As I was making the shift into product management, I was fortunate to land a secondment supporting a very talented product manager / growth hacker at IAG's Innovation Lab. Under his wing, I learnt a tonne about building products from scratch and little hacks and creative ways to test our value proposition in market.
Understand the Cyber Security value chain and determine if and how IAG could play in this space.
The initial brief was for my manager to look into cyber security and determine if there was a product or service we could create under IAG's Innovation Incubator. Coming into a space where my manager and I had only a basic understanding on the cyber security industry, we conducted a deep dive on the industry and started mapping out the cyber security value chain.
Back in 2017, people were aware of cyber risk, but there was minimal motivation for SME businesses (sub $10m annual turnover businesses) to pursue strong cyber security policies and procedures in their day to day. There seemed to be the mindset of that will never happen to me. Based on the trends we were analysing, cyber attacks were growing exponentially and we knew it would soon become a mainstream problem.
As we mapped out the cyber security value chain, we identified areas where it would not be viable for IAG to play, particularly after a cyber attack as that was where strong key industry players tended to dominated e.g. Norton Antivirus, etc. We then identified areas where IAG could play which was in the prevention and protection space.
IAG had great risk analysis models and teams, so offering insurance to protect and recover businesses from cyber attacks was a natural logical fit for us. However, after analysing the attitudes towards cyber security from our target market (SME businesses), we discovered that insurance and cyber protection was not something front of mind for these customers. We had to change this.
My manager and I realised that in order to make our insurance offering more appealing to our target customers, they would need to understand the amount of risk their business was exposed to and the costs involved with recovering from cyber attacks. We started testing the market with landing pages, surveys and interviews to understand the attitudes and priorities of our customers. This led us to refine our value proposition several times until we landed on a proposition that appealed to our target customers where they would see the need to take out a Cyber Insurance policy with us. Part of our go-to-market strategy was educating our target market on the impact of cyber risk to their business. We created content, flyers, and emails that we used to target CGU Business Insurance customers who fit the profile of our target market.
We had great early adoption, however we had internal hurdles to work through as our Cyber Insurance product was relying heavily on many IAG core assets e.g. underwriting, legal, risk, etc. to successfully execute. The key issue from an insurance perspective was risk management in a completely foreign space – cyber. We mitigated our risk issues by using the services of UpGuard (a Firemark Ventures portfolio company) to conduct quick IT security assessments on each customer onboarding to our Cyber Insurance product. The risk assessment would scan our customers website and determine the level of cyber risk which would feed into our risk and pricing engine. The Cyber Insurance product turned into a ~$1m portfolio for CGU.
"I always enjoyed working with you. You really helped me out when we were working on Cyber Assurance. Would love to stay in touch.I want to especially thank you for introducing me to Dhanoop. The experience I had working with him and seeing him realise his dream will always be a career highlight for me. So thank you again for that."
Alex F - Senior Manager Growth, IAG