Original text here from Patrice Bernard (LinkedIn)
After pioneering parametric insurance in the realm of climate risks, for which it is particularly well-suited, Descartes is now expanding its expertise into another emerging domain: cybercrime. Its ambition is to capture 5% of the French market within the next 18 months.
The significance of this endeavor is evident to everyone, even though for many players, it has become challenging to offer suitable coverage under viable conditions. The surge in attacks on corporate IT infrastructures has led companies to significantly increase their rates. As a direct consequence, along with a certain lack of awareness of the risks, 90% of French SMEs have not taken out any cyber insurance, even though the same factors demonstrate that it could potentially be critical to their survival.
In order to apply its parametric model, Descartes is initially focusing on disruptions caused by ransomware attacks. These disruptions are estimated to last an average of 21 days, with a daily loss of 800,000 euros, making up three-quarters of the financial impact of such incidents. Therefore, they are far from negligible and justify the specific positioning of the startup.
Given the context, subscribing to the policy comes with some constraints. Firstly, clients must adhere to minimal prevention principles as recommended by international standards, such as equipment protection (e.g., antivirus software), designating a cybersecurity responsible person or team, and defining a backup policy. Secondly, the level of compensation is determined based on a comprehensive vulnerability assessment conducted in collaboration with the insured.
Subscribe to our newsletter:
However, once the process is completed and the policy is formalized (with straightforward clauses), claims benefit from the characteristic responsiveness of its category, even though it may not be as immediate as commonly associated. Descartes does not specify how its coverage is triggered, i.e., how it can automate the detection of an eligible event. Nevertheless, it promises compensation within three weeks after the resumption of activities, compared to the lengthy months required by traditional insurers.
This argument is crucial for organizations, especially those in the manufacturing and retail sectors targeted by Descartes, which not only incur significant expenses to overcome a major crisis (including the ransom, if applicable) but, more importantly, suffer a considerable loss of revenue while waiting for their production capabilities to be restored, a situation that frequently leads to short or medium-term bankruptcy due to its impact on their cash flow.
Through this pioneering initiative, supported by its mastery of data analysis (and artificial intelligence, as per its official communication), Descartes is simultaneously addressing two crucial, if not vital, challenges for SMEs: providing accessible cyber-risk insurance and improving the efficiency of historical claims management processes. These are the same ingredients that made its original solutions for natural and climate-related disasters successful, and it is likely to extend them to other domains in the future.
