Trium Cyber is the industry’s first Lloyd’s-approved company to provide mono-line cyber coverage for U.S. risks. Launched in January 2023, the full-stack surplus lines insurer has joined the ranks of new entrants to the cyber market and those existing carriers that have expanded their market share over the past year.

While it’s an attractive prospect as premiums have skyrocketed, rates more recently have begun to moderate. Indeed, cyber insurance pricing increases moderated to 28 percent in the fourth quarter of 2022 compared to 48 percent in the third quarter as new entrants to the market increased capacity, according to Marsh’s recent Global Insurance Market Index.

Nevertheless, Josh Ladeau, CEO of Trium Cyber, isn’t worried that the new capacity will again drive prices down to unsustainable levels because cyber underwriters are very aware of the possible systemic exposures and need to keep rates above the cost of risk.

“The market has really shifted. I don’t think it’s just a temporary rate correction. There is an acknowledgement across carriers and reinsurers that the rate levels of a few years ago were not sustainable and would give us significant difficulty if there are major industry cyber events,” said Ladeau in an interview with Insurance Journal.

“There will be some price fluctuation over the year, but I think there is enough understanding of the aggregate nature of the exposure, as well as the frequency and severity of attritional claims.”

Even at the reinsurance level, there has been a significant pullback, as concerns over aggregate exposure grow, he said. “Reinsurers have looked to cap losses at a lower attachment level. So, even as you see the direct insurance portfolios growing, there has been some level of contraction in terms of the loss caps available in reinsurance treaties.”

Ladeau noted that industry players are very aware that rampant growth and over-competition isn’t healthy, especially given the spike in cyber loss ratios in 2020, he emphasized.

“Despite top-line growth over the years, the cyber insurance market has experienced significant challenges at all points of the value-chain,” said Trium Cyber on its website.

According to Swiss Re, a main driver of cyber insurance market growth has been rising frequency and severity of cyber attacks, which have raised awareness of the risk. “In the U.S., the largest cyber market, premiums grew by 74 percent in 2021. Standalone policy premiums increased 92 percent, driven by rate increases after ransomware incidents led to a spike in loss ratios in 2020,” said Swiss Re in its report, titled “Cyber insurance: strengthening resilience for the digital transformation,” published in November 2022.

Swiss Re said the cyber market has immense growth potential because most losses are uninsured. “Given estimates of annual global cyber losses at $945 billion [according to a report from McAfee], nearly all of the risk remains uninsured,” said Swiss Re, noting that one estimate from the Geneva Association puts the protection gap at 90 percent.

Focus on Larger Insureds

Unlike some of its competitors that prefer covering small- and medium-sized enterprises (SMEs), Trium Cyber focuses on large businesses with more than $1 billion of revenue, with robust security postures.

“Historically speaking, that has served us very well in terms of performance relative to the industry,” Ladeau said.

In the large market segment, there is a greater emphasis and investment in security and their IT redundancies—or their ability to use secondary and tertiary solutions in the event they have a cyber incident, he said. “Some businesses have the ability to run their systems offline, allowing them to maintain business operations even during an outage.”

Some organizations have multiple layers of redundancy, so if a major provider goes down, “they can fail over to an additional provider.”

On the other hand, small businesses are one of the more difficult areas in the market today, he cautioned. “I don’t know if there’s yet enough rate in the small business line. Obviously, time will determine whether that’s the case.”

Smaller businesses with homogenous networks, standard tools and systems, and much less investment in security technologies are more likely to be affected if there’s a systemic or aggregated event, he said.

Many of these smaller companies do not employ a chief information security officer (CISO) and have outsourced their IT and IT security, he continued. Their knowledge and control over their cybersecurity is likely to be less than it is for the middle market, while the middle market, in turn, also has less rigorous controls than large market customers, he said.

In addition, there are a lot more SMEs than Fortune 1000 companies. As a result, if the limits are aggregated across all those smaller businesses—which in the U.S. number in the millions—the cost would be much higher than for the Fortune 1000 companies, even with the higher limits purchased by big companies, Ladeau added.

“As you move upstream and get into the large market on any individual risk, there is more loss potential on that account, on an individual account basis, because they buy higher limits.” That potential downside is more than offset by stronger controls and established redundancies, supporting segment profitability, he explained.

Swiss Re estimates that the total claim arising from a cyber incident targeting an SME is in relative terms three times more than for large corporations, with forensic costs typically ranging from $20,000 to $100,000 for a firm with turnover of less than $50 million.

Downstream Exposures

In the underwriting process, downstream technology dependencies are examined closely because they can create exposure to systemic events. “We develop an understanding about who is reliant on what technologies and to what degree they’re reliant, and then we position our book around that.”

One notable example of downstream aggregated exposure can be found within the airline industry. Ladeau said about 40 percent of airlines use one type of booking technology, or at least have that technology as one of their core components for booking, which increases the aggregation potential. “But shared dependencies like this can be found across various industries such as healthcare and financial institutions.”

Individual risk selection involves assessment of a customer’s security posture, system redundancies, event response and disaster recovery capabilities and downtime procedures, he explained.

“With our relatively narrow underwriting focus and stringent risk selection criteria, I do feel, from a loss perspective, we have some level of insulation.”

As a veteran cyber underwriter, Ladeau knows what he’s talking about. “The only line I’ve ever written is cyber,” he said. “I’ve always been focused on the profitability of my line of business, and I’ve been able to write sustainably profitable business over the last 15 years, including the last three or four challenging years.”

After joining the startup in September 2022, he helped Trium Cyber navigate the Lloyd’s approval process to become the industry’s first monoline cyber syndicate, Syndicate 1322.

Previously, he led the global cyber platform for Aspen, and prior to that role, he was practice lead for Allied World where he developed the company’s cyber risk platform.

About Trium Cyber

Writing on behalf of Lloyd’s Syndicate 1322, using Lloyd’s “A”-rated, surplus-lines paper, Trium Cyber has the support to write as much as $50 million in gross premiums in the cyber market for 2023.

An excess-only carrier that provides cyber and technology errors & omissions cover, the company can take up to a maximum line of $10 million and will regularly deploy a $5 million line, bringing approximately $1.5 billion of new capacity to the U.S. market.

Trium Cyber uses its own proprietary underwriting methodology, real-time claims platform and complimentary cyber risk management services.

Ladeau said the company differentiates itself by being able to make underwriting and claims decisions in the U.S., which is particularly important for cyber where real-time loss scenarios are common.

This is different than third-party liability or professional liability claims where claims are resolved in weeks, months or even years, he said.

“In cyber, oftentimes you’re dealing with that claim within hours of an event happening. Being able to get involved immediately with the claim is an important factor. Being U.S. based in a time zone closer to our distribution partners and clients is a really important differentiating factor of what we do,” Ladeau added.

“The syndicate only writes through the one binder for the U.S. operating company. There is no open market business written out of London.”

While Trium Cyber might eventually provide European coverage, Ladeau said, for 2023 and for the foreseeable future, it will remain focused solely on U.S.-domiciled risks.

The company is backed by Pelican Ventures and third-party capital providers.

What’s in a Name?

The name Trium Cyber has Latin roots. Trium is the inflected form of trēs (or three), according to the company’s website.

The insurer said it provides three essential components to support its insureds, and more broadly, promote market stability and the effective management of cyber risk:

  • Proprietary underwriting methodology
  • Comprehensive risk management capabilities
  • Real-time loss mitigation services