Cyber risk is an increasingly important issue for small and medium-sized businesses around the world. While many companies strive to avoid and mitigate cyber risk, they rarely discuss transferring that risk to third parties.
That's why Stoïk has launched a cyber insurance product specifically designed for small and medium-sized businesses. The French startup recently raised a Series B round of 25 million euros (approximately $27 million at current exchange rates).
In many ways, Stoick follows in the footsteps of the Coalition and At-Bay. However, rather than selling insurance products to US-based companies, Stoik focuses only on European companies.
With Stoïk insurance, businesses are protected in the event of a cybersecurity-related claim. For example, if a company has to halt production or temporarily close due to a cyber incident, Stoïk can compensate for lost revenue (gross profit margin) during that time.
Stoik currently covers companies with an annual turnover of less than 750 million euros, with a maximum coverage limit of 7.5 million euros. The company currently operates in France, Germany and Austria.
The startup chose this particular field because cyber insurance is more complex than other types of insurance products. For example, Stoick has built a small internal crisis management team to respond to incidents and assist with data recovery and crisis communications.
“Since the beginning of the week, there have been more than a dozen attacks against our portfolio, including some large-scale ones,” co-founder and CEO Jules Verratto told TechCrunch last week. “Ransomware attack mobilized personnel and brought industrial companies to a standstill in the Lyon region.”
When customers sign up, they receive an overview of their exposure to cyber risks. The startup monitors DNS records and scans online databases for compromised passwords related to this domain name. Stoïk can also perform internal scans and recommend changes to your cloud and Active Directory configurations.
“Our argument is that we provide insurance to businesses, and in addition to that, we help them better protect themselves from cyberattacks, so they are happy and get more for the same price.” And we are happy because we have policyholders who are well protected and therefore have fewer claims than other policyholders. ” Veirat said.
There are still some similarities with the insurance industry as a whole. Like other insurance companies, Stoic needs to avoid accepting too many defective products into its customers' portfolios. This is because this could have a significant impact on the company's loss ratio.
“Insurers' job is to select risks, so who should they let in and on what terms? How well do they understand cyber?” Veirat said. “In other words, am I willing to take on a 50 million euro industrial company that does not have an offline backup strategy? This is just one example, but these are questions we ask ourselves every day.”
Stoik acts as a Managing General Agent (MGA) and works with insurance and reinsurance companies to cover risks. Stoik can create its own rates, products and insurance, but outsources the risk to large insurance companies.
One such partner is Tokio Marine HCC International, the only new investor in the Series B funding round. The remaining round will be made up of existing investors. Alven is leading the Series B, with participation also from Andreessen Horowitz, Munich Re Ventures, Opera Tech Ventures, and Anthemis.
Stoïk does not sell insurance products directly to customers. Instead, work with a third-party insurance broker that already has relationships with small businesses. To date, Stoik has attracted 1,000 insurance brokers.
By the end of 2024, Stoik should have 5,000 policyholders. The insurance premium is equivalent to 25 million euros. Stoick plans to enroll more customers in the future. In the future, the startup plans to expand into new countries every year, starting with the first new European market in late 2024 or early 2025.