The average cost of a data breach in the financial sector was US$5.97 million in 2022, making cybersecurity one of the most critical areas of concern in the BFSI industries. To quantify the potential impact of an organisation’s cybersecurity risk, insurers and contractors typically deploy statistical techniques and data analysis, which can be arduous and expensive.
Protos Labs, the Singapore-based company that joined Investible’s portfolio in late 2022, has adopted a first-of-its-kind threat-based approach to help insurers underwrite their cyber risks against an ever-changing cyber threat landscape, one of the perennial problems that has plagued the cyber insurance industry.
The Investible Early Stage Fund 2 invested in Protos Labs alongside TIM Ventures (a FWD-backed VC), Plug and Play, GK Accelerate, 1337 Ventures, and other ultra-high-net-worth individuals based out of Singapore. In these investment notes, we will explore the opportunity in the cybersecurity risk quantification market, why we invested in the founder duo of Joel Lee and Simeon Tan, and Protos Labs’ traction moving into the future.
Cybersecurity threats are becoming more lethal; risk management hasn’t kept pace
T.Mobile paid out $350m to customers, Yum! Foods shutdown 300 Pizza Hut, KFC, and Taco Bell stores, and Medibank’s data breach exposed the personal information of up to 9.7 million customers.
As our digital world increasingly evolves, the risk of cybersecurity attacks carries a progressively larger price tag for companies, both financially and reputationally. Cybersecurity insurers and underwriters are under more pressure than ever to assess the risk of their clients against a highly-volatile cyber threat environment, but until now, current approaches to cyber underwriting have been largely static and consequently, inadequate.
To date, the three most prevalent approaches have been a compliance-based approach, a maturity-based approach, and a risk-based approach. While many organisations have moved from compliance-based and maturity-based approaches to a risk-based one, this approach is still only loosely informed by real-world data, relying instead on generic risk scenarios or historical data alone.
For risk quantification to be accurate, the data informing the risk assessment must be rooted in the real world.
A proprietary system for assessing real-world risk
Protos Labs was founded in August 2021 by Joel Lee (CEO) and Simeon Tan (CTO). They met while running the cybersecurity practice at the multinational consulting firm Booz Allen Hamilton. There, they advised multinational clients in the BFSI and government sectors on cybersecurity strategies and operations, culminating in the development of the industry's first threat-based cybersecurity risk management framework that was implemented across a Global 500 Bank and presented to 2 national regulators.
This framework analyses real-world threats and scores them against the organisation’s internal cyber resiliency rather than relying on risk ratings or generic risk situations.
Protos Labs represents the next step in this framework’s evolution. Its flagship software, Nexus, deploys the threat-based approach into a SaaS platform that automatically analyses thousands of real-world threats daily, enabling insurers and enterprises to accurately quantify their cyber risks and reduce the likelihood of a breach. It employs a proprietary threat-based approach to analyse thousands of real-world threats daily, score them against the organisation’s internal cyber resiliency, and use the outputs to assess its cyber risks in dollars and cents.
Targeting two sides of a market
Currently, the company aims to serve two key segments: large enterprises with a cyber risk management programme and underwriters of cybersecurity insurance.
Protos Labs enables enterprises to move from manual and static cyber risk assessments to automated assessments with real-time risk exposure calculations, significantly deepening visibility across their business critical applications, assets and controls. In addition, their technology pinpoints which cyber investments will yield the greatest return on investment, opening the door to optimised cybersecurity budgets.
Existing approaches for insurers are purely statistical and do not account for the ongoing changes in the cyber threat landscape when constructing their risk models. With the increasing severity and malleability of cyber threats today, it is impossible to accurately estimate the risk inherent in cyberattacks using only statistical methods. Protos Labs combines statistical-based approaches with continuous threat-scenario analysis, creating a dynamic risk quantification, preventing them from getting blindsided by catastrophic threats, and allowing them to reduce loss ratios and achieve better risk selection.
A well-equipped team for a burgeoning market
The founders of Protos Labs, Joel and Simeon, bring considerable experience in the cybersecurity world to this venture, with not only technical knowledge under their belt but business knowledge too. Joel had prior experience in cybersecurity in classified intelligence agencies and banking environments, in addition to his work at Booz Allen Hamilton. He had also started and exited another business which achieved 40X revenue growth in its 1st year. Similarly, Simeon had utilised his expertise while working at DNV, OT-ISAC and Booz Allen Hamilton to advise some of the largest critical infrastructure operators and government agencies.
Although the Southeast Asian cybersecurity market is still in its early stages, the company is gaining traction and paving the way for the widespread adoption of their threat-based approach. The market is expected to grow significantly in the coming years, and the company's approach is drawing strong interest from insurance underwriters who may lack the necessary expertise to assess cyber threats and quantify associated risks.
Joel and Simeon have already established a partnership with a Malaysian insurer in the cybersecurity insurance sector, onboarded large enterprise clients in Singapore, and landed a historical-first - a significant grant from the Cybersecurity Authority in Singapore worth S$600k in collaboration with the Nanyang Technological University. These are all firm nods of approval for such an early-stage company.
We’re excited to back Protos Labs in this oversubscribed round and journey with them as they set a new standard for cybersecurity risk management.
Written by
Khairu Rejal
stay in the loop
The Investible newsletter is your source for our latest news, insights and more
You are now subscribed !
Sign up to our monthly newsletter
You are now subscribed !
The Investible group of companies includes various entities who are corporate authorised representatives (CAR) of Boutique Capital Pty Ltd (BCPL) AFSL 508011. The full list of entities are detailed here.
CAR has taken all reasonable care in producing all the information contained in the website including but not limited to reports, tables, maps, diagrams and photographs. However, CAR will not be responsible for loss or damage arising from the use of this information. The contents of this website should not be used as a substitute for detailed investigations or analysis on any issues or questions the reader wishes to have answered.
You may download the information for your own personal use or to inform others about our materials, but you may not reproduce or modify it without our express permission. To the extent to which this website contains advice it is general advice only and has been prepared by the Company for individuals identified as wholesale investors for the purposes of providing a financial product or financial service, under Section 761G or Section 761GA of the Corporations Act 2001 (Cth).
The information in this website is not intended to be relied upon as advice to investors or potential investors and has been prepared without taking into account personal investment objectives, financial circumstances or particular needs. Recipients of this information are advised to consult their own professional advisers about legal, tax, financial or other matters relevant to the suitability of this information.
Any investment(s) summarised in this website is subject to known and unknown risks, some of which are beyond the control of CAR and their directors, employees, advisers or agents. CAR does not guarantee any particular rate of return or the performance, nor does CAR and its directors personally guarantee the repayment of capital or any particular tax treatment. Past performance is not indicative of future performance.
All investments carry some level of risk, and there is typically a direct relationship between risk and return. We describe what steps we take to mitigate risk (where possible) in the investment documentation, which must be read prior to investing. It is important to note risk cannot be mitigated completely.
Whilst the contents of this website is based on information from sources which CAR considers reliable, its accuracy and completeness cannot be guaranteed. Data is not necessarily audited or independently verified. Any opinions reflect CAR’s judgment at this date and are subject to change. CAR has no obligation to provide revised assessments in the event of changed circumstances. To the extent permitted by law, BCPL, CAR and their directors and employees do not accept any liability for the results of any actions taken or not taken on the basis of information in this website, or for any negligent misstatements, errors or omissions.
Subscribe to our newsletter
Be the first to receive the latest news, insights and resources from Investible
You are now subscribed !