WIn the fields of computer networking, network security and cybercrime, Jim Goldman has built his career around his ability to predict the future.
In the pre-internet era of the late 1980s, Goldman was looking for ways for remote computers to communicate with each other. By the early to mid-1990s, when the Internet was in full swing, he was already thinking about network security — a topic few thought about at the time, Goldman said. “Back then, people thought I was being paranoid — crazy — because nobody saw the need for it.”
Now Goldman thinks he’s found a new “next big thing.” He is co-founder and CEO of Trava Security Inc., an Indianapolis-based technology startup operating in the emerging field called Insurtech.
Founded in 2020 out of Indianapolis-based venture studio High Alpha, Trava approaches cybersecurity from three angles. Its software platform helps customers identify their risks, and Trava also works with customers to help them manage those risks. Insurance connectivity — and the area where Trava sees the greatest potential for growth — lies in using this aggregated data to help underwrite cybersecurity insurance.
“We basically help [insurance carriers] Gather data needed to underwrite the policy,” said Goldman co-founder, longtime tech executive Rob Beeler.
An evolution in underwriting
Currently, a company applying for (or renewing) cyber liability insurance will likely need to fill out an application that may ask 100 or more questions about the applicant’s computer network and cybersecurity practices.
The problem, Beeler says, is that the applications can be confusing and difficult to fill out, especially for small and medium-sized businesses that don’t have in-house IT professionals.
Online threats are also constantly changing, which means the information gathered in a traditional application process can quickly become irrelevant or outdated.
By gathering real-time information about a customer’s actual network and practices, Beeler said, “we believe we can get more accurate answers and more accurate data than just asking a layperson, ‘Do you do these things?'”
Over time, Trava envisions data being integrated into the cybersecurity underwriting process, similar to what is already used in auto insurance. For example, many auto insurance carriers offer policies that track a policyholder’s driving habits in order to receive rebates for safe driving.
“I just think the market is going in that direction,” Beeler said.
Trava’s supporters see it that way too.
“My expectation is that in two to three years, most cyber insurance policies will be amortized based on data, not paper-based applications,” said Scott Dorsey, managing partner of High Alpha.
High Alpha launched Trava in early 2020, and in March 2021, High Alpha Capital participated in a $3.5 million seed funding round led by TDF Ventures, based in suburban Washington, DC. TDF and High Alpha Capital also participated in Trava’s second major capital raise. a $4.5 million funding round that closed last month.
Trava grew out of a High Alpha Sprint Week — a regular event where the venture firm explores business ideas that could form the basis of startups.
How did the idea that became Trava make it to Sprint Week? For that, TDF Ventures is due. This company focuses on early-stage business-to-business technology companies, and one of its areas of interest is cybersecurity.
TDF CEO Matt Bressler wanted to find a better way to protect businesses from online threats. Businesses are spending more on cybersecurity, but data breaches are also on the rise, Bressler said, and cyber liability insurance is becoming increasingly difficult and expensive.
“It’s a growing market where people buy the product, but nobody really likes what they’re getting,” he said.
Bressler couldn’t find the right cybersecurity company to invest in, so he shelved the idea for a while.
TDF is also keen to invest outside of the major coastal markets of New York City and California. The firm had closed some deals in Pittsburgh and Chicago and decided to investigate Indianapolis. On a trip here, Bressler came into contact with High Alpha and realized that the company might be interested in developing his cybersecurity idea.
Bressler took part in a sprint week in early 2020, just before the pandemic began.
Goldman was implicated through his connection to Dorsey. The two knew each other from their time at ExactTarget, the Indianapolis-based marketing tech company that Dorsey co-founded and later sold to Salesforce. Goldman joined the company in 2011 and by early 2020 had risen to become the #2 security governance, risk management and compliance officer across the Salesforce organization.
Prior to joining ExactTarget, Goldman spent 20 years at Purdue University where his early interest in networking and cybersecurity led him to develop the university’s programs in network engineering, information security and cyberforensics. Goldman also created and ran the Purdue Malware Lab, which focused on researching malicious software and developing strategies to protect against it.
Goldman’s malware research also earned him a seat on the FBI’s Cybercrime Task Force, a role he served in from 2009 to 2014.
So Dorsey asked Goldman to attend Sprint Week as a subject matter expert who could help High Alpha refine their cyber insurance business idea.
“Jim helped us shape the idea in a really deep way,” Dorsey said.
Over the course of Sprint Week, Goldman was intrigued by the business concept. During his time at the FBI, he had seen the financial devastation cybercrime could wreak on small and medium-sized businesses that lacked the resources to bounce back like larger companies.
“When Scott started pitching that, I was like, ‘Oh, that’s my passion,'” Goldman recalled. “I said, ‘Scott, I want to run this company for you.'”
High Alpha introduced Goldman Beeler, who had over 30 years of experience on leading software teams. He lived in Boston and wanted to return to Indianapolis.
Beeler also saw the appeal of the concept that became Trava.
“I was really drawn to the mission of helping small businesses protect themselves,” he said. “It felt like a problem that was really worth solving.”
Beeler is 57 years old. Goldman declined to reveal his age. Dorsey said the co-founders, with their decades of experience, are just the right people to lead Trava.
“If you think about them [cybersecurity] The industry is all about trust,” Dorsey said. “I don’t think this is a company that you could build with young and inexperienced founders.”
Trava launched quietly in May 2020 before publicly announcing its launch in December.
The company rolled out its various offerings one at a time, one building on top of the other. It started by offering cybersecurity consulting to generate revenue while working on its software platform.
Trava’s risk assessment platform launched in December 2020. The following month, she began acting as an insurance broker, offering cyber insurance coverage through an insurance wholesaler. In May 2021, after having collected some customer data through its software platform, Trava began using this data in the underwriting process.
The company’s current efforts — and those it believes will help the company break through — are recruiting insurance brokers and agents who can access Trava’s platform to sell cyber insurance coverage to its customers . These customers could also choose to become Trava customers.
The brokers, Goldman said, are key. Because through the brokers, Trava can reach many more potential customers. “For every insurance broker that we sign on, we add between 100 and 1,000 customers.”
Trava currently works with 12 insurance brokers representing hundreds of agents. Trava aims to have agreements signed with 100 brokers by the end of next year.
Trava declined to discuss its revenue numbers, but Goldman said that cyber insurance currently accounts for about 20% of Trava’s total revenue. Over time, the company wants to expand that, so cyber insurance is its main source of income.
Trava is one of a number of companies operating in the insurtech space.
Reid Putnam, vice president of property and casualty at Indianapolis-based Gregory & Appel Insurance, cited California firms At-Bay, Coalition Inc. and Cowbell Cyber as other examples of insurtech startups. All three have been founded since 2016.
“You mix insurance and technology,” Putnam said. “They are all possible variations on the theme. They all do something a little bit differently.”
At the same time, cybersecurity firms are also turning to insurers because they see business opportunities in making their cybersecurity data available, Putnam said. “Carriers are increasingly using cyber scan reports to inform their underwriting process.”
However, it will take time for cybersecurity data to be fully integrated into the insurance business, he said. This is partly because cybersecurity is a relatively new type of insurance, and network operators are still working out how to counter an ever-evolving threat landscape.
For example, last month the Wall Street Journal reported that Lloyd’s of London Ltd. next year will require its insurance groups to exclude state-sponsored cyberattacks from standalone cyber insurance policies.
“The cyber insurance market is still trying to figure out what are the basic due diligence requirements that every insurer should have?” said Putnam.•