• Plenty of capacity to write new cyber business
  • We are highly suited to the risks that are very hard to place
  • Broad appetite for all industries
    • professional services,
    • hospitals,
    • pharmaceuticals,
    • manufacturers,
    • retailers,
    • financial institutions and
    • public entities (including municipalities)
  • Cyber policy and Ransomware-Only policy options
  • Max $5m primary limit
  • Zero deductible and 1 hour waiting period for all ransomware and malware attacks
  • Appetite for the smallest risks up to revenue $5bn
  • Cyber insurance that puts malware and ransomware-blocking first using the unbeaten Trident LockdownTM powered by AppGuard® zerotrust 24/7 managed application whitelisting service

Please watch these two short videos that introduce Trident LockdownTM’s power and its very low carbon footprint.

Trident LockdownTM powered by AppGuard® deployed on the endpoint is a highly effective barrier of last resort; if malware or ransomware does successfully get past the multiple layers of defence, when it reaches the endpoint, it will not detonate.

Trident LockdownTM is the only SaaS we know of that reliably plugs that final security step on the endpoint, which is why we mandate its use with all Cyber Lockout® policies.   Trident LockdownTM gives us complete confidence to write full limit ransomware coverage on zero deductibles and 1 hour waiting periods for almost ANY client with ANY cyber maturity or ANY claims history.

Unlike many cyber other insurers, we have a broad appetite for risk and are willing to quote the majority of accounts that no other insurer will entertain due to a less-than-ideal cyber posture.  We include primary limit ransomware coverage on all policies with a zero deductible and 1 hour waiting period, as standard, regardless of cyber maturity or claims history.

We can do this because GBMS Trident LockdownTM powered by AppGuard® reliably blocks the detonation of malware and ransomware.


We are often asked why we will not accept other AV and EDR solutions instead of GBMS Trident Lockdown powered by AppGuard®.  A study in 2022 revealed that nearly all AV and EDR solutions – including some the biggest names around today – are not capable of reliably preventing all malware, as they are still failing to prevent common attacks.

Periodically in the cybersecurity news we read of new vulnerabilities in some of the best-known names in EDR, allowing hackers to bypass the security.  The best EDR products – especially those with a 24/7 monitoring service around them – are good, but they are clearly not infallible

We have spoken to many CISOs who acknowledge this, and they see our solution as a belt-and-braces to catch those items of malware which otherwise would bypass the client’s existing AV/EDR solution.

AppGuard® first launched in 2009 and since that time it remains undefeated by malware and ransomware in real world installations and in multiple pen tests.  To our knowledge no other solution is as effective as AppGuard® at blocking malware and ransomware from detonating.

Trident LockdownTM was launched more recently, providing clients with a professional 24/7 managed services to ensure the implementation and maintenance of AppGuard® in the client environment is done properly and securely.

Cyber Lockout® started out as something that we were offering through a portal in the U.S. for the ‘S’ of SME.  Our US portal offering is undergoing developments that will make it even more attractive to SME businesses in the future.  More news on this will be released in due course.

As a result of rapid changes in the market, which needed to undergo a sharp correction to stem rapidly rising losses, we soon realised that there was a wider demand for our insurance and the accompanying cybersecurity solution, via the open market.

We see a lot of interest from clients who have recently suffered a ransomware attack and who are finding it increasingly difficult to source any or any affordable cyber insurance.  We also see a lot of interest from clients facing very large rises in their cyber insurance renewal premiums and from those whose cybersecurity posture is not good enough to meet the strict new qualifying criteria demanded by the market.

Cyber Lockout is underpinned by our strong relationship with GBMS, who provide their Trident LockdownTM service (including implementation, management and support of AppGuard® zero trust, endpoint protection) to all our clients, along with the backing of Munich Re Lloyd’s Syndicate paper.

The cost of Trident Lockdown is broadly in line with other leading endpoint security offerings, but the value is much greater – as it has never been beaten by malware or ransomware since its creation in 2009. It is so effective that it is approved and trusted by the military and defence sectors as well as certain critical infrastructure.

  • We only sell Cyber Lockout® insurance policies to clients who purchase and protect themselves with a highly effective endpoint protection in the form of GBMS Trident Lockdown.
  • We sell a choice of a full cyber policy or a ransomware-only policy.
  • We do not include E&O coverage with any of our policies.
  • Coverage for ransomware/malware/virus attacks is tied specifically and only to endpoints that are protected by GBMS Trident Lockdown; if an attack happened on a device not protected by Trident Lockdown, our policy would not respond
  • To emphasise our confidence in the efficacy of Trident Lockdown:
    • In our ransomware-only policy, we offer a zero deductible for successful execution of ransomware on endpoints protected by Trident Lockdown.
    • In the full cyber policy, we offer a zero deductible on successful execution of ransomware, malware or viruses on endpoints protected by Trident Lockdown.
    • In our ransomware-only policy, we offer a 1 hour waiting period for BI following a successful ransomware attack on endpoints protected by Trident Lockdown.
    • In our full cyber policy, we offer a split waiting period:
      • 1 hour waiting period for BI following a successful ransomware, malware or virus attack on endpoints protected by Trident Lockdown
      • Typically 8-24 hours waiting period for other BI events
  • Coverage in the full cyber policy does not include
    • Social engineering/theft of funds/wire-fraud
    • Contingent business interruption
    • System failure business interruption
  • For all open market risks the client will be entering into a normal insurance contract with us (via the broker) and a separate contract for Trident Lockdown directly with GBMS.  To get a GBMS Tech quote they must complete a very simple Quote Request form.
  • Client will get invoiced directly from GBMS and will pay GBMS according to their agreed payment terms.  Broker does not get involved in the collection and transmission of GBMS licence fees.
  • After contracts are signed, it takes about 1-2 business days for Trident Lockdown installation files to be created for any given client.
  • These are uploaded to a file sharing site (password protected) and the client just logs in and downloads and follows the instructions.
  • If the client has someone (an MSP) who administers their IT for them, then GBMS will send the installation file to that MSP for them to schedule a time for Trident Lockdown to be rolled out to the client’s computers and servers.
  • Once installed, Trident Lockdown initially spends around 1-2 weeks to learn everything that the client routinely runs in its computers.  During learning mode, it is not protecting the client.  After it has been in learn mode for 1-2 weeks, every executable on the computer (which the client ran during that 1-2 weeks) will have been checked, vetted and declared dangerous or safe.  GBMS will not delete anything; if they see something potentially harmful they will inform the client and the client will need to remove it.
  • This 3-minute video describes how Trident Lockdown reliably blocks all malware.  It is also summarised in Steps 6-10 below.
  • It works on the principle that you will need certain things to run in your computer for you to do your job.  For most businesses that is a limited set of programmes.
  • Traditional antivirus and EDR works by maintaining and constantly updating a list of known malware.  When a new one is detected, its fingerprint is added to the bad list and eventually our computers get updated with that signature to know to block it in the future.
  • The problem with this is the time it takes to add variant malware to the bad list and new variant malware is being released every day.  During that time, variant ransomware and malware gets a free run at attacking the client.  Modern EDR systems go further than that by looking for evidence of suspicious behaviour after the malware has executed, but they are still reliant on detecting and stopping the malware after it has executed, which may be too late.
  • Trident Lockdown works by allowing ONLY those apps that are pre-approved and certified as 100% correct and safe to execute on the client’s endpoint (computer, server, laptop, tablet etc)
  • EVERYTHING ELSE IS BLOCKED BY DEFAULT.  It is this feature that provides the high degree of certainty that malware and ransomware will not be able to execute.  However, malware or ransomware may get into the computer past the multiple layers of defence, if it is not in the good/safe list for that computer (which it would not be) it will be blocked every time from executing.  In that regard, Trident Lockdown can easily handle all zero-day vulnerabilities and attacks.
  • The GBMS SOC team are always involved in the decision to permit an application onto the client’s trusted/safe list.  The client should never be permitted to make that call themselves, as they are much more likely to get it wrong and trust something they should not.  GBMS knows how to check that software is the true version and not laced with a backdoor or malware.  They tell the client if it is safe to use and then GBMS adds it to the good/safe list.
  • Because of the 1-2 weeks learning mode, in an ideal world the client will install Trident Lockdown around 2 weeks before they commence the insurance policy.  This ensures that on the day the insurance policy starts, they are already in full protection mode and coverage for malware and ransomware applies.


THE Volante Cyber Lockout TEAM

Graeme King

Managing Director

Volante Financial & Professional Lines - Cyber Lockout


Graeme King

Managing Director

Volante Financial & Professional Lines - Cyber Lockout

Graeme has over 30 years of experience as an IT consultant, a technology and intellectual property lawyer and a cyber and technology E&O underwriter. A highly respected figure in the cyber insurance arena, he is at the forefront of the evolution of cyber risk mitigation solutions as a driver of cyber insurance and the use of AI to assess cyber risk.

Previously, Graeme was Business Group Leader for Cyber and Tech at Barbican Insurance, among the top five cyber markets in London. From 2012 – 2014, he led a regional team of technology and cyber underwriters at Allianz, focussing on large global primaries. Prior to that, he specialised in underwriting Tech E&O risks for Hiscox in London, India and Australia.

Return to Team