Coalition
I wrote this piece on the cyber insurance company Coalition in June and July 2024, but I’m only publishing it in December. The world has moved on since then; most notably, Cowbell announced a $60m “Series C” from Zurich on 29th July, and Coalition launched Coalition Re on 8th September.
The July 2024 Crowdstrike incident crashed 8.5 million computers, caused an estimated $10 billion of economic damage - and wasn’t even malicious. The scale of the outage demonstrated clearly that every business that is connected to the internet runs the risk of cyber attack. Faced with that risk, businesses have three options: mitigating it, transferring it, or simply accepting it.
Cybersecurity providers mitigate risk by reducing the frequency and severity of cyber attacks, whereas insurance businesses transfer away the financial impact of cyber attacks; but Coalition’s innovation was to bundle cyber risk mitigation and transfer into one combined product.
In order to achieve the mission of “protecting the unprotected as the world digitizes”, Coalition became “the world's first Active Insurance provider, designed to prevent digital risk before it strikes”. By marrying military-grade cybersecurity talent to the giant balance sheets of insurance companies, Coalition aims to be the leader in a big market: global cyber insurance premiums grew at a 30% CAGR during the 2010s to reach $12 billion in 2022; they’re projected to grow at a 20% CAGR to $43 billion by 2030.
Founding Story
Coalition was founded in 2017 by Josh Motta (CEO) and John Hering (CTO).
Motta grew up in Kansas City; as a teenager, he built websites for local businesses using HTML and GeoCities, eventually turning this into a business called NetAvenue. When one of his clients, DogToys.com, was featured in a Microsoft case study, they revealed that a fourteen-year-old boy had helped build their site. That led to a call from Jeff Raikes, a Microsoft executive, who offered him a summer internship in their Redmond office. Fifteen-year-old Motta was the youngest person to have ever worked at Microsoft.
When Motta went up to the University of Chicago in 2003, he joined the CIA on a one-year programme for college students; while a student at Chicago, he met Shardul Shah, who would go on to lead Coalition's 2021 Series D with Index Ventures.
Motta might have stayed with the CIA after graduating in 2006, but a promotion required a new security clearance only available to those aged 25 or older. Faced with that obstacle, Motta moved to London to work for Goldman Sachs in TMT investment banking. It was there that he met Alex Tamas. Having left finance, Motta joined Cloudflare, working on special projects as employee #20. While at Cloudflare, Tamas repeatedly encouraged Motta to start a company, finally bringing him both the idea and team that would become Coalition, and leading their first round of funding.
In 2016, Motta left Cloudflare to start Redacted alongside Hering, who had previously founded cybsecurity company Lookout in 2007, and former Facebook CISO Max Kelly.
However, in Motta's words, Kelly "had a very different vision as to how to build the company than I did, and at the end of the day it blew up. We found it very difficult to work together." In March 2017, Motta, Hering, and part of the team spun out into a new company, Coalition, which would focus on providing cyber insurance rather than pure cybersecurity.
Coalition’s founding mission was to bring together world-class expertise from both insurance and cybersecurity for the first time. While insurers had been offering cyber insurance policies for almost 20 years, Motta and his team were different: weapons-grade hackers with CIA pedigree. The thesis was that their technological expertise would allow them to select and mitigate risks better than an ordinary insurer.
Early in Coalition’s journey, it was necessary to partner with big insurers. In these meetings, Coalition started their pitch with a single word on the screen: the password of one of the insurance executives in the audience. The Coalition team waited as the tension in the room grew, finally asking the executives if any of them knew the significance of the word in front of them. Through this practical demonstration of hacking savoir-faire, the Coalition team made clear their point of difference: the ability to hire security talent that would never deign to join Chubb or AIG.
Coalition’s ambition is to be the world’s leading cyber insurer, “protecting the unprotected as the world digitizes”. It wrote $630 million of premium in 2023 (roughly 5% of the US market), up from ~$530 million in 2022 and ~$50 million in 2019, and as of April 2024, are “approaching a billion dollars of premium on an annual basis”; this makes Coalition the fourth-biggest cyber insurer in the United States. As Coalition continues to grow into the $5 billion valuation set at the 2022 Series F, it will need to maintain their combination of insurance and cyber expertise at even greater scale.
Coalition’s North Star is that "when there is a decision being made about cyber risk, we want a seat at the table." Its “Active Insurance” product combines cybersecurity with insurance.
“It is common to think about the solution to cyber risk as insurance. It is common for others to approach the solution to cyber risk as security. Coalition believes there’s a need for both. Every company can be hacked, so the financial backstop of an insurance product alongside security is part of the answer”
Shawn Ram (Head of Insurance)
Josh Motta (CEO) said that Coalition aims to “own the repair shop” by handling claims and MDR (managed detection and response) in-house. Coalition intends to be a fourth emergency service for the digital realm, alongside the police, ambulance and fire department.
History of the Cyber Insurance Market
In the early days of cyber insurance, losses were covered by two general insurance policies: business interruption (BI, covering lost revenue) and errors and omissions (E&O, covering a company being sued by clients). Since then, there have been four generations of cyber insurance: Cyber 1.0, 1.5, 2.0, and 3.0.
Cyber 1.0 policies were written by massive insurers like AIG, Chubb and Travellers; these were basically BI policies, with a specific focus on cyber attacks. There was no attempt to mitigate risk, and companies often had to prove that there had been a week-long business interruption to get a payout.
Cyber 1.5, the next generation, was pioneered by a London insurance company called CFC in the 2000s. Their policies paid out for shorter business interruption periods, and crucially included incident response services, promising expert support within a few hours of a cyber attack.
Cyber 2.0, pioneered by companies including Coalition starting in 2016, brought two key innovations. First, insurers used automated scanning tools to check client websites for vulnerabilities, meaning that they could provide quotes more quickly. Second, insurers provided constant support to existing clients, keeping them updated with emerging threats and security best practices. This combination is what Coalition calls ‘active insurance’. These innovations gave Cyber 2.0 companies, including Coalition, better risk selection and mitigation than their competitors.
For instance, in November 2022, Coalition realized that Russian hackers were scanning American computers for the presence of MOVEit, a file transfer program; Coalition advised their clients to increase the security around MOVEit. In April 2023, MOVEit’s parent announced a critical vulnerability and a security patch; Coalition rapidly warned its 19 clients still using MOVEit to install the patch. As a result, none of Coalition’s 85K customers filed a claim related to MOVEit - despite 90 million individuals having their data exposed by the breach.
Cyber 3.0, the most recent wave, aims to increase the percentage of SMEs that buy cyber insurance, by providing actionable security tips and persuading smaller businesses that their digital assets ought to be protected just like their physical ones. While most Fortune 500 companies buy cyber insurance, penetration is lower in the SME space; for example, a 2023 UK government report found that 26% of UK businesses with 250+ employees buy standalone cyber insurance, compared to 11% of businesses with 10-49 employees. Globally, 75% of businesses with >$250 million revenue have cyber insurance, versus less than 25% for those with <$250 million revenue. Increasing penetration in the SME space requires an automated underwriting process, to reduce the marginal cost of administering each policy. Coalition are able to write policies for as little as $50 in premium.
Product
Coalition provide three security offerings and three insurance products.
Security
Coalition Control is focused on prevention and mitigation before cyber attacks happen.
Coalition Control is a cyber risk management platform to detect, assess and mitigate cyber risks proactively. Also known as attack surface monitoring software, Control provides ongoing assessments of a client’s cyber risk profile, alerting them to vulnerabilities and threats as they emerge.
Every policyholder receives a Coalition risk assessment report which highlights digital vulnerabilities and provides recommendations for resolving them.
Managed Detection & Response (MD&R) kicks in during and after cyber attacks.
Coalition has an in-house service that uses a combination of automated tools and human analysts to detect policyholder breaches.
When a breach is detected, Coalition mobilises an in-house team that includes privacy lawyers, breach coaches, forensic specialists, incident responders, and security engineers. Policyholders have access to cyber experts on a 24/7/365 hotline with a 30-minute response time SLA. Unlike many insurtechs, Coalition handle claims in-house, leveraging cyber specialists rather than using third-party generalists in order to accelerate the process.
Coalition Incident Response is an addition to Coalition’s in-house MD&R offering: it’s a panel of third-party service providers.
Insurance
Coalition offer three main kinds of insurance: cyber, tech E&O, and management liability.
Cyber is primarily business interruption insurance - which covers both accidental and malicious interruptions.
Coalition cover “breach response” costs - for expenses incurred on e.g. service providers while dealing with a cyber attack. Coalition may “pay-on-behalf” if a policyholder has to pay a ransom. Coalition may be able to retrieve stolen funds after Fund Transfer Fraud (FTF); as of June 2024, Coalition claims to have clawed back over $80 million for policyholders.
Coalition also cover physical damage, bodily injury, and pollution resulting from a ‘kinetic cyber event’ damaging network-connected hardware.
Tech Errors and Ommissions (E&O) covers mistakes and breaches committed in rendering or failing to render professional services. The main peril here is a situation like the Ashley Madison data breach - where sensitive private user data becomes public.
Management Liability isn’t a core product, but since 2023 Coalition have offered SMEs non-cyber lines like Directors & Officers Liability (D&O), Employment Practices Liability (EPL), Fiduciary Liability, and Crime Insurance.
Customers
Coalition began by working with US commercial clients; as of July 2024, it has expanded into the UK, Canada, Australia, and Germany. It presents case studies from industries including financial services, healthcare, and manufacturing.
Initially, it focused on fully-automated underwriting of SMEs; the goal was to cut humans out of the loop, and bring down the marginal cost of administering each policy. Whereas traditional insurers might not write policies for less than e.g. $2K in premium, Coalition’s underwriter-light, heavily automated approach allowed them to write policies for under $1K in premium.
However, Coalition has moved upmarket; as of February 2023, it partnered with businesses with up to $5 billion revenue.
Market Size
Market size in insurance, measured by written premium, is a function of pricing and volume. In 2015, US cyber insurance premiums were $1.4 billion; in 2022, premiums reached $9.7 billion, for a 31.5% CAGR over seven years.
That growth was driven by the COVID-19 pandemic. During the 2010s, loss ratios were better than industry average, at 32%, 35% and 45% in 2017-19, compared to ~58% for the entire P&C market. But during the COVID-19 pandemic, cyber losses spiked—especially due to ransomware—and so companies started buying more insurance and paying more for it. That caused significant growth in written premium in 2021 and 2022. As such, the price of cyber insurance spiked during the pandemic, but has been falling since the start of 2023.
Source: Howden
In 2023, S&P estimated global cyber premiums at $12 billion, and projected that to rise to $23 billion by 2025, implying a 25-30% CAGR. Swiss Re also projected $23 billion 2025 cyber premium. But 2023 cyber insurance premiums fell short of projections: both NAIC filings and S&P reports suggest that cyber insurance premiums written by US insurers for US clients were almost the same, with $7.2 billion in both 2022 and 2023. US cyber loss ratios fell to 41.6% in 2023.
Taking 2023 premiums into account, a 2024 projection estimated that global cyber premiums would be at $15 billion in 2024, reaching $43 billion by 2030.
Competition
As of July 2024, Coalition is the biggest of five cyber insurtech MGAs: the others are At-Bay, Corvus, Cowbell, and Resilience.
At-Bay
Whereas Coalition draws cyber expertise from American intelligence agencies, At-Bay, founded in 2016 by Rotem Iram (CEO), Roman Itskovich (CRO/VP Risk), Etai Hochman (CTO), and Tilli Kalisky, draws on Mossad and the Israeli Intelligence Corps’ Unit 8200. Coalition and At-Bay continue to differentiate themselves from the rest of the pack with the quality of their cybersecurity talent. As such, At-Bay is Coalition’s closest comparison and competitor. In 2023, it wrote $301 million of cyber premium.
Corvus
Corvus was founded in Boston in 2017 by Phil Edmundson (CEO), a serial insurtech entrepreneur. Initially, Corvus was a generalist “digital MGA”, looking for opportunities across the board to do data-driven underwriting - for example, in food and pharma. However, at their January 2020 Series B, Corvus began to pay more attention to cyber, and after their March 2021 Series C, where it raised $115 million at a $750 million valuation, Corvus became wholly focused on the sector. At this point, Corvus was writing $120 million per year in premium.
Corvus built out a large underwriting and engineering team, enabling them to work for larger customers than competitors like Coalition, which had originally aimed to completely eliminate underwriters. However, Corvus never claimed the military pedigree of Coalition and At-Bay.
After maxing out their capacity in June 2021—a clear sign of trouble—Corvus was ultimately acquired by Travelers for $435 million. That might seem weak compared to their $750 million Series C valuation, but Corvus only raised a total of $161 million. The valuation represents a ~2x multiple on ~ $240 million premium written in 2022, and the further $210 million Corvus were expected to write in 2023. It’s probably not a bad outcome for founders, team, and early investors.
Cowbell
Cowbell was founded in 2019 by Jack Kudale (CEO, a cybersecurity expert), Trent Cooksley (COO, an insurance executive), Rajeev Gupta (CPO) and Prab Reddy (SVP, Technology). Cowbell typically focuses on smaller clients than Coalition and At-Bay, has tighter underwriting guidelines, and focuses on providing excellent service to brokers.
SMEs are a tricky market because Coalition and At-Bay also initially focused on that market. There are indications that Cowbell is struggling: in January 2024, it lost its capacity deal with Skyward Specialty. Industry press is reporting that it might be seeking an acquisition.
(Addendum: In August 2024, Cowbell announced a “Series C” funding round led by Zurich - no valuation was disclosed)
Resilience
Resilience came a little later to the underwriting game. Founded in 2016 by two Air Force veterans, Vishaal “V8” Hariprasad (CEO) and Raj Shah (Executive Chairman), the company initially traded as Arceo, selling a data and analytics product to insurers. In 2020, Resilience launched its first insurance product, but continued to differentiate with the SaaS cyber risk management offering. Whereas Cowbell focuses on smaller clients, Resilience is trying to move into the larger segment.
CFC
CFC is one of the oldest cyber MGAs. Founded in 1999, the name originally stood for “Click For Cover” - while giving a subtle nod to Chelsea Football Club. CFC is now one of the largest cyber underwriters in the world, with over £1 billion of annual premium. In October 2021, CFC was bought out by private equity firm EQT for £2.5 billion, at a 40x EBITDA multiple. In 2022, CFC had £106.4 million adjusted EBITDA at a 56% margin, and it will likely earn even more 2023. As such, it is likely now worth over £5 billion.
CFC gets capacity from 10-15 Lloyd’s syndicates, which include some of the largest insurers in the world. Like Coalition, it aims to be tech-forward and innovative, although without claiming to have elite hacking talent.
Traditional Insurers
Alongside the MGAs, traditional insurers make up the majority of the cyber insurance market. Those include Chubb, AXA, Travelers, Tokio Marine Kiln, AIG, Beazley and Hiscox.
Business Model
Coalition write risks in three ways: a surplus-lines MGA, a captive for the MGA, and an admitted carrier. By far the most important of the three is the MGA, or managing general agent.
McKinsey explain the MGA business model like this:
MGAs are insurance intermediaries, but unlike retail and wholesale brokers, they are often granted binding authority from insurance partners. This means they can quote and bind policies that fit within the agreed-upon risk parameters of their insurer relationships. This feature distinguishes MGAs from other insurance intermediaries. MGAs often further differentiate themselves either by having expertise in nonstandard, niche, or specialty lines of insurance or by having privileged access to specific customer segments.
An MGA’s top-line metric is gross written premium, but MGAs don’t keep that premium on their own balance sheet, but instead pass it on to another insurance company in exchange for fees.
As such, an MGA’s revenue will be some fraction (~10-25%) of gross written premium. As a rough rule of thumb, mature insurance companies will be valued at 0.5-2.5x premium, and MGAs will be valued at 16x EBITDA.
In 2023, Coalition wrote $630 million of premium. It was valued at $5 billion in the 2022 Series F.
To better understand Coalition’s business model, it helps to break down the insurance value chain into four parts: Risk, Distribution, Pricing, and Balance Sheet.
Companies have risks that they want to insure; in order for a risk to be insured, you need someone who can price that risk (e.g. say “if you pay me $1K a year, I will pay for the cost of repairing your house when a hurricane hits”). That person needs a balance sheet to give them the financial means to make that promise, and they need to be connected with the risk by distribution.
Brokers provide that distribution: they act on behalf of companies that have risks to insure: they use their industry knowledge to introduce those companies to someone that can price, or underwrite, the risk. Typically, the underwriter is part of a large company, like AIG or Chubb, that also has a balance sheet - but that’s not necessarily the case.
It’s possible for independent underwriters to act on behalf of a big insurance company, as a managing general agent:they’re the agent of the insurance company, they hold the pen to make underwriting decisions, and they write on paper provided by the insurance company. The MGA offers insurance policies to customers that are backed by a bigger insurer.
That’s where Coalition sits: brokers bring clients to them, and Coalition uses underwriting and cybersecurity expertise to make good decisions on behalf of the insurers who provide them with paper. It is essentially an independent underwriter.
Coalition always works with a broker; it never insures clients directly. While this does mean that it has to pay the broker 10-25% of premium, it doesn’t make sense for Coalition to try to disintermediate the broker. That’s because companies buying insurance want an independent advisor that they can trust, in order to help them navigate the complexity of the insurance market - to choose the right policy wording, the right limits, and the right pricing.
On the other hand, Coalition has to arrange the paper on which they write risks - which gives them the ability to take in premiums and pay claims. It works with a reinsurance broker and/or a fronting carrier to get paper (also known as capacity) from insurers.
In exchange for underwriting new clients, managing existing ones, and paying claims, Coalition is paid a fixed commission (perhaps 10%) of premium, and a share (perhaps 20%) of the underwriting profit. Typically, the fixed percentage will be generate much more revenue than the profit commission.
All commercial insurance in the United States is state-regulated: each state sets the rules under which insurers can offer insurance in the admitted market. However, if companies can’t find the coverage they want in the admitted market, their brokers can approach the excess and surplus (E&S) market - domestic and international insurers, with the freedom of rate and form to ask questions, charge prices, and structure terms however they want.
Coalition’s Structure
Coalition primarily offers insurance through an E&S MGA (Coalition Insurance Services); however, they’ve subsequently added other business units.
Coalition’s MGA is backed by a panel of insurers: in February 2021, its US capacity was 45% Swiss Re / 30% Arch / 25% Argo. As of 2024, that panel has changed to include Allianz, Vantage, Aspen, Ascot, Fortegra, Zurich, and HDI Specialty, while Argo have been dropped.
One of Coalition’s priorities is to retain more risk:
In late 2021, Coalition announced a Hawaii captive insurer, Palekana, to retain some percentage of the premium written by its MGA. In February 2023, Shawn Ram (Head of Insurance), made clear that Coalition’s captive was intended to capture the value created by their profitable underwriting.
In October 2022, Coalition launched Ferian Re, a Bermudian cyber reinsurer that would take on part of the tail risk from the clients that Coalition underwrites. Most of the capital for Ferian comes from outside investors, including BDT Capital Partners.
So Ferian and the captive serve a dual purpose: they allow Coalition to bet on its own underwriting, and to signal confidence to the rest of the market. In particular, Ferian shows that Coalition is comfortable with cyber catastrophe risk - something the market as a whole is rather uneasy about.
In September 2023, it was reported (but not confirmed) that Coalition was seeking to set up a cyber reinsurance MGA, to reinsure cyber portfolios from other underwriters. As of July 2024, Coalition have still not confirmed their plans in reinsurance. But Coalition’s proprietary Active Data Graph captures 48 trillion monthly events in order to model cyber aggregate risk, which would be very helpful in reinsurance. Shawn Ram (Head of Insurance) made two points about the reinsurance MGA in 2024: first, that their scanning technology can be used to assess not just an individual company, but another insurer’s portfolio. Second, Ram argued that the market as a whole is overestimating the risk of a cyber catastrophe event.
In 2023, Coalition launched an admitted carrier, Coalition Insurance Company; CIC started writing admitted policies in March 2023, although there are no public filings available as of June 2024. CIC serves clients with the most straightforward, small and predictable risks, who wouldn’t need to approach the E&S market in which the Coalition MGA operates. As such, CIC is likely less about market confidence, and more about market share. The admitted segment is particularly attractive because SMEs have better cyber insurance loss ratios than larger companies: in 2022, the “micro” segment (8% of total premium, businesses with <$10 million revenue), had 33% cyber loss ratios, compared to 45% in the rest of the market.
In April 2024, Shawn Ram (Head of Insurance), said that Coalition’s three current structures (the MGA, the captive, and the admitted insurer) demonstrate confidence to policyholders, brokers and carriers:
Ram: “We eat our own dog food. We take risk. We believe in this risk, just as much as anyone else, And we're willing to put our own capital to support the risk that we believe in… I can tell you, "we have a strong balance sheet", but when I demonstrate that through putting my own capital risk through the policyholders that we believe in - that's that's a different kind of level of of strength and financial stability.
In the same vein, Josh Motta made this comment in a 2022 interview:
Motta: We’re absolutely looking to retain more risk, it’s something that we believe that we have the ability to do profitably, however our market opportunity is so large that we continue to need and want access to capacity outside Coalition.
Last, Coalition makes money on services including Coalition’s Managed Detection and Response firm, referral fees from third-party Coalition Incident Response service providers, and Coalition’s scanning and cyber monitoring tools.
Traction
As of 2024, Coalition is the fourth-largest cyber insurer in the US by premium, and is growing faster than any of its competitors; 90,000 companies are Coalition policyholders, and 100,000 use their technology products.
In 2024, Shawn Ram declared that the company was “approaching a billion dollars of premium on an annual basis”, and had been “cash flow positive since 2022”.
Josh Motta (CEO) said in 2022 that Coalition had surpassed $1 billion of “run rate premium”, expected to write “well north” of $1 billion in 2023, and aimed to write “billions” by 2027. However, Coalition actually wrote just $630 million in premium in 2023.
Coalition’s complicated structure makes it difficult to value; MGAs, insurers, and services businesses are each treated differently by investors. As a rough **rule of thumb, mature insurance companies will be valued at 0.5-2.5x premium, and MGAs will be valued at 16x EBITDA.
The two most direct comparisons are CFC and Corvus; both MGAs, CFC was valued at 40x EBITDA, or roughly 4x premium, while Corvus was acquired for roughly 2x premium.
A dollar of premium written by an MGA normally translates to a higher enterprise value than a dollar of premium written by a carrier. Since Coalition’s headine premium figures will include premium from their admitted carrier and captive, their multiple should actually be lower than a pure MGA with the same volume of premium.
The top-line metric for an MGA is gross written premium (GWP). Coalition wrote over $630 million of GWP in 2023. Coalition’s July 2022 Series F announcement declared that they had $775m of “run-rate premium” - a non-standard metric. In April 2024, Shawn Ram said that Coalition was “approaching a billion dollars of premium on an annual basis”.
Valuing an MGA
According to their 2022 annual report, CFC, a London MGA which is one of the biggest cyber underwriters in the world, made £150 million revenue from fixed fees, and £14.8 million in variable profit commission - a 10:1 split (see page 41). With £169 million in operating income, CFC generated £101 million in adjusted EBITDA, for a 56% EBITDA margin (see page 2). CFC wrote over $1 billion, or £812 million, of premium in 2022, and was valued at 40x EBITDA by private equity fund EQT, who purchased a stake in the business for £2.5 billion; that implies a 3.1x EV/premium multiple.
In contrast, McKinsey estimate that for a typical MGA revenue is 60-80% commission, 20-30% profit contingents, and 5-10% other fees - e.g. claims handling. The same article suggests that a good MGA will have a 25-35% EBITDA margin, and be valued with a multiple in the “mid to high teens” - let’s assume 16x. Furthermore, this June 2024 reportby Insuramore suggests that in aggregate MGA revenue is 10% of premium written: $23.9bn of revenue on ~ $200bn of premium. If you combine these three datapoints, you get a 0.5x EV/premium multiple.
But in order to apply CFC or McKinsey’s valuation framework, Coalition needs positive EBITDA margins - which they’ve never claimed to possess. The closest thing to that claim is Shawn Ram’s statement that they have been “cash flow positive since 2022”.
By contrast, Travelers acquired Corvus for $435 million in November 2023. Corvus wrote $240 million of premium in 2022, and $210 milllion in 2023. As such, the acquisition was something like a 2x EV/premium multiple.
Coalition’s $5 billion valuation happened after the peak of the insurtech cycle: by July 2022, Lemonade was down 87%from its all-time high. Nonetheless, it would require $1.6-10 billion in premium to justify that valuation at the three comparable multiples listed above - a mark that Coalition has not yet achieved.
Paths to an Exit
Coalition has two ways to exit: IPO or acquisition. If Coalition does an IPO, it will mostly likely remain a hybrid, writing business through both the MGA and other structures.
Josh Motta: “We’re absolutely looking to retain more risk, it’s something that we believe that we have the ability to do profitably, however our market opportunity is so large that we continue to need and want access to capacity outside Coalition.”
That contrasts with other public insurtechs, like Lemonade, Hippo, Root, and Metromile, which were all carriers by the time they went public - with no MGA element. Furthermore, there are no major public MGAs; it’s almost a contradiction in terms. MGAs are lightweight vehicles without a balance sheet that help insurers flexibly put capital at risk. Given the depth and appetite in private markets and the risk of an MGA losing its capacity, it seems impossible for Coalition to IPO without first transitioning to a full-stack insurer.
Public markets have been difficult for insurtechs, because they’ve been measured by the same yardstick as large insurance companies. Recently, four major insurtechs have gone public: Lemonade, Root, Hippo, and Metromile. All of them are down dramatically since IPO: Hippo, for example, had a market cap of ~$400 million in June 2024, compared to $5 billion at IPO. Hippo is a more complex business than the other three, but a rough glance at their EV/premium multiples in 2020 and 2024 is striking: whereas these full-stack insurtechs were once valued at 10-20x premiums, they’re now 1-2x - similar to public comparables like Allstate and Progressive.
If Coalition became a full-stack carrier, abandoning their MGA, and tried to go public, then even with the projected growth of the cyber market, it’d be impossible to justify their $5bn valuation on just ~$700m of premium. Given all this, it seems that Coalition won’t become a carrier, and won’t go public; instead, like many other insurance brokers and carriers, they’re likely to kept private.
Remaining an MGA
If Coalition remains an MGA, there are three possible exit opportunities:
It could be acquired by a large broker.
It could sell to a buyout private equity firm.
It could be acquired by a large insurer.
Coalition almost certainly won’t be acquired by a broker. While the top five MGA groups globally (accounting for 17.8% of global MGA revenue) are broker-controlled, these MGAs are almost exclusively fed business by their parents: they’re primarily a way for big brokers to make extra money on their best risks. But Coalition currently accepts business from every major broker: if it were acquired by a single major broker, the others would stop sending Coalition business.
Many brokers and MGAs are private-equity owned; CFC is a great example, but there are many others. This is a realistic option.
The most intriguing exit is to a carrier - mirroring the Corvus acquisition. From the carrier’s perspective, acquiring an MGA is in some ways an acqui-hire: a way to add a team with expertise and data. It’s also a way to get hold of the book of business that Coalition has built over the last few years. However, that would be dilutive for the acquirer: Coalition’s book is valued at a higher multiple than that of any major insurer.
The most likely carrier to acquire Coalition is Allianz: a German insurer which had a $101 billion market cap in June 2024. Allianz led Coalition’s Series F through their venture arm Allianz X, is now Coalition’s lead capacity provider (replacing Swiss Re), and its CEO Oliver Bäte sits on Coalition’s board - albeit in a purely advisory capacity. Allianz has been very active in the MGA market, using MGAs to gain exposure to new lines, and so a Coalition acquisition would mark a successful end to an experiment.
Key Opportunities
Coalition is a leader in a fast-growing market; they need to maintain their relative position while maintaining a sound underwriting. Beyond that, there are three big opportunities for Coalition: writing more risk, holding more of the risk they write, and betting on cyber catastrophe.
Expanding Gross Written Premium
Coalition needs to expand gross written premium in line with Motta’s multi-billion dollar targets.
Sectoral: Even if past forecasts have been optimistic, the cyber market should continue to grow ahead of the rest of the P&C insurance industry.
Upmarket: In February 2023, Coalition started insuring businesses with up to $5 billion in revenue. These large corporate clients are an important segment for Coalition to win.
Downmarket: The key to Cyber 3.0 is selling cyber insurance to SMEs that have never bought it before. Loss ratios tend to be better in this segment: in 2022, the “micro” segment (8% of total premium, businesses with <$10 million revenue), had 33% cyber loss ratios, compared to 45% in the rest of the market.
Global: Coalition wants to expand beyond Australia, Canada, the UK and the US. That would unlock the remaining ~33% of global cyber premiums outside those markets.
New Lines: Coalition has already added various forms of management liability coverage - might they go further to serve their existing clients? What about the emerging possibility of insuring risks from AI models?
Keeping more risk
As well as expanding GWP, Coalition can also look to keep more of that risk. Rather than just a profit commission, if Coalition really trust their underwriting, they could keep all the profit by moving from the MGA model towards full-stack insurer model. Through their admitted insurer CIC, captive Palekana, and reinsurer Ferian Re, Coalition can grow their balance sheet and benefit directly from their underwriting results.
Cyber Reinsurance
(Addendum: I wrote about the divergent ways that the risk from cyber catastrophe is currently priced here)
Finally, Coalition has a differentiated opinion on cyber catastrophe. Both Josh Motta and Shawn Ram have argued that a global cyber catastrophe, with losses in the tens or hundreds of billions of dollars, is much less likely than the rest of the market believes. If Coalition take this view seriously, they should aim to deploy capital into the cyber reinsurance market - because pricing there is irrationally high.
Motta: "A lot of the scenarios that people think about, in my estimation, just simply aren't possible. People have a fundamental misunderstanding of how the internet is structured. … And that can lead to some pretty rash and implausible assumptions. For example, malware taking down all Windows computers globally. You don't know how hacking works if that's a plausible scenario in your catastrophe modelling. … I'm not overly optimistic in that there can be no accumulation event in cyber, I just think that the modelling that's being done now is so overblown that absolutely there is an arbitrage opportunity for those that are willing to seize upon it.”
Ram: "There's always the possibility of a black swan event, and we won't dismiss that. But we do believe, at least where cyber insurers offer coverage, the potential for and consequences of a cyber event are oftentimes overstated."
“When you couple that with the belief that we've stated around this notion of systemic risk, I think it does provide a unique opportunity to provide value to portfolios of risk vs simple individual risks. And so without stating anything specific at this moment, I do believe this model lends itself to exploring other business opportunities, potentially in the world of reinsurance.”
For instance, Pool Re, the UK-government-backed reinsurer, estimates that an attack on the UK energy grid could cause up to £442 billion in losses. By contrast, Coalition’s estimate of the probable maximum loss for the US economy on a 1-in-250-year cyber catastrophe is just $29 billion. This provides extra context for their willingness to put capital at risk, and **explains Coalition’s reported interest in setting up a cyber reinsurance MGA. However a reinsurance bet is risk as well as an opportunity.
Key Risks
Loss of Capacity
The primary danger for any MGA is loss of capacity; both Corvus and Cowbell have struggled with that in the past. However, Coalition looks to be in a strong position.
Josh Motta: "There’ve been a number of players in the market that have cut back their capacity participation or have lost capacity or have had some sort of limitations exposed. Fortunately, in our case that's not something we've experienced. We've actually added a pretty significant amount of capacity... There are other rate limiters preventing us from growing even faster, capacity is not one of them - but it is an issue across the market."
Capacity providers will be less willing to back Coalition if their underwriting results (which they have never made public) deteriorate, or if they think catastrophic losses are likely.
Technological Advantage
The original wedge for Coalition was elite technical talent; this advantage will be difficult to maintain as Coalition matures, since a well-funded startup is a more attractive workspace for elite cybersecurity talent than a mature scale-up.
Furthermore, incumbents are strengthening their cyber insurance offering. For example, in June 2024, Beazley announced an expansion of their cybersecurity offering on Coalition’s “active insurance” model, and Axis announced expanded MDR services for policyholders.
The legendary CEO of AIG, Hank Greenberg, used to say that “all I want in life is an unfair advantage”; thanks to the founding team’s elite cybersecurity background, Coalition had one from the start. Having successfully established itself as a major player in the cyber insurance space, Coalition now needs to expand its insurance business, while maintaining its technological advantage. If it can do that, it’ll be able to grow into its lofty valuation.