I’m hypothesizing that when insurers and insurance groups fund startup cyber MGAs or startup cyber insurers they are behaving like VCs hoping to generate desired returns from (some of) their investments. But are they really behaving like VCs – do these insurers (using cyber MGAs) have a plan regarding how much to invest, or a plan to decide which VCs (e.g. cyber MGAs) to invest in, or a plan that monitors the financial performance of the cyber MGAs (no, not volume of business but loss runs, loss ratios, and combined ratios of the book of business the cyber MGA generates), or a plan that encompasses when to exit and why to exit at a certain point in time?
I believe that increasingly more cyber risks will evolve into systemic cyber risks and in these situations I don’t see how insurers can comfortably estimate the maximum probable losses from the sale of the cyber cover they sell. How can any insurer sell coverage if they can’t comfortably estimate the MPL from the sale?
I see the cyber risk environment as a Nth dimensional topographic space that is continually expanding each instant another digital artifact is connected to the web. (And each instant a physical artifact with IP-sensors is connected to the web. And each time a sentient entity [inclusive of farm animals] with IP-sensors is connected to the web. And each instant a NHI is connected to the web.)
So, I believe the cyber risk space is fluid. Not stable. Not mature. And won’t be stable or mature any time soon, if ever.
How can insurers generate profitable underwriting? (Unless perhaps they offer a low amount of cover with extremely tight terms, conditions, and restrictions. So tight, like a Medieval Chastity Belt. So tight, even the most brilliant plaintiff’s bar attorney can’t somehow find coverage where none is intended in the contract. So tight, the most activist judge can’t find coverage where none is intended in the contract.).
However, I realize that insurers can participate in the cyber market sponsoring ILS cyber cat bonds. There seems to be a small but growing number of insurers doing this. Keeping their financial capacity dry but participating.
And then there is the ART mechanism of cyber captives – there seem to be even fewer instances of insurers involved with establishing cyber captives than sponsoring ILS cyber cat bonds.
This brings me back to:
1) How can insurers generate profitable underwriting from selling coverage to prospective clients who have (systemic) cyber risks? Are they using a dart board with MPL values? Or are they falling back to “we’ve sold cyber insurance for the past 30+ years and have had combined ratios under 100% so we know what we’re doing.” This completely ignores that cyber risks are evolving to more complex forms of cyber risks (attacks and incidents). This completely ignores that society is becoming an ever-increasing denser and denser set of web-driven interconnections and interdependencies among and between corporations, their ecosystems, web-connected devices, their clients, and their prospects (at a minimum).
2) Can insurers or insurance groups generate the ROI they want or expect from investing in startup cyber MGAs or startup cyber carriers? Patience is one thing; losing money as cyber risks evolve to more complex forms with attendant combined ratios over 100% is another thing.
3) Will it be enough (from the perspective of the carriers) to sponsor ILS cyber cat bonds or front cyber captives? Or will carriers find they are investing too many resources (time, people, money) in the ILS cyber cat bonds or fronting cyber captives to justify the financial returns from these efforts?
Or (added Dec 30, 2025): will one insurance path for cyber coverage be mostly whole brokers / E&S insurers / reinsurers ? (e.g. Primary insurers who stop selling cyber coverage because they realize that as cyber risks evolve to more complex forms essentially immune to calculating MPL they are ignoring their fiduciary responsibilities and/or acting like VCs [neither of which primary insurers should do]?
Just a few thoughts …. (But it still seems like playing roulette in an Alice in Wonderland situation to me.)
Rabkin's Opinions 
Barry –
I can’t comment on the hypothesizing that you are doing, as I don’t have the background and knowledge of insurance and risk that would be required.
But I can comment on the structure of your arguments and your honed use of language that run throughout your hypotheses. They are really superior. Keep it up (even if I can’t understand it all!
Larry
LikeLike