Corporations across industries, particularly in the Financial Services world, continue to struggle mightily with cybersecurity. Most organizations don’t understand the business impact from potential cybersecurity events, spending on controls is based on red-yellow-green categories versus more appropriate risk ROI measures, and aligning the insurance portfolio with a security portfolio is still akin to foreign language translation. Further, the insurance industry’s quick shift to flesh out “silent cyber” coverages and likely install more stringent cyber underwriting processes is raising new questions about whether companies can adequately insure their most significant exposure. Combine those factors with fear of becoming the next Equifax, Moody’s and other ratings agencies now starting to include cybersecurity risks in corporate credit ratings, and governments and corporates increasingly requiring cybersecurity certifications by partners/contractors, and it would seem that a decade of attention and billions of dollars of investment into the cybersecurity world have not dented the problem. Further, the problems and complexities will only get larger, Gartner projects that annual spend on cybersecurity will reach $188B by 2023, a massive global TAM.
At Fin VC, we recognized the confluence of all of these issues surrounding cybersecurity, interviewed dozens of financial services firms and other corporates to find out how they were solving for these challenges as well as insurers with respect to their approach to underwriting these new risks. From our dialogues with the companies, many were using Excel and a set of non-integrated tools to manage their risk registries and programs, had little idea what type of cyber insurance coverage they had and the details of their current policies, and significant disconnects existed between the CSO, CFO, CEO, and board’s view and understanding of the issues. Further, a broad InsureTech thesis we have developed is that traditional insurers struggle to underwrite new risks and technologies and believe cybersecurity could be the top new risk/technology issue facing the insurance industry today.
In our proactive search for solutions to all of these issues, we were thrilled to discover Axio. Axio’s mission is to solve the Cybersecurity problem for corporates and insurers and become the source of truth in quantifying and managing cyber risk and provide inputs to underwrite ongoing insurance coverage. Axio’s software enables organizations to manage their risk registry and cyber frameworks to identify/mitigate gaps, define existing insurance coverage (through policy assessment automation – AI/ML and NLP), report in risk and financial terms to both CSOs and board-level users, and provide the exact inputs insurers need to continuously underwrite cyber risk. Scott Kannry, Axio’s CEO was called one of the “top minds in Cybersecurity and insurance” by several existing customers we spoke with and Axio was recently named a Gartner “Cool Vendor” in integrated risk management.
We believe Axio can be the single player and “middle-ware platform” that allows companies to manage their cyber programs, quantify their risks in $ terms for both the CSO and CFO/CEO/Board, and integrate with insurers to effectively price/monitor those obligatory policies. We are excited to share that we have recently led the Series A2 round in, being joined by existing investor NFP Ventures and new investor and a terrific firm with deep insurance expertise, IA Capital, who will join us on the board.
We are looking forward to rolling up our sleeves and working closely with the Axio management team and introducing them into all of our corporate and insurance relationships globally.