Elpha Secure
Corporate and regulatory footprint
ποΈ Legal identity. Elpha Secure Technology, Inc. is a Delaware corporation incorporated in 2018, as recorded in a Regulation D Form D filing with the U.S. Securities and Exchange Commission (CIK 0001850887).[1] The company's website and privacy policy identify the operating entity as "Elpha Secure Technology Inc." and list a New York address.[2] The current principal business address is 580 Fifth Avenue, Suite 820, New York, NY 10036, updated from the earlier SEC-filed address at 576 Fifth Avenue, Suite 903.[1]
π Regulatory status. Elpha positions itself as a fully licensed managing general agent (MGA) operating across all 50 U.S. states, with surplus lines disclosures noting that its products are offered only through licensed surplus lines producers.[3] Based on the company's own positioning and its explicit statements of being financially backed by specific carriers, the most supportable classification is a cyber insurtech MGA with delegated underwriting authority rather than a licensed risk-bearing carrier.[3] Disclosed capacity references point to U.S. carrier paper rather than Lloyd's syndicates, and no entries on FCA, BaFin, or ACPR registers were identified, consistent with U.S.-centric operations.[3]
π Licensing evidence. A public license record from the Florida Department of Financial Services shows a senior claims professional associated with Elpha β business address at the same New York office β holding nonresident property & casualty and nonresident surplus lines licensing categories.[4] While this does not substitute for entity-level producer licensing across states, it evidences the company's use of state producer licensing regimes for personnel.
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Business model and operating architecture
π‘ Core thesis. Elpha's model combines cyber insurance with embedded security software, seeking to reduce loss frequency and severity by bundling managed security tooling into the insurance proposition.[2] The company markets a cyber insurance policy paired with specific economic enhancements β notably reduced ransomware retentions and shortened business interruption waiting periods β when the insured deploys Elpha's security solution.[3] The accompanying software suite, historically branded "Elphaware," is a SaaS platform installed on endpoints with modules spanning EDR-like monitoring, backups, MFA for remote access, and SOC support.[5]
π’ Target market. Multiple sources converge on an SME-to-lower-mid-market orientation, with the company's own marketing emphasising small and midsize businesses.[6] An expanded strategic partnership announced by AXIS Capital Holdings Limited directs standalone cyber submissions for policyholders with revenue up to $100 million to Elpha's platform via wholesale brokers, effective 1 July 2024.[7] Risk-transfer plumbing sits on surplus lines carrier paper with multiple carrier participants backing the program.[3]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Product and coverage analysis
π Policy structure. Elpha markets a cyber insurance policy described as a straightforward product with embedded software upgrades and coverage enhancements.[8] A base policy starts at $1,000 for insurance plus software combined.[9] Marketed enhancements include a $500 extortion loss retention, a 6-hour waiting period, and a 365-day period of restoration for business interruption when the insured adopts the security solution.[3]
π‘οΈ First-party coverages. Elpha's marketing pages explicitly list business interruption and system failure coverage (with waiting-period and restoration-period enhancements), ransomware and cyber extortion coverage (with a referenced extortion loss retention), and incident response expenses.[9] Data restoration, bricking or hardware damage, reputational harm, and social engineering or funds transfer fraud are not referenced as named insuring agreements in accessible materials, though certain breach-response panel services and email-security features address adjacent exposures on a services rather than coverage basis.[10][11]
βοΈ Third-party coverages. Network security and privacy liability, regulatory fines, and PCI coverage are each explicitly listed.[9] Media liability and bundled technology errors & omissions coverage are not referenced in accessible product pages.
π₯ Breach response model. Elpha maintains a curated provider panel and encourages policyholders to use listed providers. Only expenses incurred through engagement of listed response providers and with Elpha's prior written consent qualify as incident response expenses under the first-party insuring agreement, indicating a panel-led incident response model with economic controls rather than unrestricted vendor choice.[10]
π Coverage enhancements. Policyholders who adopt Elpha's security solution receive enhanced coverage including lower retentions, shorter waiting periods, and longer restoration periods.[8] This mechanism links insurance economics directly to security adoption, functioning as both a risk-reduction tool and a commercial incentive for bundled uptake.
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Cybersecurity services and technology stack
π₯οΈ Service architecture. Elpha's software is positioned as endpoint-installed tooling with additional managed services, supported by a Security Operations Center.[12] Pre-bind services include a deep scanning tool for external network and cloud assets to detect vulnerabilities and misconfigurations, combined with a monthly outreach cadence focused on the most critical risks and an option for quarterly reporting.[11] This functionally resembles underwriting hygiene enforcement and risk-improvement workflows aligned with cyber insurance subjectivities.
π Continuous in-force services. The security agent comprises seven described components: real-time threat monitoring (EDR-like), remote access protection with MFA, SOC outreach for top patches and mitigations, email security ("ES Mail") for phishing, spam, and fraudulent financial transaction identification, patching capabilities for vulnerability and version management, dark web monitoring, and exposed credential monitoring.[11] Post-incident, Elpha's claims page provides an incident hotline routed through incident response counsel, references a provider panel, and establishes a formal claims email notice process.[10]
π€ Technology partners. Elpha launched its cyber insurance offering on Socotra's cloud-native platform, with implementation completed in less than two months.[3] An analytics partnership with CyberCube provides access to Portfolio Manager and Single Point of Failure Intelligence for managing portfolio accumulation and supporting growth and capital discussions.[2] In October 2025, Elpha announced a partnership with SentinelOne to integrate its insurance offering with SentinelOne's security platform for SMB customers.[13] The software is third-party audited by Security Compass Advisory and references VB100 testing as a validation mechanism.[10][11]
π° Bundled economics. Elpha's broker-facing marketing states that a single premium includes both insurance and the software suite, indicating bundled economics for core insured distribution.[3] Separately, a co-branded page with Selective Insurance shows per-device pricing tiers of $25 and $37 per device per year, implying the software can also be packaged as a standalone subscription or affinity benefit depending on channel structure.[14]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Distribution, geography, and partnerships
π Channel architecture. Elpha distributes through wholesale insurance brokers and markets an online quoting-and-binding workflow capable of delivering quotes in seconds.[8] The AXIS partnership expansion likewise references routing submissions via wholesale broker partners to Elpha.[7] Geographic operations span all 50 U.S. states, with no disclosed capabilities outside the United States; the public site is U.S.-oriented, featuring U.S. contact information and surplus lines disclaimers.[3][15]
π¦ Capacity providers. Elpha's broker page states the program is financially backed by AXIS Surplus Insurance Company and Everest Re Group.[3] Additional disclosures name Everest Indemnity Insurance Company alongside AXIS Surplus Insurance Company as insurers underwriting the cyber program, confirming a multi-carrier structure.[16]
π AXIS relationship. The AXIS relationship commenced in 2021, with AXIS serving as both an investor and a capacity provider. By July 2024, AXIS began directing certain standalone SME cyber submissions covering policyholders with up to $100 million in revenue to Elpha's platform, a meaningful indicator of institutional confidence and a signal that AXIS viewed Elpha as a scalable distribution and servicing mechanism for a portion of its SME cyber portfolio.[7]
π€ Distribution partnerships. Elpha has referenced a digital distribution partnership with Affinity Advisors to streamline access to cyber insurance and security solutions through wholesale broker partners.[17] No identified AXA connection β investor, capacity or reinsurance relationship, or distribution partnership β was found in the sources reviewed.[18]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Leadership, governance, and personnel signals
π€ Founders. Preetam Dutta is identified as CEO in Elpha communications and listed as an executive officer and director in the SEC Form D filing.[13][19] Gordon Malin is identified by AXIS as Elpha's co-founder and CEO as of June 2024.[7] External profiling and Elpha's positioning indicate a technical cybersecurity orientation at the founding level, though detailed prior employer histories are not available in primary sources.
π Key leadership. Josh MacDonald is publicly referenced as Chief Underwriting Officer in multiple industry contexts, including events and commentary.[3][20] David Williams-King serves as CTO, having joined Elpha after completing a PhD at Columbia University; his academic background is documented on a Columbia Computer Science personal page.[7][21] Perry Tsao appears in a Florida license record with a business address aligned to Elpha and holds nonresident P&C and nonresident surplus lines licensing categories.[1]
π Education. David Williams-King's doctoral training is associated with Columbia University. Preetam Dutta's education claims β a PhD at Columbia and an undergraduate degree at Yale University β appear in secondary profiles rather than primary filings and should be treated as contextual.[13][22]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Funding, financial signals, and performance metrics
π΅ Capital raised. Elpha completed a $20 million Series A in October 2022 led by Canapi Ventures, with participation from Stone Point Ventures, AXIS Capital, State Farm Ventures, The Hartford STAG Ventures, Fermat Capital Management, and EOS Venture Partners.[18] Earlier seed funding is referenced as more than $9 million, placing cumulative disclosed funding at greater than $29 million.[18]
| Round | Date | Amount raised | Lead investor | Notable co-investors | Cumulative funding |
|---|---|---|---|---|---|
| Seed | Referenced by April 2022 announcement | >$9M | β | β | >$9M |
| Series A | October 2022 | $20M | Canapi Ventures | Stone Point Ventures; AXIS Capital; State Farm Ventures; The Hartford STAG Ventures; Fermat Capital Management; EOS Venture Partners | >$29M |
π Financial transparency. Elpha does not publicly disclose gross written premium, policy count, loss ratio, or revenue. The sole publicly accessible scale proxy is a third-party headcount estimate of approximately 40 employees.[23] No statutory insurance financial filings attributable to an Elpha-owned carrier entity were identified; diligence relied on SEC Form D identity data, insurer and partner disclosures, and company-controlled product pages.[1]
| Metric | Most recent figure | Source |
|---|---|---|
| Gross Written Premium (GWP) | β | β |
| Policy count (in force) | β | β |
| Net loss ratio | β | β |
| Revenue | β | β |
| Net income / net loss | β | β |
| MGA commission rate (% of GWP) | β | β |
| Headcount | ~40 | Built In (third-party listing) |
| GWP per employee | β | β |
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Competitive positioning, risks, and outlook
πΊοΈ Competitive cluster. Within the cyber insurtech ecosystem, Elpha fits the "embedded cyber defence + cyber insurance" cluster, combining underwriting structure with active security tooling and using insurance economics β retention and waiting-period enhancements β as an adoption lever.[9] Closest peer analogues include At-Bay, which positions a combined insurance and security platform with MDR and policy enhancements tied to security controls; Coalition, which markets active cyber insurance with incident response and affiliated security capabilities; and Cowbell, which emphasises continuous underwriting and continuous risk assessment.[24][25][26]
βοΈ Differentiation. Elpha's differentiation versus these larger platforms rests not on scale disclosures, which remain limited, but on two factors: explicit program relationships with AXIS that route SME cyber submissions to Elpha's platform, and security product breadth centred on endpoint-installed capabilities plus SOC outreach, including newer email-security tooling.[7]
π° Moat assessment. Elpha's partnership with CyberCube for portfolio analytics and accumulation risk tooling signals an intent to professionalise cyber catastrophe management for capacity discussions.[2] The software suite is described as modular and configurable in active or passive modes, covering endpoint monitoring, backups, email security, and vulnerability management β broader than a pure scan-based underwriting overlay.[11] AXIS's 2024 decision to direct certain SME submissions to Elpha indicates distribution leverage, while disclosed carrier backers (AXIS Surplus and Everest entities), combined with AXIS's investor role, provide a positive capacity-stability signal but also intensify counterparty concentration risk.[3][7]
β οΈ Risk factors. Key institutional risk factors include:
- Capacity dependency: The program's backing by a limited set of carriers creates single-point fragility if capacity appetite changes, pricing corridors tighten, or performance triggers are invoked.[3]
- Systemic aggregation risk: Cyber accumulation remains the existential risk of the class; a Milliman case study quoting Elpha's underwriting leadership highlights catastrophic systemic exposure framing.[27]
- Execution risk in bundling: Bundling security into premium requires consistent adoption and operational support (SOC capacity, deployment success) to realise loss benefits; Elpha acknowledges installation workflows and feature toggles as operational realities.[11]
- Claims cost control vs customer experience: Reimbursement gating through approved providers and prior consent can manage severity but may create friction for policyholders preferring other vendors.[10]
- Competitive pressure: Larger InsurSec peers operate at significantly greater disclosed scale, increasing their ability to invest in threat intelligence and incident response.[28]
- Regulatory risk: The model relies on surplus lines distribution and producer licensing compliance across many jurisdictions.[15]
π Strategic trajectory. In February 2023 Elpha increased capacity to quote businesses with revenues up to $100 million and broadened underwriting appetite into additional industries including transportation, entertainment, life sciences, and certain education sectors.[29] AXIS's expanded partnership in mid-2024 formalised a deliberate shift of SME cyber submissions to Elpha's platform.[7] Security capabilities have expanded from endpoint tooling into email security and financial transaction fraud signalling through the ES Mail feature, and the SentinelOne partnership (October 2025) signals a strategy of integrating with a mainstream endpoint security platform as a co-managed layer.[11][13] In February 2026, Elpha's newsroom indicated an ES Mail launch and cybercrime limit expansion to $500,000.[15]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Company timeline
| Date | Event |
|---|---|
| 2018 | Delaware incorporation and founding.[1] |
| March 2021 | AXIS announces strategic partnership to provide cyber insurance and Elphaware-based software protection for small businesses.[5] |
| April 2022 | Cyber insurance offering launched on the Socotra platform; seed funding referenced as more than $9 million. |
| October 2022 | $20 million Series A led by Canapi Ventures announced.[18] |
| November 2022 | CyberCube partnership announced for portfolio analytics and single-point-of-failure intelligence.[2] |
| February 2023 | Increased capacity to quote risks with up to $100 million in revenue; broadened underwriting appetite into additional industries.[30] |
| JuneβJuly 2024 | AXIS expands partnership; begins routing certain SME standalone cyber submissions to Elpha via wholesale brokers effective 1 July 2024.[7] |
| October 2025 | SentinelOne partnership announced.[13] |
| February 2026 | Newsroom headline indicates ES Mail launch and cybercrime limit expansion to $500,000.[15] |
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
References
- β 1.0 1.1 1.2 1.3 1.4 1.5 {{#invoke:citation/CS1|citation |CitationClass=web }}
- β 2.0 2.1 2.2 2.3 2.4 {{#invoke:citation/CS1|citation |CitationClass=web }}
- β 3.00 3.01 3.02 3.03 3.04 3.05 3.06 3.07 3.08 3.09 3.10 3.11 3.12 {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β 5.0 5.1 {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β 7.0 7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 {{#invoke:citation/CS1|citation |CitationClass=web }}
- β 8.0 8.1 8.2 {{#invoke:citation/CS1|citation |CitationClass=web }}
- β 9.0 9.1 9.2 9.3 {{#invoke:citation/CS1|citation |CitationClass=web }}
- β 10.0 10.1 10.2 10.3 10.4 {{#invoke:citation/CS1|citation |CitationClass=web }}
- β 11.0 11.1 11.2 11.3 11.4 11.5 11.6 {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β 13.0 13.1 13.2 13.3 13.4 {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β 15.0 15.1 15.2 15.3 {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β 18.0 18.1 18.2 18.3 18.4 {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
- β {{#invoke:citation/CS1|citation |CitationClass=web }}
{{#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Reflist with unknown parameter "_VALUE_"|ignoreblank=y| 1 | colwidth | group | liststyle | refs }}