At-Bay

1.1 Identity & Business Model

At-Bay, Inc. was founded in 2016 in San Francisco, California by Israeli entrepreneurs with deep cybersecurity and finance backgrounds. The company self-describes as the "InsurSec provider for the digital age"—a model that combines traditional insurance underwriting with embedded, proactive cybersecurity services under one corporate structure. Unlike conventional carriers that price and pay claims reactively, At-Bay continuously monitors the external attack surface of insured businesses, alerts policyholders to emerging vulnerabilities, and provides managed detection and response (MDR) capabilities directly through its security affiliate, At-Bay Security, LLC. The insurance side, operating through At-Bay Insurance Services, LLC (a licensed surplus-lines broker in all 50 states and D.C.) and an active full-stack insurance company, underwrites Cyber, Technology Errors & Omissions (Tech E&O), and Miscellaneous Professional Liability (MPL) policies. At-Bay retains approximately 15% of the underwritten insurance risk and cedes the remainder to large reinsurers, managing aggregate exposure while capturing the economics of risk selection and customer relationships. The cybersecurity side, At-Bay Security, LLC, offers At-Bay Stance MDR and Exposure Management as standalone products that non-policyholders may also purchase. This dual-entity structure allows At-Bay to market its insurance enhancements (reduced ransomware retention, automatic flat renewal) as incentives for policyholders to adopt the security platform. As of 2025, At-Bay operates in six offices globally, with its headquarters in San Francisco and a significant R&D and engineering hub in Tel Aviv, Israel. Its broker distribution network spans the US market, with 93 NPS on its broker platform. The company's go-to-market is exclusively through licensed insurance brokers, with no direct-to-policyholder binding. [CO001, CO002, CO003, CO004, CO005, CO041]

1.2 Founders & Leadership Team

At-Bay was co-founded by four individuals in 2016: Rotem Iram (CEO), Roman Itskovich (Chief Risk Officer), Etai Hochman, and Tilli Kalisky-Bannett. Hochman and Kalisky-Bannett no longer hold executive roles. Both Iram and Itskovich bring rare combinations of elite Israeli intelligence service, global consulting, and finance experience that directly inform At-Bay's underwriting discipline and technology-first risk philosophy. Rotem Iram served as a captain in an Israeli intelligence unit analogous to the NSA before consulting at McKinsey & Company and holding an operations role at K2 Intelligence. He holds a BS in Computer Engineering from Hebrew University of Jerusalem and an MBA from Harvard Business School. His military intelligence background is central to At-Bay's risk-scanning methodology. Roman Itskovich served on the investment team at Bain Capital and as a consultant at McKinsey before co-founding At-Bay. He holds a BA in Economics and Accounting from Tel Aviv University and an MBA from Harvard Business School. The current leadership team beyond the co-founders includes Ken Riegler (President, At-Bay Insurance), Ari Fischel (CFO), Ayelet Kutner (CTO), Tara Bodden (General Counsel & Head of Claims), Thom Dekens (CBO and GM, At-Bay Security), Michael Drummond (Chief Underwriting Officer, Cyber and Tech E&O), and Adam Tyra (CISO for Customers). The team spans insurance operations, cybersecurity, engineering, and legal—a broad functional coverage for a company of roughly 340–367 employees. Key-person risk around Rotem Iram is material: he is the public face, strategic architect, and primary spokesperson for the InsurSec model, and any succession or departure would carry disproportionate risk. [CO006, CO007, CO008, CO009, CO010, CO011]

1.3 Funding History & Capital Structure

At-Bay has raised approximately $295.7 million across six venture rounds since 2016, supported by a consortium of technology VCs, corporate venture arms from global insurance groups, and notable angel investors with cybersecurity operating experience. The seed round of $6 million in November 2017 was backed by Lightspeed Venture Partners and Shlomo Kramer, the Israeli serial entrepreneur who co-founded Check Point Software and Imperva. A $13 million Series A followed in 2018. The company raised $34 million in its Series B in February 2020, co-led by Munich Re Ventures (via its HSB fund) and Acrew Capital, with participation from Khosla Ventures, Lightspeed, Qumra Capital, M12 (Microsoft's venture fund), and Shlomo Kramer. A second $34 million Series C closed in December 2020, led by Qumra Capital, with M12 increasing its commitment alongside the existing syndicate. The pivotal Series D closed in July 2021 at $185 million, co-led by Icon Ventures and Lightspeed Venture Partners. Preeti Rathi (Icon Ventures) joined the board in conjunction with the financing. The round brought At-Bay's post-money valuation to $1.35 billion—unicorn status—and its cumulative funding to approximately $272 million at close. An extension of $20 million followed in October 2021 to bring total raised to approximately $292–$295.7 million (per company disclosure on the About page). Forbes Big Tech 50 2024 estimated At-Bay's valuation at roughly $2.1 billion, reflecting growth since the 2021 primary round but unconfirmed by a new financing event. The investor base is weighted toward VC-backed growth capital (Icon Ventures, Lightspeed, Khosla, ION Crossover Partners) augmented by strategic insurance capital (Munich Re Ventures/HSB, Qumra Capital, Glilot Capital) and operating experience (Shlomo Kramer). There is no confirmed debt or credit facility in the public record. No secondary liquidity or secondary tender events have been publicly confirmed since the Series D. [CO018, CO019, CO020, CO021, CO022, CO023]

1.4 Scale Metrics & Milestones

At-Bay has grown from a small San Francisco startup in 2016 to a company insuring close to 40,000 businesses in the US (as of April 2025) and generating $155 million in revenue in 2024—approximately 22% year-over-year growth from $129 million in 2023 and over 70% growth from $90 million in 2022. The company has over $295.7 million in total funding and approximately 340–367 employees across six global offices. The MDR business is At-Bay's fastest-growing segment, expanding from fewer than 1,000 MDR customers in early 2023 to 7,500 customers by the end of 2024—generating $13 million in annualized MDR revenue at that point. The Stance platform collectively protects approximately 1.5 million monitored assets. At-Bay Stance MDR was announced on October 26, 2023, and became commercially available in January 2024. In June 2024, At-Bay expanded its Cyber and Tech E&O appetite to businesses with up to $5 billion in revenue and policy limits up to $10 million, enabling access to larger mid-market and early enterprise accounts. The Relay Platform acquisition (completed approximately August 2022) and its subsequent wind-down (effective August 6, 2024) represents a notable strategic pivot: At-Bay acquired a digital broker-platform startup and then shut it down as the Stance MDR momentum accelerated. The At-Bay Specialty Insurance Company subsidiary received an A- financial strength rating from AM Best in 2023, providing broker credibility. The company has been recognized on Forbes Fintech 50 (2023–2025) and Forbes' Best Startup Employers (2026). [CO026, CO027, CO028, CO029, CO030, CO032]

1.5 Products & Security Platform

At-Bay's product suite spans two categories: insurance and active cybersecurity. The insurance portfolio includes primary and excess Cyber, Technology E&O, and Miscellaneous Professional Liability policies offered through At-Bay Insurance Services, LLC (E&S broker) and an admitted full-stack carrier entity. Every surplus Cyber and Tech E&O policy comes with access to At-Bay Stance Exposure Management, including Stance Advisory Services—providing vulnerability scanning, dark web monitoring, AI-powered email fraud alerts, virtual CISO advisory, and employee security awareness training as embedded features. At-Bay estimates these embedded services represent up to $70,000 per policy in value at prevailing market rates. The At-Bay Stance MDR product—commercially available since January 2024—provides 24/7 endpoint monitoring managed by At-Bay's security experts, powered by CrowdStrike technology. MDR is sold separately through At-Bay Security, LLC and is available to both policyholders and non-policyholders. Policyholders using top-performing MDR services may be eligible for insurance premium credits. The company's 2026 InsurSec Report confirmed that every policyholder who faced an Akira ransomware attack in 2025 and avoided full encryption had 24/7 MDR in place, strongly supporting the product's strategic narrative. The broader Stance platform also includes an email security offering (Stance MDR for Email), an exposure management layer, and tabletop exercise services delivered by vCISO advisors. At-Bay licenses or develops in-house digital forensics and incident response (DFIR) capabilities used during claims events. The company's risk selection methodology uses external attack-surface scans at quote time rather than static questionnaires, yielding a risk model calibrated to actual posture rather than self-reported controls. [CO002, CO032, CO041, CO042, CO043, CO045]

1.6 Adverse Considerations & Risk Signals

Several structural and operational risk factors warrant attention in evaluating At-Bay. First, the cyber insurance market itself is in a sustained softening phase that poses margin pressure across the industry. The US cyber market contracted by 7% in 2024 (NAIC data)—the first-ever reduction in direct written premium. Dual Group's April 2026 analysis projected a US cyber combined ratio of 97% in 2026 and the potential for unprofitable territory in 2027 if softening persists. Prices declined 13% in the US from Q4 2023 to Q4 2025. At-Bay, as a specialist carrier retaining 15% of risk, faces direct earnings exposure when loss ratios deteriorate. Second, At-Bay's own claims data reveals a challenging loss environment. The 2026 InsurSec Report documented average claim severity hitting an all-time high of $221,000 in 2025, with ransomware severity at $508,000—up 16% year-over-year. Third-party liability claims surged 70% in 2025. The report also shows that small businesses—At-Bay's core market—are experiencing the steepest severity increases (40% for sub-$25M revenue companies). These trends translate directly into higher expected losses. Third, the acquisition and wind-down of Relay Platform is an adverse milestone. At-Bay invested in a digital broker-placement platform (acquired ~August 2022) and shut it down less than two years later, effective August 6, 2024. The wind-down affected ~25 employees and requires explanation of capital deployed and strategic value realized. Fourth, At-Bay is unprofitable. As a private company, it has not disclosed EBITDA or net income. With approximately $296M raised and $155M in 2024 revenue, the balance between growth investment, claims costs, and operational expenses is not publicly transparent. Fifth, key-person concentration risk around CEO Rotem Iram is significant—he is the primary architect and public face of the InsurSec strategy. [CO035, CO036, CO037, CO038, CO039, CO040]

1.7 Exhibits

2.1 Market Boundary & Scope

At-Bay should be sized against a deliberately narrow market boundary: commercial cyber insurance for organizations plus the adjacent MDR/security services that attach to insured risk. The included insurance spend is gross or direct written premium for standalone and packaged cyber policies covering first-party losses, ransomware/extortion, incident response, business interruption, privacy liability, and technology E&O-linked cyber exposures. The included security adjacency is managed detection and response, vulnerability monitoring, and remediation sold as a risk-reduction layer to the same SMB and mid-market buyer base. Excluded spend includes personal cyber policies, broad property-and-casualty premium that does not price cyber explicitly, generic cybersecurity software not bundled with managed response, warranties, and self-insurance reserves. This boundary matters because At-Bay's market narrative is not simply 'large cybersecurity spend'; its economic wedge is the combination of risk transfer, broker-led insurance distribution, and security controls that can reduce claim frequency.[CM001, CM013, CM020, CM029]

2.2 TAM/SAM/SOM and Contradictory Market Estimates

The supportable TAM is global commercial cyber insurance premium, roughly $15B-$17B in 2024-2025 depending on whether the source uses Munich Re global GWP, Swiss Re growth analysis, Gallagher's broker outlook, or U.S. NAIC DWP as the anchor. NAIC's $9.14B U.S. 2024 DWP is the strongest regulatory baseline but is not a global TAM, while Munich Re's $15.3B 2024 and $16.3B 2025 estimates are better for global premium. At-Bay's SAM is narrower: U.S. SMB and mid-market cyber insurance sold through brokers, with upside from admitted and surplus products plus separate MDR attachment. SOM should be haircut again for broker access, risk appetite, state availability, competitive carriers, reinsurance capacity, and the unknown share of buyers willing to pay separately for MDR. The most important contradiction is that exposure count can grow while rates soften, so premium TAM can look flat even when adoption improves.[CM002, CM003, CM025, CM026, CM027, CM028]

2.3 SMB Buyer, User, Payer and Adoption Path

At-Bay's target account is usually not a Fortune 500 risk-management department but an SMB or mid-market firm whose cyber purchase is triggered by broker advice, customer contract requirements, lender or board pressure, post-incident concern, or underwriting questions at renewal. The economic buyer is often an owner, CFO, controller, or risk/finance leader; the day-to-day user of MDR and active monitoring is the IT manager, managed service provider, or security lead; and the channel gatekeeper is the broker. This split creates both leverage and friction. Brokers can efficiently introduce At-Bay's combined insurance-plus-security proposition, but MDR budget may sit with IT while premium budget sits with finance. At-Bay's admitted small-business product and broker-recognized prevention-first strategy increase reach, while the CrowdStrike partnership and Stance MDR support the security-user case.[CM017, CM018, CM019, CM040, CM041]

2.4 Growth Drivers, Regulatory Catalysts and MDR Adoption

Demand growth is supported by three mutually reinforcing drivers. First, threat economics remain severe: Verizon breach data and IBM breach-cost research show that ransomware, credential compromise, business interruption, and response costs remain financially material to companies that lack mature security operations. Second, regulation raises board and customer attention: SEC disclosure rules elevate public-company governance and incident reporting, while NIS2 expands EU cyber risk-management obligations for essential and important entities. Third, MDR adoption converts insurance from a passive indemnity product into a prevention-oriented service bundle. IDC, Gartner, IBM, and MDR-market sources treat MDR as a mature managed-security category, and At-Bay's Stance MDR fits this trend by providing 24/7 monitoring, response, and remediation to customers that cannot build internal SOC capacity. For At-Bay, the driver is not just more policy demand; it is the possibility of attaching security revenue and improving loss selection.[CM011, CM012, CM014, CM015, CM016, CM021]

2.5 Constraints: Rate Softening, Reinsurance and Systemic Risk

The adverse market case is unusually important. The 2024-2026 evidence base shows a soft market: Howden, Marsh, Aon, Gallagher and Fitch all describe lower pricing, abundant capacity, or underwriting risk from competitive conditions. That helps buyers and may support At-Bay capacity in the near term, but it can compress premium yield per exposure and reduce margin if claim severity rises. Reinsurance is another constraint because cyber aggregation remains hard to model and specialist insurers depend on ceded capacity. Moody's cyber concentration work and the CrowdStrike outage show why this is not theoretical: a common EDR, cloud, identity, or software-update dependency can create correlated downtime across many insured SMBs. MDR lowers incident frequency for individual clients, but it cannot fully diversify a portfolio against shared vendor failure. The diligence conclusion is therefore balanced: At-Bay's integrated model is well aligned with SMB needs, but valuation should be haircut for cycle timing, systemic risk, and undisclosed MDR attach economics.[CM005, CM006, CM007, CM008, CM009, CM010]

2.6 Exhibits

3.1 Competitive Landscape Overview

The US commercial cyber insurance market in 2026 is structured across four competitor tiers, each presenting a distinct threat to At-Bay's InsurSec positioning. The first tier—direct InsurTech peers—comprises Coalition, Cowbell, and Corvus/Travelers, all of which bundle some form of risk intelligence with insurance capacity. The second tier consists of incumbents: Beazley (being acquired by Zurich Insurance for approximately $10.9B, announced March 2026), Chubb, and AXA XL, which compete on financial strength, broker network depth, and multi-line cross-sell rather than pre-breach technology. The third tier is Resilience, an enterprise-focused InsurTech MGA that quantifies cyber risk for Fortune 1000 CISOs and operates at a markedly higher account minimum than At-Bay. The fourth and most strategically underappreciated tier is standalone MDR/security vendors—Huntress, Arctic Wolf, SentinelOne Vigilance, and CrowdStrike Falcon Complete—whose MDR capabilities partially substitute for At-Bay's Stance platform without the insurance component. The global cyber insurance market reached an estimated $16.6B in gross written premiums (GWP) in 2026, growing at approximately 15% CAGR. The US accounted for roughly $10.2B of that total—roughly four million policies in force. MGAs now underwrite approximately one-third of global cyber GWP, a share that has grown materially since 2021. At-Bay served more than 53,000 small and midsize business policyholders with cyber insurance as of March 2026, making it the second-largest InsurTech cyber MGA by US policyholder count, behind Coalition's 100,000+ global policyholders. The competitive dynamic is defined by rate softening (global cyber insurance rates fell approximately 27% from mid-2022 through 2025), rising claim severity (At-Bay's 2026 InsurSec Report documents an all-time high average severity of $221,000 per claim), and accelerating market consolidation exemplified by the Zurich-Beazley acquisition. The status-quo substitute for all InsurTech cyber insurers is a traditional broker-placed cyber policy from an incumbent carrier with no bundled security services—still the modal market choice for SMBs with no existing MDR contract. The internal-build alternative (a company deploying its own SIEM/SOC capability rather than buying managed security insurance) is relevant only for mid-market and enterprise segments, not for At-Bay's core SMB buyer. [CP001, CP002, CP003, CP004, CP005, CP006]

3.2 Direct InsurTech MGA Peers

Coalition is At-Bay's most important direct competitor. As of 2026, Coalition operates approximately 100,000 active policyholders globally—roughly 2x At-Bay's 53,000—and runs a gross written premium exceeding $650M. Coalition's technological moat derives from its Coalition Control platform (continuous external monitoring, zero-day alerts, third-party risk management, and optional Wirespeed ADR), its admitted carrier Coalition Insurance Company (CIC, rated A- by AM Best), and its Allianz partnership announced in May 2026 that grants 10-year global distribution rights. The Allianz deal is the most asymmetric competitive development in the InsurTech cyber segment since the Corvus/Travelers acquisition: it extends Coalition's distribution far beyond the US broker channel that At-Bay currently depends on. Coalition's key adverse signal—an unexplained decline from approximately 160,000 US policyholders in 2022 to approximately 110,000 in 2025 before recovering globally to 100,000+—raises portfolio quality and pricing-discipline questions that partially offset its scale advantage. Cowbell (Pleasanton, CA; founded 2019) raised $208.3M in total funding, including a $60M Series C from Zurich Insurance Group. Cowbell targets SMEs with AI-driven Cowbell Factor risk scoring but does not operate a proprietary carrier—it routes capacity through Zurich North America and Swiss Re. The June 2025 launch of the Zurich Select Plus modular multi-line E&S product marked Cowbell's evolution from a pure-cyber MGA toward a multi-line specialty platform; the November 2025 brand refresh signaled the same. Cowbell's absence of proprietary paper is a meaningful structural disadvantage relative to At-Bay's E&S carrier (At-Bay Specialty Insurance Company, AM Best B++) and Coalition's admitted paper, because it limits actuarial data feedback loops and pricing flexibility. Corvus/Travelers (Boston, MA; acquired January 2024 by Travelers for approximately $435M) now operates as Travelers' AI-enabled cyber underwriting capability. Corvus integrates continuous pre-bind threat scans via the CrowBar platform, delivers real-time risk dashboards to policyholders, and cross-sells into Travelers' Aa2/AA-rated global commercial lines distribution. Post-acquisition, Corvus expanded into continental European markets, a geographic reach At-Bay has not yet accessed. The Travelers combination is the most formidable institutional competitor: it has comparable or better underwriting technology than At-Bay's Stance platform for risk scoring purposes (though not for MDR depth), with exponentially greater distribution power. Resilience (New York, NY; founded 2016; $217M raised across four rounds including a $100M Series D in July 2023) focuses on enterprise accounts with revenues above approximately $200M, differentiating through quantitative cyber risk modeling and CISO-level engagements. More than 10% of US enterprises with revenues over $1B have adopted Resilience's platform. Resilience is not a direct SMB competitor to At-Bay; it is a meaningful competitor in the mid-market and enterprise segment where At-Bay's newer product lines (up to $5B in revenue, limits up to $10M) are expanding. [CP005, CP006, CP007, CP008, CP009, CP010]

3.3 Incumbent Specialty Carriers

Beazley PLC (London; listed on LSE) has historically been the most technology-forward incumbent cyber carrier, with its Beazley Breach Response (BBR) product offering post-incident services—legal, forensic, PR, and notification—and a recognized position in healthcare, financial services, and technology cyber. In 2025, Beazley began reducing US cyber exposure in response to rising claims severity and falling premiums, creating a temporary market hardening for buyers in complex segments. In March 2026, Zurich Insurance Group announced it had agreed to acquire Beazley for approximately $10.9B (GBP 8.1B)—creating what analysts described as a "cyber insurance powerhouse" with Beazley's technical depth combined with Zurich's global balance sheet and distribution. If completed, the Zurich-Beazley combination would have approximately $1.28B in cyber premiums (Beazley alone, 2024) and becomes the single most capitalized incumbent threat to InsurTech MGAs. This is simultaneously the largest threat to At-Bay's long-term market position and a validation of the cyber specialty insurance sector's strategic value. Chubb Limited (NYSE: CB) is the world's largest publicly traded P&C insurer with operations in approximately 54 countries and approximately $54B in GWP. Chubb Cyber ERM targets medium-to-large enterprises and offers embedded distribution through Chubb Studio for digital partners. Chubb's AA/Aa2 financial strength rating is its primary competitive advantage over At-Bay; however, Chubb offers no continuous pre-breach monitoring equivalent to At-Bay Stance, making it non-competitive for SMBs that prioritize active security management over carrier financial strength. AXA XL, the P&C and specialty risk division of the AXA Group, provides cyber liability for large enterprises via AXA's global balance sheet. AXA XL competes against At-Bay primarily in the enterprise segment (revenues above $500M) where At-Bay's newer large-account product lines (limits to $10M) are expanding. AXA XL's primary advantage is global admitted coverage in territories where At-Bay has no presence; its primary weakness is an absence of integrated pre-breach security services comparable to At-Bay Stance. [CP011, CP012, CP013, CP020, CP021, CP022]

3.4 MDR and Security Vendor Substitutes

At-Bay's Stance platform bundles MDR, vulnerability scanning, and dark web monitoring as a force-multiplier for policyholders—reducing claim frequency and severity for insured businesses. The same services are available from standalone MDR vendors without an insurance component; as those vendors reduce price and improve accessibility for SMBs, they erode the differentiated value At-Bay extracts from its bundled model. This is a structural risk to At-Bay's moat, not an immediate displacement threat. Huntress (Columbia, MD; founded 2015) surpassed $100M in ARR in 2024, raised a $180M Series D at a $1.5B valuation, and had more than 4,000 MSP partner relationships as of early 2026. Huntress targets SMBs through the MSP channel—the same customer segment as At-Bay's core market—at a list price of approximately $8.99 per endpoint per month. Huntress competes directly with Stance MDR on ease of deployment and SMB-optimized pricing, though it does not bundle insurance or provide carrier paper. Huntress's MSP-channel dominance gives it distribution density in the SMB segment that At-Bay lacks through direct channels. Arctic Wolf (Eden Prairie, MN; founded 2012) filed an S-1 for a public offering in February 2026 and carries a valuation of approximately $4.3B. Arctic Wolf's estimated revenue reached approximately $913M in 2026, growing from $541M ARR in 2024. Arctic Wolf targets mid-market organizations with a concierge-model MDR offering delivered through its Aurora Superintelligence Platform—5,500+ customers as of 2024. Arctic Wolf's mid-market focus overlaps with At-Bay's expansion upmarket, and its IPO process signals intent to accelerate commercial growth. CrowdStrike Falcon Complete and SentinelOne Vigilance Respond represent the enterprise-grade MDR tier. Both are priced above At-Bay Stance on a standalone basis, but they provide superior breadth of coverage (SIEM, identity threat detection, threat intelligence), superior detection rates for sophisticated adversaries, and independent brand recognition that some enterprise buyers prefer to At-Bay's integrated but carrier-linked MDR offering. CrowdStrike ($2B+ ARR, Nasdaq: CRWD) and SentinelOne ($700M+ ARR, NYSE: S) are not primarily insurance-linked competitors—but as SMB pricing for their managed tiers falls, the insurance bundling becomes less of an MDR cost differentiator for At-Bay. Palo Alto Networks Cortex XSOAR and Managed Threat Hunting represent another adjacent substitute for enterprises that have already deployed Palo Alto firewalls and SASE infrastructure. At-Bay does not compete directly in this tier today but faces the risk that any future enterprise expansion triggers this substitution. [CP018, CP019, CP023, CP024, CP025, CP026]

3.5 Pricing, Distribution, and Switching Costs

At-Bay distributes exclusively through licensed insurance brokers, a model that provides access to established buyer relationships but creates structural margin sharing and dependency on broker prioritization decisions. Coalition uses the same broker-channel model; Cowbell has begun supplementing with direct SME outreach. Neither At-Bay nor Coalition has a disclosed direct-to-buyer sales capability. The broker dependency creates a key-person risk at the channel level: if a major broker consolidates, changes panel preferences, or launches an in-house MGA product, At-Bay loses disproportionate volume without direct relationships as a backstop. Pricing in the SMB cyber insurance market softened significantly from the 2022 peak. Global cyber insurance rates fell approximately 27% from mid-2022 through 2025; the US experienced approximately a 9% decline. Average SMB cyber premiums in 2026 are estimated at approximately $1,000 per year per $1M limit for clean risks. As rates fall, the cost-benefit calculus of At-Bay's bundled MDR shifts: a buyer paying $1,000/year now obtains the same monitoring-included value proposition at a lower absolute premium compared to 2022's higher-rate environment. The reduction in pricing power over the insurance component forces At-Bay to increasingly justify the MDR bundle on standalone security value—$8.99/endpoint/month is Huntress's list price versus At-Bay's effectively free-included Stance MDR, making the insurance plus security bundle increasingly price-advantaged on an absolute basis, but the gap narrows. Switching costs in the InsurSec model are moderate. An At-Bay policyholder who switches to Coalition loses their Stance MDR integration, ongoing vulnerability scan history, and the remediation workflow embedded in the policy. The same buyer would gain Coalition Control's full monitoring suite. The switching cost is meaningful but not prohibitive: most policyholders renew annually and evaluate alternatives at each renewal. Multi-homing (buying monitoring from Huntress and insurance from an incumbent) is structurally feasible and increasingly attractive for budget-constrained SMBs who already have an MSP relationship. At-Bay's AM Best financial strength reaffirmation for its E&S carrier (At-Bay Specialty Insurance Company, B++ rating) provides credibility at renewal time but is not a material lock-in factor compared to the per-policy integration depth. [CP014, CP015, CP016, CP028, CP029, CP030]

3.6 Moat Durability and Competitive Risk

At-Bay's primary competitive moats are (1) its 100,000+ policy-years of proprietary claims data informing underwriting and risk scoring, (2) the Stance MDR platform's 15-minute mean time to remediate (MTTR) as a published technical differentiator, and (3) its E&S carrier status enabling underwriting control and pricing feedback loops not available to capacity-dependent MGAs like Cowbell. These moats are real but eroding: Coalition's data advantage is 2x At-Bay's by policyholder count, and Coalition's Allianz distribution partnership is already widening the distribution gap. The most material adverse competitive evidence in 2026 is the shutdown of At-Bay's Relay specialty insurance platform. At-Bay had acquired Relay in 2022 to enter the specialty lines market (management liability, professional liability, and other non-cyber lines), but decided to wind down the platform in 2025-2026. The Relay shutdown signals two risks: first, that At-Bay's multi-product expansion ambitions have been scaled back, narrowing its total addressable market thesis; second, that management bandwidth was divided across the Relay buildout during a period when Coalition was deepening its admitted carrier capabilities and MDR platform. The adverse signal is compounded by the fact that diversification was a stated part of At-Bay's Series D pitch, making the reversal a credibility risk. The Zurich-Beazley acquisition ($10.9B, March 2026) represents the single most significant structural threat to At-Bay's moat over a 5–7 year horizon. A combined Zurich-Beazley entity would have Beazley's proven cyber claims expertise ($1.28B+ in cyber premiums, 2024), Zurich's global admitted carrier network, and the capital to invest in pre-breach technology at a scale that InsurTech MGAs cannot match without their own capital raises. At-Bay has no partnership with a global incumbent to offset this scale consolidation—Coalition's Allianz deal is the equivalent mechanism that At-Bay lacks. Commoditization pressure from security vendors (CrowdStrike, SentinelOne, Arctic Wolf, Huntress) is real but medium-term. As MDR pricing falls and MSP-channel penetration deepens, the bundled security value of At-Bay's Stance platform narrows for buyers who already have managed security from another vendor. The 15-minute MTTR claim and the MDR's $13M ARR standalone product are defensive signals that At-Bay is actively trying to build a security business independent of the insurance bundle—if successful, this bifurcation strengthens the moat by making the security product independently viable. [CP032, CP033, CP034, CP035, CP036, CP039]

3.7 Exhibits

4.1 Revenue Model and Insurance Premium Economics

At-Bay's financial architecture centers on two interconnected revenue streams: insurance premiums from its excess-and-surplus (E&S) cyber and technology errors-and-omissions (Tech E&O) book, and security-as-a-service subscription fees from its Stance platform. Insurance premiums constitute the dominant revenue driver, distributed exclusively through wholesale brokers and digital channels. At-Bay earns net revenue as the retained spread after ceding approximately 85% of gross written premium to a Munich Re-led reinsurance panel; the parent entity also earns management and underwriting fees as the managing general agent (MGA) under a 2024 MGA agreement with At-Bay Specialty Insurance Company. Forbes reported At-Bay's total revenue at approximately $155M in 2024, up from $129M in 2023. Florida Surplus Lines Service Office (FSLSO) regulatory filings show At-Bay Specialty Insurance Company's gross premium grew 119% to $338.2M in 2024, with net premium of $49.9M retained after reinsurance cession. In 2023, the company recorded gross insurance premiums of $301M—a 20% volume increase from 2022 despite market-wide premium rate softening—and net revenue exceeding $110M at the consolidated level. Gross written premium reached approximately $380M in 2022 when At-Bay wrote entirely on third-party Munich Re (HSB) paper as a pure MGA. US direct cyber written premiums declined 6% in 2024 to approximately $9.14B (Fitch Ratings, May 2025), creating a structural top-line headwind for the sector. Cyber reinsurance non-proportional rates dropped 32% risk-adjusted at the April 2026 renewal (Gallagher Re data, reported by actuary.info), reducing reinsurance costs but also signaling capacity surplus that may pressure primary premium rates further. Standalone SMB cyber insurance premiums for $1M limits ranged approximately $1,200–$2,200 annually in 2024, with rates expected to remain flat to slightly negative entering 2026. [CI001, CI002, CI003, CI005, CI009, CI010]

4.2 Stance Security Subscriptions and Dual-Revenue Expansion

At-Bay's Stance platform converts the company's 40,000+ insured customer relationships into a security-as-a-service upsell vector. Launched as an optional MDR subscription in October 2023, Stance Managed Detection and Response (MDR) grew from fewer than 1,000 customers in 2023 to 7,500 by year-end 2024, generating approximately $13M in annualized subscription revenue. The installed base penetration rate of approximately 18.75% (7,500 of roughly 40,000) signals material upside from cross-selling, though the product is in early commercial phases. The Stance platform bundles vulnerability scanning, dark web monitoring, AI-powered email fraud alerts, vCISO advisory services, and employee security training—described by At-Bay as delivering $70,000 in embedded security tool value per policy (Insurance Business, July 2025 five-star review). Standalone MDR pricing is not publicly disclosed; implied annual revenue per Stance customer approximates $1,733 at the reported 7,500 customer / $13M ARR ratio, consistent with SMB-segment MDR market pricing. At-Bay's homepage reports 1.5M monitored assets and a 15-minute mean time to remediate threats, underscoring operational scale. The Stance subscription layer creates meaningful strategic optionality: it reduces At-Bay's dependence on insurance premium rate cycles and provides higher-margin recurring revenue. However, Stance revenue ($13M) remains modest relative to consolidated net revenue (~$155M), representing approximately 8.4% of total. Standalone gross margin, churn, CAC, and net revenue retention for Stance are not publicly disclosed. Akira ransomware's 40%+ share of ransomware claims signals that threat-actor concentration risk could affect both insurance loss ratios and Stance MDR scope. [CI006, CI007, CI008, CI034, CI040]

4.3 Carrier Structure, Capital Adequacy, and Reinsurance Panel

At-Bay completed its MGA-to-carrier transition in August 2023 when it began issuing all new E&S Cyber and Tech E&O policies under At-Bay Specialty Insurance Company (NAIC 19607), the Delaware-domiciled subsidiary acquired from XL Insurance America in January 2023. Formerly XL Select Insurance Co. (incorporated 1965), the entity carried eligibility in 44 states and a seasoned regulatory footprint. AM Best assigned an A- (Excellent) rating with stable outlook in April 2023, enabling At-Bay to compete for broker placements that require rated-paper carriers. Insurance Business described At-Bay as the first cyber InsurTech to become an E&S carrier. Prior to this transition, At-Bay wrote on HSB Specialty Insurance Company paper (AM Best A++, Munich Re subsidiary). At-Bay Specialty Insurance Company's FSLSO annual 2024 filing shows total admitted assets of $223.9M and capital and surplus of $101.2M at year-end 2024—broadly stable in the Q2 2025 snapshot at $100.7M. The gross premium to surplus ratio of 334.2% exceeded NAIC usual ranges (IRIS ratios #4, 6, and 10 flagged), reflecting rapid premium scaling on a moderate capital base. At the parent level, At-Bay Inc. has raised $292M in total external financing: $185M at the July 2021 Series D close at a $1.35B valuation, extended by $20M with ION Crossover Partners in October 2021. No new capital raises have been announced since October 2021. The reinsurance panel comprises five authorized reinsurers as of 2024: Münchener Rückversicherungs-Gesellschaft, Skyward Specialty Insurance Group, AXA SA, W.R. Berkley Corp., and Fairfax Financial Holdings—all US unaffiliated or non-US authorized, with zero overdue reinsurance recoveries per the 2024 filing. At-Bay retains approximately 15% of insurance risk. Cyber reinsurance non-proportional rates dropped 32% at the April 2026 renewal per Gallagher Re data, a positive cost signal for At-Bay's ceded portion but also indicative of broad capacity surplus that may compress primary cyber rates further. [CI011, CI012, CI013, CI014, CI015, CI016]

4.4 Claims Economics, Loss Ratio Pressure, and Market Headwinds

FSLSO regulatory filings provide the clearest window into At-Bay's loss economics. At-Bay Specialty Insurance Company reported a losses incurred ratio of 68% and a combined ratio of 102% for 2024—versus 50% and 98% in 2023. Losses incurred grew 97% from $14.9M in 2023 to $29.2M in 2024. The underwriting result swung from a $1.2M gain to a $1.3M loss. Cash flow from operations deteriorated from positive $34.1M in 2023 to negative $10.7M in 2024—a $44.8M swing reflecting accelerated loss payments. Net income after tax was $955K in 2024, a 26% decline from $1.29M. At-Bay's own 2026 InsurSec Report (based on 100,000+ policy years and 6,500+ claims) documented a 7% year-over-year increase in cyber claim frequency for 2025, with average severity reaching a record $221,000. Ransomware severity rose 16% to $508,000, with 87% of ransomware attacks originating from remote access tools. Akira ransomware accounted for more than 40% of ransomware claims in 2025, the highest single-strain concentration ever recorded by At-Bay. Financial fraud remained the most frequent incident type at 30% of claims, with average theft rising 16% to $285,000. Third-party liability severity jumped 70% year-over-year. At-Bay's claims team recovered $56M in stolen financial fraud funds in 2025, with 70% recovery rates when claims were filed within three days. The July 2024 CrowdStrike Falcon Sensor outage generated an estimated $400M–$1.5B in global insured cyber losses (CyberCube), representing the largest single insured loss event in the affirmative cyber insurance market's history. At the market level, Munich Re estimates global ransomware attack frequency increased approximately 25% in 2024, and US cyber industry loss ratios increased 7 percentage points to 49% in 2024 (per CoinLaw citing NAIC data). At-Bay's subsidiary combined ratio of 102% indicates the company's net-retained book incurred an underwriting loss in 2024. At-Bay's September 2023 workforce reduction of 27 employees (~10% of 305-person headcount) reflected structural adjustments amid growing operating costs. [CI021, CI022, CI023, CI024, CI025, CI026]

4.5 Financial Opacity, Revenue Quality, and Diligence Gaps

At-Bay is a private company with no public consolidated financial statements. The $155M revenue figure derives from Forbes; the $110M net revenue figure for 2023 from media reporting of the Ken Riegler appointment; and subsidiary financials from FSLSO surplus lines regulatory filings. None of these sources provides audited consolidated income statements, balance sheets, or cash flow statements covering At-Bay Inc. as the ultimate parent. The FSLSO filings cover only At-Bay Specialty Insurance Company—one subsidiary—and cannot proxy for total company profitability, given that MGA commissions and fee income flow upward to the parent entity. Critical undisclosed metrics include: (1) consolidated gross margin on insurance operations; (2) Stance MDR gross margin, churn rate, CAC, and net revenue retention; (3) parent-level cash on hand and burn rate; (4) incurred-but-not-reported (IBNR) loss reserves; (5) reinsurance treaty limits, attachment points, and exclusion clauses; and (6) policy or customer concentration beyond sector-level disclosures. The three flagged NAIC IRIS ratios (#4, 6, and 10) at the subsidiary warrant direct management explanation, as does the combined ratio of 102% (implying underwriting unprofitability at the subsidiary ceded-net level even as the parent MGA earns commission income). Revenue quality risks include: market-wide premium rate softening (US DWP down 6% in 2024; further declines expected in 2026); Akira ransomware accumulation risk (40%+ of ransomware claims from one threat actor); and the 85% GWP-to-net-revenue gap that makes top-line growth depend on reinsurance cession economics. No new external capital has been raised since October 2021 ($292M lifetime). The path to public markets or next-round financing requires demonstrated underwriting profitability at the consolidated level and improved financial transparency. [CI001, CI010, CI019, CI020, CI021, CI031]

4.6 Exhibits

5.1 Product definition: At-Bay bundles active security services with every cyber insurance policy

At-Bay markets its offering as InsurSec—a combined insurance and cybersecurity product that goes beyond indemnification to actively reduce policyholder risk. Every cyber policy includes Stance, At-Bay's proprietary security platform operated by its wholly-owned subsidiary At-Bay Security LLC. Stance is structured into three service tiers: Core (Exposure Manager, Fraud Defense, Security Awareness Training, and vCISO advisory), Advanced (Core plus MDR Endpoint via CrowdStrike Falcon XDR), and Complete (Advanced plus MDR Email). A fourth track, MXDR, launched in July 2025 powered by SentinelOne Singularity, extending detection across endpoint and email surfaces for mid-market policyholders. The platform was enhanced in April 2024 to include phishing simulation, Microsoft 365 and Google Workspace monitoring integrations, pushing aggregate risk coverage to a company-claimed 66 percent. Coverage limits expanded on June 3, 2024 to serve businesses with up to five billion dollars in revenue and ten million dollars per policy, reflecting a deliberate move upmarket. The embedded value of Stance services is approximately seventy thousand to seventy-two thousand dollars per policy according to company materials, an important differentiator relative to insurers that price security add-ons separately or not at all.[CE001, CE002, CE003, CE004, CE005, CE007]

5.2 Platform architecture: Stance layers insurance data, security telemetry, and partner detection engines

At-Bay's technology architecture layers proprietary risk intelligence atop third-party detection engines rather than building a full security stack from scratch. CrowdStrike Falcon XDR provides the endpoint detection engine for MDR Endpoint, announced as a partnership on January 31, 2024 alongside the Stance MDR product. SentinelOne Singularity underpins the MXDR platform launched July 15, 2025. All policyholder data is hosted on AWS infrastructure located exclusively in the United States, per the At-Bay trust page. The Relay Platform—acquired August 22, 2022 and maintained as an independent specialty insurance digital marketplace—serves as At-Bay's distribution infrastructure for the broker channel. The Partner API v2 delivers asynchronous quote generation with a p90 latency below forty seconds, uses JWT authentication, and enforces broker-of-record clearance programmatically; API documentation is publicly maintained on GitHub. This combination of insurance data, telemetry from detection partners, and a digital distribution layer constitutes the three-sided technology moat At-Bay describes as core to its InsurSec differentiation. The architecture is observable at the interface level but opaque at the underwriting-model and SOC-tooling internals.[CE006, CE007, CE011, CE012, CE013, CE014]

5.3 Technology operating model: At-Bay Security LLC runs the SOC; Relay handles specialty distribution

At-Bay splits its operating model into two technology-intensive subsidiaries. At-Bay Security LLC operates the security services layer—running the MDR and MXDR SOC, managing CrowdStrike and SentinelOne integrations, and delivering the Exposure Manager and Fraud Defense capabilities to enrolled policyholders. Relay Platform provides specialty insurance digital quoting and placement, positioned as an independent marketplace that connects brokers and carriers. The Partner API v2 ties both into the broker workflow: a broker submits a submission through the API, receives an asynchronous quote within the p90 latency target, and the system performs BOR clearance checks before binding. At-Bay's 2025 InsurSec analysis indicated that ninety percent of claims across Q1 2022 through Q4 2024 could have been potentially mitigated by MXDR capabilities. The company also reports a ninety-nine point nine-nine-nine percent incident avoidance rate for Stance-enrolled policyholders, though no independent third-party audit of this figure was found in public sources. The operating model requires continuous coordination between the insurance underwriting function and the security SOC—a dependency that creates differentiation but also introduces complexity that would be difficult to replicate and equally difficult to unwind if a partner technology relationship changes.[CE016, CE017, CE031, CE032, CE037, CE042]

5.4 Trust and compliance: SOC 2 Type II certified with AWS US data residency; self-attestation limits remain

At-Bay's trust posture is anchored by a SOC 2 Type II certification and a stated policy of storing all customer data on AWS infrastructure located in the United States. The trust page further asserts that no policyholder data is used to train AI models, and that role-based access controls govern how users interact with Stance dashboards. The legal separation between At-Bay Insurance and At-Bay Security LLC provides a structural boundary between the insurance entity and the security services subsidiary, though the precise regulatory licensing detail for the cybersecurity operations is not publicly enumerated. Material limits on the public trust posture include: SOC 2 scope boundaries are not described in publicly accessible detail, encryption standards are asserted but not enumerated, and the third-party audit reports underlying the certification are not publicly released. For enterprise buyers evaluating the platform, these gaps suggest that due diligence would require direct engagement with At-Bay to obtain audit artifacts, data processing agreements, and specifics on the subprocessor chain supporting AWS hosting.[CE020, CE021, CE022, CE023, CE024, CE025]

5.5 Differentiation and roadmap: InsurSec bundling creates measurable risk reduction but also user lock-in risk

At-Bay's core differentiation is structural: by embedding security tools into the insurance contract, it creates an integrated risk-reduction loop that pure insurers cannot replicate without acquiring or partnering with a security operations center. Company data indicates that non-Stance policyholders experienced a seven percent higher claim frequency, while average claim severity reached two hundred twenty-one thousand dollars and ransomware severity reached five hundred eight thousand dollars in 2025 data. The company claims a ninety-nine point nine-nine-nine percent incident avoidance rate, an extraordinary figure that has not been independently validated. At-Bay's roadmap progression from 2022 through 2025 was rapid: Relay acquisition (August 2022), Stance MDR launch with CrowdStrike (October 2023), SAT and M365/GWS integrations (April 2024), upmarket expansion to five billion dollar revenue businesses (June 2024), and MXDR with SentinelOne (July 2025). A documented adverse signal from the Spiceworks community highlights that policyholders lose access to Stance security tools when switching carriers, a switching cost that creates lock-in risk from the buyer's perspective. The pace of product launches and technology partner additions suggests continued investment, but the roadmap beyond MXDR is not publicly disclosed, limiting forward-looking product diligence.[CE027, CE028, CE029, CE030, CE031, CE033]

6.1 SMB and mid-market segmentation

At-Bay's core customer is the small or midsize business buying cyber insurance through an intermediary rather than a direct software checkout. Forbes' March 2026 profile says At-Bay provides cybersecurity insurance to more than 53,000 small and midsize businesses; At-Bay's own home page and Stance materials cite a platform powered by incident insights from 40,000+ insureds, and the July 2025 MXDR launch says At-Bay protects close to 40,000 U.S. businesses representing up to $800 billion in collective revenue. I treat the 53,000 figure as the most current independent customer-count marker and the 40,000 figure as a conservative company-disclosed base still present in official pages. The buyer is usually a CFO, owner, risk manager, or broker placing cyber coverage; the user expands to IT/security operators once Stance, MDR Endpoint, MDR Email, or MXDR is activated. At-Bay now spans SMB, lower mid-market, and larger businesses after raising Cyber and Tech E&O appetite to companies with up to $5 billion in revenue and limits up to $10 million.[CU001, CU002, CU003, CU004, CU005, CU006]

6.2 Adoption trajectory and deployment scale

The public adoption curve is strongest for Stance MDR rather than total policyholders. Forbes reports that At-Bay's detection product grew from fewer than 1,000 customers in 2023 to 7,500 customers by the end of 2024, reaching about $13 million in annualized revenue. At-Bay's official MDR launch in October 2023 positioned the product for SMBs, and CrowdStrike's January 2024 partnership announcement reinforced that the Falcon XDR-powered service targeted small-business cyber resilience. Adoption is pulled by the insurance bundle: At-Bay says adopting Stance MDR may unlock insurance premium credits and enhanced ransomware or financial-fraud limits, so expansion can occur at renewal or during broker-led risk remediation rather than only through a standalone security sale. The 2026 InsurSec Report adds scale context by analyzing more than 100,000 policy years and 6,500+ claims, indicating a meaningful longitudinal data asset even though At-Bay does not disclose active monthly users or deployment completion rates.[CU009, CU010, CU011, CU012, CU013, CU014]

6.3 Named customer proof and broker proof

At-Bay publishes named customer proof primarily for MDR rather than for insurance-policy deployments. Its official home page and MDR page quote Chris White, COO of Gradient Security, saying At-Bay MDR handles security operations end-to-end so his team can focus on the core business; they also quote the CTO of AI InsurTech calling the MDR experience excellent and Ben Beeson, CEO of Galahad Risk Advisors, saying the company onboarded quickly without disruption. These are useful named testimonials, but they prove Stance/MDR adoption and satisfaction more directly than policy renewal or insurance-loss outcomes. Broker proof is broader and more operational: the At-Bay Broker Platform page says submissions through the platform bind 35% faster than email, and Insurance Business recognized At-Bay as a broker-voted 5-Star Cyber Insurance Provider while quoting management on the value of combining insurance and security. Review-site coverage is sparse: SourceForge and Slashdot list At-Bay but show no substantive user-review base, and G2 was inaccessible to fetch because of a JavaScript/ad-block gate.[CU017, CU018, CU019, CU020, CU021, CU022]

6.4 Retention, repeat usage, and gaps

Public retention evidence is materially incomplete. At-Bay does not disclose net revenue retention, gross revenue retention, logo retention, broker renewal win rate, customer NPS, cohort renewals, or Stance churn. The best observable retention proxies are indirect: Stance tools are embedded into policyholder workflows, MDR can qualify customers for premium credits, and the platform monitors 1.5 million assets with a reported 15-minute mean time to remediate threats. A Spiceworks SMB user thread is the clearest adverse customer signal: an SMB manufacturing user reported that At-Bay's tools were impressive, but the company switched to a cheaper carrier after one year and lost the tools. That anecdote does not prove systemic churn, but it shows price sensitivity and bundle fragility when the insurance broker finds a cheaper alternative. The absence of published renewal cohorts keeps the retention case below enterprise SaaS diligence standards.[CU026, CU027, CU028, CU029, CU030, CU031]

6.5 Expansion, concentration, and channel friction

At-Bay's land-and-expand motion starts with broker-placed cyber insurance, adds Stance Core monitoring and advisory features, and then upsells MDR Endpoint, MDR Email, MXDR, higher limits, or broader Cyber/Tech E&O coverage. That logic is credible because the same incident data that supports underwriting also produces security alerts and remediation triggers for policyholders. The model remains channel-dependent: customers are instructed to contact their broker to add At-Bay Stance, the broker platform is the primary quote/bind workflow, and Sayata-style digital distribution partnerships reinforce the intermediary layer. Channel leverage lowers CAC and matches commercial-insurance buying behavior, but it also means At-Bay has less direct control over renewals than a pure SaaS vendor. Customer concentration appears low at the individual SMB policyholder level, but concentration risk shifts to broker relationships, reinsurance capacity, distribution platforms, and security-technology partners such as CrowdStrike and SentinelOne. The strongest next diligence step is to request broker-level production concentration, renewal cohorts by segment, Stance attach-rate cohorts, and loss-ratio deltas for MDR adopters versus non-adopters.[CU034, CU035, CU036, CU037, CU038, CU039]

6.6 Exhibits

7.1 Risk overview and thesis-break framing

At-Bay operates at the intersection of four risk domains that are individually manageable but collectively demanding. The first and most pressing is underwriting and loss-ratio risk: the FSLSO statutory filing for 2024 shows a combined ratio of 102%, losses of $29.2 million (up 96.7% year on year), and a negative cash flow from operations of $10.7 million—all against a backdrop of a premium portfolio that grew 345% in a single year. That growth rate compresses the seasoning time needed to validate loss assumptions, and it coincides with a US cyber market that recorded its first-ever premium decline of 7% in 2024. The second domain is systemic aggregation risk: the CrowdStrike outage demonstrated that a single vendor failure can trigger correlated claims across thousands of policies simultaneously, and At-Bay's concentration in SMB cyber makes the exposure real. The third domain is legal and regulatory risk: LMA5567 war-exclusion litigation, multi-state surplus-lines compliance, and the SEC cyber-disclosure rule all impose obligations that a rapidly scaling MGA must absorb without a seasoned in-house regulatory team. The fourth domain is operational and people risk: Israel houses the bulk of At-Bay's R&D, and the March 2026 layoffs of 25 engineers "in times of war" introduce execution and talent-retention uncertainty at precisely the moment MDR delivery is the primary competitive differentiator. A fifth domain—financial model and competitive risk—sits below the four primary concerns but is nonetheless real: if cyber rates continue declining, the MGA's underwriting fee and profit commission compress, and competitors with deeper balance sheets or lower expense ratios can price more aggressively. The risk heatmap below places each domain by likelihood and impact severity. The mitigation and kill criteria table in the final section defines which events would make the thesis non-investable.[CR001, CR002, CR003, CR008, CR012, CR013]

7.2 Legal, regulatory, and compliance risks

At-Bay writes cyber insurance as a managing general agent across all 50 US states and select international markets, using Trisura Specialty Insurance Company as its primary fronting carrier. That structure exposes the company to layered compliance obligations: surplus-lines stamping requirements in states that mandate them, broker license filings, NAIC solvency reporting obligations through the fronting carrier, and the evolving SEC cyber-disclosure rule that applies to its enterprise policyholders rather than At-Bay itself but indirectly drives claims and coverage disputes. The most acute current legal exposure is the LMA5567A/B war exclusion, which Lloyd's mandated for all cyber policies from March 2023 onward and which was tested in adversarial litigation in 2026 when Stryker's Iran-linked attack triggered a coverage dispute with competing interpretations of "computer attack" exclusions and "critical infrastructure" carve-outs. At-Bay's policies contain war exclusions, and the Stryker outcome—irrespective of which side prevails—will influence how underwriters and plaintiffs frame future nation-state attribution claims against At-Bay policyholders. Surplus-lines compliance creates a second layer of regulatory exposure: multi-state MGAs must file in every jurisdiction where a non-admitted insurer writes risk, and failure to stamp, file, or pay premium tax correctly can trigger fines, policy voidance, or licensure suspension. The NAIC 2025 Cybersecurity Insurance Report, which is a primary regulatory source, confirms At-Bay Specialty Insurance is active in the US market and flags systemic concentration risk as an industry-level concern, reinforcing that regulators are scrutinizing large cyber programs. The regulatory-legal risk register below enumerates each named risk with likelihood, severity, current mitigation evidence, and residual diligence path.[CR016, CR017, CR021, CR022, CR026, CR041]

7.3 Underwriting, systemic, and reinsurance risks

The FSLSO annual 2024 statutory filing is the most granular public window into At-Bay's underwriting position. It shows direct premiums written of $280.6 million (up 344.9% from $63.1 million in 2023), losses incurred of $29.2 million (up 96.7% year on year), a combined ratio of 102%, and a gross premium to surplus ratio of 334.2%—well above the 300% threshold that AM Best identifies as a concern for fronted programs. The fronting structure itself concentrates risk: AM Best reaffirmed At-Bay Specialty at A- Excellent in August 2025, but the reinsurance panel of five—led by Munich Re/HSB, with Skyward Specialty, AXA SA, W.R. Berkley, and Fairfax behind—means that a simultaneous retrenchment by multiple reinsurers would either force premium reductions or require At-Bay to retain more net risk. Howden Reinsurance's 2025 cyber report shows that the top five global cyber reinsurers hold 62% of market share, confirming that concentration exists on the supply side of capital as well. The Akira ransomware concentration is the single largest short-term underwriting threat: At-Bay's own 2026 InsurSec report states that Akira drove more than 40% of ransomware claims in 2025, which is actuarially dangerous because a single threat actor's operational tempo (law-enforcement disruption, negotiation strategies, target selection) can shift loss ratios by several points within a single quarter. Zero At-Bay MDR customers filed an Akira claim in 2025, which is a genuine mitigant, but only a small fraction of the total book is on MDR. Systemic aggregation adds a tail risk that is structurally underpriced across the industry: the CrowdStrike outage demonstrated that a single vendor failure can generate correlated losses across thousands of policies simultaneously, with Fortune 500 exposure estimated at $5.4 billion and the insured portion between $540 million and $1.08 billion across all carriers. The risk transmission map below traces how Akira persistence and aggregation events flow into reinsurance renegotiation and ultimately policy-level economics.[CR001, CR002, CR003, CR004, CR005, CR006]

7.4 Operational, people, and MDR execution risks

At-Bay's competitive differentiation rests on three operationally intensive pillars: proactive security monitoring through its MDR product, deep underwriting data from active scanning, and fast claims handling for SMB policyholders. Each pillar depends on the Israel R&D center, which houses the majority of engineering, data science, and security research talent. The March 2026 layoff of 25 engineers, described by calcalistech.com as occurring "in times of war," is adverse on two dimensions: it signals that the conflict environment has already produced cost pressures significant enough to reduce headcount, and it reduces the capacity of the team responsible for maintaining and extending MDR detection logic precisely when Akira is evolving its tactics. MDR is At-Bay's clearest differentiation claim—zero MDR customers filed an Akira claim in 2025—but the market is growing rapidly and attracting well-capitalized competitors. Grand View Research projects the global MDR market at $9.5 billion by 2030; Coalition and other cyber MGAs are building or acquiring MDR capabilities; and traditional security vendors are bundling insurance as an afterthought. If At-Bay's MDR quality degrades because of engineering attrition, a competitor closes the execution gap within 12 to 18 months. Broker and distribution dependence creates a second operational risk: At-Bay writes through a network of appointed brokers and wholesalers, and a shift in broker preferences toward competitors offering better pricing, broader coverage, or more attractive commission structures would erode the policy count that keeps the MDR data advantage relevant. Email fraud surpassing ransomware as the top claim type in 2026 (per the InsurSec report) indicates that the detection problem is shifting faster than any single product can anticipate. The people and partner risk registers below enumerate both dimensions.[CR011, CR014, CR015, CR032, CR033, CR034]

7.5 Financial model, competitive, and concentration risks

At-Bay's financial model as a fronted MGA depends on sustained premium growth, stable reinsurance pricing, and sufficient underwriting margin to fund operations. All three assumptions are under pressure simultaneously in 2026. US cyber insurance premiums declined 7% in 2024, the first-ever contraction in the market, driven by improved loss ratios at large enterprises (where At-Bay does not compete), rate reductions by traditional carriers with deeper balance sheets, and broker-driven competition on price. WTW and Marsh both confirm US cyber rates fell 5% in Q4 2024 and that buyer-favorable conditions persist into Q1 2026. For an MGA that earns fees and profit commissions on a percentage of premium, a 5–7% rate decline translates directly into lower fee income even if policy count holds flat. The FSLSO filing reveals a debt-to-equity ratio of 121.3% and operating cash flow of negative $10.7 million in 2024, which narrows the runway for absorbing an underwriting year worse than 2024 without tapping external capital. The $1.35 billion Series D valuation from 2021 reflects a very different cyber market—accelerating premiums, widening loss ratios favoring carriers, and almost no competition in the SMB segment. Beinsure ranks At-Bay among the top 10 US cyber insurers by premium, but Coalition, Corvus, and Cowbell are all competing aggressively for the same SMB segment with comparable or lower pricing. Munich Re forecasts global cyber premiums reaching $28 billion by 2030, which supports long-term growth, but the path matters: if At-Bay must grow through a trough in pricing before rates normalize, it needs either a materially lower expense ratio or a capital buffer to absorb interim underwriting losses. The mitigation and kill criteria table and the dependency map below frame the monitorable thresholds that distinguish a survivable headwind from a thesis-breaking deterioration.[CR012, CR013, CR018, CR019, CR023, CR024]

7.6 Exhibits

8.1 Investment Thesis and Anti-Thesis

At-Bay is investable only as a price-disciplined InsurSec thesis, not as a generic high-growth software story. The thesis is that a cyber insurer with its own E&S paper, proprietary underwriting data, and embedded MDR can reduce losses while adding recurring security revenue on top of premium economics. Public evidence supports the ingredients: Forbes reports roughly $155 million of 2024 revenue and more than 53,000 SMB customers; At-Bay moved onto its own paper; Stance MDR is marketed as a prevention layer; and the 2026 InsurSec evidence suggests MDR can reduce Akira ransomware outcomes. The anti-thesis is equally concrete. The carrier subsidiary posted a 102% combined ratio in 2024, Relay was shut down after acquisition, cyber pricing is softening, and Akira concentration shows that one threat actor can stress an underwriting model. The chapter therefore treats At-Bay as a differentiated but not yet de-risked private cyber-insurance platform.[CV002, CV003, CV005, CV007, CV010, CV012]

8.2 Recommendation, Confidence, Risk, and Valuation Stance

The recommendation is research-more with medium confidence, medium-high risk, and a fair-to-stretched valuation stance. At or below the last primary $1.35 billion mark, the balance of evidence would be attractive because the downside would be closer to revenue-supported insurance and M&A comparables. Around the Forbes-estimated $2.1 billion mark, the case becomes fair only if current loss ratios have normalized, Stance retention is strong, and reinsurer support remains stable. Above roughly $2.1 billion, the burden of proof rises sharply because public comps do not justify unlimited software-style multiples for a carrier-linked insurance model. The most important investment implication is that public evidence supports continued diligence, not an unconditional buy: no public source discloses consolidated gross margin, burn, NRR, loss triangles, broker concentration, or liquidation preferences.[CV001, CV002, CV023, CV024, CV025, CV026]

8.3 Financing Context, Entry Discipline, and Preference Overhang

At-Bay's clean public financing anchor remains the 2021 Series D: $185 million at a $1.35 billion post-money valuation, later extended by additional capital according to contextual financial sources. Forbes and Latka supply the current revenue frame, but neither replaces a primary financing mark. That matters because late-stage cyber-insurance multiples reset after 2021: public insurtech investors now focus on loss control, profitability, and capital intensity. A disciplined entry should therefore be underwritten from current revenue and statutory economics, not from the unicorn label. Preference overhang is a material private-market risk. Nearly $300 million of disclosed capital likely carries liquidation preferences; if the exit clears below the current preferred stack plus accrued preferences, common-equity economics could differ sharply from headline enterprise value. New money should require preference parity, participation caps, and anti-dilution review before signing.[CV001, CV004, CV005, CV016, CV029, CV030]

8.4 Bull, Base, and Bear Scenarios

The scenario range is intentionally wide because the most valuation-sensitive variables are private. The bull case reaches roughly $2.8 billion to $3.5 billion if revenue compounds above 25%, Stance becomes a high-margin second revenue line, MDR proof reduces losses, and the combined ratio improves below 95%. The base case is roughly $1.4 billion to $2.1 billion: At-Bay remains a strong cyber MGA/carrier with moderate Stance contribution, but underwriting improvement is gradual and valuation stays tied to revenue plus strategic scarcity. The bear case is $0.7 billion to $1.1 billion if combined ratios stay above 100%, premium rates keep softening, reinsurers demand worse terms, or ransomware concentration overwhelms prevention. Downside triggers map directly to the risk chapter: loss-ratio deterioration, reinsurance retrenchment, MDR execution failure, and market-price compression.[CV017, CV018, CV020, CV021, CV027, CV028]

8.5 Comparable Set and Valuation Multiples

The most relevant comparable set is mixed. Coalition defines the upper private cyber-insurance benchmark at a disclosed $5 billion Series F valuation, supported by broader scale and market leadership. Cowbell provides a lower-scale private financing reference without a public valuation mark. Corvus provides the most concrete M&A reference: Travelers paid about $435 million for a cyber-insurtech underwriting platform, showing strategic appetite but also setting a real exit data point far below unicorn-era private marks. Public insurtechs such as Lemonade, Hippo, and Root are imperfect because they are not cyber-specialists, but their filings and market data are useful for discipline: insurance-like digital models are valued on revenue quality, loss control, capital intensity, and profitability path. At-Bay deserves a premium to weak public digital carriers only if Stance and underwriting data demonstrably improve loss outcomes.[CV013, CV014, CV015, CV016, CV033, CV034]

8.6 Exit Readiness and Final Diligence Asks

At-Bay is more strategically acquirable than IPO-ready on public evidence. The own-paper carrier, broker relationships, cyber claims data, and Stance platform would be attractive to a specialty carrier, reinsurer, or security vendor seeking cyber-insurance distribution. A near-term IPO is harder to support because public investors would demand consolidated GAAP revenue, loss-ratio history, reserves, reinsurance details, and a credible path to underwriting profitability. The final diligence package must close six gaps before any investment: current consolidated financials, loss triangles, reinsurance treaty terms, Stance cohort retention and gross margin, cap-table preferences, and broker concentration. Thesis-break triggers are explicit: combined ratio above 105%, worse reinsurance terms, stalled MDR attachment, or a down-round signal. If any two occur together, the valuation case should reset to the bear range.[CV031, CV032, CV041, CV042, CV043, CV044]

8.7 Exhibits