Stoik wants to democratize cyber insurance for SMEs

Not only the SMBs largely underestimate their risks in the face of cyberattacks, but moreover very few are covered by a dedicated insurance. According to the figures available to Bercy, less than 0.3% of companies between 10 and 15 million euros in turnover have taken out cyber insurance. However, the risk of mortality is very high in the event of a cyberattack for these structures which do not have a large financial surface.

Unfortunately for the SME, it is becoming more and more difficult to obtain insurance. Insurers are reluctant because the available capacities are decreasing, the profitability of these products is very uncertain, risk assessment hazardous, or else their prices are prohibitive and the exclusions multiple. In addition, they now almost systematically call for the implementation of adequate protective devices.

An offer that aims to be affordable for SMEs
It is in this context that Stoik was launched in March 2021, which presents itself as the first insurtech combining cyber insurance and security software, and the only intermediary specializing in cyber insurance. The start-up brings together four partners: Jules Veyrat, Alexandre Andreini (a former black hat), Nicolas Sayer and Philippe Mangematin, the co-founder of the neo-casualty insurer Seyna.

The Parisian start-up has just announced a fundraising of 3.8 million euros from Alven, Anthemis Group, Kima Ventures, and several business angels, including the founder of the neo-insurer Luko. She launched her product three weeks ago, with the idea of ​​making it an affordable and easy-to-understand solution for SME managers lost in the face of this complex and technical subject.

Free Vulnerability Audit
The software brick consists of a monitoring tool that continuously audits the company’s vulnerabilities. Free, it also serves as an anti-selection tool, so as not to accept companies with too high a level of risk. “It’s cyber hygiene in the long term”, explains Jules Veyrat, co-founder and president of Stoïk, at L’Usine Digitale. The software does not protect against attacks, it is up to the customer to implement their own security solutions. If Stoïk detects a critical vulnerability in an insured customer, the latter has one and a half months to correct it or risk having their contract terminated.

The software is therefore used, and this is quite clever, as a loss leader, a tool for selecting and pricing insurance coverage according to risk, and replaces the use of expertise. “Traditional insurers are not able to avoid the worst risks in SMEs with less than 50 million turnover, which are our core target. They only send experts to large groups or ETIs For the rest they are generally based on declarative, and by default apply many exclusions”comments Jules Veyrat.

Risk Bearer Acheel
The insurance part of the integrated offer, carried by the neo-insurer Acheel and a reinsurer, covers assistance in the event of a cyberattack (legal procedures, 24/24 hotline, etc.), the manager’s civil liability vis-à-vis data leaks, and operating losses as well as restoration costs, up to a maximum of one million euros. Not ransom payments, and that’s deliberate. The offer is distributed directly and through brokers.

Jules Veyrat indicates that he already has a few dozen insured customers, who pay according to their turnover and their sector between 500 and 2500 euros per year. Based on the files received, the refusal rate for reasons of insurability due to critical vulnerabilities is between 25 and 30%. Some very specific sectors are automatically excluded, such as cryptocurrencies or pornography.

In North America, where the cyber insurance industry is more mature, players of this type are growing rapidly and several big rounds have recently taken place. The Insurtech Coalition raised $205 million in Series E last September and surpassed 50,000 insured companies. We can also mention the Canadian company At-Bay, which raised $185 million in series D in July 2021.

Leave a Comment