In the Binoculars: Oliver Delvos, Head of International

Digital risks aren’t bound by traditional obstacles. Distance, language barriers, and cultural differences haven’t proven to be effective deterrents for cybercriminals. Time and time again, they’ve successfully adapted to our increasingly interconnected world. But the upside to globalized crime is we can apply everything we know about tech-enabled underwriting, risk assessment, and proactive monitoring to protect businesses (and combat threat actors) internationally. As long as we ensure that the right expertise is in place to meet local needs.

Meet Oliver Delvos, Corvus’s Head of International, spearheading our journey to take Smart Cyber solutions to brand-new markets. Below, we’ll discuss the future of cyber in Europe, where Corvus fits, and what makes insurance (surprisingly) interesting.

Corvus Q&A Session with Oliver Delvos:

Can you describe the current market for cyber insurance in Europe?

After two years of rate increases, pricing has definitely gotten softer but the demand is still there — especially for small to medium-sized businesses. We’ve had over 20% year on year market growth in Europe, but compared to the U.S., this is still an underserved market. 

We can see that by the data quality on our questionnaires and the security questions we ask. There is more understanding needed on what all of these things mean, and why they matter. What is MFA? Why is network segmentation important? While the market is in a growth phase, it is also in a maturing phase.

Why does it make sense for a U.S. based Insurtech to enter the market?

We are the first cyber Insurtech to bring a proactive policyholder experience to Europe. At the moment, cyber insurance here is still very defined by traditional insurance: once a year you pay the premium, you go through all of the renewal hassle, and then you get a PDF and invoice. Then, hopefully nothing happens. 

I think [Corvus] introduces a wider and more compelling proposition here. We’re bringing the Corvus Scan and the Risk + Response Team approach directly to policyholders, where we walk them through our security insights and seek to help them become more secure. We have absolute transparency. Plus, we’re fast with quoting and our prices are competitive

Other insurers are still very manual, with IT from the 1980s partially on mainframe systems that take weeks to get a quote out. We can do that in a couple of hours. We push innovation here.

Is there anything essential you want businesses or brokers to understand about cyber insurance/why it’s necessary?

I think everyone needs to understand that risk transfer strategies via insurance is an integral part  of a wider risk management strategy. People often ask: Should I invest in security or should I invest in insurance? It’s not one or the other. They complement each other. 

There needs to be an understanding that maintaining a certain cyber hygiene must  meet minimum requirements. Email and Phishing protection, patching, backups — all these essentials. We aren’t asking these security questions to make insurance painful, we just want to establish a certain baseline. We then reward the better risk. If you do your homework, you get a better price and better conditions.

Did anything specific draw you to working at Corvus?

The wider mission that we have to make the world a Safer Place; we achieve that by directly providing something beneficial to our customers and broker partners. We tell [policyholders] exactly how to make their organizations more secure.

I was drawn by the idea that cyber risk is global, but taste is local. I want to help make it fit the local market and bring an advanced future solution to a market where it doesn’t yet exist. Europe has tremendous potential, but also Latin America and Asia-Pacific.

Have you experienced any challenges introducing technology to the insurance market in Europe?

Absolutely. I think it’s a calibration and learning process. We sometimes have these results, like the Corvus Score, and clients don’t understand how we got to that result. We need to explain what our Risk + Response team does. We need to get our customers to understand that this is not just insurance — it’s a cyber risk solution. We are partners. 

The tech-first approach is new, so we spend a lot of time explaining why we do this, where it comes from, and what we can do to improve the customer journey. But we also need to adjust our technology to fit local markets and local tastes; we need to work with local brokers to write on their forms. It’s a new cultural experience for the market and for Corvus.

Threat actors have turned their attention to Europe as U.S. sanctions and security advancements have made it more difficult to target businesses here. What do you think the future holds for Europe’s approach to cyber and how can they get ahead?

I agree we need to mature into a security culture, but the EU is doing a lot of things ahead of the U.S., like the GDPR, which provides a common baseline for the entire data protection in Europe. Same applies to critical infrastructure, with the NIS/NIS2 Directive and the DORA framework for Financial Institutions. While Europeans are often too “proud" to pay the ransom, in the U.S., it’s sometimes seen as the cost of doing business. 

Based on what you’ve said, do you think that the prideful nature of Europeans makes them more wary of investing in cyber insurance?

I think we may need to explain the value of insurance and strong cybersecurity. George W. Bush called us the old world, but we like it that way. We like to craft things and we are a nation of thinkers and engineers; you need to explain how things work, like the Corvus Scan. There’s just going to be more lead time until we get to the U.S.’s outlook on cyber insurance.

What do you enjoy most about working in insurance?

Every story that you read in the newspaper lands on your desk; sooner or later. Some part of it has to do with insurance. I started in Property & Energy Claims at the same time as the Deepwater Horizon incident occurred. My desk neighbor was doing shipping and marine insurance, so all the piracy cases ended up on her desk. I worked for three years in Asia working on Nat CAT events at the same time Thailand was dealing with major floods and New Zealand with devastating earthquakes in Christchurch.

You deal with relevant, real things that have a direct impact. You open the newspapers and see ransomware surging and the war in Ukraine and all the insurance we talk about has an actual connection to the world.

What was the experience like of building a team from the ground up?

When you build up Europe you need tech, insurance, but also language and culture (I’ll have people on my team who speak all sorts of languages: Czech, German, French, Bulgarian, and Russian). I need to blend it all to build a powerful team.

What should we know about you, other than being a full-time insurance machine?

• Photography, arts, and architecture especially the “Bauhaus” school

• Despite spending 14 years abroad, I’m still keen on discovering new places around the world, and if there is time: Sailing, watersports, scuba diving (It’s been a while, but it still counts).