Middle Market Spotlight: Meet Caroline Thompson, Middle Market CUO

In this issue of our Underwriter Spotlight Series, we’re excited to recognize Caroline Thompson, Middle Market Chief Underwriting Officer at At-Bay*.

Caroline brings over 15 years of insurance industry experience to her role. Her journey through the InsurTech space — including experience building underwriting operations from the ground up — has given her a unique perspective on what it takes to combine technology, security, and underwriting expertise.

In this spotlight, Caroline shares her approach to underwriting complex risks, what differentiates At-Bay’s technology and data capabilities, and why she believes the InsurSec model represents the future of how insurance companies can actually help clients reduce risk, not just transfer it.

1. What do you find most rewarding about underwriting?

What I find most rewarding is being able to turn uncertainty into informed decisions that actually help businesses move forward. Underwriting sits at the intersection of data, judgment, and trust, especially in complex risks. In the middle market specifically, you get to spend more time on a deal. It is fascinating to be able to see into the details of how an organization is run and how that interacts with their cyber security systems and controls. 

I love the problem-solving aspect: understanding how a company truly operates, identifying where risk is misunderstood or underestimated, and then structuring coverage that makes sense commercially and operationally.

2. How does At-Bay’s technology enhance the underwriting process, particularly in the middle market, and how does it benefit brokers?

The technology that At-Bay has built allows middle market underwriters to already have a deep assessment in their hands by the time a submission hits enters their queue. The intricate and very specific data points that At-Bay finds in our scans go beyond what I’ve seen before. The level of detail in the scan, especially for VPNs, is game-changing.

At-Bay underwriters have so much at their fingertips. We have been collecting advanced data points that others simply do not have. Because of this, we are able to quickly predict claims trends.   By combining real-time data, continuous monitoring, and underwriting insight, we’re able to move beyond static, point-in-time decisions. 

For brokers, that means quicker turnaround, clearer rationale behind decisions, and fewer surprises later in the process. So if we know a particular VPN that our insured is using has a higher likelihood of being exploited, we are going to let our brokers know. Brokers should feel safe knowing they are placing business with an insurer that has that lens.

3. Given your experience, what trends or emerging risks should brokers be paying attention to when advising clients in this space?

One major trend is that risk is becoming more dynamic and interconnected — particularly cyber, technology, and operational risk. Historically, we viewed these as separate silos, but today a single software vulnerability can trigger an operational shutdown, a massive data breach, and a subsequent legal crisis simultaneously.

Another area is regulatory and contractual pressure. Clients are being held to higher standards by customers, regulators, and counterparties, often without fully understanding their exposure. What brokers really need to watch, and what we are seeing in our data, is the “democratization” of class action lawsuits. While these were once the domain of Fortune 500 companies, we are seeing a surge in privacy-related class actions (such as BIPA or Pixel-tracking litigation) hitting the middle market and even smaller businesses. 

Plaintiffs’ attorneys are increasingly targeting smaller firms with incomplete control groups or those using common tracking technologies without proper consent frameworks. Helping clients navigate these legal expectations while aligning coverage and risk mitigation adds enormous value.

4. What excites you about being part of an InsurSec company?

What excites me is the opportunity to actually reduce risk, not just transfer it. InsurSec brings underwriting, technology, and security into the same conversation, which is incredibly powerful.

This allows us to be more proactive, helping insureds strengthen their risk posture while aligning incentives across carriers, brokers, and clients. From an underwriting perspective, InsurSec creates better outcomes, stronger portfolios, and more trusted partnerships. It feels like a more modern, responsible way to approach insurance.

5. What’s something most people don’t know about you?

Most people don’t know that I really enjoy building things from scratch, whether that’s a new underwriting framework, a team, or a process. I’m very comfortable with ambiguity and actually enjoy the early stages where you’re testing, iterating, and learning quickly. It’s where some of the most meaningful innovation in insurance happens — before things are overly formalized.

About At-Bay

At-Bay is the InsurSec provider for the digital age. By combining world-class technology with industry-leading insurance, At-Bay was designed from the ground up to empower businesses of every size to meet cyber risk head on. At-Bay Insurance Services, LLC provides insurance protection and security prevention solutions to close to 40,000 businesses in the US, safeguarding up to $800B in collective business revenue, and offers coverage by non-admitted insurers for Cyber, Technology Errors & Omissions (Tech E&O), and Miscellaneous Professional Liability (MPL). The At-Bay Group also includes an active full-stack insurance company and a cybersecurity company. At-Bay Security offers proprietary cybersecurity solutions including At-Bay Stance Managed Detection & Response (MDR).

*At-Bay Insurance Services LLC is a wholly owned subsidiary of At-Bay, Inc.