Smart Cyber Insurance and The Evolution of Cyber Risk

Massive retail data breaches, state-sponsored malware attacks, and the mishandling of sensitive information by the world’s largest companies have kept cyber risk in the headlines for the greater part of the last decade. Digitization has forced even smaller organizations to consider a wide variety of both internal and external threats to data security. The self-contained enterprise is a thing of the past, as more companies rely on third party vendors for services related to data storage, web hosting, IT security management, logistics and more. While these providers have allowed companies to operate more efficiently, cyber exposures have increased as a result. It’s no wonder cyber liability coverage has received much of the recent attention in the commercial insurance world.

Nearly 15 years ago, the earliest versions of stand-alone cyber policies would only cover third-party liability arising from the wrongful release of confidential information. Expenses related to first-party breach notification costs, digital forensics, data destruction, and contingent business interruption were not typically addressed. Not only was the coverage limited, but the underwriting process was arduous as insureds were forced to complete lengthy applications, supplemental questionnaires, and teleconferences to discuss the details of their IT security. Carriers offered few proactive risk management services, forcing insureds to incur additional expenses if they needed guidance on IT security best practices.

While insurers have made progress broadening the scope of cyber coverage, unfortunately many of the outdated methods of underwriting remain commonplace and carrier loss prevention advice is often inadequate.

At Corvus, we take a vastly different approach to underwriting and risk management. We believe in leveraging the best technology to assist our policyholders proactively address cyber risk. Rather than relying on prolonged applications with limited value, we use non-invasive web scans as part of the underwriting process and we provide our customers with meaningful insight into their IT security performance. At the time of quoting and throughout the policy period, we deliver a detailed analysis of the insured’s security operations with concise, risk-prioritized recommendations to resolve critical vulnerabilities. We red-flag IT supply chain issues and we offer meaningful business intelligence reports to insureds that are serious about confronting cyber risk head-on. Policyholders have access to a number of resources to help strengthen their IT security posture, including sample IT security policies, online privacy training, and a directory of pre and post breach experts. We call this process as Dynamic Loss Prevention™.

More precise underwriting means improved coverage and competitive premiums as well. Insureds with the strongest IT security controls are eligible for broad-form first and third party coverage, including extensions for blanket contingent business interruption triggered by cyber perils, system failure, reputational loss, social engineering, ransomware, and much more.

Our mission at Corvus is to arm commercial insurance brokers and our policyholders with the best available tools to tackle cyber risk from all angles. A modern and dynamic solution is required to address a constantly evolving risk landscape. This tech-enabled, holistic approach to risk management is what we call Smart Cyber Insurance™.







We Built the First Commercial Insurance Policy Powered by the Internet of Things (IoT)

…And why it’s not all about the IoT

Corvus Insurance, a tech-enabled MGA, was founded in early 2017 in order to leverage existing technologies and data that might be used to predict and prevent commercial insurance claims. Putting this data to work can greatly improve underwriting, loss control and claims outcomes while driving down the overall cost of risk to organizations. Corvus hopes it will make the world a safer place.


Corvus, comprised equally of veteran tech and insurance leaders read the same tea leaves that were available to everyone in the commercial insurance industry in the past few years. Data is everywhere and expanding exponentially. Experts and futurists all predicted that IoT data would empower new innovation in insurance. Incumbent insurers are as aware as any tech startup about this opportunity. A recent LexisNexis survey reports that 70% of top insurer executives think having an IoT strategy is important while 79% report that they don’t have an IoT strategy. Why did it take this long to happen and how did a little startup pull it off?


At first it is difficult to understand why no other insurer had demonstrated success in IoT. Data from sensors can be used to predict the likelihood of a claim if the data measure a precurser to a major type of claim (pressure from the weight of snow on the roof) or if they can measure and respond on the spot to slowly developing claims (think water leaks). Given that data, Corvus could select it s customers and price its commercial products better than competitors. And, Corvus could use the data to warn customers about impending or more likely claims, something we now call Dynamic Loss Prevention™ to bring added value to customers by helping them to act to prevent claims from happening. We could even use the data to provide benchmarking and other business intelligence as a differentiator. So, how did the journey take shape?


We started by looking at use cases (that’s the tech vocab) for causes of loss. We tried to answer the question: What causes of loss are monitored by sensors with data collected? That was easy, sensors are indeed everywhere – in vehicles, on machines, on HVAC systems, security systems, temperature sensors, light sensors, and water overflow sensors. That is part of the problem, sensors are in too many places to start to narrow the search.


So, we decided to start at the other end of the problem. We asked the question: what industries had a lot of claims that might be predicted by sensors? While we could find some use cases in liability insurance most were related to property insurance. Still, lots of industries share the same set of common losses – theft, fire, temperature, collapse. Our initial focus was on buildings since they sometimes had integrated systems for a combination of insurance perils like theft, water leakage, and fire.


We contacted numerous large sensor companies and some niche players, as well. They all seemed aware of the opportunity to use data to predict and prevent insurance claims. They were willing to work with a startup like Corvus, too (perhaps because we had funding from Bain Capital Ventures). We started to negotiate terms, it all seemed great. Except for one thing. They would not give us the names of their customers, and it seemed we could not guess at that since most of them had modest market shares. If we presented an IoT empowered insurance product to brokers and told them it was good for any building owner that had sensors from company A, the brokers would quickly retort: how will we know if my client’s building has sensors from company A, they only represent 10% of the market so I will be wrong 90% of the time. Worse, most of the use cases lacked even rudimentary data to predict which data scores are predictive of claims. Back to the drawing board.


That forced us to think narrowly. What industry bought a lot of insurance for a significant risk that could be predicted by data from sensors? We eventually found our way to the market leader for temperature sensors for food and pharmaceutical goods – the major cause of loss for goods in transit for these companies was spoilage. And they measured the temperature of the goods frequently, not for insurance purposes but for regulatory reasons. Finally, time to roll up the sleeves.


In April of this year, we launched Smart Cargo Insurance™ coverage to insurance agents and brokers and their clients in the Food and Pharmaceutical industries. We are quoting and binding business. While it is too early to declare victory, we achieved a small milestone for the insurance industry. The first commercial IoT-based Insurance policy.


Not only does the policy allow us to better price risk, it also allows us to identify accounts with the lowest risk factors. And we respond to that by offering broader coverage, particularly around the spoilage peril, to accounts with high scores. We don’t stop there, however, since we use ongoing data from the IoT sensors to inform us about trends for our insureds, providing them with Dynamic Loss Prevention™ reports that can help prevent a claim. And we use minute by minute shipment data to enhance our subrogation rights, allowing us to reduce cost for us and the policyholder.


But, what we learned along the way is that our model, our playbook if you will, is just as applicable to any new source of data. So, while building a IoT policy is a happy milestone for Corvus and the insurance industry, it has exposed us to thinking about other sources of data to inform underwriting, loss control and claims, all to benefit the policyholder and their broker.

Using Cargo Temperature Data To Prevent Future Spoilage

Smart Cargo Insurance™ from Corvus uses temperature stability data, collected for decades for shipments of food and pharmaceutical products, to predict and prevent the major cause of Cargo Insurance losses for these companies – spoilage. We do that by comparing the temperature stability of an insured’s shipments against that of hundreds of thousands of shipment data points. We produce a relative risk score that we share with broker and client. Corvus delivers this information on its CrowBar data platform.


For insureds that have the best scores, i.e. the highest temperature stability, we offer lower prices and broader coverage on an otherwise standard, broad global Cargo Insurance policy underwritten by Argo Insurance Group (Best’s rated A, XIII). But the Corvus experience does not end there


During the policy period, we monitor new information from ongoing shipments. If we spot negative trends, we inform broker and policyholder with actionable recommendations generated by the CrowBar. We call this ongoing digital inspection service Dynamic Loss Prevention™. It is unprecedented in the insurance industry. In fact, Smart Cargo Insurance is the first IoT (Internet of Things) based Commercial Insurance policy ever!


We also analyze the temperature stability data to determine other patterns that might be predictive of claims. For examples, we break down the temperature stability readings based on shipment source and destinations. In that way we are able to help an insured see “near misses” of spoilage in order to use that information to improve its internal processes. This form of Business Intelligence is all driven by our software tools.


Risk scores. Dynamic Loss Prevention™. And Business Intelligence. That’s why we call it Smart Cargo Insurance.

The Story of Corvus

Corvus Founder & CEO Phil Edmundson did not expect to be starting another insurance business. After successfully launching and exiting several insurance businesses focused on technology companies, Edmundson thought he would become an angel investor in what is now called InsurTech.
Instead, after a year reviewing 100+ InsurTech startups and investing in a half-dozen of them, Edmundson came to the conclusion that the opportunities for digital tools and data platforms were not reaching medium to large-sized commercial insurance brokers and customers. “My former colleagues and clients weren’t seeing the benefits that had started to reach personal and small commercial lines insurance markets”, he noted. “After many conversations with brokers and venture investors, I became convinced that there was a huge opportunity to help the brokers and buyers of commercial insurance”.
The barriers to commercial InsurTech innovation are significant. First, the underlying insurance products are more complicated than many tech entrepreneurs had the time or inclination to analyze. Easier missions are available for insurance products that tech entrepreneurs recognized from their own buying experience. Second, distribution was a barrier. Commercial insurance buyers of any but the smallest size want the help of their insurance broker. Yet most InsurTech entrepreneurs dislike brokers. Early efforts such as those of Zenefits were seen as a threat to brokers and the initial success of Zenefits kept the focus away from possible partnerships with brokers. (Zenefits has smartly changed its tune on its go-to-market strategy and now works with brokers). Edmundson saw the opportunity to leverage his experience working for start-up and global commercial insurance brokers focused on the tech sectors as an opportunity to provide broker partners with the confidence that Corvus would be their partner rather than a threat.
Next came the identification of novel sorts of data that could predict and prevent insurance claims. “Connecting to predictive data is just like having a safety inspector inside every shipment, auto trip, or online activity,” he noted in regard to the Corvus strategy to empower brokers and policyholders with risk scores that inform and direct risk management in order to lower the overall cost of risk.
Finally, brokers and their clients deserve an effective and helpful online experience. So, Corvus built a great one. It allows brokers and policyholders on-demand access to policy information, claims reporting, loss prevention recommendations and business intelligence.
Together with a team of top-flight tech leaders in Mike Lloyd and James McElhiney, the company is building tech-enabled commercial insurance products with novel data sources and its digital platform for commercial insurance brokers and their clients. That is why Corvus is InsurTech. For You.

Insurance as a Force for Good in the World

I have been fortunate to be in the world of insurance, developing insurance products for new technology companies in industries including life sciences, software, internet, and renewable energy. With the help of brilliant and thoughtful colleagues, my previous company had successfully helped large and small technology organizations around the world manage the risks inherent in new technologies and operating businesses.

In 2003, I took a year off from my role as CEO to attend a mid-career program at the Kennedy School of Government at Harvard. As happy as I was to attend this year-long program, I was more than a bit intimidated by the accomplishments of my mid-career classmates. One had been a member of Congress, another a leader at Save the Children, another a founder of a women’s shelter, yet another a captain in the US Army. And me, well I was serving as a small town’s elected leader, but compared to my classmates, I felt immensely out of my league being mainly an property & casualty insurance executive.

At the end of the first day of orientation, I found myself sitting with a classmate, one of those persons with a kind ear, to whom I rather freely admitted my insecurities. I must have said something like, “you guys are all engaged in work that is so much more important to the world than me, running an insurance brokerage firm”. Maybe it was just the beer talking but I really did feel out of my league. While I can’t even tell you the name of that classmate today, I will never forget his message. A state legislator, he said something like: “you totally underestimate the importance of insurance. In government, insurance is another way of expressing our collective goals for each other, goals of financial security for families, the disabled, and seniors. In business, the fair functioning of responsible parties in commerce. As a percent of the overall federal budget, when you combine Medicare, Medicaid, Unemployment, Social Security, Workers Compensation, and the like, there is no bigger collective expenditure that we make as a society.” That was my denouement to the idea that insurance could be a force for good in the world. I remember feeling my shoulders pull back a little, a dose of self-respect had entered my being.

Over time, I became obsessed with finding examples of how insurance, particularly my main field of insurance, property and casualty insurance, could be a force for good in the world. Certainly, I understood that liability insurance, for example, could be seen as an essential element in providing security to landlords and customers. There is comfort in knowing a business would have the backing of a large insurer should their business operations cause harm from something as simple as a trip and fall or something more complex like product liability.

Some examples of “Insurance as a Social Good” are more reactive than proactive, but still powerful indeed. Slumlords with devastating lead paint peeling off their walls were forced to clean up their acts when insurers refused to offer liability insurance without proof of de-leading.

The Catholic Church and similar institutions certainly found religion around sexual misconduct in part due to the unwillingness of commercial insurers to offer them any more liability insurance without a big clean-up of their sexual misconducts. Today, sports leagues are being forced to address the long-term impact of CTE and concussions due to the unwillingness of their insurers to continue to pay claims. We can hope that the Federal Flood Insurance program might be changed to follow this strategy of incentivizing development only in less flood-prone areas, if policymakers get it right.

But, I didn’t fathom insurance’s possible social purpose fully until I read the obituary of a friend’s father, an insurance agent in a safe quiet suburb, who made it a point in his career to cajole large insurers to offer liability insurance to minority business owners in the inner city of Boston. His effort helped those business owners to get a lease for their storefront businesses and to help restore neighborhoods in the 60’s and 70’s.

Reacting to bad behavior by making insurance fair is one powerful tool. Promoting good results proactively is quite another. So, I set about looking for ways to build insurance products that reflected a higher social purpose and that made great financial sense, as well.

Bad things happen in the world. Roofs collapse, shipments of food spoil, drivers are too aggressive, cyber thieves are proliferating, sexual harassment certainly hasn’t gone away. While businesses and individuals can buy insurance against these risks, that passive response is no longer an acceptable strategy to make the world a better place. And, as with so many other aspects of our lives, there is a whole new set of technology tools that can promote active risk management responses by harnessing data that was previously difficult or impossible to collect.

Today, with an app on a phone, we can measure, gamify and improve the driving behavior of commercial drivers by scoring their braking, acceleration, and even their distracted driving behavior from cell phone use, which is causing the first bump in accident and death rates in my lifetime. With sensors on building roofs and cargo shipments, we can anticipate collapses or spoilage, and in turn intercept the problem before a claim occurs. We can detect the likelihood of litigation by examining social media and big data sets in ways that reveal trends that typically cause lawsuits, and destruction.

Harnessing this data requires a mission to make the world a safer place. Insurers, who pay the costs when bad things happen, are uniquely situated to leverage new forms of data to proactively put technology to work in order to make the world a safer place. Corvus exists to turn that mission into a reality.