Stoïk combines cyber insurance products with active security monitoring

Meet Stoïk, a new French startup that wants to protect small and medium companies against cybersecurity incidents. The company offers an insurance product as well as a service that monitors your attack surface.

The startup recently raised a $4.3 million (€3.8 million) seed round from Alven Capital, Anthemis Group, Kima Ventures as well as several business angels, such as Raphaël Vullierme, Emmanuel Schalit and Henry Kravis.

Stoïk targets SMEs specifically, as they are quite vulnerable when it comes to ransomware and other cyber attacks. And yet, small companies often aren’t doing enough to protect their software infrastructure.

“We’re going to insure you and protect you,” co-founder and CEO Jules Veyrat told me. “But what we’re going to sell is the insurance product. If you get attacked, you have a phone number that you can call 24/7 and all the cost implications are insured.”

At the same time, Stoïk is going to offer monitoring tools so that small companies can fix vulnerabilities in their infrastructure. In that case, incentives between Stoïk and Stoïk’s clients remain aligned.

The team of 15 have already signed partnerships with insurance companies to design the insurance products. Stoïk sells insurance products and charges its clients directly — it takes a cut on each contract. It works with a third-party company called Inquest to handle crisis management.

Stoïk works a bit like Coalition in the U.S., except that it doesn’t partner with brokers to distribute its insurance product. The French startup wants to build a direct relationship with its customers.

As for the tech product, when you sign up to the service, you enter your domain name and start a scan. Stoïk looks at DNS records, finds IP addresses and scans online databases for password leaks associated with this domain name.

You get a score and several tips to improve that score. For instance, Stoïk can tell you that some services are externally exposed even though they shouldn’t be. If your score is above a certain threshold and if you generate less than €50 million in annual revenue, you can subscribe to the insurance product.

The company is currently in the pre-launch phase with contracts that range from €50 to €400 per month. Up next, it plans to add more features to its monitoring service. For instance, Stoïk wants to scan internal accounts. You could imagine scanning your Amazon Web Services configuration to spot some vulnerabilities. And that should also help when it comes to closing new contracts with potential customers.