Ch1 04: Your Industry’s Pricing Model Is 50 Years Old — Here’s How to Break It#

Every industry has a pricing model. And almost nobody asks where it came from.

Think about auto insurance. Your premium hinges on your age, gender, zip code, and driving record. That’s it. A twenty-two-year-old in New Jersey with a clean sheet pays roughly the same as every other clean-record twenty-two-year-old in New Jersey — whether one drives like a grandparent and the other treats every highway merge as a personal dare.

Why? Not because demographics are the best predictor of driving risk. They aren’t. Real-time driving behavior — how hard you brake, how aggressively you corner, how often you sneak a glance at your phone — is orders of magnitude more predictive. The industry uses demographics because, when auto insurance pricing was invented, real-time driving data didn’t exist. Demographics were the only proxy on the shelf.

The technology moved. The pricing model didn’t. And that gap between what’s possible today and what was possible when the model was drawn up — that gap is where fortunes get made.

I saw this dynamic play out clearly when we launched Cork, a cyber insurance company inside the DVx portfolio.

The cyber insurance market in the mid-2020s was controlled by a handful of big carriers, all running essentially the same playbook: a questionnaire. A company fills out a form about its security practices, and the insurer uses the answers to set a premium. The flaw is obvious to anyone who’s ever filled out a compliance form — people fudge. Or, more charitably, they report what their policy says rather than what their practice actually does.

The result is massive mispricing. Companies with terrible security pay roughly the same as companies with excellent security, because the underwriting tool can’t tell them apart. Good risks subsidize bad risks. And the whole market warps under adverse selection — the companies most eager to buy coverage are the ones most likely to file claims.

Cork’s insight was dead simple: instead of asking companies about their security, scan their security. Automated tools can evaluate a company’s external attack surface — open ports, unpatched software, email authentication, encryption standards — in minutes. The scan spits out an objective, real-time risk score that’s dramatically more accurate than any questionnaire.

With that data, Cork could do something the incumbents couldn’t: price precisely. Low-risk companies got meaningfully lower premiums. High-risk companies got higher premiums or got turned away. The economics flipped. Instead of good risks subsidizing bad risks, every customer’s price reflected their actual exposure.

But pricing precision was only half the play. The other half was about where to compete.

Big insurance carriers drag enormous fixed costs — actuarial departments, regulatory compliance teams, claims-processing infrastructure, agent networks. Those costs have to be spread across a large premium base, which means they need customers who pay enough per policy to be worth the trouble. Small businesses — the ones with ten employees and modest cyber exposure — are structurally unattractive to the giants. The revenue per policy doesn’t cover the cost of underwriting.

This isn’t a failure of imagination. It’s a structural reality. When your operating model demands a minimum revenue per customer, everyone below that line is invisible. Not because you don’t care, but because serving them would bleed money.

Cork didn’t carry those costs. Underwriting was automated. Distribution was digital. Claims processing was lean. The cost to evaluate and onboard a small business was a sliver of what a traditional carrier spent. Which meant the segment the big players had to ignore — small and mid-size businesses — was exactly the segment Cork could serve profitably.

This is a pattern I’ve seen over and over: the giant’s greatest strength creates its greatest blind spot. The scale that makes a big company powerful also makes it structurally unable to serve certain markets. And those markets are the safest beachheads for disruptors.

The deeper lesson is about information economics. Every “one-size-fits-all” pricing model in every industry exists because, at the time it was born, the cost of gathering precise information was too high. The auto insurance industry couldn’t track individual driving behavior in 1970, so it used age and zip code. The cyber insurance industry couldn’t scan every company’s security posture in 2015, so it used questionnaires.

But information costs drop relentlessly. Sensors get cheaper. Compute gets faster. Data gets richer. And every time the cost of precision falls below the cost of approximation, a pricing revolution becomes possible.

The question for you: where in your industry is precision now cheaper than approximation, but nobody’s updated the pricing model? That lag — between what’s technically feasible and what’s commercially practiced — is one of the most reliable veins of entrepreneurial opportunity I’ve ever mined.

Guidance#

Run a pricing archaeology exercise on your industry. Find the most entrenched pricing model — the one that’s been around longest, that everyone uses, that nobody questions — and dig into these questions:

  1. When was this model designed? Not last tweaked. When was the fundamental architecture set?

  2. What data existed then vs. now? What sources are available today that didn’t exist at the model’s birth? Sensors, APIs, satellite imagery, social signals, real-time tracking — the menu grows every year.

  3. What’s being approximated? Every pricing model is a proxy for something. Auto premiums proxy driving risk. Cyber premiums proxy security posture. What is your industry’s model a proxy for, and is there now a way to measure the real thing directly?

  4. Who’s overpaying and who’s underpaying? In any one-size-fits-all model, some customers are subsidizing others. The overcharged customers are your early adopters — they’ll jump the moment you offer a fair price.

You’ve now completed step one of the Algorithm: questioning every requirement. We challenged policies, engineering conventions, the word “impossible,” and the price tags nobody examines. Your cognitive locks have been picked. The next question: what do you do with all this freshly unlocked space?

The answer might surprise you. You don’t fill it with new things. You start by removing what’s already there.