It is now harder than ever to purchase cyber insurance in the UK, with capacity being pulled back, increasing exclusions and price increases – but Coalition aims to overhaul the market at a time when SMEs need it most 

With a mission to reinvent the cyber security insurance sector, North American MGA Coalition combines technology and insurance – a culmination of its co-founder and chief executive Joshua Motta’s experience. 

Joshua Motta_Coalition blue shirt

Joshua Motta, Coalition 

In his early career, Motta started off working as a software engineer at Microsoft but has also worked for the US government’s Central Intelligence Agency, investment banking at Goldman Sachs as well as being on the founding team of Cloudflare – a web performance and security firm.

Starting life as an early-stage startup in March 2017, Coalition which gets its name from sharing risk via a group of companies that pool capital – an idea that came about due to businesses not having much support from the government and therefore having to mitigate cyber risk alone.

Coalition now serves more than 130, 000 customers and has a valuation of $5bn following a funding round in July of $250m.

The the MGA began trading in the UK i 1 September, initially it launched in North America in 2017, later launching in Canada in 2020, but is headquartered in San Francisco.

Motta tells Insurance Times: “The UK and the US cyber markets are quite similar – the UK is the second largest cyber insurance market outside the US – and adoption of cyber insurance is growing in both places, particularly for SMEs.”

This he says is because there has been a surge in losses over the past 18 months driven in part by ransomware attacks, social engineering, and fraud.

“As a result, we have seen rate increases on both sides of the pond, so the prices for cyber insurance are the highest they have ever been in these two markets. Meanwhile, the losses that insurers have faced over the past 18 months have also grown,” he says.

For Motta, most cyber-attacks are about information warfare. However, this can include physical damage when hackers tap critical infrastructure providers such as electrical grids, water facilities and rail roads.

“Cyber is another theatre of war – you have land, sea and air and cyber is the fourth domain,” he says.

Capacity pullback

Motta explains that both the UK and US cyber markets have been challenged by a pullback in capacity, leading to a situation where it is “as hard as ever to purchase cyber insurance”. 

As well as capacity being restricted, Motta believes the cyber market is also challenged by onerous terms that require controls or protective actions. There have been price hikes too - an increase of around 10% year-on-year, he notes.

These trends are “pushing cyber insurance out of affordability, particularly for smaller businesses”, Motta adds, making it ”one of the challenges for the UK and US”. 

However, cyber insurance uptake in the UK is still not as advanced when compared with the US, according to Motta. He attributes this to US insurers offering security services alongside traditional insurance - he thinks this approach has not quite taken off in the UK yet.

“That’s what we are bringing to the UK, which can make insurance more valuable,” Motta says.

Active insurance

As part of its UK launch, Coalition is touting what it calls “active insurance” to help businesses mitigate risk - this combines cyber security tools, incident response digital forensics and insurance coverage.

For example, these policies will tell the insured if they have downloaded malware before it has the chance to develop into a serious cyber attack.

“We are continuously monitoring security to prevent losses from happening,” Motta says.

This approach has so far worked in the US. He explains that cyber claims frequency, as reported by US-based insurers this year - excluding Lloyd’s - is 5.9%. Over the same time period, this figure is 1.7% for Coalition’s American client base.

“There’s been a clear shift towards providing active insurance,” Motta continues.

“We have seen more traditional insurance companies trying to build out capabilities to proactively manage risk. If they don’t have [the] ability to prevent losses, they will run at [a] much higher loss ratio – which has been the case, forcing rate levels to rise [so] that [they] are not competitive.”