite low. So, I think the first cyber insurance policy ever written was called Internet security liability policy. And of course, that changed over time. But when the first policy was written, it surely was very expensive because no one really knew what this was about. Like, yeah, it looks like this company needs that. They need to be protected in some form or other. We do not know what we are writing here. So, let us Jack up the price and they will sell it, someone is buying it, so sure. Yup.

And when that happened, more and more companies started looking for this product and as it goes, demand and supply, those demand, supply went up and as that happened to capacity went up. So, the premium started going down. And over time, once people and insurance companies started seeing these breaches, they realize that well, okay, it’s time for us to jack up the premiums again, because we don’t want these breaches, or even if we add breaches, we will not be able to pay for it. And as this cycle that still keeps going on where the premiums, the risk and the pricing is still very arbitrary, we see so many inconsistencies across different products. Different cyber products. A good example, as where even today, most cyber insurance products are based on the revenues of the business. When revenues do not really determine the cyber risk of the business. So, there is a big disconnect and that is also because there’s not enough data. And the security side of things, is extremely fragmented.

JAMES: It is not that there’s not enough raw source data. It is just, there’s not enough data being used.

SIDD: Exactly.

JAMES: I mean, I find it baffling that my cyber carrier could ask for my log files off my firewalls, which would tell them everything they need to know about the amount of traffic that is passing through my system. And it would tell them everything they need about potential attacks. They could snap into my IDS system and look at all the auto blogs my IDS is sending over my firewall, and they can say, okay, well, they are coming under attack x number of times a day. And they have this traffic from these places. They could assess the risks so much better, but they do not. They do not look at anything. They send me a questionnaire to fill out. It is a joke.

SIDD: Yup. And what their reasons is because security data is so fragmented as well. It is everywhere. There is so many tools. There are so many systems and you cannot really normalize this data either to be able to assess these. So, going back to insurance companies who are looking at those data, they all need to be security experts. And they are still getting to that point. No one really has security experts at these insurance companies. So, it is the different aspects which are all disconnected. And as a result, you are not able to correlate the real-time risk profile of a business, but the claims that are happening. And hence you do not have these statistically relevant models.

JAMES: Facet, Rob?

ROB: Yeah, no. I have heard from the past that traditionally insurance, you might look at historical losses over the last three years or five years, and you are going to make some kind of projection and feature threats and things like that. But people have told me, Rob, like the cyber threat three, five years ago, and the cyber threat today is radically different. In fact, I could look at network activity this morning and I could look at Netware activity this afternoon. And I could tell you that the threat just escalated tremendously just within the same day. So, yeah, like how should this be priced? How should we think about it? And then maybe you can also share a little bit about this whole idea of a Cyber CAT, right? Like, so you always think of hurricanes or are wildfire certainly in our year out in California, but maybe you can describe a Cyber CAT. Maybe we had one of those this week with the Twitter attack.

JAMES: Oh, that that is a Cyber CAT event, yes! We are lucky. It was just a Bitcoin attack. That is all it was, was a play for Bitcoin. They could have done way more with access to those accounts.

SIDD: Yeah. Being in their shoes, there was so much more opportunity there. Well, glad that they did not use all of that.

JAMES: Me too. Yeah.

SIDD: So, with respect to how we can assess that, especially when all these threats keep changing every single second, I do not think there is a silver bullet yet. I do not think that we will have that silver bullet for at least a while. And that is because there’s still not enough claims. I think we need more claims. As an insurance company, we do not want claims, but at the same time, if we want to progress as a holistic insurance company, we do need those claims. And when it comes to CATS, one thing that we do foresee happening as more and more lines of insurance falling under cyber insurance. And that is really the nightmare for me. Imagine someone hacking into Tesla and putting in their code that says that every car should turn left on January 1st. Now, how do you rate that? Is that a cyber event, is that auto liability? Where does that fall on that under? And it is these errands that we have not really looked at as an industry to see what the impact could be. So, I do not think that we are ready for a CAT event. The industry is not.

JAMES: Yeah. No, we are not. Look, did you see new Hulu series Devs?

SIDD: No, I have not.

JAMES: Sidd , you got to go watch it.

SIDD: More time for TV.

JAMES: Yeah, it is called Devs, but it actually means dose. It is about a tech company in Silicon Valley that… I do not want to spoil it. They take quantum computing to the next logical conclusion of quantum computing, because in quantum computing, if you get enough cubits, you can simulate every potential outcome of every potential action in the universe simultaneously. So, you could predict every potential outcome all at once. The whole point of cubits is that their computing capacity is squared. So, it is exponential. So, if you get to 50 to 60 cubits, if you get into the 200-cubit range, you can simulate more potential outcomes than there are atoms in the known universe. So, the numbers get really, really big, and really scary all at once.

And the problem with quantum computing is that you could hash an encryption algorithm in under a second if you have a big enough quantum computer, you could not possibly design, a traditional encryption algorithm that has a long enough bit length to block a quantum computer from hashing the entire thing at once. And maybe I am blubbing some of the phraseology cause it has been a little while since I have really deep dived on this, but what is scary is that we have some quantum computers that are really, really, really powerful out there now. And we are still using binary computers to run encryption and decryption. And our entire ecosystem depends on TLS encryption. And so, it is really interesting to me that you have the, sorry, that was Led Zeppelin that accidentally played there in the background. I am kind of excited. LED’s like, yeah! Everyone is going to die! All these cars communicate over TLS. Like all these Tesla cars are receiving updates over a secure TLS connection that connects to a web service somewhere on Tesla server farm. So, if you can hack into that, you can literally do a man in the middle of attack in real time and everyone is hosed.

So, we have got this big looming threat of quantum computing. And I do not want to get too super-duper nerdy, but I guess I already did. How do we deal with this? I mean, honestly, you are underwriting risk for some of the largest markets in the world right now, how do you even account for the fact that aside from the usual way people get in, and in this case with Twitter, it was people, right? It is always people. People do stupid things. They write passwords down all over the place, under the keyboard, behind the monitor, it is at the same places. They write passwords down; they throw passwords away in the trash. There is a lot of social engineering. They click on links they should not. I mean, that is most of the time. How do your account, how do you underwrite the risk of a quantum when you are facing a future, in which all encryption algorithms could be broken?

SIDD: It really needs to be looked at on a case by case basis, really, because you cannot really generalize the user of one specific technology as leading to a holistic CAT event. So, for example, in this example with Tesla’s, that would be a completely different way of under writing versus the same thing for e-commerce businesses. I think it is that distinction that helps insurance as a whole manage their risk across these different portfolios. So the way that I look it in a scenario like this, where we are seeing the risk of quantum computers destroying all encryption standards, in that scenario, the underwriting would really be dependent on the loss that could occur for that specific business, rather than the threat itself.

JAMES: Yeah.

SIDD: Because the underlying issue is what will happen to our business or what would happen to an individual.

JAMES: So how are you changing underwriting then? I mean, first off is, is Zeguro, did you write your own underwriting claims handling and policy management software, or did you use off the shelf solutions?

SIDD: It is a mix of both. So, Zeguro’s underwriting is automated. So, with cyber insurance today, we are probably around there very few companies where a customer can get the code and bind in less than five minutes.

JAMES: As long as you are not in Texas. I tried, sorry.

SIDD: Yup. Not as of today.

JAMES: When are you coming to Texas man? 28 million people. $1.6 trillion GDP. When are you coming? Two weeks?

SIDD: Two weeks.

JAMES: Oh, you heard it here. Two weeks from now, coming to stay in the great state of Texas! Yee-haw!

SIDD: Well, backstory on that. So, we had to stop selling in Texas yesterday or two days ago, because we are bringing out a new product.

JAMES: Gotcha.

SIDD: So, for two weeks, we are taking a break from Texas and you will have a new product there.

JAMES: So, it is literally when I was trying to go and do this in prep for the podcast. So, you have followed the pattern of other digital MGA’s and other InsureTech carriers where you are rapidly streamlining underwriting.

SIDD: Yes. But then at the same time, it is like the safe driver model. That is what we follow. Where these smaller businesses that have absolutely no idea about CyberSecurity. Last year, 69% of USS SMB’s had a cyber breach. So, for these businesses who do not know what to do, we are taking that role of a security consultant and automating that in a self-service SAS platform. And it is really this platform that also gives us the information and the insights to do the underwriting. And we tell the business, look, these are the things that you should be doing, like enable two factor on your G suite account and their premium will go down by $400. It is really linking these two things together rather than having these as distinct entities, because at the end cyber entrance should really be the most connected form of insurance. And that is what we are going for.

JAMES: More so than modern auto carriers that have OBD ports and are monitoring every single second you are driving?

SIDD: Of course, it is cyber.

JAMES: Cyber, right? It should be, but it is not! It is like the least connected one of all the ones I have of all my coverages. I mean, of course, general liability, they pull almost nothing on what is going on in the business. They just take a wild stab at the risk. It is it is a mind boggling, but in cyber, they have me fill out a questionnaire every year and that is it. Now they I will tell you this. The ones I have worked with, and I have had a few different cyber carriers over the years, they are getting much better at bringing partners to the table and offering optional solutions. Now I created an account with Zeguro, and it said I could not get a quote in Texas. I am like, okay, no quote in Texas. But I was able to create an account and start monitoring a domain.

So, you are providing services that folks like White Hat provide, where you have a routine monitoring and web application monitoring. You have security policy offering and management where you can actually build an author and publish security policies. You have got an app marketplace, so you can snap into pen testing, phishing defense, hands-on secure coding. You got that. You have training as well, so you are you are doing something interesting. Because pretty much everyone else I have seen has just partnered with others. And while you are partnering with some, you are providing the majority of what other cyber partners are partnering on. So, talk to me about that for a second.

SIDD: That is right, because some things have not evolved as much. So, it is CyberSecurity, as we were talking about earlier, the data is extremely fragmented. There is really no correlation between the data that comes out of some training provider and the data that comes out of a security policy management system. But if you are thinking about the core need of any of these smaller businesses, it is people. It is security professionals. And that is what a CICO does at a large enterprise. Is look across all the aspects of the business, process all of that information in their brains, and spit out what needs to be done. And that’s our goal as to look at all of these, and this can only be done through providing some of these services ourselves, the core services ourselves, but then at the same time, there are a few things that we don’t want to reinvent the wheel on. And that is where we partner.

JAMES: Rob?

ROB: That is a really fascinating Sidd. So, I am kind of curious, what is on your future roadmap? We have seen other digital MGA’s become full stack carriers. Not necessarily in the cyberspace, but other lines of business. Geographic expansion. Other than that, I am just kind of curious, what is on your roadmap for the next five years?

SIDD: Yeah, for us it is a really about growing our customer base and getting to our mission which is to empower every business to withstand the distal unknown. And that can only be done by expanding our product feature set within the security side, by really automating that role of a security consultant. So, most of our product is focused on that. And on the insurance side, of course, it is data play. That is collecting the security data or time collating that with any claims that we might see we have not yet, but in the future, as we see those, correlating that and getting to those statistically relevant models. We do not foresee ourselves to be a carrier anytime in the near future, because we have some great partners. Yeah, we need money.

JAMES: A lot of money.

SIDD: A lot of that.

JAMES: It is not like a little bit of money. So, what would you need? Three to one?

SIDD: More than that, I would say in cyber because…

JAMES: It had to be right. The severity is so large, right? It is like, everything is a CAT! Like what, five to one? I mean, it would be an enormous amount of capital to become a carrier.

SIDD: And what is happening right now with the SMB space. Every company is asking for really high coverage limits. And that is because of the contracts. So, you take any large company which wants to partner with any small business supplier or vendor, and the contract requirements talk about 5 million in cyber liability. So, a small business with 500,000 in revenue still has to get 5 million in liabilities. So, this drastically increases the capital requirements for a carrier. And we have some amazing partners like the Hartford Steam Boiler, and Munich Rr, so, we are fine with having them take on some of their risks.

ROB: Yeah, you are spot on. So, I think that 5 million does tend to be kind of a minimum and you are absolutely right. It does not matter how small your company is. If you do business with a large company because of the potential threat to that large company, they want to make sure that, if it is caused because of you, that you have appropriate coverage. So yeah, I think you are really spot on with that. So, we know that with the target breach a few years back, it was through the HVAC company, which is probably much smaller of course, than target being a humongous retailer. So, yeah, I think that is a great point. I am kind of curious, Sidd, what is your distribution strategy? Is it more just to kind of work with small and medium size businesses on the security aspects of it? And then you like, oh, by the way, we can sell you cyber coverage or is it more insurance first, and by the way, we have this suite of services and expertise that we offer. Maybe you can just share a little bit about kind of what your go to market strategy has been and how you see it evolving.

SIDD: Yeah. We go both routes. Because what we see is that these smaller businesses, we do not want them to go bankrupt because of a cyber breach. So, if they want insurance, then yes, we will give them insurance, but also tell them as to what they should be doing to protect themselves and get them on the platform, and then over time decrease their premiums as they get more secured. Or the other way around where quite a few of them come to us for the CyberSecurity side of things. And when they are ready for insurance, then they have it right there. But distribution for us, has very much been about direct to customer so far, but channels are still a great way to distribute CyberInsurance and CyberSecurity, whether it is through MSB’s or through brokers and that is where are heading to.

JAMES: So, let us talk about data. I want this to be our… Cause we are we are edging up on time. So, let us wrap up with a data talk. How are you gathering more information than everybody else? We talked about everybody else not gathering information. So, I looked through your partner page, you are not partnered with Palo Alto, you are not partnered with Alert Logic, you not partnered with these major IDS systems that would give you immediate Intel on intrusions and detections and auto blogs. Why not? Is that on the roadmap? Are you bringing in server logs? Are you bringing in TAC logs? Are you partnering with IDS systems? Are you jumping into the firewall? What is on the plans to actually acquire more of this data so you can make much more intelligent underwriting and renewal decisions?

SIDD: Yup. And that’s true partnership. We are partnering with some of these companies or it is on the roadmap to partner with them. And it is these integrations that will really get us that data. Right now, it is more on the behavioral side of things. That is really the company’s risk appetite looking at that. And the goal is to get that real time data from these partners. So, for example, our partners that we partner with today, but some of them you see in the marketplace as well. We have that data agreement with them as well, where we get some of that data, to understand the risk appetite and the risk of the business. But definitely, we have to partner with firewalls for 10-point prediction systems to get that information.

JAMES: Yeah. So, you are partnering and then, by partnering, not just offering a discount cause on your partner marketplace, I saw discounts. But a true data partnership where when your clients sign up for their system, you are going to get a data back feed so you can monitor what is going on.

SIDD: Exactly.

JAMES: And then ideally if they write insurance with you… Now you have a straight up non-insurance service offering where you can spend as much as $600 a month with you, getting monitored. If I am an insurance client, do I get those security tools for free or do I still have to pay for them?

SIDD: Yes

JAMES: Okay.

SIDD: No, you will get that for free. So, our starter package, everyone gets it for free during the lifetime of the policy and for the premium packages, they get a discount on those packages.

JAMES: Yeah. And so that is going to scan my web apps, provide security training, provide security, security policies, and then I am going to have cyber insurance on top of all of that.

SIDD:

JAMES: Yes. But the starter comes for free. So, I can at least scan one app, get security training for 10 team members, have some policies, and add my own stuff and get the town. It is a compelling offering. I am excited. So, where are you at and where are you going? Like roughly, whatever you can tell me. I do not want to, obviously, whatever you are comfortable saying. How many policies do you have? Where do you want to go?

SIDD: Yeah, I can’t give you all the numbers, but yeah, we have been writing insurance for 18 months in all 50 States and DC, except for the last two weeks as for the next two weeks as I mentioned, but, we have quite a few policies in the market. No losses yet. But that is the goal here, right? For just to keep the loss ratios low. And you will see some more announcements in the next few weeks, which I cannot talk about right now.

JAMES: Oh, you do not want to do an announcement on the podcast? Come on budd!

SIDD: I should have waited for two more weeks for the Podcast.

JAMES: Yeah, I can embargo this thing for two weeks so we can do it then. Oh, that is awesome. Well Sidd, it has been a really great discussion. I know I tend to dive down the technology rabbit hole. That is who I am. But I appreciate your willingness to dive down there with me and talk about it. Digital MGA’s, really, we certainly have talked to a lot of technology service providers that provide technology services for traditional companies, but there’s a whole other half pool that Rob and I talked to and that’s companies that decided to bypass being a service provider and just being an insurance company. And it is really exciting to see what you are doing. We wish you absolute a ton of success. I am excited that you are in the market. Excited you are doing what you are doing. If you wise up like so many other hundreds of thousands of Californians and decide you want to come not pay state income tax and move to the state of Texas just let us know.

SIDD: It is a very, very tempting deal so far. And that is definitely on top of the list!

JAMES: Just remember, even if you do not get an incentive from the state of Texas, it is still a 10% pay raise to move to the state of Texas.

SIDD: That is true.

JAMES: Yes.

SIDD: I married into a family that has a base in Austin, so…

JAMES: Oh! He is coming. He is coming. It is going to happen. I can feel it. I can feel it. It is coming. Yeah. Well, we look forward to having you headquartered in Austin. It is an amazing place, but regardless of whatever you decide to do Sidd, really great information. For those of you out there who want more information on this company, Zeguro – Z E G U R O. It is like the Spanish Zeguro.

SIDD: Which means security.

JAMES: Security. Yeah, exactly. You can sign up there. You can go quote insurance. You can go also, sign up for their whole security suite. If you do not want to buy insurance from them yet, you can get their security suite and check it out there. And obviously you can connect with Sidd I am sure on Linkedin and other social media platforms. Sidd, really great. Rob, of course, I do not want to shortchange you here. Any, any closing comments?

ROB: Nope. It is great to be with Sidd, love sharing about your company and excited about what you guys are doing at Zeguro. Congrats and good luck. Look forward to future announcements!

SIDD: Great. Thank you, guys. Thank you so much. Really, really appreciate you guys having me on here.

JAMES: Yeah. And if anybody out there, including Sidd, is interested in seeing a show all about quantum computing, Hulu aired to series called Devs. D E V S go check it out. It has Nick Offerman in it, who is the guy who was like my favorite character from Parks and rec, the government employee who hated working for the government, that was him. Nick Offerman is a brilliant actor. He is actually one of the lead actors in Devs. And it will blow your mind. It will make you question everything about reality. It will also make you question everything about CyberSecurity. Go check it out called Devs on Hulu. And of course, you can check zeguro.com for more information about them. Thank you so much for joining us today for yet another super fun InsurTech geek podcast. We appreciate you being here.

The InsurTech podcast powered by JBKnowledge.com is all about technology that is transforming and disrupting the insurance world. I have been your host, James Behnam with co-hosts. Rob Galbraith, endofinsurance.com. Thanks to Jim Greenly, our podcast producer and Kara Dalton-Arro our creative producer. And thank you for joining us. We are taking you on a journey through insurance tech.

So, enjoy the ride and geek out and see you next time!