Win the areas of computer networking, network security and cybercrime, Jim Goldman has built his career around his ability to predict the future.
In the pre-Internet era of the late 1980s, Goldman was finding ways to connect remote computers. By the early 1990s, when the Internet was just beginning to be used, they were already thinking about Internet security – a topic few were talking about at the time, Goldman said. “At the time, people thought I was depressed – off my rocker – because no one saw the importance of it.”
Now, Goldman believes it has found a Big New Deal. He is the co-founder and CEO of Trava Security Inc., an Indianapolis-based technology startup working in the evolving space known as insurtech.
Trava, founded by Indianapolis-based venture studio High Alpha in 2020, is tackling the cybersecurity challenge from three angles. Its software program helps clients identify their risks, and Trava also works with clients to help them manage those risks. The insurance industry—an area where Trava sees the most growth—is using the data it collects to help underwrite cybersecurity insurance.
“We are really helping [insurance carriers] collect the information needed to register the policy,” said Goldman’s co-founder, former chief technology officer Rob Beeler.
Evolution in writing
Currently, a company applying for (or renewing) cybersecurity insurance must complete an application that will ask 100 or more questions about computer networks and cyber security systems.
The problem, Beeler said, is that these programs can be confusing and difficult to complete, especially for small to medium-sized businesses that don’t have in-house information technology professionals.
Cyber threats are also constantly evolving, which means that information gathered in traditional ways may become redundant or out of date.
By collecting real-time data about the network and customer behavior, Beeler said, “we think we can get more accurate and precise answers than just asking the average person, ‘Are you doing this?'”
In time, Trava sees that data will be integrated into cybersecurity documents in the same way that it is already used in car insurance. Many car insurance companies, for example, offer a driver’s license as a way to get a discount for good driving.
“I just think that’s where the market is going,” Beeler said.
Trava’s supporters think so, too.
“In two to three years, I expect that most cyber insurance policies will be based on data, not on paper,” said Scott Dorsey, managing partner of High Alpha.
High Alpha launched Trava in early 2020, and in March 2021, High Alpha Capital participated in a $3.5 million investment led by TDF Ventures, based in Washington, DC. TDF and High Alpha Capital also participated in Trava’s second capital raising, funding a $4.5 million deal that closed last month.
An introductory story
Trava was born out of High Alpha Sprint Week—a periodic event where the company explores business ideas that could become the foundation of a startup.
How did the idea that became Trava make it to Sprint Week? Credit for this goes to TDF Ventures. The company focuses on the business-to-business industry, and one of its areas of interest is cybersecurity.
TDF CEO Matt Bressler wanted to find a better way to protect companies from cyber threats. Companies are spending more on cybersecurity, yet data breaches are on the rise, Bressler said, and cyber liability insurance is becoming harder to find and more expensive.
“It’s a growing market where people are buying products, but nobody really likes what they’re getting,” he said.
Bressler couldn’t find the right cybersecurity company, so she put the idea on hold for a while.
TDF also tends to invest outside of the major suburban markets of New York City and California. The company had done some research in Pittsburgh and Chicago and decided to explore Indianapolis. During this trip, Bressler contacted High Alpha and realized that the company might be interested in developing his cybersecurity concept.
So Bressler participated in Sprint Week in early 2020, before the pandemic.
Goldman joined because of Dorsey’s connection. The two knew each other from their time at ExactTarget, the Indianapolis-based company Dorsey co-owned that was sold to Salesforce. Goldman joined the company in 2011, and by early 2020 had risen to become the 2nd director of security, risk management and compliance across the Salesforce organization.
Before joining ExactTarget, Goldman spent 20 years at Purdue University, where his early interest in the Internet and cybersecurity led him to develop the university’s programs in network engineering, information security and cyber forensics. Goldman also created and directs the Purdue Malware Lab, which focuses on researching malware and developing countermeasures.
Through his criminal investigation, Goldman was also assigned to the FBI’s cybercrime unit, a role he held from 2009 to 2014.
So Dorsey asked Goldman to participate in Sprint Week as a consulting expert who could help High Alpha refine its idea for a cyber insurance business.
“Jim helped us develop the concept in depth,” Dorsey said.
As Sprint Week progressed, Goldman was drawn to the business idea. During his time with the FBI, he saw the economic damage the Internet could do to small to medium-sized companies, which did not have the capital to fall back on like large companies.
“When Scott started singing that, I said, ‘Oh, this is where I’ve been dreaming,'” Goldman recalled. “I said, ‘Scott, I want you to lead this company.’
High Alpha introduced Goldman to Beeler, who had 30 years of experience in the software industry. He was living in Boston and wanted to return to Indianapolis.
Beeler, too, saw interest in the idea that became Trava.
“I was really drawn to the role of helping small businesses protect themselves,” he said. It was like a problem that really needed to be solved.
Beeler is 57. Goldman declined to disclose his age. Dorsey said the co-founders, who have many years of experience, are the right people to lead Trava.
“When you think about [cybersecurity] companies, it’s all about trust,” said Dorsey. “I don’t think this is a company you can build with young and inexperienced founders.”
The way to grow
Trava was quietly launched in May 2020, before publicly announcing its launch in December.
The company released its various offerings one after the other, building one product after another. It started by offering cybersecurity consulting as a way to bring in revenue while working on its software.
Trava’s risk assessment system was launched in December 2020. The following month, it began acting as an insurance broker, offering cyber insurance through insurance brokers. In May 2021, after Trava collected customer data through its app, the company began using that data for writing.
What the company is doing now – and what it hopes will help the company take off – is recruiting insurance businesses and agents who can access the Trava platform as a tool to sell cyber insurance to their customers. Those customers can also choose to become Trava customers.
Investors, Goldman said, are important. That’s because, through brokers, Trava can reach more potential customers. “For every broker we sign, we’re adding 100 to 1,000 customers.”
Currently, Trava works with 12 insurers representing hundreds of clients. By the end of next year, Trava’s goal is to sign contracts with 100 brokers.
Trava declined to discuss revenue figures, but Goldman said cyber insurance currently represents about 20% of Trava’s total revenue. Over time, the company wants to grow so cyber insurance is its main source of income.
Trava is one of several companies working in the insurtech field.
Reid Putnam, vice president of property and casualty at Indianapolis-based Gregory & Appel Insurance, cited California-based companies At-Bay, Coalition Inc. and Cowbell Cyber as other examples of insurtech startups. All three have been established since 2016.
“They’re combining insurance with technology,” Putnam said. “They’re all different on this topic. They all do things a little bit differently.”
At the same time, cybersecurity companies are also reaching out to insurers because they see business opportunities in making their cybersecurity information available, Putnam said. “Carriers are using cyber-scan reports to inform their writing.”
But it will take time for cybersecurity information to be fully integrated with insurance, he said. In part, that’s because cybersecurity is a new form of insurance, and carriers are still figuring out how to deal with the ever-changing threats.
Last month, for example, The Wall Street Journal reported that Lloyd’s of London Ltd. next year it will require its insurance groups to exclude government-sponsored cyberattacks from stand-alone insurance.
“The cyber insurance market is still trying to figure out, what are the basic maintenance requirements that every insurer should have?” Putnam said.