SecondSight’s Reuben Vandeventer on Improving Cyber Exposure Data Sharing
In late March, Risk & Insurance caught up with Reuben Vandeventer, CEO of SecondSight. What follows is a transcription of that discussion, edited for length and clarity.
Risk & Insurance: What are the main issues facing the cyber insurance market today?
Reuben Vandeventer: The cyber insurance market faces a myriad of problems. Firstly, it’s a relatively new line of insurance that’s still in its infancy. As a species, we haven’t invented a new insurance line in the modern era, so it’s uncharted territory.
Secondly, the market is forming at a time when we’ve had multiple step-function improvements in technology, most recently with AI. While we’ve been working on AI for 70 years, recent breakthroughs have allowed us to think about and look at things differently.
Thirdly, there’s a generational gap between the chief underwriters and chief risk officers at the top of the largest carriers and reinsurers, who are closer to Baby Boomers than Gen X. This new line of insurance requires a different approach, which can be uncomfortable for them.
One of the most glaring issues is that the cyber insurance market is not behaving like an efficient market. In 2019-2020, when we launched our company, we observed that the reason for this inefficiency was the lack of information symmetry. Buyers and sellers don’t have the same amount and type of information, resulting in either a massively hardening or softening market, with no “just right” moment.
In 2021, we saw coverage limits come down by 50% and premiums double in a single quarter, only to whipsaw back in the opposite direction two quarters later. Until the market behaves like a real market, it’s hard for smart money to put capital into it and for capacity to remain engaged.
Our mission is to help the cyber insurance market become a real market by focusing on information asymmetry and ensuring that all parties in the value chain have the information they need. We’ve realized that to solve this problem, we need to create user experiences that are bespoke to each persona in the value chain. Only then can we collect and present information in a way that each human can interact with.
R&I: What are the significant challenges in gathering the right amount and type of information to make sound underwriting decisions?
RV: Gathering the necessary information for underwriting is a complex challenge. Consumers and business owners are often hesitant to share sensitive data, especially during critical periods like fundraising or mergers and acquisitions.
Moreover, businesses use a wide variety of software and technology, making it impossible for a single telematics solution to magically find everything. Human interaction and prompting are still necessary to guide the process.
The current approach is to gather as much information as possible outside the firewall and explore inside if the customer allows it. Our user experience integrates these concepts, recognizing that it’s a nonlinear problem. We start with light, TurboTax-like interactions to gather initial information from the user.
In parallel, we employ deep learning and transformer architectures to read and extract concepts from various sources, such as websites, blog posts and social media. This allows us to make predictions about their technology usage, which dynamically generates the next screen in the user experience.
As we progress and gain more insights, we may ask for permission to install an AI tracker in their environment, like Office 365, to monitor content and provide free privacy exposure alerts. By this point, the user experience has built trust, unlocking opportunities to collect more empirical evidence on their risk position.
R&I: What are your thoughts on the systemic issue of data-sharing in the insurance industry, not just from the perspective of insurance buyers and risk managers but also from carriers?
RV: The reluctance to share data is a pervasive problem in the insurance industry. It’s not limited to just one group; insurance buyers, risk managers and carriers all struggle with this issue.
Carriers, in particular, are often accused of not sharing data. This lack of data-sharing can lead to inefficiencies and missed opportunities for collaboration and innovation within the industry.
To address this systemic issue, there needs to be a shift in mindset and a willingness to embrace greater transparency. By fostering a culture of data-sharing, the insurance industry can unlock new insights, improve risk assessment and ultimately provide better services to its clients.
R&I: What unique opportunities do you see for SecondSight in the insurance industry?
RV: Many Insurtechs can’t offer their innovative SaaS capabilities as a subscription to other industry players due to channel conflict. This is where we see our opportunity.
The success of some Insurtechs in reducing loss ratios has opened the eyes of carriers that were previously resistant to technology. We’re currently working with a top-20 carrier, one that’s as old-school as they come, and they’re eager to have the capabilities of the top Insurtech MGAs but don’t know where to start. They’re now open to ideas that they wouldn’t have even considered discussing with us a year ago.
R&I: What is the key innovation that SecondSight has developed to help brokers and carriers in the cyber insurance market?
RV: SecondSight has developed a vertical AI system to modernize and streamline the relationship between customers, brokers and carriers in the cyber insurance market. Our key innovation is a deep learning system that trains on risk behaviors and characteristics, which can be safely exposed as metadata to the markets, and that shapes the user experience in real time for whatever kind of human is interacting with the screen — a truly adaptive user experience.
Our vertical AI system includes an underwriting workbench with an analytical copilot experience we call Exposurescape. It models digital assets across an entire portfolio, identifies vulnerabilities and overlays pricing information. Exposurescape enables carriers to perform catastrophic modeling for cyber insurance, similar to what has been available in the property insurance market for decades.
Exposurescape is designed to be user-friendly, with point-and-click functionality and visual representations that can be utilized by cyber teams at the carrier level, even if they don’t have advanced mathematical or data science backgrounds. This innovation is generating significant interest, particularly at the reinsurance level, as it provides a much-needed capability for leveraging AI and understanding portfolio-level risks in the cyber insurance market. The Exposurescape copilot not only aids in identifying emerging risk patterns within the respective portfolio but also facilitates a transition from observation to the implementation of new underwriting rules, making price adjustments, limit adjustments and modifications to the pass-through renewal policy in minutes rather than months.
R&I: You mentioned that your platform has facilitated the binding of coverage with 27 of the top 30 insurance markets. Is that correct?
RV: Yes, that’s correct. Our platform, SecondSight.ai, has successfully facilitated the binding of coverage with 27 of the top 30 insurance markets. This achievement demonstrates the wide acceptance and trust that leading insurers have placed in our technology and its ability to streamline the underwriting process.
By leveraging our AI-driven platform, insurers can efficiently evaluate risks, tailor coverage and bind policies. This not only improves the speed and accuracy of the underwriting process but also enhances the overall customer experience.
R&I: What was the timeline for developing and launching the feature set that enabled a top-five broker to access the capabilities they required?
RV: The feature set in question went live in August, giving us the opportunity to build out the necessary capabilities for a top-five broker who wanted to leverage their relationships. Since the general availability release in August, a handful of the top ten brokers have begun using these features.
R&I: How does SecondSight’s approach align with the idea of being a seller of risk more than being a buyer of insurance?
RV: Thinking of insureds as sellers of risk rather than buyers of insurance is interesting and aligns well with our approach at SecondSight.
In establishing our design patterns for the Company Workbench product, we realized that the modern CFO needs the ability to understand their digital balance sheet. They also need to understand how insurance helps to hedge the off-balance sheet liability that exists in the form of various digital risks to and within their business — from cyber to privacy to silent AI, among others.
This enables them to make informed decisions about which risks to retain, which to transfer through insurance and which to mitigate through other means. Ultimately, this shifts the mindset from simply purchasing insurance to being more aligned with how modern CFOs, owner-operators and entrepreneurs behave in their day-to-day operations of digital asset management, where they can sell risk through hedging strategies just as they do with physical assets.
R&I: What’s the most memorable line you’ve heard recently regarding AI and its potential impact?
RV: I recently came across a nuanced perspective that really resonated with me: “AI is not just about replicating human intelligence, but about augmenting and enhancing it in ways we have yet to fully comprehend.”
This line captures the essence of AI’s potential to revolutionize how we approach problem-solving and decision-making. Rather than simply mimicking human thought processes, AI has the capacity to offer unique insights and solutions that complement and expand our own capabilities.
It’s a reminder that the true power of AI lies in its ability to work alongside humans, not replace them entirely. By leveraging the strengths of both artificial and human intelligence, we can unlock new possibilities and tackle challenges in innovative ways.
R&I: What is the key message you are trying to convey to your target audience, particularly the CFO persona, and how does it relate to their ability to better evaluate risk?
RV: When we delve into the CFO persona, they inherently understand the concept of risk evaluation from a financial perspective. However, the challenge lies in the CISO’s inability to effectively translate cybersecurity risks into the language of finance.
CFOs grasp the importance of assessing risk, but they often struggle to comprehend the technical aspects communicated by the CISO. This disconnect hinders the CFO’s ability to accurately evaluate and manage cybersecurity risks within the broader financial context of the organization.
Our message aims to bridge this gap by empowering CISOs to articulate cybersecurity risks in financial terms that resonate with CFOs. By providing tools and insights that facilitate this translation, we enable CFOs to make well-informed decisions and optimize their risk management strategies.
R&I: Is there anything else you’d like to share about SecondSight that we haven’t covered in our discussion so far?
RV: I think one key aspect to highlight is our commitment to responsible AI development. At SecondSight, we firmly believe that, as AI becomes more advanced and ubiquitous, it’s crucial to ensure it is developed and deployed ethically.
This means prioritizing transparency, fairness and accountability at every stage. We have robust frameworks in place to identify and mitigate potential biases in our models.
Moreover, we place great emphasis on data privacy and security. Our clients entrust us with sensitive data, and safeguarding that information is paramount. We employ state-of-the-art encryption and access control measures to ensure data remains secure.
Ultimately, our goal is not just to deliver cutting-edge AI solutions, but to do so in a manner that promotes trust and aligns with societal values. We believe this ethical approach is essential for the long-term success and acceptance of AI technologies.
R&I: What is the key to properly assessing and modeling the risk in the cyber insurance market, and how can insurers and reinsurers overcome the challenges posed by the evolving digital landscape?
RV: The cyber insurance market will continue to evolve and mature as insurers chase the risk and potential profits. The key to properly assessing and modeling this risk lies in creating an antifragile system, as Nicholas Taleb’s work suggests.
Currently, the main challenge is a missing information problem. Until carriers and reinsurers gain a better understanding of the software powering businesses, they won’t have the granularity needed to identify the black swan events within their portfolios.
In today’s increasingly digital world, the majority of a company’s revenue-generating assets are on the digital side, rather than the physical factory floor. To accurately assess true catastrophic portfolio risk, we need to apply GAAP and international accounting standards to digital balance sheets, and how assets and liabilities are discovered, classified and measured, just as we do in the physical world.
The misconception among chief underwriters and reinsurance players is that collecting this data is impossible or requires human intervention. However, this information can indeed be collected, and failing to do so is at minimum a management oversight.
Overcoming the fear or belief that gathering this data is impossible is crucial for the industry to properly assess and manage the risks associated with the evolving digital landscape. &