CoverHound CEO Keith Moore has a vision of simplifying cyber insurance sales that involves underwriting the security vendors used by insureds—a model that could ultimately allow small business customers to bind their cyber policies online.

That’s just one part of the thinking behind the launch of CyberPolicy, an online brand for cyber insurance that’s set to launch at cyberpolicy.com in July, according to Moore, who already heads up CoverHound, an online agency for auto, home and small business insurance sales with financial backing from investors that include Chubb and American Family Ventures.

“The future of cyber and small business products is underwriting the vendors that people use,” he told Carrier Management during a recent interview about the impending cyber launch. He referred to the example of a small, purely digital business operating a website. “If you have Amazon Cloud as one of your vendors, and you use two or three different SaaS companies to house your customer data, then [carriers] can underwrite against those vendors just as well as [they] can the company,” he reasoned.

“That’s going to make the carriers of the future world a lot more informed than they have been in the past,” he said, when asked about how he can stay true to the CoverHound formula of being a “trusted adviser for curated choice” to create a winning experience for engaged customers.

Moore described the CoverHound mission for personal lines and small business insurance in detail at a recent Casualty Actuarial Society conference. (See related article: Practical Tips for Disrupting Insurance Distribution). In a separate interview, summarized below, he outlined his high-level vision of a CoverHound follow-on venture for cyber.

What Motivated the Launch?

According to Moore, the cyberpolicy.com concept wasn’t always on the drawing board. “It wasn’t something that we were originally designed to do, but as we did a lot of research over the past nine months in commercial, we started to look at the various lines. Knowing the history of auto insurance being a gateway product for homeowners insurance and other products,” Moore’s team looked for an equivalent in the commercial space.

“A small BOP [business owners package] and micro BOP are important. But what are the types of coverages that people are looking for today that they feel like are not being fulfilled?

“Cyber kept coming up over and over again because people—from a consumer perspective and a small business perspective—don’t understand it.

“That’s where we said we need to build not only a comparison engine but an education engine around cyber.”

Moore views cyberpolicy.com as a good gateway into a lot of small businesses that don’t necessarily have the typical insurance coverages that a medium-sized or large business might require. “It’s a good gateway into a new customer base. It’s also an opportunity to educate and create new products for the new risks that are evolving on a monthly basis now, considering how many apps are out there and…all the data that’s floating around on a digital basis.

“There’s so much that’s being created quarter over quarter now from an innovation and technology standpoint that cyber has to be an evolving product, and [there has to be] an education product to get in front of that.”

Moore believes that no single carrier is up to the task. Instead, “the combination of a bunch of really good carriers” could be the best way to get cybersecurity education started for small businesses.

Is This CoverHound for Cyber?

Moore describes CoverHound as an online agency where customers can directly put in some information and then get back a limited choice of bindable quotes for auto and homeowners insurance. He believes cyberpolicy.com can work in a similar fashion.

“We think about it [cyber] that exact same way. We still want to maintain our core value proposition of being a trusted adviser for curated choice…People need to understand what they’re comparing, and then even after you show them three or four really good options, they still need to understand” how to make the selection.

“We try to avoid having too much comparison to overwhelm somebody. But [there’s] enough to let them know that we’ve done our homework, and we’re giving them insight into which is the better,” Moore said.

He said that an underlying idea behind cyberpolicy.com is that insurance is only one part of a three-part need. When somebody’s considering cyber insurance, they first need to have a cybersecurity plan in place.

That’s the first item that the website will address: “How do you create a plan?”

Next, “what cyber prevention tools are out there” to help the business be more secure?

After helping the small business to create a plan and then find the right vendors to work with them—”whether it’s a large security firm or a small security software offering”—then they need insurance to complete the protection plan.

Right now, anyone clicking on cyberpolicy.com sees just a few words that summarize the approach: “Securing Your Digital World” and “Plan. Prevent. Insure,” the site says. “Coming Soon from CoverHound.”

“They’re all three equal in my opinion—the plan, the partnership and the insurance,” and Moore said that a key goal is to have all these pieces working together. “Right now it’s very fragmented. You’ve got insurance operating independently of all these great security companies that are out there. And then people are creating plans independent of those two. If you can bring those three things together, it should be a better experience, especially for a small business,” he said.

For Moore’s team, “partnerships are an important piece” of the puzzle. “We don’t necessarily consider ourselves being the leading expert on [building] a secure platform or anything of that nature. But we do know how to partner with people that do know how to do those things,” he said.

An Industry First?

If others have tried to sell cyber insurance online to business customers, it’s news to Moore. “If there’s anything that exists on the Web today, it’s not showing up in my Google searches,” he said. “That’s why we feel we’re adding really a tremendous value,” with something that’s very unique, he said.

A Carrier Management review of information supplied by Insurance Journal and MyNewMarkets.com (sister Wells Media publications) reveals that there have been other forays into online cyber insurance sales on the commercial lines side. (See these articles for recent examples, DUAL Commercial Launches New Online Cyber Program; Schinnerer Launches New Cyber Protection Package.) For the most part, however, existing websites seem to operate like managing general agents and wholesalers with lengthy applications for retailers to complete—some with up to 60 questions about encryption, outsourcing and types of PII (personally identifiable, among others) on the commercial side.

While Moore concedes that cyberpolicy.com may operate as an MGA in some situations as it works to get more carriers on board with the launch, a simple application process will set this apart for business customers and agents.

If a customer comes to cyberpolicy.com without security tools and signs up with a security vendor on the site, the information will feed into the insurance application, Moore affirmed.

“That’s the goal. It won’t have 100 percent of what we expect it to be when we launch in July, but it’ll be the alpha of what we want to have—a full quote-to-bind opportunity—by then.”

While Moore is seeking more carrier partners, he said he has commitments from a handful already. “We may have to function as an MGA for some of these policies and as an independent agent for the rest,” he said, noting that the dual approach gives CyberPolicy an opportunity to work with a much broader base of insurance companies.

Having the capability to insure and offer security services to all types of small businesses is the goal, but Moore noted that classes will likely be phased in over time. “We want to cover as many classes as possible for each of the carriers that we represent.”

“We probably won’t have 100 percent to start, but that’s part of the learnings that’ll come through the platform during launch.”

A Proven Model

Moore expects that the features of CoverHound that have allowed the online platform to grow in personal lines will be the keys to success for cyber as well.

“We’re definitely trying to duplicate the things we know we do well,” including customized digital engagement and the kind of consumer experience that shoppers come to expect from Amazon and Expedia—where prices don’t change between the time items are added to carts and the time of checkout. Another key component is curated choice, something Moore explained at the CAS meeting with the simple phrase “shoppers like you are making decisions like this.”

He admits that there were some hurdles in moving from personal to commercial lines initially. “We’ve hired some actuarial people internally, and product people from various companies for commercial specifically. I would say that would’ve been a challenge a year ago, but now…we have as much expertise in house in commercial that we do on the personal side,” he said, when asked if there have been any challenges to overcome.

But what about the challenge of creating a winning experience for small business customers around a line of insurance with a confusing array of coverage parts—liability, business interruption, credit monitoring and notification, among them?

Moore, who was once an executive for IAC/InterActiveCorp., which has had ties to online lender Lending Tree, pointed to the online lenders’ use of situational marketing as a model for educating customers.

“When you think about auto today, I don’t think consumers know any more about auto today than they knew 20 years ago.” But carriers make billions of dollars selling auto insurance online, he noted.

Referencing Lending Tree’s success with educational advertisements that spelled out “how does the process work and what to expect next,” Moore envisions engaging cyber customers on the nuances of privacy, liability and the data breach coverage in a similar way.

“How do I know if I’ve had a data breach, and if I do know it, what are some of the liabilities that I have as a result of that? What can be covered? What’s not covered?” Those are some of the questions that the CoverHound team plans to focus on initially in building cyberpolicy.com to cut through the complexity.

What About Carrier Engagement?

Moore said that while a business person knows the ins and outs of his or her business—”a baker knows how to make great pastries or bread”—that business owner won’t naturally know how to keep its database of customers secure. “That’s where we feel like we can not only help them but then insure them against [consequences] if something does go wrong.”

But will insurers, who at one point in the history of cyber insurance were requiring full upfront security reviews and who to this day require agents to fill out applications with 50 or 60 questions, be receptive to Moore’s idea of underwriting the security vendor?

“They’re comfortable with the concept, but as with all things insurance, and even in technology, it all comes with data. The more data we can consume, and make that actionable data for our carrier or even one of the security partners, that’s where the true trust comes in—with more data.”

Asked about the possibility that carriers might come in with higher prices because they’re getting less information than a standard underwriting process would provide, Moore said it could be a challenge. “I’m not necessarily seeing that so far today, but it could be—because it is such a new type of product in its very early stages.”

As for the benefits for carriers, Moore said the opportunity to sell through cyberpolicy.com could provide them access to new customers that they otherwise would have a really hard time capturing.

“We’re not trying to create a new channel. Whether it’s direct business for a carrier, or an independent agent channel, or MGA, we just want to be able to have a better educational tool, specifically for cyber, for small businesses,” he said.