4 min read

Frequency Analysis #3

There's a temptation in risk analysis to believe that, if you could just find a high fidelity signal, future risks could be prevented. Sometimes this is true, but we are pretty good at looking backwards and patching idiosyncratic vulnerabilities, so many signals lose value quickly – a phenomenon similar to factor timing. One way around this is to look across fields for connections, relationships or corollaries.

As the world knits together technology, finance and geopolitics, risks can cascade between domains just as it cascades within them. This correlation of intra and interdisciplinary risk leads us to a world with two states: "risk on" and "risk off." Insurance does this explicitly by transmuting catastrophe, cyber, legal or other perils into financial risk. So is this just pushing risk around, like squeezing a balloon? Not quite, some of risk reductions come from pooling; some from selection, and some from loss control.

In Matt Levine's Money Stuff yesterday he cites Byrne Hobart piece Pricing is UX and talks about the three models of venture investing: selection, deal flow or operational improvements. Risk investing also has selection and deal flow, but most risk investing focuses on underwriting and pooling rather than access to deals. The challenge in risk investing, as opposed to venture investing, is that the outliers are negative and they find you through adverse selection. So good deal flow helps a lot less than bad selection hurts, but lots of insurance brokers are out there saying:

we choose all three: We provide lots of wisdom and help to our [clients], which makes lots of [Chief Risk Officers] come to us first, so we get a lot of deal flow, and then with our wisdom we choose only the best [risks] and pass on the rest.

Anyways, here are a few unrelated stories about insurance in Ukrainian, Taiwanese, AI and natural disaster risks. Crazy how the market for insurtechs fell apart and regulations increasing caused the drop in insurance M&A just as the world went "risk on."


Speaking of insurance risks, State Farm pulled out of the home insurance market in California. This after Famers Insurance, Bankers and AAA cut their exposure to Florida homes. It's easy for a couple market exits to turn into a rout as insurers all worry that the defectors know something they don't.

In the venture investing pieces by Matt and Byrne they link to a Crunchbase story about platform teams at venture firms. Venture is famously a field where errors of omission are costlier than errors of commission. If platform teams are the "key to VC success" as the article's headline suggests, then omitting that function from your firm could be very costly. If you do hire for platform, but get a marketing person instead of a sales person, that's not so costly. The point is that founders/CROs appreciate wisdom and that wisdom helps you in selection. But if the error is not of omission or commision, but of principle, then it might be a sign that you don't understand the business that you're in (disclaimer: I used to work in venture).

Here's a more upbeat story about venture capital, the cyber insurance startup Resilience raised $100m to help the insured improve cyber operations. At a time when many in cyber insurance have been licking their wounds, Resilience and their new backer, Intact Financial, are doubling down.


It may be a bit of a scary time to double down on technology risk as security researchers release new AI based malware strains, chat agents to deploy malware and tools to identify vulnerabilities in the wild. These stunts come amid recent revelations of a four month long cyber intrusion across 12 Norway's governement departments, along with recent Dell and Microsoft security flaws.

On the defensive side, DARPA is racing to develop AI for cybersecurity with $18.5M in prize money in an AI Cyber Challenge. The Cyber Grand Challenge of 2016 was a similar competition, also aimed at automating security, that produced only moderate success. For defense to scale, it automate many of the tedious and expensive tasks, which will require more data and better agents.

After the long conspicuous absence of an air war in Ukraine there are signs of an uptick as Ukrainian drone attacks on Russia increase and Russian airstrikes target Odessa. Both sides are introducing untested doctrines to the fight, not relying on U.S. style full-spectrum doctrine, which requires nearly complete battlespace control. Neither side can maintain absolute control of the battlespace, as is often the case in intransitive games. Ukraine's small and autonomous drones are agile and equipped to evade jammers and detection, if reports are to be believed. Russia's marine massed missiles and drones are expendable and inaccurate. This leads Ukraine to attempt attacks behind enemy lines, piercing deep, but not wide while Russia is directly bombarding Ukrainian bastions with little accuracy.

Drawing conclusions at this stage is probably premature, but if we are learning anything from the advances in weapons technology, it is that strategy is often driven by the tactics available to you and tactics are limited by your tools. It will be interesting to see if this general lesson applies in AI cybersecurity as well.


Ukraine and Russia aren't the only countries making drone headlines. The U.S. announced its AI pilot flew an XQ-58A Valkyrie drone. Long range autonomous drones are critical to the US Air Force's technology development plan. With the past delays still plaguing the F-35, notably in software, we will see if the American approach of large platforms and long development time in the lab can lead to groundbreaking new capabilities. In any case, it appears that the Valkyrie is being developed not with Russia or Ukraine in mind.

As India gears up its drone program they are encountering supply chain challenges as concerns about Chinese made parts mount. With Russia, a long time supplier of Indian military hardware, finding itself short of equipment and outsourcing much of its drone production to Iran, India has had to expand its own defense industry. This comes at a time when India's main rival, Pakistan, is deepening ties with Turkey, home to the now famous Baykar drones being used by Ukraine and exported to Saudi Arabia.

India isn't the only one worried about Chinese insider risk, although this recent story focuses on Chinese influence in the financial services industry, not defense. Venture capital firm GGV sold its stake in ByteDance, Tiktok's parent company, after last month's House select committe criticized it and other firms with significant investments in the PRC. With two offices in China and a 30% exposure target for China in their next fund, GGV and other firms will be disentangling themselves for years to come. Plus, the TikTok ban debate is heating up again as election season kicks off, so it's not a bad time to exit anyway.