Buying traditional insurance is a no-brainer if you want to protect assets of value—be it your life, your home, or your business. If you own, say, a building, chances are you’ll want to minimize your risk against fires, floods, and other tangible natural disasters. Buying cyber insurance, however, is a much more abstract concept for businesses to grasp—especially small to midsize enterprises (SMEs). However, even though data breaches, ransomware attacks, and malware infections aren’t top of mind for mom-and-pop shops, the risk of these incidents continues to grow thanks to rising cloud adoption. According to Accenture’s recent Cost of Cybercrime study, nearly half of all cyber attacks are aimed at small businesses, but only 14% of them are prepared to defend themselves. Worse still, only 1% of small and 8% of mid-sized businesses currently have cyber insurance as an additional protection layer.
So what accounts for this gap in cyber coverage for SMEs? For one, many SMEs simply are not aware that cyber insurance even exists. Second, even if SMEs are aware, their broker often does not have a product to offer them, or the policies that do exist often aren’t designed for SMEs and the types of risks they face. Why? In large part it’s becoming increasingly difficult for SMEs to secure new policies (some are even seeing existing policies canceled), because cyber losses have skyrocketed over the past several years and many incumbent insurance companies and managing general agents (MGAs) have increased prices or pulled out of the market.
These issues persist because the industry cannot dynamically serve its customer’s needs. Traditionally, across insurance categories, incumbents have relied on running existing and widely available data (e.g., the make and model of a car, or the year a building was built) through well-developed models to price products. This traditional modeling does not work for underwriting cyber risk. Incumbent models can’t understand or nimbly respond to today’s rapidly evolving cyber risks. Without the speed and ability to scale that software brings, companies are finding it difficult to underwrite policies for cyber—and losing a fortune in the process.
In line with the financial services businesses we invest behind, the presence of software here can create 10x advantages over existing solutions. Software can assess vulnerabilities, provide insights and recommendations, and continue to monitor the policyholder’s security posture. Without software, it is difficult to adequately understand a prospective customer’s risk profile from either an external or internal vantage point, mitigate the risk of a cyber event, or possibly even limit exposure through streamlined post-incident responses.
Importantly, for this gap to be covered, cyber policies also need to be developed and sold on a localized basis. For example, the costs of a cyber event in the US differ from one in the EU because of local differences in regulatory penalties, data costs, and costs to respond to incidents. Broker distribution is also unique by country. Therefore responding to a cyber event requires local pricing data and a locally regulated insurance entity—all data that is better evaluated by dynamic software and not staid models.
All of these dynamics are why we are so excited to announce our investment in Stoik, the first-to-market startup and a leader in European cyber insurance. Stoik is an MGA that offers proprietary cyber insurance products. The company has also developed software products to better understand and limit cyber risks on both an external and internal basis. They are positioned to price and distribute risk specifically with the regional reinsurance and distribution partners in Europe.
We first met Jules Veyrat, a cofounder and the CEO, in 2021. Over the past year, we’ve seen him and his cofounders Alexandre Andreini, Nicolas Sayer, and Philippe Mangematin execute at an almost impossibly quick rate. They have deep ties across the French and European insurance markets and have enlisted a strong technical team across product, engineering, and sales that are deeply steeped in the problem space. Moreover, Jules and his team are honest, dedicated, and personable—traits you want to see in a team dedicated to protecting you from risk.
Cyber insurance in Europe is just getting started. There are countless software products still to be built to protect the continent from cyber attacks, and new markets to be launched. Stoik has an exhilarating road ahead, and we’re thrilled to be their partner on the journey.