Stoïk

🏢 Formation and structure. Stoïk SAS (SIREN 900 293 887) is a French privately held Société par Actions Simplifiée founded in 2021 and headquartered at 4 rue Euler, 75008 Paris.^[1] The company operates as a cyber-focused Managing General Agent (MGA), integrating insurance underwriting with cybersecurity services. It first registered as an insurance intermediary in September 2021 (ORIAS #21007462) as a courtier d'assurance with authorization to handle client funds.^[1] In 2023, Stoïk created a dedicated subsidiary, Stoïk France SAS (SIREN 923 382 881), to conduct insurance brokerage activities; this entity obtained its own ORIAS registration (#24000772) in February 2024.^[2] Stoïk also established Stoïk CERT SAS in 2023 to house its in-house cyber incident response team.^[3] As of early 2026 the group comprises the main holding company (Stoïk SAS), its operating brokerage arm (Stoïk France), the CERT unit, a German office (Stoïk GmbH in Munich), and a Belgian subsidiary acquired in 2025 (CyberContract).

💰 Ownership and funding. Stoïk is venture-backed with approximately €70 million raised to date.^[4] Key institutional investors include Alven Capital (lead in Seed and Series B), Andreessen Horowitz (lead in Series A), Munich Re Ventures, Opera Tech Ventures (BNP Paribas's venture arm), Anthemis Group, Cyber Integrity Capital (CYBICA), and Impala (the family office of CEO Jules Veyrat's family).^[5][4] Tokio Marine HCC International, one of Stoïk's insurance capacity providers, became a strategic investor during the 2024 Series B.^[6] The Series C round (closed January 2026) was co-led by Impala and Opera Tech, reinforcing the Veyrat family's commitment and BNP Paribas's continued support.^[5] Early angel investors include Henri de Castries (former AXA CEO) and Julian Teicke (wefox CEO), who joined the Series A round.^[7] In 2025, professional footballer Marc-André ter Stegen also became an investor-ambassador.^[8]

👥 Leadership. Stoïk was co-founded by Jules Veyrat (CEO), Alexandre Andreini (Risk Director), Nicolas Sayer (Technical/Product Director), and Philippe Mangematin (Insurance Director).^[9][10] Andreini, a former cybersecurity consultant at Wavestone, leads risk and underwriting; Sayer oversees technology and product, drawing on prior fintech experience; Mangematin, an actuary who previously worked at Swiss Re and co-founded insurer Seyna, heads insurance operations and capacity partnerships.^[10] Franziska Geier joined in 2023 as Country Manager for Germany after a decade at Markel and Allianz in the cyber insurance field.^[10] Following the 2025 CyberContract acquisition, Stef Vermeulen (former CyberContract CEO) serves as Country Manager for Belgium.^[11]

📈 Scale and footprint. As of early 2026, Stoïk protects over 10,000 companies across six countries: France, Germany, Spain, Belgium, Austria, and Luxembourg, and also serves Monaco via passporting.^[5][4] Its distribution network exceeds 2,000 partner brokers, including BNP Paribas's entire French retail banking network, which has distributed Stoïk's cyber insurance since late 2022.^[5][12] The workforce has grown from a handful at inception to approximately 130 by early 2026, with a target of 200 within a year.^[5] Employees are spread among Paris headquarters, regional offices in Cologne, Vienna, and Madrid, and the integrated Brussels-area team from CyberContract.^[11][13][6]

⚖️ Legal and regulatory. Stoïk SAS's business registration classifies its activity as "holding and services," while operational insurance broking is conducted through Stoïk France (NAF code 66.22Z).^[2] Both entities are subject to French insurance regulations (Code des Assurances) and the EU Insurance Distribution Directive (IDD). Stoïk leverages the EU single market "passport" for insurance intermediaries to operate across borders: its expansion to Germany and Austria in 2023 was done via freedom of services and a local branch rather than seeking separate BaFin licensing.^[13] In Belgium, Stoïk acquired the existing broker CyberContract in 2025, instantly meeting local regulatory requirements.^[11] The company also monitors upcoming obligations under the EU NIS2 Directive and France's 2023 LOPMI law requiring policyholders to file a police complaint within 72 hours of a cyber-extortion event to be indemnified.

🎯 Mission and market position. Stoïk's stated mission is "to be the CISO of Europe," acting as the outsourced Chief Information Security Officer for thousands of SMEs that lack in-house cyber expertise.^[10] It is often cited as the first European cyber-insurtech MGA focused on the SME segment.^[11] Competitors include U.S. entrants such as Coalition and At-Bay—models Stoïk explicitly emulates but with an exclusively European focus—as well as incumbent insurers offering cyber coverage.^[14][15] Stoïk was recognized among the CB Insights Insurtech 50 (2025) and its management asserts that its first-mover advantage, combined with local European regulatory know-how, gives it a durable edge over purely U.S.-based models.^[7]

{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}

🔗 Integrated cyber risk solution. Stoïk's business model blends traditional insurance with technology-driven risk management through three tightly integrated pillars: cyber insurance underwriting, continuous cybersecurity monitoring and prevention, and incident response services.^[9] By helping clients improve their security, Stoïk reduces claims frequency and underwrites more profitably—an alignment of incentives between insurer and insured.^[15] The model is powered by proprietary technology, including AI-driven agents that automate risk assessment, monitoring, and claims triage.^[5]

🌍 Geographic footprint. Stoïk operates in France, Germany, Spain, Belgium, Austria, and Luxembourg, with Monaco served via passporting.^[4] France, launched in early 2021, remains the largest market. Germany was entered in mid-2023 through the establishment of Stoïk GmbH in Cologne/Munich with a local director.^[13] By late 2024, Germany contributed several million euros in premiums via 100-plus local brokers.^[6] Austria was launched in 2024 with a Vienna office, Spain and Luxembourg went live in 2024–2025 through EU passporting, and Belgium was added in September 2025 through the CyberContract acquisition, instantly providing 150 Belgian broker partners and approximately 1,000 policyholders.^[5][11]

🛡️ Insurance coverage. Stoïk provides a comprehensive cyber insurance policy tailored for SMEs, bundled with cybersecurity tools and services. The insurance addresses the full spectrum of cyber-incident consequences:^[16]

• First-party incident response and crisis management: 24/7 incident response assistance, legal and regulatory compliance support, IT forensics and remediation, data recovery, and crisis communication.
• First-party financial losses: Business interruption, additional operating costs, cyber extortion and ransom negotiation, breach notification expenses, regulatory investigation costs, and cyber fraud coverage including CEO-impostor social engineering.
• Third-party liability: Data privacy liability (GDPR claims), network security liability, and electronic media liability covering defense and settlement costs.

📋 Policy scope. Stoïk's policy is marketed for its clarity and absence of hidden exclusions—a differentiator in a market where cyber policies can be laden with technical carve-outs.^[16] Coverage limits reach up to €10 million per policy (raised from an initial €7.5 million) and eligibility extends to companies with annual revenues up to €1 billion, progressively raised from an initial €50 million threshold.^[16][11][4] Following the CyberContract acquisition, Stoïk expanded its Belgian offering to include CEO fraud, cloud overbilling, PCI fines/sanctions, and IT equipment replacement cost guarantees—additions being rolled out across other markets.^[11] All insurance clients automatically receive access to Stoïk's cybersecurity services at no extra charge.^[7]

🖥️ Cybersecurity platform (Stoïk Protect). Every policy includes access to Stoïk Protect, a continuous cyber risk monitoring and prevention SaaS tool. Key capabilities include external attack surface scanning (domain, DNS, IP, and credential-leak detection), internal vulnerability assessments of cloud infrastructure and Active Directory configurations, continuous dark-web and breach-database monitoring with proactive alerts, and user-facing phishing simulation and security awareness resources.^[15][14][16] Stoïk claims that companies actively using its platform can halve their risk of suffering a cyber incident.^[16]

🔍 Managed detection and response (Stoïk MDR). Introduced in April 2024, Stoïk MDR is a managed cybersecurity service providing SMEs the benefits of an outsourced Security Operations Center (SOC), deploying endpoint detection and response agents and actively stopping attacks in their early stages.^[6] This offering extends Stoïk into MSSP territory, deepening its value proposition beyond what a typical insurer provides.

🚨 Incident response (CERT-Stoïk). Stoïk's in-house cyber emergency response team provides 24/7 crisis support through immediate triage and containment, technical investigation and recovery (leveraging a network of 700-plus global CERT partners), legal and regulatory guidance for GDPR breach notifications and law enforcement filings, crisis communication support, and coordination of ransom negotiations and payment logistics where sanctioned and agreed.^[16][11][14] By integrating prevention and response with insurance, Stoïk controls the entire loss lifecycle and feeds incident data back into underwriting improvements.

💶 Revenue model. As an MGA, Stoïk does not carry insurance risk on its balance sheet; it earns a commission on gross written premium (GWP) for each policy underwritten on behalf of licensed carrier partners.^[14] Additional revenue comes from potential profit-sharing (contingent commission) if loss ratios remain below agreed thresholds. The cybersecurity services are bundled with the insurance premium rather than charged separately—Stoïk's CEO has emphasized that the insurance product is the revenue vehicle while protection services align incentives.^[15] French filings show statutory turnover of €621,000 in 2022.^[1] By 2025, net revenues grew over 200% year on year, reaching a scale consistent with approximately €50 million in managed GWP.^[5]

🤝 Distribution and go-to-market. Stoïk's distribution is 100% intermediated—it sells exclusively through insurance brokers and strategic partners rather than direct to consumer.^[12] By early 2026, over 2,000 brokerage firms distribute Stoïk, up from approximately 200 at mid-2022.^[5][7] The partnership with BNP Paribas (announced October 2022) was a defining milestone: the entire BNP French retail banking network distributes Stoïk policies, providing what Stoïk described as an "unrivalled strike force."^[12] Stoïk's automated broker portal delivers quotes in minutes, replacing traditional multi-day questionnaire processes.^[6] Notably, Stoïk initially considered direct sales but pivoted fully to brokers by mid-2022, turning potential competitors into allies.^[15]

🏦 Capacity and insurance partners. Stoïk's underwriting capacity is provided by a panel of high-quality carriers:

• Tokio Marine HCC – Lead capacity provider and strategic investor since 2024 (rated A+); enables policies for companies up to €750 million revenue with €7.5 million limits.^[10][6]
• Swiss Re – Global reinsurer (rated AA) supporting Stoïk's growing portfolio; partnership highlighted during the CyberContract integration.^[10][11]
• Axeria – French insurer (rated A−) used likely for French-market and SME-segment capacity diversification.^[10]
• Acheel – French insurtech carrier that may serve as a fronting insurer for certain policies, with reinsurance subsequently ceded to Swiss Re and Tokio Marine.^[17]
• Euromex – Belgian insurer historically used by CyberContract, now being transitioned to Stoïk's main panel for higher limits and broader coverage.^[11]

{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}

📊 Overview. Stoïk's performance is best understood through both operating KPIs (premium growth, client count, loss ratios) and qualitative drivers (technology effectiveness, distribution expansion) that underlie them. As a private company, Stoïk does not publish detailed financials publicly, but disclosed metrics and growth indicators reveal its trajectory.^[14]

🚀 Growth in premiums and customers. GWP has roughly doubled or tripled each year since launch. In 2022, Stoïk had approximately 2,000 policyholders. By October 2024, TechCrunch reported Stoïk was representing €25 million in premiums and on track for 5,000 policyholders by year-end.^[14] By the close of 2025, Stoïk exceeded €50 million GWP with over 10,000 policyholders—a greater-than-200% year-on-year increase—driven by both new-country expansion and deepening French penetration, with approximately 600 new companies insured per month in late 2025.^[5]

1: Based on French filings (Stoïk SAS comptes 2022) showing 2021 turnover ~€104k and 2022 ~€621k. Figures appear low due to Stoïk SAS acting as holding; part of revenue may flow through Stoïk France from 2023 onward. 2: "Entities monitored" equals number of insureds with access to Stoïk Protect (approximate).

📣 Premium growth drivers. Stoïk's surge in GWP has been fueled by both client volume and upselling higher limits. In 2022–2023, growth came from signing thousands of French small businesses via brokers, many of them first-time cyber insurance buyers. The BNP Paribas partnership provided a significant boost in 2023 by reaching deep into the long tail of small enterprises. In 2024–2025, geographic expansion added new premium: the German book ramped with larger average policy sizes, and the CyberContract acquisition brought an existing €1–2 million GWP from Belgium with projections to triple that in 18 months.^[11] Stoïk also progressively increased its maximum policy limit and target client size (from €150 million to €750 million, now €1 billion revenue), enabling higher-premium mid-market contracts. While the number of clients doubled from roughly 5,000 to 10,000 in 2025, GWP grew over 200%, indicating the average premium increased through bigger clients and more coverage upselling.^[6]

🏪 Broker network and distribution metrics. Stoïk's distribution reach expanded from a few hundred brokers to over 2,000 in three years. By end-2024, more than 1,000 brokers were actively placing business, including 100-plus in Germany and 150 in Belgium via CyberContract.^[14][11][6] The automated quoting system—eliminating traditional cybersecurity questionnaires in favor of scans—dramatically sped up the sales cycle and improved conversion rates.^[15]

📉 Claims and loss performance. While detailed loss ratios are not public, Stoïk described its underwriting as "profitable" by late 2024, suggesting a gross loss ratio probably under 50–60% (compared to a market average for SME cyber of 50–70%).^[11] Stoïk attributes this outperformance to risk selection (declining applicants with low security scores until they improve) and risk mitigation (its policyholders suffer fewer severe incidents thanks to proactive alerts).^[15] Its capacity providers have continued to support and increase capacity, signaling acceptable or favorable loss metrics.

📐 Financial performance highlights. On the financial side, Stoïk is still a young company investing heavily in growth. French filings show consolidated net revenue of approximately €621,000 in 2022 and a net loss of €3.01 million that year (up from €238,000 in 2021).^[1] Personnel costs were €1.88 million in 2022 versus €173,000 in 2021, reflecting deliberate spending on team expansion.^[1] By 2023–2024, revenues ramped into the multi-millions, partially offsetting costs, though the company likely remained EBITDA-negative. The Series C announcement noted a "robust underlying business model," "high level of financial discipline," and that the funding was calibrated not to overshoot needs, pointing toward a path to profitability as scale increases.^[5]

🔑 Key performance themes.

• Distribution leverage: By piggybacking on brokers and banks, Stoïk achieved faster and cheaper premium growth than a direct model would allow; every new broker signed can bring dozens of clients.
• Underwriting discipline: Stoïk has generally targeted firms meeting minimum security hygiene, sometimes requiring improvements before binding a policy, which keeps loss ratios manageable.^[15]
• Market environment: Cyber insurance demand in Europe has been a tailwind—only approximately 5% of SMEs had cyber cover in 2021—and Stoïk benefited from an underserved market meeting a capable supplier.^[18]

{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}

🌐 Pan-European expansion. Stoïk aims to become the de facto cyber insurance provider for SMEs across Europe, entering new markets at a rate of about one per year.^[14] The focus is on Central and Southern Europe, with likely targets including Italy, the Netherlands, and Scandinavia.^[5] The CyberContract acquisition provided a successful template for buy-and-build market entry.^[11] A strategic goal is to achieve EU-wide coverage as an early defensive moat against U.S. competitors like Coalition expanding into Europe.

📡 Scaling distribution and partnerships. In France, the goal shifts from broker acquisition to increasing share of wallet among existing partners. In new markets, Stoïk will prioritize signing leading broker networks quickly. The company aims to replicate the BNP Paribas bancassurance model with banks in other countries, leveraging Opera Tech Ventures' connections within BNP's international network. Potential future distribution avenues include telcos, IT service providers, and API-driven embedded insurance in SME software platforms.^[12]

🧩 Product portfolio expansion. Stoïk is expanding from its single core product into adjacent offerings. Stoïk MDR (launched 2024) may eventually be offered as a standalone subscription to non-insurance customers.^[6] Professional Indemnity (E&O) coverage for certain sectors has been introduced as an add-on.^[6] New coverages added in 2025—CEO fraud, cloud overbilling, PCI fines, and IT equipment replacement—demonstrate responsiveness to real-world claim scenarios.^[11] Longer-term, Stoïk's "CISO of Europe" ambition implies rolling out compliance advisory, cyber awareness training modules, and phishing simulation platforms.

🤖 AI and technology investment. Series C funds are explicitly earmarked to invest further in proprietary AI agents underpinning prevention, detection, and response.^[5] This includes AI-automated risk scoring, incident triage, underwriting decision support, and claims pattern analysis across 10,000-plus incidents. Stoïk also plans to improve its broker and client platforms with multi-language support, API integrations with broker management systems, and expanded monitoring capabilities covering new threat vectors.

🏗️ Capacity and reinsurance strategy. As Stoïk grows, it will diversify capacity further to avoid dependency on any single carrier. Possible future partners include Lloyd's syndicates, SCOR, Allianz, and possibly Munich Re's reinsurance parent.^[6] Stoïk may negotiate multi-year capacity agreements for stability and continue offering equity stakes to critical partners (as done with Tokio Marine) to secure long-term commitment. Eventually Stoïk could contemplate creating its own risk-bearing entity to participate in underwriting profits.

👷 Operational scaling and talent. The plan to grow from 130 to 200 employees in 2026 means aggressive hiring in engineering (especially AI and platform developers), cybersecurity analysts (to staff the growing CERT and MDR services across time zones), and experienced underwriters for the larger-client segment.^[5] Regional leadership structures will be established, and expanding 24/7 incident response capacity across languages is a priority.

📚 Customer engagement and education. Stoïk publishes an annual Cyber Claims Report analyzing incidents across its portfolio, positioning itself as a knowledge leader.^[19] The company participates in industry bodies and is monitoring potential government initiatives around mandated cyber coverage or subsidized insurance that could accelerate demand.

🏰 Long-term vision. All strategic priorities ladder up to Stoïk's overarching aim of becoming an indispensable cyber risk management platform for every European SME—evolving from an MGA into a default infrastructure layer for cyber safety, analogous to how businesses rely on standard accounting or payroll platforms.

{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}

📝 Revenue recognition. Stoïk's revenues consist of commissions and fees earned on policies, not the full insurance premiums. In 2025, GWP was approximately €50 million, but Stoïk's own revenue would be a fraction of that depending on commission rates.^[5] Statutory accounts for 2022 show turnover (chiffre d'affaires) of €621,000 and 2021 turnover of €104,000.^[1] With greater than 200% year-on-year revenue growth confirmed for 2025, net revenue likely reached the range of €12–15 million.^[5]

💼 Expense structure. Personnel costs dominated early spending: €1.88 million in 2022 (over 300% of that year's revenue), growing to an estimated €8–10 million by 2025 as headcount reached approximately 130.^[1] Other significant costs include broker commissions (roughly 15–20% of GWP passed to retail brokers), cloud hosting and data licenses, office costs, and professional services. The Pappers data showed a negative "valeur ajoutée" of −€1.06 million in 2022, confirming that operating expenses far exceeded the small initial revenue.^[1] Stoïk appears to have expensed most development costs directly rather than capitalizing them—a conservative accounting approach.

📉 Profitability and bottom line. Stoïk has operated at a net loss as expected for a high-growth startup. The net loss was €238,000 in 2021 and deepened to €3.01 million in 2022; the operating result (résultat d'exploitation) for 2022 was −€3.13 million, nearly identical to the net result since financial income/expense was negligible.^[1] EBITDA was −€3.09 million in 2022, indicating minimal depreciation and amortization consistent with little capitalized development.^[1] Losses likely peaked in absolute terms around 2023–2024 and began narrowing in 2025 as revenue outpaced expenses. Stoïk's strategy aims to reach operational breakeven within two to three years by growing revenue faster than the largely fixed cost base.

1: 2021/2022 other external charges from Pappers summary. 2: 2022 had €118k financial income, possibly FX or interest on cash, and €700k financial debt (likely convertible loan) but low interest cost.

🔄 Quality of earnings. Stoïk's revenue is recurring in nature, as policies renew annually and commission recurs. The retention rate, though undisclosed, likely ensures a growing base of renewal commissions each year that builds on the in-force book. If Stoïk ever unbundled its technology offerings as a standalone service, that could introduce a new revenue line. Stoïk's financial discipline—not over-hiring beyond growth needs and raising only what is needed—has been noted by investors as evidence the company is calibrating spend to maintain sufficient runway.^[5]

{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}

💵 Assets. Cash is the dominant balance sheet item, fueled by equity raises. At end-2022, Stoïk held €13.4 million in cash, up from €3.6 million at end-2021.^[1] By end-2023, after the €10 million extension round, cash likely stood around €20 million. Following the 2024 Series B (€25 million), and accounting for the CyberContract acquisition outlay, cash probably reached approximately €30–35 million by early 2025 before the Series C added €20 million in January 2026. Receivables (premiums and commissions from brokers and insurers) grow with volume but remained manageable; 2022 showed minimal receivables given early-stage volumes. Intangible assets were immaterial through 2022, but from 2025 onward include goodwill from the CyberContract acquisition. Stoïk may also hold French CIR (research tax credit) receivables from the state given its significant R&D activities.

📊 Liabilities. Stoïk's liabilities are small relative to total assets, as it does not bear insurance risk. Financial debt stood at €2.2 million in 2022 (up from €700,000 in 2021), likely a convertible loan or venture debt facility.^[1] The debt-to-equity ratio was approximately 0.2 in 2022. Premium and insurer payables grow with premium volume but are short-term in nature. Working capital was strongly positive at end-2022: €12.8 million net working capital with a negative BFR (besoin en fonds de roulement), meaning current liabilities were smaller than current assets due to the cash injection.^[1]

🏦 Equity. At end-2022, shareholders' equity was €10.9 million, up from €2.93 million in 2021, reflecting the €11 million Series A minus accumulated losses.^[1] Share capital itself was small (€125,000 by 2025), with the bulk in additional paid-in capital (share premium).^[1] Financial autonomy was approximately 78% in 2022 (equity as a percentage of total balance sheet).^[1] After Series B and CyberContract share issuances, equity reached an estimated €40 million by end-2025, rising further to approximately €55 million after the Series C.

1: 2021–2022 breakdown of current assets/liabilities is aggregated in available data; figures approximate from Pappers. 2022 had €0.53M negative "BFR exploitation" (working capital requirement), implying receivables exceeded payables by that amount.

🛡️ Balance sheet strength. Stoïk's balance sheet is highly liquid (majority cash) and minimally leveraged, providing resilience against short-term shocks. The main financial risk would be inability to secure further funding once current cash runs out before revenues cover expenses; however, with the Series C, Stoïk has an estimated two-plus years of runway to reach breakeven. As a broker/MGA, Stoïk does not face Solvency II capital requirements, though it must maintain ORIAS financial guarantee requirements for brokers handling client funds.

{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}

🔴 Operating cash flow. Operating cash flow has been negative each year due to net losses. In 2022, the Pappers data showed a negative capacité d'autofinancement of −€2.98 million, aligning with the net loss.^[1] A small working capital benefit of approximately €0.6 million from negative BFR partially offset the outflow. Operating cash outflows likely increased in 2023 (estimated −€5 million) before gradually improving in 2024–2025 as revenue ramped. Stoïk's goal is to reach operating cash-flow breakeven, potentially by 2026.

💳 Working capital dynamics. As an MGA handling premium cash flows, Stoïk temporarily holds some premiums before remitting to carriers. In 2022, days payable to insurers averaged 44.5 days, while days receivable from clients averaged 242 days—the latter possibly reflecting installment payment arrangements or a concentration of late-year policy issuances collected in 2023.^[1] In practice, Stoïk's commission is deducted from collected premiums before forwarding the net amount, producing roughly matched inflows and outflows.

🔧 Investing cash flow. Stoïk is not capital-intensive; physical capex (laptops, offices) is trivial. The major investing outflow was the CyberContract acquisition in 2025, whose founders joined Stoïk's cap table as co-shareholders (suggesting the deal was partly equity-based, conserving Stoïk's cash).^[11] Through 2024, investing cash flows were negligible given that most R&D was expensed.

💸 Financing cash flow. Stoïk's growth has been financed by successive equity injections: the €3.8 million seed (early 2022), the €11 million Series A (mid-2022), the €10 million extension (late 2023), and the €25 million Series B (late 2024). The Series C (€20 million, January 2026) adds further capital. In 2022, financing cash flow was approximately €14.8 million from the seed and Series A combined.^[1]

1: 2021 rough; company founded mid-year, small burn, possibly a bridge loan of €0.7M in financing. 2: 2022 Op CF per capacité d'autofinancement −€2.98M; plus small WC changes ≈ −€3.0M. 3: 2022 financing: €3.8M + €11M raises = €14.8M gross; net ~€11.7M increase after burn.

🏧 Liquidity position and runway. At end-2025, Stoïk's cash (including Series B proceeds) was approximately €25–30 million. With the €20 million Series C added in January 2026, cash could be approximately €45–50 million. Annual burn by 2025 is estimated at €1–2 million (if near breakeven), providing several years of runway without further capital. The Series C press release noted Stoïk raised "without exceeding our actual needs," signaling confidence in reaching milestones with current resources and minimizing dilution.^[5] Stoïk's liquidity planning also accounts for maintaining the ORIAS-required financial guarantee (approximately €600,000) for brokers handling client funds, typically provided as a bank or insurer guarantee rather than restricted cash.

{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}

⚠️ Underwriting and insurance risk. Stoïk's foremost insurance risk is underwriting quality: cyber risk is dynamic and potentially systemic. A single cyber event—such as a widespread ransomware worm or a major cloud provider outage—could hit many insureds simultaneously. Stoïk mitigates accumulation risk by monitoring portfolio concentration across sectors and technologies, working closely with reinsurers to model catastrophic scenarios, and capping per-risk exposure (many SME policies have €100,000–€1 million limits).^[14] The panel of top-rated reinsurers ensures that catastrophic losses are borne by well-capitalized carriers rather than Stoïk. Jules Veyrat has noted that underwriting decisions such as whether to accept a company with no offline backups are daily considerations, indicating a disciplined risk appetite calibrated to moderate-risk SMEs.^[14]

🔐 Cybersecurity and data risk. Stoïk itself handles sensitive data (vulnerability reports, incident forensics) and must be an exemplar of cybersecurity. A breach of Stoïk's own systems could compromise client data and severely damage credibility. Additional risks include GDPR compliance (Stoïk processes personal data as both controller and processor), AI reliability (automated underwriting or incident triage must avoid biased or erroneous decisions), and dependency on third-party threat intelligence feeds and cloud infrastructure.

📜 Regulatory compliance risk. Stoïk navigates multiple overlapping frameworks:

• Insurance intermediary regulation: ORIAS registration, Code des Assurances compliance, IDD conduct rules (know-your-customer, remuneration disclosure), mandatory professional indemnity insurance and financial guarantee. EU passporting enables cross-border operations, supplemented by local entities (Stoïk GmbH in Germany, CyberContract in Belgium via FSMA approval).^[1]
• ACPR oversight: As a funds-handling intermediary, Stoïk segregates client premiums in dedicated accounts and forwards timely to maintain compliance. No public issues have surfaced.^[1]
• Financial crime compliance: AML/CFT obligations including KYC procedures and sanctions screening, particularly critical when ransomware payments are involved (U.S. Treasury has fined companies for facilitating payments to sanctioned cybercriminal groups).
• NIS2 Directive: As a provider of MDR and incident response, Stoïk may be classified as a Managed Security Service Provider under NIS2 (effective 2024–2025), potentially requiring specific security measures, incident reporting to national authorities, and formal registration.
• DORA: The Digital Operational Resilience Act covers critical ICT third-party providers to the financial sector; Stoïk's partnerships with institutions like BNP Paribas require robust business continuity and cyber resilience.
• GDPR: Stoïk maintains Data Processing Agreements with clients, designates a Data Protection Officer, and adheres to strict data handling protocols for scanning and incident response activities.

🔗 Capacity partnership risk. Stoïk's reliance on a small panel of key carriers (Tokio Marine HCC, Swiss Re, Axeria) means that the withdrawal or failure of any one could disrupt business continuity. Mitigation strategies include maintaining multiple partners, securing equity-for-capacity alignment (Tokio Marine invested in the Series B), and demonstrating profitable underwriting results to retain commitment through market cycles.^[6]

🏬 Distribution and competition risk. Stoïk's dependence on brokers—particularly BNP Paribas—creates concentration risk in distribution. If BNP discontinued the partnership, a significant pipeline of new business could be lost. Stoïk mitigates this through diversification across 2,000-plus brokers and strong relationship management with key partners. Competition is intensifying as U.S. MGAs (Coalition, Resilience, Cowbell) eye Europe and traditional insurers improve their SME cyber offerings. Stoïk's defenses include local knowledge, established broker relationships, first-mover advantage, and a multi-country entrenchment strategy.

👤 Operational and talent risk. Key-man risk exists around founders, especially Jules Veyrat and Alexandre Andreini. The CERT team requires highly skilled cybersecurity responders who are in short supply industry-wide. Rapid scaling to 200 employees introduces risks of culture dilution and coordination challenges.

⚡ Geopolitical and macro risks. An economic recession could cause SMEs to cut discretionary expenses such as cyber insurance. Nation-state cyberattacks raise complex war-exclusion questions in coverage, as demonstrated by the NotPetya litigation. French legislators also enacted requirements under LOPMI in 2023 conditioning ransom-payment indemnification on filing a police complaint within 72 hours.

🔀 Integration risk (CyberContract). The 2025 acquisition introduces typical integration challenges: aligning culture and processes, migrating clients to Stoïk's platform and policy forms, transitioning from Euromex capacity to the Stoïk panel (enabling higher limits), and retaining Belgian broker relationships under new ownership.^[11]

{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}

🏛️ Corporate governance. Stoïk is incorporated as a French SAS, offering governance flexibility. The board of directors includes representatives from major investors: Thomas Cuvelier (Alven), a representative from a16z (Seema Amble provided public commentary on the investment), Ben Bergsma (Munich Re Ventures), and likely Marinus Oosterbeek (Opera Tech Ventures) following the Series C co-lead.^[6][5][17] The introduction of Impala (Veyrat family office) as Series C co-lead adds an interesting dynamic, with the CEO's family fund now aligned as a major investor.^[5] Henri de Castries (former AXA CEO) serves as an angel-level advisor, providing informal industry guidance.^[7] Governance processes include regular board meetings to review financials, strategy, and major risks; investor terms likely replicate SA-like protections including veto rights on certain decisions.

💎 Management incentives. Founders and employees are incentivized through equity via BSPCE (Bon de Souscription de Parts de Créateur d'Entreprise), France's favorable stock-option regime for startups. Founders combined likely hold 20–30% at this stage; with Impala's investment, the Veyrat family's effective interest has increased, potentially consolidating strategic influence. No secondary sales by founders have been reported, indicating full commitment to long-term value creation.

🌱 ESG profile. Stoïk's primary ESG contributions are social and governance-oriented. On the social dimension, Stoïk's core mission produces positive externalities: by protecting SMEs from cyberattacks, it "strengthens Europe's economic fabric" and prevents bankruptcies (the company cites statistics that 60% of attacked SMEs go bankrupt).^[11][12] The democratization of advanced cyber protection for small firms that otherwise could not afford a CISO or enterprise-grade security tools is a socially beneficial outcome. On governance, Stoïk benefits from above-average startup governance due to its regulated-industry context and top-tier investor oversight; it has external audits (Emergence Audit from late 2024), board-level compliance scrutiny, and careful handling of ethically sensitive areas such as ransom payments (aligned with legal frameworks requiring law enforcement filing).^[1] Environmental impact is minimal given the digital-services nature of the business, though Stoïk's paperless model and cloud-hosted operations inherently reduce physical footprint. The company may formalize ESG reporting as it approaches CSRD thresholds (250 employees projected by end-2026).

🤝 Industry engagement. Stoïk participates in La French Tech and was represented at the WEF Davos 2023 with the French delegation.^[9] The company engages with cybersecurity communities, publishes its annual Cyber Claims Report, and likely collaborates informally with France's ANSSI on cyber awareness. CERT-Stoïk may participate in the FIRST network (Forum of Incident Response Teams) for global threat intelligence sharing. These activities position Stoïk as a thought leader and responsible industry actor.

{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}

📋 Funding history. Stoïk has raised approximately €70 million in venture funding across multiple rounds from 2021 through 2026.^[4] The timeline of major fundraises is as follows:

• Seed Round (January 2022): €3.8 million led by Alven with participation from Anthemis Group and Kima Ventures (Xavier Niel's fund), plus angels including Raphaël Vullierme (Luko CEO), Emmanuel Schalit (ex-Dashlane CEO), and Henry Kravis (KKR co-founder).^[18]
• Series A (June 2022): €11 million led by Andreessen Horowitz (a16z)—making Stoïk one of the few European insurtechs backed by a16z (their fourth European fintech bet)—with Alven, Anthemis, and angels Henri de Castries and Julian Teicke.^[7]
• Bridge/Extension (September 2023): €10 million led by Munich Re Ventures and Opera Tech Ventures, with continued participation from a16z and Alven, to accelerate entry into Germany.^[13]
• Series B (October 2024): €25 million led by Alven (returning to lead), with all major existing investors plus Tokio Marine HCC International (new strategic investor) and CYBICA.^[6][20]
• Series C (January 2026): €20 million co-led by Impala (Veyrat family office) and Opera Tech Ventures, with Alven and a16z participating. Described as a needs-based raise to avoid undue dilution, earmarked for AI development, hiring to 200 staff, and continued European expansion.^[5]

🏢 Acquisition: CyberContract (September 2025). Stoïk's first M&A move was the purchase of CyberContract BV, a Belgian cyber MGA founded in 2014 by Katrien Dom, with 1,000 policyholders and 150 broker partners covering SMEs up to €150 million revenue with €3 million policy limits.^[11] The acquisition instantly extended Stoïk's Belgian footprint and enabled Belgian clients to access Stoïk's broader capacity panel (Tokio Marine, Swiss Re) for up to €10 million coverage with additional guarantees. CyberContract's founders took an equity stake in Stoïk and remained operationally involved, indicating a largely equity-based deal that conserved Stoïk's cash and signaled belief in Stoïk's future value. Stoïk expects to triple the Belgian portfolio within 18 months.^[11]

🔮 Future capital needs and exit. With approximately €70 million raised and improving unit economics, Stoïk may not need much more private funding if it nears profitability. Plausible future scenarios include an IPO (possibly around 2027–2028 on Euronext Paris or a global exchange if reaching greater-than-€100 million GWP with continued growth) or a strategic acquisition by a partner such as Tokio Marine or Munich Re seeking a dedicated European cyber specialist. Jules Veyrat has mentioned a potential U.S. entry in three to five years (from approximately 2025), which would likely require a significant additional capital raise. No major investors have exited to date, and all rounds have been primary capital (no secondary sales), reflecting continued conviction in the growth trajectory.

📌 Summary of capital actions:

• Total raised approximately €70 million, confirming strong investor backing in an environment where some insurtechs struggled.
• Cap table includes top-tier VC (Andreessen Horowitz) and strategic investors (global insurers).
• Funding has been measured and non-hyped: Stoïk avoided over-raising and unnecessary dilution, indicating good capital discipline.^[5]
• One tuck-in acquisition executed to extend reach (Belgium); CyberContract founders' decision to become Stoïk co-shareholders signals confidence in the combined entity.
• The involvement of the Veyrat family office in Series C suggests patient capital giving Stoïk freedom to pursue its long-term "CISO of Europe" vision without premature exit pressure.

{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}

• Late 2020: Jules Veyrat conceives Stoïk, observing that SMEs are deeply vulnerable to cyberattacks yet underserved by insurance or security solutions, and assembles co-founders Andreini, Sayer, and Mangematin.^[9]
• Q2 2021: Stoïk SAS incorporated (June 2021) in Paris; initial platform development and insurer partnerships begin.^[1]
• Late 2021: First pilot policies underwritten; small revenue of approximately €104,000 recorded for the year.^[1]
• January 2022: Public launch and €3.8 million seed round announcement.^[18]
• H1 2022: Rapid traction in France with approximately 200 broker partners and headcount growing from 12 to 28; Series A (€11 million) closed in June, led by a16z.^[7]
• October 2022: BNP Paribas partnership announced, rolling out Stoïk's cyber insurance across its entire French retail banking network.^[12]
• Late 2022: Approximately €621,000 revenue on estimated €3–4 million GWP, roughly 2,000 insureds, broker count nearing 1,000.^[1]
• April 2023: Stoïk France SAS and Stoïk GmbH created for internal reorganization and German expansion.^[2]
• September 2023: €10 million extension round announced alongside Germany expansion; Franziska Geier appointed Country Manager from Cologne.^[13]
• Q4 2023: Austria entered (Vienna office); Monaco quietly added via French license.^[6][11]
• April 2024: Stoïk MDR (Managed Detection & Response) launched.^[6]
• October 2024: Series B (€25 million) raised; Professional Indemnity add-on introduced; Tokio Marine HCC becomes strategic investor; Stoïk on track for 5,000 policyholders and €25 million GWP.^[6]
• April 2025: Marc-André ter Stegen invests in and becomes brand ambassador for Stoïk.^[8]
• September 2025: CyberContract acquired in Belgium, bringing country count to six.^[11]
• Late 2025: Year closes with 10,000-plus insured companies, approximately €50 million GWP, greater-than-200% net revenue growth, and approximately 130 employees.^[5]
• January 2026: Series C (€20 million) announced, co-led by Impala and Opera Tech Ventures; hiring target of 200 and continued Central/Southern European expansion confirmed.^[5]

{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}

{{#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Reflist with unknown parameter "_VALUE_"|ignoreblank=y| 1 | colwidth | group | liststyle | refs }}