ARTICLE AD
Cyber risk has become an increasingly important issue for small companies around the world. While many companies try to avoid and mitigate cyber risks, they rarely discuss transferring those risks to a third party.
That’s why Stoïk is stepping in with a cyber insurance product specifically designed for small and medium-sized businesses. The French startup recently raised a €25 million Series B round (around $27 million at current exchange rates).
In many ways, Stoïk follows in the footsteps of Coalition or At-Bay. However, instead of selling its insurance products to U.S.-based companies, Stoïk focuses exclusively on European companies.
Once insured by Stoïk, businesses receive coverage in the event of a cybersecurity-related claim. For instance, if a company needs to halt production or temporarily close due to a cyber incident, Stoïk can compensate for loss of revenue (gross operating margin) during that period.
Stoïk currently covers companies with an annual turnover of €750 million or less with coverage limits of €7.5 million. At present, the company operates in France, Germany and Austria.
The startup chose this particular vertical because cyber insurance is more complex than other types of insurance products. For instance, Stoïk has built a small in-house crisis management team to respond to incidents and assist with data recovery and crisis communication.
“Since the beginning of the week, we’ve had a dozen attacks on our portfolio, including a major one,” co-founder and CEO Jules Veyrat told TechCrunch last week. “We have people mobilized in the Lyon region for a ransomware attack that brought an industrial company to a standstill.”
When customers sign up, they receive an overview of their cyber risk exposure. The startup monitors DNS records and scans online databases for password leaks associated with this domain name. Stoïk can also perform internal scans to recommend changes to cloud and active directory configurations.
“Our thesis is that we’re going to insure companies. On top of that, we’re going to help them better protect themselves against cyberattacks. That way, they’re happy, they get more for the same price. And we’re happy, because we have policyholders who are well protected, and therefore have fewer claims than others,” Veyrat said.
There are still some similarities with the insurance industry at large. Like other insurance companies, Stoïk has to ensure it doesn’t accept too many bad apples in its portfolio of clients, as this could significantly impact the company’s loss ratio.
“The insurers’ job is to select the risk. So, who do I accept and under what conditions? How well do they understand cyber?” Veyrat said. “In other words, am I willing to take on a €50 million industrial company that has no offline backup strategy? This is just an example, but these are the questions we ask ourselves every day.”
Stoïk acts as Managing General Agent (MGA), meaning that it works with insurance and reinsurance companies so that they cover the risks. Stoïk gets to create its own rates, products and policies — but it outsources the risk to bigger insurance companies.
One such partner is Tokio Marine HCC International, which is the only new investor in the Series B funding round. The rest of the round is made of existing investors. Alven is leading the Series B with Andreessen Horowitz, Munich Re Ventures, Opera Tech Ventures and Anthemis also participating.
Stoïk doesn’t sell its insurance products to its customers directly. Instead, it works with third-party insurance brokers that already have a relationship with SMBs. So far, Stoïk has attracted 1,000 insurance brokers.
By the end of 2024, Stoïk should have 5,000 policyholders. It represents €25 million in premiums. Stoïk plans to ramp up customer signups in the future. In the future, the startup expects to expand into a new country every year starting with a first new European market in late 2024 or early 2025.