Trava Security sees big potential in cybersecurity insurance market

Within the fields of computer networking, network security and cybercrime, Jim Goldman has built his career around his ability to predict the future.

In the pre-internet era of the late 1980s, Goldman was figuring out ways for remote computers to communicate with each other. By the early- to mid-1990s, when the internet was coming into use, he was already thinking about network security—a topic few at the time were tackling, Goldman said. “At the time, people thought I was paranoid—off my rocker—because no one saw the need for it.”

Now, Goldman believes he has found a new Next Big Thing. He’s the co-founder and CEO of Trava Security Inc., an Indianapolis-based tech startup operating in the evolving field known as insurtech.

Trava, which was launched out of Indianapolis-based venture studio High Alpha in 2020, tackles the issue of cybersecurity from three angles. Its software platform helps clients identify their risks, and Trava also works with clients to help them address those risks. The insurance tie-in—and the area in which Trava sees most growth potential—lies in using that collected data to help underwrite cybersecurity insurance.

“We’re basically helping [insurance carriers] collect the data needed to underwrite the policy,” said Goldman’s co-founder, longtime tech executive Rob Beeler.

An evolution in underwriting

Currently, a company that’s applying for (or renewing) cyber liability insurance coverage will likely have to complete an application that might ask 100 or more questions about the applicant’s computer network and cybersecurity practices.

The problem, Beeler said, is that the applications can be confusing and difficult to complete, especially for small- to medium-size businesses that don’t have in-house information technology professionals.

Online threats are also ever-changing, which means the information gathered in a traditional application process might quickly become irrelevant or outdated.

By gathering real-time information about a customer’s actual network and practices, Beeler said, “we think we can get more accurate answers and more accurate data than just simply asking a layman, ‘Are you doing these things?’”

Over time, Trava envisions that data will become integrated into the cybersecurity underwriting process in much the same way it already is used in auto insurance. Numerous auto insurance carriers, for instance, offer policies in which a policyholder’s driving habits are tracked as a way to earn discounts for safe driving.

“I just think that’s where the market’s going,” Beeler said.

Trava’s backers think so, too.

“In two to three years, I expect the majority of cyber insurance policies to be written off of data, not paper-based applications,” said Scott Dorsey, High Alpha’s managing partner.

High Alpha launched Trava in early 2020, and in March 2021, High Alpha Capital participated in a $3.5 million round of seed funding led by TDF Ventures, based in suburban Washington, D.C. TDF and High Alpha Capital also participated in Trava’s second major capital raise, a $4.5 million funding round that closed last month.

Origin story

Trava was born out of a High Alpha Sprint Week—a periodic event in which the venture firm explores business ideas that could be the basis for startups.

How did the idea that became Trava make it to Sprint Week? Credit for that goes to TDF Ventures. That firm focuses on early-stage business-to-business technology companies, and one of its areas of interest is cybersecurity.

TDF Principal Matt Bressler wanted to find a better way to protect companies against online threats. Companies are spending more on cybersecurity, yet data breaches are also on the rise, Bressler said, and cyber liability insurance is becoming harder to obtain and more expensive.

“It’s a growing market where people are buying the product, but no one really likes what they’re getting,” he said.

Bressler couldn’t find the right cybersecurity company to invest in, so he shelved the idea for a time.

TDF also likes to make investments outside the big coastal markets of New York City and California. The firm had done some deals in Pittsburgh and Chicago and decided to investigate Indianapolis. On a trip here, Bressler connected with High Alpha and realized the firm might be interested in developing his cybersecurity idea.

So Bressler participated in a Sprint Week in early 2020, just before the start of the pandemic.

Goldman got involved through his connection with Dorsey. The two knew each other from their time at ExactTarget, the Indianapolis marketing-tech company co-founded by Dorsey that was later sold to Salesforce. Goldman had joined the company in 2011, and by early 2020 had ascended to become the No. 2 security governance, risk management and compliance officer in the entire Salesforce organization.

Before joining ExactTarget, Goldman had spent 20 years at Purdue University, where his early interest in networking and cybersecurity led him to develop the university’s programs in network engineering, information security and cyber forensics. Goldman also developed and directed the Purdue Malware Lab, which focused on researching malicious software and developing strategies to protect against it.

Through his malware research, Goldman was also appointed to the FBI’s cybercrime task force, a role in which he served from 2009 through 2014.

So Dorsey asked Goldman to participate in Sprint Week as a subject-matter expert who could help High Alpha refine its cyber-insurance business idea.

“Jim helped us shape the idea in a really profound way,” Dorsey said.

As Sprint Week progressed, Goldman was captivated by the business concept. In his time with the FBI, he’d seen the financial devastation cybercrime could wreak on small to medium-size companies, which lacked the resources to bounce back like bigger companies could.

“When Scott started pitching this, I said, ‘Oh, this is exactly where my passion is,’” Goldman recalled. “I said, ‘Scott, I want to run this company for you.’”

High Alpha introduced Goldman to Beeler, who had 30 years of experience in leading software teams. He was living in Boston and wanted to return to Indianapolis.

Beeler, too, saw the appeal in the concept that became Trava.

“I was really drawn to the mission of helping small companies protect themselves,” he said. “It felt like a problem really worth solving.”

Beeler is 57. Goldman declined to reveal his age. Dorsey said the co-founders, with their decades of experience, are exactly the right people to lead Trava.

“When you think of the [cybersecurity] industry, it is all about trust,” Dorsey said. “I don’t think this is a company you could build with young and inexperienced founders.”

Growth strategy

Trava launched quietly in May 2020, before publicly announcing its launch that December.

The company rolled out its various offerings in sequence, with one thing building on the next. It began by offering cybersecurity consulting as a way to bring in revenue while working on its software platform.

Trava’s risk-assessment platform launched in December 2020. The following month, it began acting as an insurance broker, offering cyber insurance coverage through an insurance wholesaler. In May 2021, after Trava had some customer data collected through its software platform, the company started using that data in the underwriting process.

The company’s current effort—and the one it believes will help the company take off—is to recruit insurance brokers and agents who can access Trava’s platform as a tool for selling cyber insurance coverage to their clients. Those clients might also decide to become Trava customers.

The brokers, Goldman said, are key. That’s because, through the brokers, Trava can reach many more potential customers. “For every one insurance broker we sign, we’re adding anywhere between 100 and 1,000 customers.”

Currently, Trava is working with 12 insurance brokers who represent hundreds of agents. By the end of next year, Trava’s goal is to have signed agreements with 100 brokers.

Trava declined to discuss its revenue numbers, but Goldman said cyber insurance currently represents about 20% of Trava’s total revenue. Over time, the company wants to grow that so that cyber insurance is its main revenue source.

Competition, challenges

Trava is among a number of companies working in the insurtech field.

Reid Putnam, vice president of property and casualty at Indianapolis-based Gregory & Appel Insurance, cited the California firms At-Bay, Coalition Inc. and Cowbell Cyber as other examples of insurtech startups. All three of these were founded since 2016.

“They’re blending insurance and technology,” Putnam said. “They’re all sort of variations on the theme. They all do something just a little bit different.”

At the same time, cybersecurity firms are also reaching out to insurers because they see business opportunities in making their cybersecurity data available, Putnam said. “Carriers are increasingly leveraging cyber-scan reports to inform their underwriting process.”

But it will take time before cybersecurity data is fully integrated into insurance underwriting, he said. In part, that’s because cybersecurity is a relatively new type of insurance, and carriers are still working out how to address an ever-evolving threat landscape.

Last month, for instance, The Wall Street Journal reported that Lloyd’s of London Ltd. will next year require its insurer groups to exclude state-backed cyberattacks from stand-alone cyber insurance policies.

“The cyber insurance market is still trying to figure out, what are the basic duty-of-care requirements that any insurer should have?” Putnam said.•