Original text here from Patrice Bernard (LinkedIn)
Faced with rising claims costs, insurance companies are gradually developing prevention strategies that complement their traditional businesses. For cyber-risk specialist Stoïk, the launch of a protection option comes with a powerful incentive to drive adoption.
In its approach, the startup has singled out the most critical risk vector for its SME and mid-market clients: email. Its analysis of claims handled in 2024 indeed provides unambiguous statistics. Nearly all identified fraud cases (98%) involve email at some stage, and more than half of recorded claims relate either to such fraud or to attacks on messaging systems themselves, with an average loss amount close to €55,000.
Subscribe to our newsletter:
Operating its own incident response center (CERT), Stoïk is well positioned to understand the increasingly sophisticated mechanisms used by criminals to deceive their victims. It has therefore designed and developed a proprietary detection product, combining fixed rules with a machine-learning engine to spot various warning signals in incoming messages, which can then trigger quarantine measures or alerts.
Installation is meant to be extremely simple (although limited to Microsoft 365 and Google Workspace platforms): in five minutes, the tool is configured and begins checking inbound content, with a level of discernment that traditional antivirus software does not reach. The startup promises not to retain the data it processes, except in the event of proven wrongdoing, but it should still be noted that its automated responses are validated by humans to avoid false positives.
As attractive as its solution may be, Stoïk knows that IT managers in small and mid-sized businesses are often overwhelmed and will not all give its deployment the desired priority. So it resorts to an argument that is likely to appeal to their executives (and that demonstrates its confidence in its technology, which it believes can significantly reduce its claims ratio): it quadruples the fraud coverage limit — up to a maximum of €1 million — for all organizations that have configured its “Email Security” solution.
Stoïk’s initiative is a textbook example of integrating prevention within a logic of converging interests among all stakeholders, a key factor for success. Beyond its aim, like any insurer, to control its portfolio by containing the primary risk threatening its clients, it does so with a product designed for those who will deploy it (via a simple procedure) and by giving its commercial counterpart a compelling additional reason to implement it beyond the mere promise of greater security and peace of mind.
