It is the question Gerry Power knows is coming every time he sits down with a broker. He spent years helping build Emergence into one of Australia’s leading cyber underwriting agencies. Now he has crossed the floor to lead US-based Cowbell’s Australian operation — and the market has a long memory.
“Why should I place this risk with Cowbell rather than the incumbent I’ve worked with for years?” asked Insurance Business.
Power didn’t flinch at the comparison. In fact, he said it’s precisely the right place to start.
“Cyber risk is a continuous exposure that needs to be handled 365 days a year,” said Power, who was appointed Cowbell’s general manager for Australia this week. “What Cowbell are about is getting on the front foot, understanding the issue quickly and letting clients know before the attack happens.”
That contrast — front foot versus post-event scramble — is the axis around which Power builds his entire pitch to the broker market. The traditional model, as he described it, runs like this: a broker submits a risk six weeks before renewal, gets a price, binds cover and the file goes quiet for twelve months. It is, he says, insurance designed around the administrative calendar rather than the threat environment. Cowbell’s model, which it calls adaptive cyber insurance, is built on the premise that cyber risk does not observe renewal dates. Underwriting, monitoring and risk intelligence run continuously — 365 days a year, in Power’s telling — with Cowbell’s platform scanning global threat data and cross-referencing it against its own book of business in near real time.
When a zero-day vulnerability — a previously unknown security flaw — is detected breaking in the United States and spreading globally, he said Cowbell’s systems can identify which of its insureds are running the affected software and alert them before they become casualties. Under the conventional model, the same insured would learn about their exposure when the attack arrived, not before.
“That’s revolutionary from an insurance perspective,” Power said. Most insurance, by design, responds to events after they occur. The idea that an underwriter’s platform might function as an early-warning system, he suggested, represents a genuinely different proposition.
The distinction he drew was not between those who monitor and those who don’t — it was between those who have built the capability themselves and those who have outsourced it to third-party IT firms.
“This is Cowbell doing this stuff, not relying on somebody else,” he said. Cowbell’s cybersecurity operation is a subsidiary within the business, not a partnership agreement with an external vendor. The company’s IT team numbers, said Power, around 80 people globally — a headcount Power noted is larger than many entire cyber underwriting agencies, before you count anyone else in the building.
That in-house infrastructure also underpins the platform’s speed. Cowbell scanned the Australian market for a full year before it received its AFSL licence, building up threat intelligence on local businesses before writing a single policy. Today, that groundwork supports a system that, for the majority of SME risks, can issue a quote within five minutes.
Brokers, said Power, receive not just a price but a Cowbell cyber risk report — roughly 15 pages — that scores the client across what the company calls Cowbell factors: network security, cloud security, endpoint exposure, dark web presence, social engineering risk and more. The report benchmarks the client against industry peers, drawn from a dataset of 55 million businesses globally and flags the specific threats most prevalent in that client’s sector. An accounting firm, Power said dryly, does not need a lecture about EFTPOS fraud.
The broker education mission extends into claims.
“The minute your system is locked down [by a cyber attack], you are in immediate pain,” Power said.
Unlike other insurance lines, there can be no leisurely claims triage, no months of correspondence. The response has to be instantaneous. Cowbell addresses this through a partnership with incident response firm Atmos — around 100 specialist staff dedicated entirely to responding to cyber attacks within minutes — supported by Cowbell’s own claims team in the UK and the US, allowing the business to follow the clock around the world.
But for all the sophistication of continuous underwriting and global monitoring, he returns to a disarmingly analogue piece of advice: make sure your clients have their incident response contacts written down on paper. When the system is locked following a cyber attack, you cannot use the system to find out who to call.
