Why we invested in Converge (and will keep investing into Cyber)

QBE Ventures is backing emerging leader Converge, who fuse advanced cyber risk management, data management and underwriting discipline to create a new standard for relevant and scalable cyber insurance. The strong founding team gives Converge intimate knowledge of the pain points in traditional cyber insurance, and the expertise to do it differently.

The Opportunity

Driven by customer demand, cyber insurance is rapidly evolving from a niche product into a key component of cyber risk management around the world. While the market is growing, it is also uniquely challenging due to the dynamic, complex nature of cyber risk.

Our view, which has grown steadily through working with QBE cyber colleagues, is that Converge is uniquely positioned to achieve scalable, repeatable, and durable growth in segments of the market that require an API-first, data-led insurance offering. Their fusion of deep cyber insurance experience, cyber-native data model and purpose-built platform, combined with clarity and conviction in how to become a force in the industry, puts them in a unique position.

The Challenge

In the early days of cyber insurance, insurers treated cyber coverage much like any emerging risk – cautiously, with limited data and a primary focus on reimbursing losses after an incident. Incumbents relied on subjective questionnaires and limited historical loss data. This was (and still is) to the collective groan of Heads of Security / IT, CTO and business directors who are obligated to manually complete forms, extract and share information. The wastage is enormous – hours of manual data preparation and then translation. Internally, insurers also faced a major challenge: historic losses in a form usable by risk models have proven to be a real challenge.

By contrast, cyber-focused insurtech startups took a more data-driven and proactive stance. Getting started with a quote was suddenly as easy as providing a URL. In addition, rather than just waiting for claims, insurtech’s actively helped clients prevent or mitigate events through security tools, training, or alerts. The more data-led and “always-on” model of proactive and action-oriented cyber insurance is now becoming mainstream.

Cyberattacks, cyber-crime, outages and data breeches are trending sharply upwards. In 2023, 41% of small businesses experienced a cyberattack, a significant increase from 22% in 2021. Yet only 17% of small businesses have cyber insurance. The evolution of the role of insurers is a huge positive. It reflects that cyber insurance isn’t just about paying for a claim after an attack, but about using data and technology to predict and prevent cyber incidents in the first place.

If proactive, data-driven cyber insurance is now the standard, the challenge for the foreseeable future is making it scalable and sustainable, whilst remaining relevant.

The Hallmarks of Market Leaders 

Winning in the cyber insurance market requires navigating two critical success factors. First is underwriting discipline for longevity. Second is the ability to access coveted behind-the-firewall data and convert it into actionable insights, applied across the end-to-end value chain to benefit customers, distribution partners and the carrier. 

Our forward-looking view is the insurers that thrive long-term will be those who can continually feed fresh cyber risk intelligence into their core operating processes and systems, at pace. The insights gleaned are used to materially improve loss ratios and confidence in risk selection. Having a strong unifying data model that is cyber-native rather than retrofit, combined with a configurable platform with in-platform risk modelling capability, is key. As is the ability to adapt to changes in the context or underwriting rules, with a componentised platform that is easily re-configurable.  

Recognising the need for a modern approach and new capabilities, investment into cyber by insurers has steadily gained momentum (see the graph below). Despite a broader fintech/ insurtech pullback, cyber insurance continues to attract significant capital due to sustained demand and relatively low insurance penetration, especially among SMEs. 

 

In total, since 2016 over $3–4 billion has been invested into cyber insurance-focused ventures (roughly ~4–5% of all cybersecurity venture dollars). A deeper dive into where investment has gone shows concentration around platforms for risk insight, quantification and prevention, followed by specialist underwriting agencies / MGAs. Given the historical dependency on subjective and backward-looking data, and the challenge of translating a cyber posture signal into a ‘so what’ for an underwriter, our viewpoint is that these focus areas are not surprising. 

The goal is a scalable, repeatable process that turns cyber underwriting from an art into more of a science. This means pairing proactive risk management monitoring and security partnerships with prudent underwriting. Achieving that balance at scale is the central challenge that only a few players in the market have managed to crack so far.

Introducing Converge

Converge emerged to tackle the very gap and opportunity outlined above – providing cyber insurance that is built from the ground up to be data-driven, proactive, and scalable by fusing cyber risk management with underwriting.

The company was incubated by Forgepoint Capital, one of the world’s foremost cybersecurity-focused venture capital investors, specifically to bring a new approach to cyber insurance. In Forgepoint’s words, Converge are “pioneers in advanced cyber risk management and underwriting” – exactly the capabilities needed to meet the modern cyber insurance mandate. Behind Converge is a team with pedigree. The company’s CEO, Tom Kang, is an industry veteran who has held senior cyber leadership roles across top insurers and brokers (ex-Allianz, Willis Towers Watson). Their tech team is deeply familiar with the data infrastructure required to represent the risks involved in cyber underwriting natively in the Converge data model. On average, the founding team has more than 15 years of experience in cyber insurance which gives Converge intimate knowledge of the pain points in traditional cyber insurance and the expertise to do it differently.

Converge combines a data ecosystem and intentional data model design for cyber, fused with a results-driven approach designed to mitigate risk. They can ingest and collate a vast range of data sources - even behind-the-firewall security data – to fuel underwriting decisions. They are initially focused on the small business segment, where the protection gap is widest and traditional underwriting has struggled.  This approach, combined with a workflow engine with defined connectors, ensures that information ingested as part of underwriting can be directly utilised in an algorithmic way (as part of rating), rather than being siloed.

Extending the Relationship

QBE has explicitly identified cyber insurance as a strategic growth area and is investing accordingly, with an ambition to expand and innovate, particularly for the SME segment. QBE’s journey with Converge began a few years ago. Working side by side provided us with an opportunity to see their team and capabilities in action. It quickly became apparent that their purpose-built platform could access and analyse detailed cyber risk directly in line with QBE’s control-based underwriting approach, enabling expansion into API-enabled markets. The partnership enables QBE to expand into the wholesale cyber market, starting in small business, as a complement to the existing QBE cyber proposition.

QBE and Converge teams have worked closely on underwriting guidelines, pricing models, and even claims handling protocols, forging a shared vision of what “good” cyber insurance looks like. This strong alignment in philosophy and execution is a big reason why QBE Ventures decided to invest in Converge. The investment elevates the partnership to the next level – giving Converge additional resources and strategic support and giving QBE a closer connection to a leading-edge innovator in the cyber space.

Looking ahead

The investment is a further signal of our commitment to grow in the cyber market by getting to the heart of what customers and partners need. Looking ahead, a platform for scalable cyber insurance growth provides the bedrock needed to innovate in emerging cyber risks. Digital supply chain hardening, third-party vulnerabilities and the interplay between AI for security, and security for the use of AI are key themes that will drive the next wave of evolution in the sector.

The opportunity in the cyber market is immense – and so is the responsibility to get it right. By marrying QBE’s global insurance expertise with Converge’s tech-driven underwriting and risk management approach, we believe we can jointly set a new standard for how our industry underwrites and helps clients stay ahead of cyber threats. It’s an exciting step forward in our ambition to be the most consistent and innovative risk partner for our customers.