Zeguro helps SMEs identify, mitigate and insure themselves against cyber risks.
The business was founded by Siddhartha Gavirneni and Dan Smith, two cyber-security veterans. Sidd was a portfolio consultant to Symantec and McAfee and Dan has held various security engineering roles at SMEs and large businesses, including First Republic Bank. In their previous lives, both experienced extensive problems with cyber insurance. Sidd told us, “I worked for a large business that suffered a data breach and Dan spent 3 months working on a cyber insurance renewal – these experiences made us wonder: how do smaller businesses deal with cybersecurity and cyber insurance if larger businesses can’t?”. Zeguro’s platform aims to help smaller businesses (under $100m turnover) with this issue.
Zeguro refers to their platform as a ‘virtual Chief Information Security Officer (CISO)’. It works by attaching itself to cloud-based tools used by businesses (e.g. Dropbox or Google Drive) and assessing and managing potential cyber threats (as a real CISO would do).
The virtual CISO has two main roles:
Identifying and mitigating cyber risk: Zeguro continuously scans businesses’ digital assets, identifying areas of potential cyber weaknesses (e.g. identifying that two-factor authentication is not enabled on Dropbox). If weaknesses are identified, the platform either automatically fixes the issue (e.g. changes settings), recommends fixes or provides customised training to employees. The solution depends on the issue.\nProviding tailored cyber insurance: Zeguro uses the data it collects on each business to provide tailored cyber insurance coverage that is tailored (i.e. cover and price) to meet the business’s needs. Cover is either provided by Zeguro directly (through an MGA they are setting up in the US) or by insurance partners (who have access to the data collected by Zeguro).\nSince founding in 2016, Zeguro has been busy. The business announced a US partnership with AGCS in October 2017 and is talking to insurers in Europe. Zeguro was recently selected for Startupbootcamp’s 2018 cohort.
Cyber insurance is a hot topic across the industry. The FT recently reported that a major cloud outage could cost the US economy up to $15bn. Most of the burden would fall on SMEs. A Swiss Re Sigma report suggested that the cyber market could grow at 15% p.a. over the next 5-10 years.
Unsurprisingly, perhaps, a number of cyber InsurTechs have emerged over the last 12 months, for example Bewica (launched by a former Hiscox Head of Claims), Threat Informer, UpGuard and others.
When people talk about the future of insurance, they sometimes talk about an evolution from “protect” to “predict” to “prevent”. Cyber is arguably spearheading this thinking. A cyber loss is famously hard to identify objectively and quantify and so many insurers are building service-led (rather than indemnity-led) propositions.
It is, in our view, unlikely that the insurance industry will develop the technical propositions that are at the centre of these propositions. Partnerships are needed and insurers need to be scouting actively for possible partners.