Corvus launches real-time risk aggregation platform for cyber risk

Insurtech Corvus Insurance has launched what is thought to be a first-of-its-kind platform that allows its program carriers and reinsurers to review premiums, policy numbers or limits at risk in real time along with a number of other metrics to quantify risk aggregations.


The platform has been built out in recent months in response to growing concerns about the aggregation of cyber risks, which has been exposed by high-profile events such as Colonial Pipeline, Solar Winds and the Kaseya ransomware attack.

Speaking to this publication, founding CEO Phil Edmundson explained that the platform utilises the firm’s proprietary Corvus scan data to make risk capital more transparent and efficient for insurers and reinsurers.

He noted that risk aggregation can create a number of challenges for capital providers.

With an event like the Colonial Pipeline ransomware attack, it can lead to supply chain exposures and the triggering of contingent business interruption clauses in cyber policies that could lead to an aggregation of claims from a single event.

An event with risk aggregation potential can also challenge underwriters in terms of visibility into limits exposed.

And properly understanding and underwriting the risk requires insight and data around cyber security metrics.

Phil Edmundson PQ

“At Corvus we run a scan of the IT security of every one of our insureds and every account we quote on too, so we know a lot about our policyholders, from who they use for email, the cyber security measures they have in place around that, who their SaaS providers are, email service providers and so on.

“That gives us great visibility and we capture all of that information,” Edmundson explained.

The risk aggregation platform enables insurers and reinsurers to manage net exposure by gaining a “bird’s-eye” view of the insurtech’s book of business.

They can review premiums, policy numbers or limits exposed as well as receiving breakdowns based on certain web technologies and the firm’s own proprietary scores for ransomware vulnerability and overall cyber risk.

Capital providers can then act on the output by capping premium volume or limiting quotes.

Edmundson said the platform had been built after talking to the firm’s program managers and reinsurers. Its main cyber program manager relationships are with Fairfax Financial’s Hudson Insurance and Crum & Forster, while its reinsurance panel consists of high-rated reinsurers.

“This platform provides an incredible amount of visibility for us but also our risk capital partners in managing these risk aggregations,” he commented.

Corvus was founded in 2017. Its other investors include Insight Partners, Bain Capital Ventures, .406 Ventures, Hudson Structured Capital Management, Aquiline Technology Growth, FinTLV, Telstra Ventures, Obvious Ventures and MTech Capital.

Although it has a strong focus on cyber, it has also been diversifying into other lines of business, with property and financial institutions among its other capabilities.