Start-ups cause a stirProfiles of 10 smallcompanies bringinginnovation to insurancePage 3

Risk Management TechnologyFT SPECIAL REPORT

www.ft.com/reports | @ftreportsMonday October 3 2016

Inside

Cyber poacherturns gamekeeperLauri Love,who isfightingagainstextradition,on thebenefits ofhackingPage 2

How to protect youronline identityTop privacy tips froma personal internetsecurity expertPage 2

Soft underbellyCompanies arevulnerable if theyfail to update theirtechnologyPage 2

Funding disruptionThe potential richesfrom ‘insurtech’ attractventure capitalists andtraditional playersPage 3

A utumn started with a rushof deals. As August turnedto September, a clutch ofbig insurers announcedinvestments in start-ups.

Allianz put funds into MoneyFarm, adigitalwealthmanager.MunichRepart-nered with Trov, which is developing arange of on-demand insurance prod-ucts. Axa backed Gasolead, which is cre-ating a virtual assistant to help insur-anceagentsgeneratemoredigital leads.

If this is an industry playing catch-upon tech, it is playing hard. “[Insurers]are working closely with start-upsrather than seeing them as a threat,”saysNigelWalsh,apartneratDeloitte.

For others, however, there is a longway to go. Tom Butterworth of SiliconValley Bank, which finances early-stagecompanies, describes the sector asarchaic. “It’s seen as the laggard inadoptingnewtechnology,”hesays.

The September deals showed thebreadth of technologies in which insur-ers are dabbling as they look for newways to help customers — both retailandcorporate—managerisk.

Telematics is particularly popular.What started as the ability to assess howwell young people drive via a black boxin the car is quickly expanding into arange of similar ideas. Health insurancelinked to fitness devices is one. Home orfactory insurancepolicies linkedtovari-oustypesofsensorareanother.

Data analysis is a hot topic. “Theinsurers are probably a bit more maturethan the banks in using big data to drivevalue,” says Roy Jubraj, managing direc-tor at Accenture. The idea is that, byanalysing data, insurers can assess riskmore accurately. This is not alwaysstraightforward. UK regulators recentlylooked at whether insurers’ use of datacould harm consumers, although it

eventuallydecidedthat the issuedidnotmerita full investigation.

Meanwhile, blockchain, the technol-ogy behind bitcoin, is never far from thediscussion. Insurers are investigatinghow it could make insurance contractscheaper and more secure. “Blockchainhas the opportunity to fundamentallychange the way we interact with insur-ers,” says Mr Walsh. He adds that smartcontracts — which pay out automati-cally if something happens, without thepolicyholder needing to make a claim —are one way in which the technologycouldchangethe industry.

Yet there are limits to how far big, tra-ditional insurers can go when it comesto making the most of new develop-ments. “Legacy systems are holdingthem back quite a bit,” says Mr Jubraj.“That’s why major players are embark-ing on new platforms, modernisingwhat theyhave.”

Insurers rushto grab holdof start-upswith potentialTraditional players hope to take advantage ofinnovators’ tech know-how, writesOliver Ralph Making strides: outside the head office of Munich Re, which has partnered with Trov—Ulrich Baumgarten/Getty Images

Old technology, says Mr Jubraj, hin-ders insurers’ability tocreatenewprod-ucts quickly. “Today most insurers pushdigital services based on the productsthey are [already] selling. Not many arelooking at you as a customer and drivinga proposition around that, as Amazonhas inretail,”headds.

That is where a lot of the start-upscome in. New entrants are selling varia-tions on traditional policies — car insur-ance by the mile, for example, or coverfor specific possessions. By combiningwith these start-ups, insurers win someunderwriting business (very few start-ups are fully licensed insurers) and getan early peek at which sorts of productsmightworkwell.

“For the foreseeable future, barriersto entry are so huge that you’ll see thislayer added to the top of the industry,”says Mr Butterworth. “It is the [insur-ers] most willing to integrate with the

early-stage companies that will comeoutontop.”

Cyber insurance is one exception.Multinationals including AIG, MunichRe, Allianz and Beazley have pushedinto cyber. Analysts say it is one of thefew areas of commercial and wholesaleinsurance that offers much growth.Adoption is much higher in the US thanEurope, but EU rules coming in 2018 areexpectedtoboost take-up.

However, customer demands arechanging in cyber. While cyber policiestraditionally cover companies forfinancial and operational problemscaused by data loss, industry surveyssuggest that policyholders have a widerrange of worries, such as what happensif a cyber attack causes physical dam-age, or the consequences of a hack thataffects products. The question forinsurers is how quickly they can modelandpricethoserisks.

2 ★ FINANCIAL TIMES Monday 3 October 2016

important to keep computers and soft-wareupdated,”saysMrPalmer.

Another measure cyber security spe-cialists advise smaller companies put inplace is software that spots unusual net-work activity, such as bulk copying to anexternal hard drive. Mr Palmer says hehas seen a spate of incidents recentlywhere the culprits were disgruntledemployeesstealingdata.

Sandra Cole, UK and internationalbreach response manager at Beazley,says regardless whether a company hascyber insurance, it should have an inci-dent response plan in place. This meansthat in the event of a breach staff aregiven roles such as contacting clientsand authorities, “rather than runningaround like headless chicken,” Ms Colesays. The plan needs to be tested andupdated rather than just drawn up andforgottenabout, sheadds.

Mr Hawksworth says small busi-nesses often use external IT consultantsto keep down costs, but suggests theyappoint someone internally to makesure IT policies are adhered to and putthem in charge of the response plan intheeventofanattack.

Mark Hawksworth, head of the tech-nology practice at Cunningham Lindsey,a loss adjuster, says hackers are increas-ingly targeting smaller businessesbecause larger employers have moreresources to protect themselves, makingsmallercompaniesmorevulnerable.

One form of cyber attack that isbecoming more common, and to whichsmaller companies are particularlyexposed, is the use of ransomware. Thisis where the attacker gains entry to acompany’s network, encrypts the dataand makes them unusable, thendemands a ransom from the companyinreturnforanencryptionkey.

Insurer Beazley predicts a 400 percent increase in ransomware breachesglobally this year. Businesses cannot beentirely immune from such attacks,security experts say, but there are sev-eral simple and practical steps to helpreducetherisk.

These include ensuring employeepasswords are long and difficult toguess, training staff to recognise unso-licitedemailsand—most importantly—keeping technology up to date. “Therecan be a desire to sweat assets, but it is

Managers of small and medium busi-nesses who assume that only the biggestcompaniesaretargetedbycyberattackshavealreadymadetheir firstmistake.

AthirdofsmallBritishbusinessessuf-fered a cyber breach in the past year,according to a UK government study,while just under half of such companieshadanyformofcyber insurancecover.

Yet the government study showed 60per cent of small businesses had cyberincident response plans in place, com-paredwith52percentofall companies.

Dave Palmer, director of technology atcyber security consultancy Darktrace,says many attacks are indiscriminate, soit is essential that executives of compa-nies of all sizes “think about the risks ofwhat would kill the business and stop itoperating” ifahackordatatheftoccurs.

RiskManagement Technology

I fbusinessesareseriousaboutreducingtheriskofcyberattacks,theymustworkcloselywithhackers, saysLauriLove, theUKcomputersecurityexpertwhois

facingextraditiontotheUS,accusedofcomputercrimes.

MrLove,wholosthisappealagainstextradition inSeptember, saysmoreshouldbedonetoensureyoungpeoplewithcomputerskills learntousetheirtalents inapositivewayworkingforcompanies, ratherthanengaging incrime.Thetransitiontocybervandalismandworseoftenstartswhenabrightbutsociallyawkwardteenagerisdrawnintothewrongcircles,hesays.

“Alotof thementalmake-upthatcanmakeyouquitegoodatanalysingcomputersandinformationsystemstendstomanifestwithproblemsofsocialadaptiveness.Peoplecanfindthattheyhavetroubleconcentratingatschoolorproblemswithbehaviourandauthority,”MrLoveadds.“Theydon’thavetheavailabilityandmeansofgetting intodoingcybersecurityanddevelopingtheirskills intheappropriatesafeenvironment inaconstructiveway.

“Theunderworlddoesn’tcarehowwell-dressedyouareorwhetheryoucanmaintaineyecontact.They justcare ifyouhavetheskills.There isaperversesense inwhichthecriminalunderworldismoremeritocratic thansociety.Sadly,theiragendaisdifferent.”

Until lastmonth,MrLovewaspartofasocialenterprise,HackerHouse,whichaimstogiveyoungcomputerenthusiastsaplacetopractise theirhackingskillswithoutcausingdamage—andtoputthemtousehelping, ratherthanharming,businesses.

“Wewanttoprovideaplacewherepeoplewhohavestarteddownthepathtobeinga littlebitnaughtycancome.Wecansay, ‘OK,wewill teachyouhowtohack,youcanhaveall the fun,butyouwon’tbe interferingwithsomeone’sbusinessandyouwon’t findyourselfontheendofadifficultconversationwithpeoplewithbadges,’”headds.

Companiescould learna lot fromhackers,MrLovesays.Mostbusinessesseverelyunderestimatetheirriskfromcybercrime.Hackersoftenpenetratetheirdefences inverybasicways.

“There isa lotofcoderunningoncomputers—someof it iskeptuptodateandpatchedagainstsecurityvulnerabilities, someof it isnot,”MrLovesays.“Hacking ismostlyacaseofpersistence; it isnotalwaysacaseofspectacularability—justdeterminationtokeeplookinguntilyoufindtheonethingthatwasn’tuptoscratch.”

Hecompares lookingat thebackendofcorporatesystemsto lookingbackintime.“Sometimesyouendupgoingbacktothe1990sandfinding levelsofsecurity thatweoughttohavemovedpast,”hesays.“Youseethesamemistakesoverandoveragain.”

There isa traditionofex-hackersgoingtoworkincorporatesecurity.KevinMitnick,whowas imprisonedin

theUSinthe1990sfor hacking, runshisowncorporatesecurityconsultancy.GeorgeHotz,ahackerwhofacedlitigationbySonyin2011 forhackingthePlayStation3gamesconsole,hassinceworkedforFacebookandGoogle.

Companiescanalsotap intothehackercommunitymorebroadlybysettingupso-called“bugbounty”programmes,wherehackersarerewardedif theydiscoverandreportserioussecurity flaws.

“Wecanshapetherulesof thegamesopeoplewhofindthesethingsouthaveawaytocometothe[company]andsay,‘Ihavefoundoutthis is insecure,’withoutbeingafraidofbeingprosecutedorsued,”MrLovesays.“Wecancreateanincentivestructuretobringpeopleonside.Thesearebugbountyprogrammesandpeopleare justlearningtodothem.”

Withamischievoussmile,MrLove,

whoisaccusedofbreaking intoUSmilitarycomputers,adds:“Infact thePentagonjustranits firstbugbountysystem.Andsowhereassomepeople intheworldare introuble forallegedlyhackingthePentagon,nowthePentagonisaskingsometimesthesamepeople tocomeandhackit.”

TheFBIandUSDepartmentof JusticeallegeMrLovestole thousandsof filesfromthePentagonandNasa,aswellasfromother bodies, includingtheFederalReserveandEnvironmentalProtectionAgency.

MrLove’s lawyershavearguedthatheshouldface legalproceedings intheUKratherthantheUS,wheretheysayhishealthcouldbeaffectedbya lengthyjail term.MrLovehasAspergersyndrome,whichhis lawyerssaycoulddeteriorateandleadtoamentalbreakdownorevensuicide.

Inanycase,MrLovefeels thecurrent

approachbythepoliceandcriminaljusticesystemisnotdeterringhackers.

“Theissue is that thereare7bnpeopleconnectedtothe internetandnotallofthemare in legal jurisdictionswherecomputercrimeswillbeprosecuted.Evenifyoucanscareall thepeople intheUKintonot testingyoursecurity,thatdoesn’taffect thepeople that livesomewherewhereyoudon’thaveextraditionarrangements,”hesays.

Heisnotarguingthatcomputerbreachesshouldbedecriminalised,buthesaysthereshouldbemoredifferentiationbetweencaseswherehackersaregoing intostealmoneyorinformation,andcaseswherepeoplearemerelytestingthesystem’sdefences.

“Whenyoudamageasystem,whenyoutrespass,whenyouinterferewithbusinessoperations—that isacrimeandshouldremaindefinedasacrime.But thepriorityof thestateshouldn’tbetotryto frightenpeople intonot testingsecurity,weneedsecurity tobetested,”hesays.

“Idon’t thinkweshouldbeheavy-handedwithpeople,notwhentheyhaven’tadoptedacriminalmindset. I’mhoping lawenforcementcanstarttakingmoreofaharm-reductionapproachratherthanthiskindoftraditionaldrugs-warapproachofbeingveryhardonitandtryingtoscarethekidsstraight—becausethekidsaren’tbeingscaredstraight.”

MrLove’scase isdueto consideredbyAmberRudd, theUK’shomesecretary,inmid-November. If shedecides toauthorise theUS’sextraditionrequest,MrLovewillhave14daystoappealagainst theruling.

Cyber poacher turns gamekeeperInterviewLauri LoveThe British hackerfacing extradition to theUS talks toMaija Palmer

Penetration:Lauri Love atHacker House—where he usedto work— and,top right,outside courtafter losing hisappeal againstextraditionCharlie Bibby/AP Photo/Matt Dunham

Small companiesare not immuneto costly attacksSecurity

Just under half of suchbusinesses have adequatecyber insurance coverage,reports Bradley Gerrard

Outdated technology often acts as acompany’s soft underbelly, leavingthem open to cyber breaches. But thecost and inconvenience of moving fromso-called legacy systems means suchvulnerabilitiesarehardtoaddress.

Companies and security providers aregradually realising that it is impossibleto build impenetrable defences andkeep out every attacker. Instead, thefocus has shifted to ensuring that once asystem has been compromised it is diffi-cult for an intruder to leave with any-thinguseful.

According to Net Applications, a webanalytics company based in California,the third most widely used desktopcomputer operating system in the worldis Windows XP. It is run on nearly one in10 desktop computers even thoughMicrosoft stopped writing and distrib-utingsecurityupdates for it in2014.

For many companies, the cost ofreplacing software for their entire stockof computers is prohibitive, even with-out factoring in the disruption it wouldcause. There are other issues to con-sider, too. Sometimes the legacy systemmay be running on computers housed

inside expensive specialist tools. This isparticularly true in industries withbudgetpressuressuchashealthcare.

Dan Taylor, head of cyber security atNHS Digital, the body that advises theUK’s National Health Service on cybersecurity, says the use of Windows XPpersists in some unexpected parts of theNHS because of this problem. “You

wouldn’t throw out your MRI scannerbecause it’sgotXP,”hesays.

Businesses — both those running leg-acy systems and the security consult-ants helping them with their data secu-rity — are learning that the most practi-

cal solution often involves acceptingsomelevelofsecurityrisk.

“In the past, the approach was to donothing: the security challenge didn’toutweigh the risk of bringing the enter-prise to a halt,” says Salvatore Sinno,chief security architect for Europe at ITcompany Unisys. “Now the approach isaround three fundamental strategies:hardening the legacy systems; doing aformal risk assessment of a particularsystem to identify what elements aremost at risk, and replacing that part ofthe system; and, in some industries,replacing the legacy system com-pletely.”

Mr Sinno says there are severaloptions open to organisations unable orunwillingtoreplace legacysystems.

“Businesses are putting more effortinto having a better understanding ofwhat damage security incidents can do,”hesays.“At thesametimetheyarestart-ing to realise that it’s [about] how yourespondtothesecuritybreach.”

An anonymous reporting culture canhelp organisations learn from cybersecurity mistakes, but just as vital is anawareness of the extent to which legacysystems are still in use. “If you countpharmacists, there are 40,000 NHSorganisations,” says Mr Taylor, who istrying to find out how many of them stilluse Windows XP. “What we don’t knowis the scale of the problem. Once weknow . . . we can work out the differentstrategies to move them off [legacy sys-tems]assoonaspossible.”

Old tech opens door to hackers

Every time I sign up to a website or app I know I’m gamblingwith my personal security. Being spammed by a company’smailing list has gone from my biggest sign-up stress to theleast of my worries. Questions hammer my nerves withevery piece of information I hand over. Are the company’sdatabases secure or are intruders lurking in the wires? Will ittell me who it is selling my information to? Will its productinfect my computer or phone with malware? I can Google thecompany’s security record, but do I really want to? Would itbe truthful anyway, or just PR?

I try to interpret signals in the sign-up process. Thefractured negotiation begins with my email address and endswith the background information I know the company isrecording from my phone or computer. I try to suss outwhich parts of the form I’m filling out I can fib about, andwhich could mess up my use of the product.

I’m not alone. Digital security is out of hand — just ask theholders of the 500m hacked Yahoo accounts. Nearly 5bnrecords have been lost or stolen in all known breaches since2013, according to digital security specialist Gemalto.

Depending on how much I trust any given website or app(which is about how much I trust any total stranger — not atall, no matter how well-designed they seem), there areseveral things I do to shore up my shaky digital security.I never use my most personal email address for sign-ups —that’s what my three “dummy” accounts are for. The samegoes for my phone number. I have a business mailingaddress, which ensures my home hasn’t been in anyone’sdatabases for several years.

I take things further if asituation looks especiallyshady. I use something calleda VPN, or virtual privatenetwork, which is easy tobuy and install. It essentiallylets me flip a switch and sendlocation information — my IPor internet protocol address— via another computer somewhere else in the world. I dothis when I don’t want a site to know even generally where Ilive.

I encrypt my laptop’s hard drive, I use two-stepverifications for logins whenever the feature is available, Imake all my devices password-protected and I never sign into any account on someone else’s device.

Since hacking groups such as OurMine started combingthrough billions of breached records and stealing users’passwords to see what works in other services, I have used apassword manager called 1Password to find any duplicatepasswords across my accounts and change them. I also keepa little sticker over the cameras on all my devices to preventunauthorised spying. Programs that spy through webcamsare cheap and fairly simple to use.

Other people’s bad security isn’t the only thing we need tolook out for. Malvertising, where online ads spread virusesand worse, have been found on the biggest websites,including the New York Times and the BBC’s US site, whichhosts ads. Tainted ads have been known to pass on malware,spyware and dreaded ransomware — where files areencrypted and held for ransom. The best defence againstmalvertising is always using an ad-blocker in your browser.

Ransomware also spreads through infected emailattachments and links. For this reason, I tune my emailsettings so that they never do anything automatically, suchas show images or download attachments. I also keep a back-up of my important files on a hard drive that is notconnected to any network.

So far, so good on this side of the screen. But I mightoccasionally throw a little salt over my shoulder. Just in case.

Violet Blue is a personal online security expert and author of TheSmart Girl’s Guide to Privacy.

How I protectmyonlineidentityCOMMENT

VioletBlue

‘Digital security isoutof hand— justask theholdersofthe500mhackedYahooaccounts’

Legacy systems

Security focus is shifting tomake it harder for intrudersto leave with anything ofvalue, writes Angus BateyRansom beware: Dave Palmer

System scanning: health service tech

‘Businesses are realising it’sabout how you respond tothe security breach’

‘Hacking ismostly a caseof persistence; it is notalways spectacular ability’

Monday 3 October 2016 ★ FINANCIAL TIMES 3

RiskManagement Technology

F or a long time, the fintech start-up scenetook little interest in theseeminglysleepyworld of insurance. Payments, foreignexchange and peer-to-peer lendinggrabbedtheheadlines,plus thefunding.

But over the past couple of years, all that haschanged. Insurtech — or instech — is now attractingentrepreneurs and the investors that back them.“Quite a few entrepreneurs who have been in otherareasof fintechhavemovedover to insurance,”saysMatthewWongofresearchcompanyCBInsights.

Funding for insurance technology companiesrose from $740m in 2014 to $2.7bn a year later,according to CB Insights. This year has also beenbusy.“Dealpace ishigherthanitwas lastyear,”saysMr Wong. “There’s a lot more enthusiasm, espe-ciallyat theearlystage.”

The start-ups are targeting all parts of insurance.Many are focusing on distribution, using new tech-nologytoreachconsumersthattraditional insurersmiss. Others are looking at analytics, helpinginsurers to use data to make better underwriting

decisions. Blockchain—thetechnologythatunder-pins bitcoin — is increasingly popular, while healthinsurance has been a big area of start-up activity inthe US. Nor have start-ups ignored the potential ofthe “internet of things” — the growing use of data-collecting devices in everyday items, from carsusingtelematicssystemstoconnectedhomes.

Few start-ups have become full, risk-bearinginsurers. Analysts say that the capital require-ments, regulatory burden and complexityrequired, combined with the desire of investors for

short-term returns, means that very few of themunderwrite their own policies. The result is that formost start-ups, partnerships with existing insurersare critical. Without them, many would struggle tomakethebusinessmodelwork.

Insurers tend to be willing partners, seeing start-ups as a way to win business in normally out-of-reach markets. But Nigel Walsh, partner atDeloitte, warns of drawbacks. “The risk is that theinsurers will have no interaction with their clients,”hesays.“They’ll justbeproductmanufacturing.”

‘Insurtech’ start-ups that are causing a stirInnovationLinks betweentraditional insurers andnewplayers are criticalfor both. ByOliver Ralph

Asfastasentrepreneurshavebeencom-ing up with insurtech ideas, investorshavebeenrushingto fundthem.

Much of the backing is coming fromtraditional venture capitalists who see insurance — with its large, well-estab-lished incumbents and well-worn prod-ucts—asfertile territoryfordisruption.

“There have been more investors inthe past year than there have in previ-ous years,” says Matthew Wong of CBInsights, which analyses start-up fund-raising. “You are seeing investors thathave entered the VC ecosystem thatweren’t around a few years ago. Thereare also fintech-focused investors suchasNycaPartners.”

The other big source of funding forstart-ups is large insurance companies.“Quite a few of them are forming ven-ture arms,” says Mr Wong. “Some ofthem see it as a financial opportunitybut a lot are looking for strategic bene-fits. They are also investing in comple-mentary technology such as connecteddevices.”

By investing in start-ups, insurershope to have an early look at technologythat could change the industry, whilegetting the opportunity to experimentwith new products or services. By own-ing a stake in the start-ups, insurers alsoput themselves in a strong position tomake an offer for any companies theyseeasparticularlypromising.

Among the big US insurers that haveestablished venture arms are MassMu-tual, Transamerica and American Fam-ily, while the big non-US names withventure arms include Axa, Allianz, XLandChina’sPingAn.

They have been busy in 2016. Accord-ing to CB Insights, insurers made 27investments in2014and61 in2015.Thisyear they are on track to push that to 79.They are also getting more daring.While investments two years ago werefairly evenly split between early andlate-stage funding rounds, this year theearly stages have dominated. CBInsights points out that insurers havebeen particularly enthusiastic investorsin companies developing technology forconnecteddevices.

Investors viewinsurance asstaid and ripefor disruptionFunding

Start-ups are attracting awide range of backers,writes Oliver Ralph

ContributorsOliver RalphInsurance correspondent

Maija PalmerDigital and communities editor, SpecialReports

Bradley GerrardNews editor, Investors Chronicle

Angus BateyFreelance journalist

Owen WalkerCommissioning editorSteven BirdDesignerAlan KnoxPicture editor

For advertising details, contact:Peter Cammidge, +44 (0) 20 7775 6321,peter.cammidge@ft.com, or your usual FTrepresentative.

All editorial content in this report isproduced by the FT. Our advertisers haveno influence over or prior sight of thearticles.

All FT Reports are available at:ft.com/reportsFollow us on Twitter @ftreports

Founded: 2014Founders: Freddy Macnamara andJames BillinghamShareholders: Angel syndicateFunding: £500,000Based: UKActivity: Cuvva takes a fresh approachto car insurance. While most insurerscover customers’ vehicles for a full year,Cuvva breaks it down into smallerchunks. Its first product allowspolicyholders to insure themselves on afriend’s vehicle for as short a period asan hour via an app. Its second, to belaunched this autumn, will allow driversto buy an hour of coverage for their ownvehicles, which is designed to suitpeople who do not drive frequently.While Cuvva is still at an early stage ofdevelopment, some analysts say thatinsurers will increasingly have to followits model of offering more flexibleproducts than their current range offixed, year-long contracts. Cuvva usesdata provided by the UK’s Driver andVehicle Licensing Authority to helpverify policy requests, a process thattakes about 10 minutes.

Cuvva

Founded: 2014Founders: Arvind Parthasarathi andGeorge NgShareholders: New EnterpriseAssociates, IVP and Dowling CapitalPartnersFunding: $40mBased: USActivity: Demand for cyber insurancehas been growing rapidly over the pastfew years, with high-profile attacks oncompanies such as Target in the US andTalkTalk in the UK persuadingcompanies that they need cover. Forinsurers, cyber offers plenty of potentialgrowth but also lots of uncertainty. Howlikely is it that any given client will behacked — and, if they are, how muchdamage could there be? San Francisco-based Cyence is developing a systemthat can model these risks in financialand economic terms. It has already wonits first customers, including BritInsurance, AM Best and Marsh. InSeptember it raised $40m frominvestors in one of the largest insurtechfundraisings of the year.

Cyence

Founded: 2014Founders: Daniel Schreiber andShai WiningerShareholders: Sequoia, Aleph andXL InnovateFunding: $13mBased: USActivity: Lemonade has been thesubject of speculation. It first billed itselfas a peer-to-peer insurer, but was coyabout exactly what that meant or itsbusiness model. It has since raisedmoney, signed partnerships with thelikes of Berkshire Hathaway, Lloyd’s andXL Catlin, and recruited high-profileexecutives. It even hired behaviouraleconomist Dan Ariely, author ofbestseller Predictably Irrational, as chiefbehavioural officer. In September thecompany, which unlike many otherinsurtech start-ups is licensed as aninsurer, revealed it will sell homeinsurance in New York. It will group itscustomers together and, at the end ofeach year, any premiums that have notbeen paid as claims will be given to acharity of the group’s choosing.

Lemonade

Founded: 2012Founders:Mario Schlosser andJosh KushnerShareholders: Fidelity Investments,Google Capital, General Catalyst,Founders Fund, Lakestar, KhoslaVentures and Thrive CapitalFunding: $750mBased: USActivity: Oscar is one of the older andmore developed insurtech start-ups.Focused on health insurance, Oscar usestechnology and data to improve the careit offers to its customers. It was createdafter the introduction of the USAffordable Care Act, known asObamacare, and its services areavailable in New York and New Jersey.Among the benefits it offers are phonelines to its doctors and systems thathelp healthcare professionals managemembers’ care. It has some big-namebackers, including Fidelity and Google,and a fundraising earlier this yearvalued the company at almost $3bn.According to Deloitte it has annualrevenue of $200m.

Oscar

Founded: 2015Founders: Alexander SteinartShareholders: Founder and Z/YenFunding: £200,000Based: UKActivity: Blockchain is one of thebuzzwords of the fintech world, and thisis no different among insurers. Thetechnology allows transactions to berecorded securely in multiple locations.How exactly it can be used in insuranceis the subject of much discussion withinthe industry. Safeshare is one of the fewcompanies to have launched ablockchain-based product. It describesits market as “insurance for the sharingeconomy”, and its first productillustrates what it is trying to do. InMarch it announced it had teamed upwith Vrumi — a website that allowspeople to rent out their spare rooms foruse as offices — to launch propertyinsurance. The policies are underwrittenat Lloyd’s and the use of blockchainshould, in theory, allow the partiesinvolved in the policy to be linkedsecurely and cheaply.

Safeshare

Founded: 2012Founders: Robin von Hein, Joachim vonBonin and Ismail AsciShareholders: Rheingau Founders,Assurant, Route 66 and Allianz SEFunding: €20mBased: GermanyActivity: One of the big hopes forinsurtech is that it will break insurancedown from the catch-all policies insurershave traditionally offered into morespecific coverage for individual needs.Simplesurance is one of the companiesaiming to do that by allowing people tobuy insurance for products at the pointof sale. Although smartphones, laptopsand tablets dominate, it can be used fora much wider range of items. FounderRobin von Hein says the company hasalmost 2,000 ecommerce providersusing its system, and that it launches ina new country every four weeks. Likeother start-ups, Simplesurance is not arisk-bearing insurer itself. Instead it actsas a broker, passing on the risk totraditional players such as Allianzand Assurant.

Simplesurance

Founded: 2016Founders: Alberto Chierici, RenaudMillion and Alberto PasqualottoShareholders: FoundersFunding: Under £50,000Based: UKActivity: A relatively new start-up, SPIXIIwas founded by a group of formeractuaries and computer scientists, oneof whom used to be a consultant forhigh-frequency trading firms. Like manyinsurtech start-ups, its target is the wayinsurers interact with their customers.SPIXII is developing a chatbot —software that allows insurers, brokersand price comparison sites to talk tocustomers via programs such asFacebook Messenger and Skype. It isstill early days, but SPIXII’s founders saythat within four months of launching ithad a pipeline of more than 60companies that were interested in itstechnology. It has also caught theattention of Germany’s Allianz, whichhas put SPIXII into a five-monthaccelerator programme at one of itsbases in France.

SPIXII

Founded: 2011Founders: Jan-Kees Buenen andDanny HoltenShareholders:Mangrove CapitalPartners, 5 Park Lane and TiketitooFunding: €5mBased: NetherlandsActivity: Synerscope is one of a clutch ofcompanies focused on helping insurersmake better use of their data. Its chieftechnology officer, Jorik Blaas, has abackground in MRI scanning andequipment used to look beneath layersof paint on old masters’ artwork. Thecompany aims to take the growingvolumes of data that insurers collect —such as data produced by in-carcameras and drones — and turn theminto something insurers can use. It hashad some success in its home market,with insurers including Delta Lloyd andAchmea using its systems. Achmea usedSynerscope to find out which roadjunctions had more accidents thanothers. That information can be usednot only to reduce claims but also toprevent accidents.

Synerscope

Founded: 2014Founders: Jennifer Fitzgerald andFrancois de LameShareholders: Revolution Ventures,Karlin Ventures, Susa Ventures,Transamerica Ventures, Axa StrategicVentures and MassMutual VenturesFunding: $21mBased: USActivity: Price comparison sites havebeen in the UK for many years, regularlyassaulting potential customers with TVads featuring meerkats, opera singersand other outlandish characters. But theUS market has been slower to take off.Analysts blame a reliance on brokers fordistribution, state-by-state regulationand wariness from customers andinsurers. Policygenius is hoping to helpchange that, arguing that more andmore Americans would rather organisetheir insurance online than via an agent.It offers a range of products includinglife, health and pet policies. With backerssuch as big insurers Axa, Transamericaand MassMutual, it could make a dent inthe market.

Policygenius

Founded: 2012Founders: Scott WalchekShareholders: OAK HC/FT, AnthemisGroup, Guidewire and Suncorp GroupFunding: $46mBased: USActivity: Trov is another companyaiming to break insurance down intoeasily digestible chunks. It sells item-by-item insurance policies for personalpossessions, for whatever durationcustomers choose, via an app. Trov alsohopes to improve the claims experience,using a chat service to automate theprocess. Despite being based in the US,its first market was Australia, where theservice has been most popular with 18-to 34-year-olds. Like other start-ups,Trov does not do underwriting itself,preferring to partner with establishedcompanies. In Australia, where itlaunched in May, Suncorp is theunderwriter. In the UK Trov’s imminentlaunch will be Axa, while in the US —where it plans to launch next year —Munich Re will provide the underwriting,it announced in September. Oliver Ralph

Trov

◄Pictures (clockwise from top left):Cuvva for rarely used cars;Dan Ariely; US health workers;Robin von HeinRichard Baker/Getty Images/Chris Goodney Bloomberg/

Andreas Lukoschek/Brendan Smialowski/AFP

4 ★ FINANCIAL TIMES Monday 3 October 2016