New cyber insurance CFO enters a ‘soft’ market

Cyber insurance industry veteran John Botros has joined insurtech company Cowbell as its new CFO to help guide the company in its next phase of strategic growth.

Botros, previously finance chief at Resilience, joins Cowbell at a time when it plans growth in international cyber, financial lines, resiliency services, mid-market expansion, and franchise subscriptions.

Botros also joins Cowbell at a time when the cyber insurance market is in a “soft” period characterized by increased competition and declining rates. Cyber insurance rates fell 7% globally and 3% in the US in Q4 2025, according to insurance broker Marsh’s latest global and US insurance market indices.

CFO Brew recently spoke with Botros to hear more about how he’ll help Cowbell achieve its growth goals. He also offered his perspective on the current state of cybersecurity and the cyber insurance market.

This interview has been edited for length and clarity.

It sounds like Cowbell is focusing on some key growth areas. How are you tracking your growth strategy objectives?

As you look at the mid-market, that’s the next space [for Cowbell to grow]. There’s a lot of dollars there because of the fact that digital transformation is happening very quickly. What that means is, now you’re taking a lot of assets [and] creating them to be digital. That means a lot of value is stored there. You’re no longer having houses and properties, you’re having digital assets. And now the value’s there, thus the risk is there, thus, you need a cyber [policy] as well.

Does the current soft market add a challenge to growth plans?

It certainly does. With a soft market, not only are you seeing added capacity, but you see prices come down and it’s hard to grow by a dollar value when rates are dropping. If your rates are dropping by 20% or 30%, you have to add 20% or 30% more policies just to get where you were before. Now, that doesn’t mean you can’t grow from a policy holder or policy count perspective, which is where I think a lot of folks are focusing now. The nature of insurance is cyclical, but especially in cyber, it might be a little bit more quick to adopt and to change, especially with the addition of AI.

I think over the last several years, the cybersecurity vendors and all the things we have in place have gotten ahead of the threat actors…What we’re seeing with the acceleration of AI is that the threat actors are going to start to probably get ahead of the cybersecurity vendors again. You’re potentially going to see a quick shift in that market where…you see losses, and then the cybersecurity vendors need to catch up with their technology. And then, of course, that will affect the cyber insurance market.

How do you balance growth in the middle market space with underwriting discipline to avoid racking up losses when that does happen?

I think it’s twofold. One is underwriting—so, risk selection, understanding which organizations think about cybersecurity first so they’ll be able to make sure they’re at least ahead of the curve and making sure that whatever can get compromised is kind of taken care of.

But then there’s also risk mitigation. Being the cyber experts ourselves, [we need to say] we understand A, B, and C are potential threats that are now emerging based on new technology; let’s go ahead and be proactive in mitigating that risk.

How is your growth strategy being executed between organic and inorganic growth?

I think the vast majority will be organic, so just expanding our reach in terms of market products and [geographies]. But there are also inorganic opportunities, mostly for distribution. In terms of technology and what we provide from an underwriting capability, and then services on top of it, all of that is internal. There could be opportunities to look at potentially a smaller provider for some sort of cybersecurity [vendor], but we tend to work with them as third parties and we’re a reseller of those. So they transact through our platform. But when we’re looking at inorganic opportunities, it’s mostly for distribution.

As CFO, how are you ensuring the capital is there to make these investments in growth?

The capital is there from our investors, and we need to make sure we’re investing to the point where we’re not necessarily saying ROI, but at least enterprise value, so whatever makes a standalone cyber insurer or MGA [managing general agent] more valuable, i.e., growth from a top line perspective but also from a profitability perspective on the lines of business we’re looking at. I’m less concerned about our profitability today. I’m more concerned with making sure that any line of business we’re looking at ends up being very profitable, because that’s where the added investment can actually come from.