A Conversation with Joshua Motta: The Future of Cyber Insurance

0:00 0:00
Joshua Motta, CEO of Coalition discusses the ins and outs of cyber insurance, how it works, and how it differs from traditional insurance.

In this episode, Mike welcomes Joshua Motta, CEO and Co-founder of Coalition, a cyber insurance company. Join us they talk about the ins and outs of cyber insurance. How does it work? How is it different from traditional insurance? Joshua talks about Coalition’s brand of insurance as “active insurance,” providing broader coverage for all of the ways technology can go wrong in your organization.


Welcome to In Scope, the healthcare security podcast. In each episode, we bring you insightful interviews, informative technical tips, and a unique point of view on the challenges facing the ever-changing healthcare ecosystem with host, Mike Murray.

In this episode of In Scope, The Healthcare Security Podcast, Mike Murray welcomes Joshua Motta, Co-Founder and CEO of the cyber insurer Coalition. The company has been reinventing the cybersecurity insurance space over the past few years and has gone from being an early-stage startup to having a valuation of $3.5 billion in under five years.

Mike notes the red team/blue team approach that Coalition brings to cyber insurance, effectively differentiating the business from all others that fall into the financial services or insurance categories. For example, every car or home insurer offers the same suite of policies to every potential client. Coalition, on the other hand, offers “active insurance,” which Joshua likens to a smart watch, whereas traditional insurance could be considered a regular watch.

This broader coverage accounts for the many ways that an organization’s technology can go wrong, whether it be a security failure or some form of cyber crime, or even just a systems failure. The way in which policies are underwritten depends on factors such as the technological decisions that the company makes.

Also unlike traditional insurance which provides virtually no value until the damage is done, Coalition’s plans offer value all the time since it is constantly working to prevent losses via its comprehensive platform. In other words, Coalition is more than a “risk transfer” insurer; it also works alongside organizations to actively reduce risk.

While other cyber insurers offer policies which solely address virtual damages, Coalition has taken a step further by filling the gap between cyber and property insurance. In a market that is currently seeing significant growth in the frequency and severity of loss claims, Coalition’s products cover an even wider spectrum of threats, including bodily harm, property damage, and even pollution liability.

Asked about the evolving issue that is ransomware, Joshua believes that, while this will continue to be a significant cybersecurity issue, the severity of ransomware attacks has “plateaued.”

As to the choice between paying a ransom and standing one’s ground against the criminal, Joshua says that small-to-medium-sized businesses often have no choice, and that a “geopolitical solution,” which makes attacks more costly, may be the only way to truly disincentivize bad actors.

Ultimately, Joshua says: “Our focus is on making all of our customers harder targets—making actors spend more time, more resources, more effort, and trying to thwart them at every possible step.”


– An introduction to Joshua Mott and Coalition.

– What differentiates cyber insurance from “traditional” insurance.

– Being more than a “risk transfer” insurer.

– Coalition’s innovative ideas.

– Recent shifts in cyber insurance market dynamics.

– Whether the rest of the industry will catch up to Coalition.

– The choice between paying and not paying a ransom.

– How to connect with Joshua.

0:00:02.7 Speaker 1: Welcome to In Scope, the Healthcare Security Podcast. Each episode, we bring you interviews, technical tips and a unique point of view on the challenges facing the ever-changing healthcare ecosystem. Here’s your host, Mike Murray.


0:00:20.1 Mike Murray: Hello and welcome to this week’s episode of In Scope, the Healthcare Cybersecurity Podcast. As always, I’m Mike Murray, and with me this week is a really exciting other CEO in the startup space, and so he’s now started a couple of companies, and I’m gonna let him talk about his… Where he comes from and his background, but with us today is Joshua Motta, the founder and CEO of a company called Coalition. Coalition has been re-inventing the cyber security insurance space over the past few years, and have gone from early stage startup to 3.5 billion in valuation, in about four and a half years, four to five years, depending on where you start counting, whether it’s… When they start swelling or when they put the flag in the ground, but that’s a heck of a growth path, so Joshua, dude, glad to have you here. Really excited to have this conversation and maybe tell the world about you, where you came from, other things you’ve done and how you got into cyber insurance.

0:01:10.4 Joshua Motta: Yeah. Look, it’s great to be here, thanks for having me. I suppose I’ve taken the renaissance approach to my career at some level. I was once upon a time as a teenager, a software engineer at Microsoft, spent time working for the US government within the Central Intelligence Agency, Investment Banking at Goldman Sachs. I was on the founding team of a business called CloudFlare, which of course itself has become quite a successful startup. I don’t know when you stop becoming a startup, but at some point, I believe they were over 60 billion in market cap, and of course, publicly listed. Coalition at some level is really a culmination of those experiences, as I describe it, it’s what would happen if you combine a financial service, in this case, of course, cyber insurance with a technology company natively in terms of how we operate, how we collect the data, etcetera, how we protect our customers and reduce their cyber risk, and really like an intelligence community mindset, again on that data collection and analysis piece. So the culmination of everything I’ve done.

0:02:06.1 MM: And I think it’s a really interesting approach, and it’s something that I really wanted to talk to you about, because when I talk to a lot of people that talk about cyber insurance, they think it’s a lot more like traditional insurance, actuarial tables and traditional risk models from math, but you all are bringing literally almost an red-team blue-team approach to cyber insurance. Maybe tell the world about that, ’cause I think they are thinking it’s an old stodgy insurance product in a way that… My house and my car is… And I know you’re doing way cooler things than that.

0:02:34.6 JM: Yeah, look, it depends who you buy it from. One of the challenges is when you think of car insurance or home insurance, you’re rightfully, you would be correct if you said every policy is the same, it’s just who services your claims and whatnot. That’s not the case with cyber insurance, and so even though we talk about it as if it’s this one coherent thing, depending on who you buy it from, it’s entirely different, it’s different in what it covers, it’s different in the value that it offers you… Obviously, the claims handling capabilities, etcetera. So it’s somewhat difficult to answer your question because look, yes, it actually is a lot like traditional insurance, and that’s what’s wrong with it. Many companies are trying to go about underwriting and pricing it in the same way that they’ve done it for every other type of risk, and we believe that it has to change.

0:03:20.5 JM: And so where there was insurance before, what Coalition is really offering is active insurance, and I kind of think about it just like a watch, there’s a watch, and now there’s a smart watch, an Apple iWatch will do everything a watch will do, but it’ll check your blood oxygen level and order your partner flowers, which is maybe a healthy reminder for our audience to do that ahead of Valentine’s Day. Insurance is the thing you bought from your grandfather’s grandfather’s insurance company, and active insurance is what Coalition is offering, and so it’s broader coverage for more of the ways in which technology can go wrong in your organization, whether that’s a security failure or some form of cyber crime or just the systems failure like technology failing, like there’s very broad coverage.

0:04:02.7 JM: The way in which we’re underwriting it, determining pricing, etcetera, actually take into account the technological decisions companies are making, which is not typically done, and we offer a whole software technology platform that works to prevent losses from befalling our customers. So again, historically insurance was the product you bought stuck on a shelf, it collected dust, you got zero value from it until something bad happened to you, of course. With Coalition, you get value all the time, in fact, we’re always working to prevent losses from happening, and we’re very proactive in how we work with our customers, and of course all included for the same cost of that PDF that you were buying in the past.

0:04:45.9 MM: That’s fascinating, ’cause when I was at Liberty Mutual, we learned… When you got to be an employee there, you learned a lot about the insurance industry as part of being an employee, and they were very clear that the goal of insurance is simply to pay back losses, and what I hear you talking about is something that goes far beyond into pro-activity of avoiding losses, but far beyond just paying back the loss, adding value in other ways. How do you see that?

0:05:08.1 JM: Yeah, look, just insurance companies haven’t had these capabilities before, and I think we see an opportunity to do that by bringing technology and a financial product together and being more than just the provider of risk transfer, allowing our customers to transfer the risk to us, but truly partnering with them to reduce that risk. And of course, we have a financial incentive to do so. It was very difficult for the insurance companies of the past to do that because there was no margin built in for it, but by using technology, using data and the way we’re doing it, we can, again, competitively offer a cyber insurance product that includes so, so much more than just the promise to pay the claim, and of course that is an important promise and that is sacred across the insurance industry, and irrespective of who you buy cyber insurance from, claims are being paid.

0:05:54.7 JM: And in fact, more than they ever have been, and we can talk about how the market’s evolving, but that’s happening, I just think that insurance and insurance companies, certainly the ones of the future as we fashion ourselves in building, can do so, so much more. And we can play a significant role in helping organizations increase their cyber security hygiene, and we have a financial interest to do it, because at the end of the day, while certainly our customers take on risk as well through their deductibles or retentions, we end up taking on a considerable portion of their cyber risks, so we have every incentive to try and protect our customers.

0:06:28.1 MM: It makes perfect sense. And there’s something I wanna dig down into, because I know some stuff about your products and your world a little bit more than the audience does. You’ve talked a couple of times about different kinds of technology risk and technology transfer, and one that I know is specifically interesting to health systems is the idea of physical harm from cyber events, but there’s probably five or six other ways that you’re exploring different risk categories than traditional cyber. There’s very few others that I know of that are even trying to imagine the use case of, if a medical device is hacked and it causes patient harm, how do we insure against that? And tell us a little bit about your thinking there, and just some of the innovative things that you all have done there.

0:07:07.2 JM: Yeah. One of the challenges for healthcare organization, whether it’s a risk manager or someone in info sec, etcetera, it’s like, look, cyber risk is distinct from cyber insurance, these are too related, but different things, and there’s nuance there, like cyber risk encompasses, as you mentioned, literally the entire known spectrum of risk, it can just as easily result in a data breach or supply chain interruption as it could centrifuge exploding or causing literally bodily injury, property damage, things of this nature. The challenge I think many organizations have is that traditionally property damage and bodily injury were covered in property insurance policies because it was, hey, fire, water, wind, like these were the major perils that we were all thinking about that could lead to these physical outcomes like kinetic outcomes, if you will.

0:07:57.3 JM: Well, cyber is a new form of peril, and cyber losses can certainly result in bodily injury, property damage, even pollution liability, depending on what type of business you’re in and what goes awry. And that’s where we saw a clear gap because of course, property insurance policies are generally speaking, not designed to cover cyber attacks or cyber failures, they’ll cover a physical fire burning your servers, but not the virtual one with a hacker setting your network alight, and so that’s again, where we saw a clear opportunity to innovate. We now offer coverage affirmatively for property damage, bodily injury, both first and third parties, so even liability to others as a result of a computer security failure. I should also mention pollution liabilities or third-party coverage for any liability you would have as a result of a pollution event that was directly the result of a computer security failure.

0:08:50.5 JM: And so not only we offer these coverages, we have paid out on them, and so I can’t go into all the specific details, but there have been a number of ransomware attacks, let’s just say that maybe didn’t result in anything as spectacular as something exploding, but by virtue of stopping machinery or equipment caused physical damage. And those were things that we were able to pick up on our cyber insurance form. Now, to my knowledge, we’re the only cyber insurance provider, certainly in the United States or Canada that I’m aware of, that by default will offer those as coverages on our form. And so we’ve really tried to think about cyber as a form of peril, like what could go wrong and trying to cover as expansively as we can, although certainly other insurance products come into play as well.

0:09:34.8 JM: So if the directors and officers of the hospital, as an example, were sued, well, that’s actually a DNO claim, even if it was as a result of a claim of negligence and protecting a network. So cyber insurance is one very important component of protecting your organization from cyber risk, but you really have to think holistically across how you ensure your business and the various products that are offered to make sure that you’re adequately covered.

0:10:00.7 MM: I think cyber insurance traditionally has been exactly what you’re saying, “Do I get paid back for how much I paid Mandiant to have to show up and fix this?” Whereas more and more there was a ransomware attack against the healthcare system in the south last year, that you just reminded me of. They got ransomware within a few weeks, there was a class action lawsuit by a bunch of patients targeting the directors of the hospital and claiming negligence and all of that. And these things are spreading into areas that when you and I got into this industry, the most worrisome cyber thing was data left, or if somebody defaced our website, now we’re talking about real physical harm, and I think it’s really interesting.

0:10:37.6 MM: I wanted to switch gears slightly, actually, let’s go to the last few years, you mentioned a few minutes ago, the market dynamics of cyber insurance and every health system I talk to has told me 200%, 300% increased premiums, the really exciting ones are like, “Oh look, we got a deal. It was only a 100% increase in the last year.” And so you’re closer to this than I or any of the listeners are… Tell us what’s happening in the industry. You’re probably seeing a ton of churn and movement, and I think it would benefit everybody to know what an insider sees as far as the changes in the market dynamics.

0:11:13.1 JM: Yeah, absolutely. Look, it’s complex, there’s all sorts of things going on, but I’ll try and hit all the salient points from the perspective of, again, someone operating a hospital or trying to protect it, it’s… There are losses, there’s significant growth in both the frequency of losses claims that organizations are filing under their policies and the severity of those claims is increasing. Now, a lot of that, you can point to things like ransomware, where it used to be the average ransom was a couple of thousand dollars, and they’d encrypted a single machine and now they’re double ransoming you, they’re encrypting not only a single machine, your entire network and oh, by the way, before they do that, they’re exfiltrating all of your data and then ransoming you again to prevent them from publishing it.

0:11:56.2 JM: And so the amount of leverage that criminal groups have has grown dramatically, and again, ransomware for me has never been a really interesting technical innovation, it’s a business model innovation. It’s a very, very profitable business model, by some counts, even more profitable than narco trafficking, and so international drug trafficking, so it’s no surprise that more and more criminals are getting into it, and so that just caused an explosion in sort of the severity of claims. On top of it, you just had cyber insurance, what it was covering has been expanding, it covers media liability, it covers all sorts of things, it’ll replace your computer systems if they’re bricked, the coverage has just continued to get broader and broader and broader, and of course, one of the disadvantages that insurance companies have or complexities challenges, is they have to determine the price before they know what the cost of goods is.

0:12:41.6 JM: And so what a lot of insurance companies found is the rates that they were charging in 2019 and 2020 and whatnot, ultimately weren’t sufficient to cover the losses that got reported over the next 12 months of most of those policies. And so as a result, starting around the fourth quarter of 2020, many organizations would have seen some substantial changes in their renewals or would have found it to be considerably more expensive when going out to get coverage. And look, there’s real pricing and nominal pricing, what you’re describing is sort of nominal increases in price of the headline sticker shock of 100% or whatever the figure is, but oh, by the way, you’re paying 100% more for half the coverage because you now have a sublimate, you have a co-insurance provision where you have to pay for more of the loss, and so I think insurance companies are really struggling with how do they balance rate increases with pushing more of the risk back to customers as a way to really get them and incentivize them to invest more in their security and there’s no equilibrium in the market.

0:13:47.1 JM: So everyone’s approaching it in different ways, whether it’s raising rates or pushing risk back to the customer to try and preserve what rate they can, because it is jarring for an organization to have to double their budget for insurance. So attritional losses across the market have gone up for most participants, which is putting a lot of pressure on these things, but then exacerbating the problem is that cyber is just a poorly understood risk, and like in any industry, there’s maybe a pendulum that swings between fear and greed, and I think the pendulum is very much swung back to fear, and look, the insurance industry is a very conservative industry, they take risk and whatever you don’t understand, you by definition fear, and so to just compound all the problems that we already have in the market between pricing, which will sort itself out, it’s the fact that you have these headline claims and news articles coming out about Log4j and the hundreds of millions of devices and the sky is gonna fall, and so on and so forth.

0:14:46.3 JM: And of course, if you’re re-insured thinking about, “Wow, there could be this massive accumulative loss where it’s not just one company filing a two million claim, it’s 10,000 companies filing them at once,” that’s where you really… The industry starts to question, “Is this insurable?” Now, I think aggregation is very poorly understood, and we could probably have whole another podcast conversation on that, but with that said, that’s why I think there’s really a need for specialist cyber underwriters, cyber insurance providers that have the data to quantify these things; and look, if you were to have looked at our loss experience from 2019 to the present, we’ve not only seen frequency stay flat, it’s actually gone down in 2021, severity has stayed flat, and so we have bucked to the trend, if you will, and I think that is a direct result of using data to better select for the companies that we provide insurance to.

0:15:39.8 JM: And frankly helping them reduce risk. That’s not happening today, and unfortunately, it’s always the people who have lax security that sort of ruin the party for everyone else, because at some level, insurance is amortizing losses across the entire pool, well, if you have people in the pool who are doing reckless things, it raises the rates for everyone, so we’ve really tried to focus on giving great rates to companies that we can see are doing the right things, proactively working with them to address the issues that come up, some of which they’re not even aware of, and as a result, we’ve been able to preserve the coverage we offer, I think provide very competitive rates. But yeah, we’ll see how it all shakes out. I suspect that the market will continue to harden for the remainder of the year, but as loss ratios and greed is overcoming fear, if you will, we’ll start to see more reinsurance capital and more people into the market and a new equilibrium will be established.

0:16:37.2 MM: I completely agree, and I think it’s so interesting that I’ve always felt like it must be so hard for a cyber insurance company who just relies on the traditional like, “Here I’m gonna give you a spreadsheet, tell me what your controls are.” And we both know that that spreadsheet has almost no real validity in the real world as far as risk. It talks about practices, but it doesn’t really speak to, “Is this organization less likely, are more likely to undergo a breach or some sort of adverse event?” And I think that the approach you all have taken around understanding the technology for the technology sake is really important when it comes to risk, and do you think there’s gonna be more of that is really where I’m trying to go. Do you think that the rest of the industry is gonna catch up to where you all are thinking?

0:17:18.4 JM: Well, look, I think there’s definitely more scrutiny on controls and protective actions, which in general, I think to be a great thing because a couple of years ago, and maybe this wasn’t applicable for every business, you could fill out six questions and get an insurance policy, which might have been too laxed to be honest, but everyone was making money, and the pendulum has swung in the other direction, and so the application forms that people are being asked to fill out are definitely not six questions anymore, in fact, you’d be lucky if they’re six pages of questions. And look, in general, some of that is good. I think it’s great that the insurance industry is requiring certain effective controls to be put in place, and the industry can play a very important role in raising the bar of cyber security hygiene across the nation in ways that no other industry can.

0:18:04.3 JM: And frankly, ways in which the federal government can’t. And certainly when I visited the White House, The Cyber Security summit last year, that was my message, it’s like we as an industry have a critical role to play in solving this national security problem, and so it’s great to see that everyone is doing that. Now, sometimes it’s done in a way that’s maybe a bit ham-handed or in a way that betrays the level of detail and complexity, asking someone if they use MFA across their organization with a yes or no check box, if you’re an InfoSec, it’s like external internal… I’ve got 1700 internal applications like, you know what? It’s like, “Do I have to be able to test all of them use MFA? And oh, by the way, what about the services in which some vendors enabled an API that doesn’t respect MFA?”

0:18:52.6 JM: It’s like… Look, it’s difficult, if you’re a CISO or you’re an InfoSec professional, the language that’s being spoken between the underwriters and those who have any technical knowledge is there’s still a very wide chasm; and look, I think that’s a very core advantage of our firm, like all the way up to me, and I’m by far the least intelligent person at Coalition… There’s people far smarter than I am. It’s like we’re hipped to the cyber jargon, and again, there’s complexity, so I think we can ask better questions and better articulate, make sure that, “Hey, we understand what you’re doing, we’re supportive, there’s always risk. And that’s what we’re here for.” It’s like, if we believed that we could eliminate all cyber attacks and cyber claims, then this wouldn’t be an insurance problem, and so we have no issues paying claims.

0:19:38.3 JM: I think we just wanna make sure and be reasonably comfortable with the security practices our customers take and of course aid them in that endeavor, but there’s no gotcha. Like if it fails, if they mess something up, by definition, we assume that there’s some negligence involved, that’s kind of part and parcel when it comes to cyber crime, but those losses are covered.

0:19:58.6 MM: Yeah. No, that makes perfect sense. So I’m gonna switch directions again, I’m fascinated. I always ask people to pull out their crystal ball and talk about the future a little bit. And you said something that I love so much, and I wanna kind of double click on it and also see where you think the world’s going, you mentioned… And I so agree with you that ransomware is not a technical innovation, it’s a business innovation, it’s a business model, and I think that the thing that we’ve seen in probably the last six to nine months is that now we’re starting to try and shift the… Whether it was the whole, don’t pay the ransoms, or the indictments against the various ransomware gangs, we’re starting to see ransomware being disincentivized at certain levels of federal innovation, which to your point, the attackers just never really go away, it’s not like they’re gonna go get real jobs instead.

0:20:42.8 MM: So pulling out the crystal ball, where do you think the world is going? Ransomware is gonna continue to be a thing, but do we evolve the business model again? Do things continue to change? How do you see the world? You’ve been doing this for a long time.

0:20:55.7 JM: Yeah, well, look, I’ll caveat it that the only crystal ball I’ve ever owned showed up broken. Take that for what you will. So on ransomware, I think there’s a couple of things, like I’m like a little bit of a contrarian. I think most people in the insurance industry would expect that ransomware is going to continue to get worse and worse and worse. And I think it’s actually probably plateaued, to be honest, and of course it’s how we define getting worse, what that means. But from my perspective, it’s like, look, a lot of the increase in the cost of ransomware has been severity really, it’s like a $3000 loss turned into a $30 million loss, and a lot of this mirrors the leverage that the bad actors have and absent their ability to encrypt all of your computers, ex-filtrate all of your data and kidnap your first-born children… First born child.

0:21:47.2 JM: Yeah, I just don’t… I don’t see where the leverage goes from here, it’s kind of as bad as it can get, and so it’s still gonna be bad, it’s still gonna be a significant cost certainly across the cyber… From the cyber insurance industry perspective, but I just don’t think we’re going to see the same increase in loss trend from ransomware, frankly. As far as the whole debate on changing the incentive structure, and this is where certainly insurance companies have taken quite a bit of heat because, Hey, ultimately we’re covering the cost of the extortion because it’s our mandate to make our customers whole, I can certainly understand the argument that by facilitating these ransom payments, we’re in some way contributing to it, but at the end of the day, I also think it’s sort of a faulty argument.

0:22:32.9 JM: Business owners were gonna pay these claims, whether an insurance company does it or not, at the end of the day, it’s an existential risk for them, and they either have to choose between going out of business or survival, and look like this becomes at some level of public policy issue, which is what’s their greater good, the survival of certainly small, mid-sized businesses that cannot afford to not pay a ransom, or the fact that we wanna somehow discourage criminals from ransoming in the first place. So at the end of the day, it does require, I think a geo-political solution, and we do have to find ways in which we can increase the costs to criminal actors in cyber space, and I think the government and diplomacy play a significant role, and we’re starting to see some efforts from that pay out. I think insurance companies can definitely make it hard on the actors, and believe me, we do, because we would rather not pay the extortion either, but we also have a duty to protect our customers.

0:23:28.2 JM: And at the end of the day, it’s their decision. So if we have a policy holder that says, “I don’t wanna pay the ransom,” that’s their decision, that’s their decision to make. It’s not the insurance companies. And in fact, insurance companies will only pay it where it is reasonable and necessary, and so yeah, there’s a lot of scrutiny applied to this. Obviously, we’re operating within the bounds of the law and OFAC checks and whatnot, but I think the industry is playing a critical role. So I’m hopeful, but remember I’m a startup founder, so optimism has to somewhat come naturally that there will be some more diplomatic breakthroughs and there’ll be ways in which we can change the cost. Our focus is just making all of our customers harder targets, making actors spend more time, more resources, more effort, trying to thwart them at every possible step, trying to make a dent that way.

0:24:16.4 JM: I jokingly asked someone on the National Security Council, when I was out at the White House, I asked him, I’m like, “Look, Coalition, get in order of mark or a license to kill, or whatever we call it, because believe me, there’s some of these groups that I would love to personally go after, but that is still the domain of the government at this point.” [chuckle]

0:24:34.0 MM: Oh yeah, we can get… By the way, speaking of another podcast episode on hacking back, that’s been a long argument in our industry, but by the way, I completely agree in a lot of ways, that’s what scope is about to, we’re here to make the customers harder targets, and if every one of those customers is a harder target, and we make it hard enough on the bad guys that they go find another revenue source. So I always end by asking the guest to promote themselves, where can the world find more Joshua Motta? Where can we find Coalition? The socials? Do you write? Are you speaking anywhere? Tell the world they’re listening to you and they’re like, “I wanna hear this guy for the next six hours.” Where do we find more of you?

0:25:10.5 JM: More of me? Well, certainly coalitioninc.com, you can find about the company, the insurance products we offer, certainly all of the podcasts and writing we’ve done. We of course, operate the blog with the title, the apropos title of Risky Business, and we certainly talk about all sorts of topics cyber insurance in general, cyber risk, cyber crime, the things we’re doing, so lots more to be found there. If you’re interested in having Coalition quote an option for you, if you’re considering cyber insurance, you can ask your insurance broker, we work with tens of thousands of brokers across the country, almost all major agencies, we work with many great partners like Intuit, QuickBooks, or Name Cheap so if you wanna buy it together with your next domain name, you can do that as well, but lots of ways in which to access us, I would also plug, even if you’re not interested in insurance, if you’re not in the United States or Canada, where we offer insurance, we do offer a free cyber security platform called Coalition Control.

0:26:07.0 JM: It was one of the things we announced at the White House as part of our commitment to trying to sin the tide, if you will. To go to coalitioninc.com, you can sign up for Coalition Control with just an email address. It’s completely free, like no strings attached, no gotchas. And it’s just a great platform to see what your risk is from our perspective as someone who is making these decisions every day. So hopefully that gives a… That’s a good grab bag for ways in which to get more of us and more of me.

0:26:35.8 MM: That’s beautiful. And by the way, just I’ll plug that for a second, ’cause when that came out, I signed up for Coalition Control, I think it’s freaking awesome. And I haven’t seen anything like it from any other insurance company in my life. So with that, man, thank you so much for the time today. I know you’re an incredibly busy guy and always appreciate whenever you and I get to chat. So thanks for coming on, we’ll have you on again and talk about the insurance industry as the world continues to evolve and beyond that. Thanks for listening to everybody who’s out in the audience today and we look forward to next time.


0:27:09.3 MM: Hey, this is Mike. Thanks for listening to this week’s episode. I have a request, we would love to hear more about topics in healthcare cybersecurity that matter to you and the challenges that your organization is facing in securing this ecosystem. If you have topics you’d like us to cover, or maybe you should be a guest on the show, get in touch with us, search for Scope Security on Twitter and LinkedIn, and we hope to hear from you soon.


0:27:33.3 Speaker 1: Thanks for joining us for this episode of In Scope. To make sure you never miss an episode, hop on over to www.scopesecurity.com to sign up, or you can listen on Apple Podcast, Spotify or Stitcher. And if you have ideas for topics, guests or technical tips, please contact us at [email protected]

About Joshua Motta


Joshua Motta is CEO and co-founder of Coalition, which brings together technology and insurance with a mission to provide security for all. Joshua founded Coalition in 2017 and the company now serves over 130,000 customers. Coalition has raised $505M in funding (now valued at over $3.5 billion) and was named one of Inc’s Best Places to Work in 2021. Joshua believes that digital risk is not just a technology problem; it is a risk management problem. He founded Coalition to help organizations prevent cyber incidents, and assist them with response and recovery in the event of an attack. Today Coalition applies its technology expertise to help organizations navigate cyber risk, executive risk, and more through the acquisition of Attune Insurance in 2021.