Onda

🏢 Multi-jurisdictional platform. Onda operates as a multi-jurisdictional cyber MGA platform with distinct distribution entities by region and a separate U.S. technology entity. The company follows a broker-led distribution model with delegated authority frameworks in Europe and carrier paper in the United States. Onda explicitly avoids direct-to-insured retail solicitation.^[1]

📋 Entity structure. Onda Insurance Services, Inc. is the U.S. distribution entity, domiciled in Maryland with a principal office in Columbia, MD and NPN 21439548; it functions as a licensed producer and surplus lines broker.^[2][3] Onda AI, Inc. is a Delaware-registered technology entity (Registered File 6827922) responsible for developing internal telemetry monitoring systems supporting Threat Lab and platform analytics.^[4][5] Onda SAS is the France distribution entity, headquartered at 80 avenue d'Iéna, Paris, registered under RCS Paris 910621077, with ORIAS number 22005524 and supervision by the Autorité de Contrôle Prudentiel et de Résolution.^[1] CKRe Limited distributes insurance products in the United Kingdom under the Onda trading name, registered at 40 Lime Street, London (Companies registration number 03600683), and is authorized and regulated by the Financial Conduct Authority (FRN 308735).^[6][7]

🔑 Lloyd's coverholder. Onda's European marketing materials explicitly state Lloyd's coverholder status, though the specific coverholder number is not published in publicly accessible company pages or partner press releases.^[1]

⚖️ Carrier licensing posture. Onda is positioned primarily as an MGA and distributor rather than a balance-sheet insurer. In the United States, the issuing insurer is Crum & Forster Specialty Insurance Company (NAIC 44520), a non-admitted surplus lines insurer domiciled in Delaware, with Onda acting as distributor via its licensed producer entity.^[3]

📊 Operating scale. As of December 1, 2023, a trade profile reported a staff count of 32, with offices and operations spanning the UK (via a distribution partner), France, and the United States.^[4] LinkedIn indicates a small-company size band.^[8]

👤 Underwriting leadership. Alex Jomaa serves as Chief Underwriting Officer, bringing prior senior cyber underwriting experience at Tokio Marine Kiln and recognition in Insurance Insider cyber rankings in 2016 and 2017.^[9][3]

🛡️ Claims leadership. Patrick Cannon serves as Chief Claims Officer, with prior Head of Cyber Claims experience at Tokio Marine Kiln and subsequent cyber claims leadership at Marsh; his biography cites claims-service recognition at the Insurance Times Claims Excellence Awards in 2023.^[9][2]

📑 Compliance and legal. Gillian Harvey serves as Group Head of Compliance, with prior deputy group compliance leadership at Athora Holding Ltd and experience across insurers and MGAs including Chubb, CFC Underwriting, HDI Global Specialty, AmTrust Europe, and the Financial Ombudsman Service.^[9] Kate Schulze serves as Head of Legal, with prior government legal experience at the United States Department of Justice and as Senior Counsel at the United States Securities and Exchange Commission.^[9]

🤝 Business development. U.S. business development leadership includes Chris Reynolds (prior role at Coalition) and Joseph AJ Jones (career history referencing Beazley Group USA distribution roles).^[9] Stuart McMillan joined the UK sales team as Distribution Director in early 2025, and France distribution leadership is also attributed to McMillan.^[10][11]

🚀 Value proposition. Onda positions itself as a cyber MGA providing next-generation cyber insurance supported by an in-house platform and partner integrations, designed to streamline underwriting workflows and deliver continuous cyber-risk insights to brokers and policyholders.^[9]

🏦 Customer segments. In the UK, Onda + targets SMEs and corporates with annual revenue up to £100 million and any one claim limits up to £5 million, while Onda X targets mid-market and larger businesses with annual revenue from £100 million to £1 billion and aggregate limits up to £5 million for primary or excess placements.^[12] In France, Onda covers businesses with annual revenue up to €1 billion and limits up to €5 million for primary and excess placements.^[1] In the United States, Onda covers businesses with annual revenues between $50 million and $1 billion, with limits up to $5 million for primary policies through Onda X.^[3]

🔗 Broker-facing distribution. Onda presents itself as exclusively broker-facing, with a low-touch platform enabling onboarding, quoting, and documentation.^[10] In the U.S., Onda works directly with brokers, agents, and insurance carriers and explicitly does not solicit insurance directly from commercial customers or the public.^[3] In the UK, insurance products are distributed by CKRe Limited under the Onda trading name.^[6]

🌍 Geographic authorization. Onda maintains operational presence across three jurisdictions: France (via Onda SAS with ORIAS registration and ACPR supervision), the United Kingdom (via CKRe Limited as the FCA-regulated distribution partner), and the United States (via Onda Insurance Services, Inc. as licensed producer and surplus lines broker).^[1][6][3][4]

💼 Product architecture. Onda publicly markets two primary cyber products: Onda + (SME and lower mid-market positioning in Europe) and Onda X (mid-market positioning, described as powered by Navigator).^[12] For Europe, distribution operates through Lloyd's coverholder status and insurer partnerships, while for the United States, insurance is issued by Crum & Forster Specialty Insurance Company (NAIC 44520), a non-admitted surplus lines insurer domiciled in Delaware.^[1][3] Onda also markets "any one claim" structuring alongside aggregate approaches across product lines and geographies.^[12]

📞 Breach response and claims. Onda markets 24/7 incident response with a structured claims flow covering cyber incident triage, vendor engagement, forensics, legal assessment, ransomware negotiation and payment facilitation, and business interruption review and payment where applicable.^[12][2] Claims administration and management are supported by a platform and technology, including Clive by Five Sigma, and incident management response services are provided with third-party providers as detailed in the policy document.^[2] Five Sigma announced in November 2024 that Onda selected its claims management system, referencing multi-currency and configurable workflows supporting international scaling goals.^[13]

🖥️ Navigator platform. Navigator is positioned as a proprietary cyber risk and insurability management platform offering multi-dimensional cyber risk assessments, continuous monitoring, live threat intelligence, and supply-chain oversight.^[3] The claims page indicates Navigator includes detection and auto-alert functionality built into every policy.^[2]

🔍 Threat Lab. Threat Lab is a business threat intelligence consulting service offered only to European clients, built using proprietary threat analytics and internal telemetry monitoring systems developed by Onda AI, Inc., supplemented by monthly email reports and analyst briefings.^[5]

🏗️ European capacity. Onda positions itself as a Lloyd's coverholder and discloses insurer partners on its France marketing page.^[1] The Onda X product is underwritten by Everest through Lloyd's of London, providing up to £5 million limits for companies with annual revenues above £100 million up to £1 billion.^[14] Onda has also announced a long-term renewal of SME underwriting capacity with Canopius Group in the UK and France.^[15]

🇺🇸 U.S. capacity. In the United States, insurance is issued by Crum & Forster Specialty Insurance Company (NAIC 44520), which operates as a non-admitted surplus lines insurer domiciled in Delaware; Onda explicitly notes the lack of guaranty-fund protection.^[3]

🤖 Panorays partnership. On October 1, 2024, Onda announced a two-year partnership with Panorays to integrate cyber risk assessment, enabling real-time risk data and reducing dependency on lengthy application forms. Partner materials describe a cyber risk engine integrating internal network data, external attack surface data, and threat intelligence.^[16][17]

📦 Five Sigma partnership. On November 18, 2024, Five Sigma announced that Onda selected its claims management platform to support cyber claims workflows and multi-market operations.^[13]

📬 Complaints handling. Onda's UK complaints procedure routes complaints to the Head of Complaints Management at Lloyd's Insurance Company S.A. in Brussels, indicating Lloyd's Europe is structurally relevant to the European program governance and complaint operations.^[6]

🎯 Market positioning. Onda's observable competitive positioning is defined by four characteristics: a broker-facing distribution posture with explicit avoidance of direct public solicitation; a mid-market orientation defined by revenue bands up to $/£/€ 1 billion and maximum limits typically communicated as $/£/€ 5 million; continuous-risk monitoring and insurability management via Navigator, including supply-chain oversight and threat intelligence features; and a claims and incident response narrative emphasizing speed and operational tooling, including third-party partnerships for claims platforming.^[3][2]

📐 Peer alignment. Within the broader cyber insurtech landscape, Onda most consistently aligns with the tech-enabled cyber MGA and coverholder cluster rather than a full-stack carrier, based on its disclosed reliance on delegated authority and carrier paper and its emphasis on an underwriting and insurability platform.^[3]

⚠️ Capacity dependency. Capacity dependency risk is structurally relevant given Onda's explicit reliance on insurer partners (Everest and Canopius in Europe, Crum & Forster in the United States). A capacity shift, tighter underwriting controls, or adverse performance could constrain growth or product continuity.^[1]

📜 Regulatory complexity. Regulatory risk is present due to multi-jurisdiction distribution structures spanning ORIAS and ACPR oversight in France, an FCA-regulated distribution partner arrangement in the UK, and a surplus lines posture in the U.S. Compliance execution, conduct risk, and complaints handling coordination are non-trivial.^[18]

🌐 Aggregation risk. Aggregation and correlation risk is intrinsic to cyber insurance portfolios, particularly for mid-market insureds with interconnected third-party ecosystems. Onda's emphasis on supply-chain oversight indicates awareness, though policy language governing systemic triggers and exclusions is not publicly available.^[3]

🔧 Operational dependency. Operational dependency risk exists around third-party technology integrations and platform reliance, including the Panorays integration and Five Sigma claims platform, encompassing vendor resilience, data governance, and service continuity.^[16]

👥 Key-person concentration. Key-person risk is elevated in early-stage MGAs where underwriting and claims leadership are central to broker confidence and portfolio performance; public materials heavily feature underwriting and claims leaders but do not disclose broader governance depth.^[9]

🧭 Strategic pillars. Onda's declared strategy emphasizes simplifying cyber placement via technology, replacing lengthy forms with real-time risk data, and providing continuous risk insights alongside insurance protection.^[16]

🎯 Execution priorities. The disclosed trajectory suggests three execution priorities: broadening mid-market relevance with the Onda X proposition and limits up to $/£/€ 5 million; strengthening risk signal quality via telemetry and third-party cyber risk tooling integrations; and industrializing claims operations and multi-market scalability through claims platforming and workflow automation.^[3][16][13]

• Cyber insurtech MGAs and underwriting agencies