Dattak
Corporate profile and regulatory identifiers
🏢 Legal identity. Dattak S.A.S. (Société par Actions Simplifiée) is a French cyber-focused insurtech intermediary headquartered at 65 Boulevard Lannes, 75016 Paris, France.[1] The company is registered under SIREN 907 857 817 with the Paris trade and companies register (RCS Paris).[1] An additional operational address at 21 Rue du Général Foy, 75008 Paris is used as the CERT contact address and appears in site footers, consistent with a secondary establishment.[2]
📅 Founding. The French official business directory (INSEE-backed) records the company creation date as 1 December 2021.[3] Investor communications consistently describe the business as founded in late 2021.[4] Dattak is privately held.
⚖️ Regulated status. Dattak positions itself as a wholesale broker ("courtier grossiste") in commercial property and casualty insurance for businesses, operating under the French Insurance Code.[1] It is registered with ORIAS under No. 22002872 and operates under the supervision of the Autorité de Contrôle Prudentiel et de Résolution (ACPR).[1] The firm holds professional liability insurance and a financial guarantee with CGPA, under policy identifiers RCP77920 (professional liability) and GFI77920 (financial guarantee).[1] Dattak discloses no equity links with insurance companies or mutual insurers.[1]
🏗️ Group structure. A distinct technology subsidiary, Dattak Technologies (SIREN 944 430 719), was incorporated in 2025.[5] CERT-DATTAK's RFC 2350 documentation describes this subsidiary as part of the Dattak group.[6]
🌍 Cross-border notifications. A Croatian financial supervisor (HANFA) register includes an entry for Dattak showing ACPR as the supervisory authority and registration number 22002872, with a notification date of 18 June 2024, consistent with EEA freedom-to-provide-services intermediary notification registers.[7]
🔑 Intermediary classification. France does not use a formal "MGA license" label in the manner of certain other jurisdictions; Dattak's disclosed authorisation is its ORIAS registration as a wholesale broker.[1] The firm describes itself as a broker and underwriting agency and is presented in all primary materials as an intermediary rather than a licensed risk-bearing insurer.[1]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Founders, leadership, and governance
👩💼 Charlotte Couallier is co-founder and CEO (PDG).[4] A graduate of Télécom Paris, she received a "femme cyber 2022" trophy at Campus Cyber.[8] Before founding Dattak, Couallier worked as an actuary and first employee at Leocare, followed by a role as director of commercial partnerships at AXA France.[9]
👨💻 Damien Damamme is co-founder and CTO and is identified as the publication director in Dattak's legal notices.[1] Investor press materials describe him as formerly responsible for "lab distribution" at Allianz.[4]
🚀 Benoît Grouchko is the third co-founder, described as a serial entrepreneur who founded Teemo and sold it to Near in 2020.[9] Following the Series A round, a management transition saw Couallier assume the CEO/PDG title while Grouchko remained a shareholder supporting strategy and advisory missions.[4]
👥 Leadership team and board. Dattak's leadership group includes Alexia Morot as Head of Cyber Insurance, alongside other functional leaders reporting to the CEO and CTO.[1][9] Board-level participation includes Matthieu Bébéar, identified as former Chief Business Officer of AXA, and Alexis du Peloux.[4][10][11] No AXA Group corporate venture arm investment or AXA capacity-provider relationship is disclosed in primary materials; however, both Couallier (prior employment) and Bébéar (angel investor with executive history) carry AXA connections.[9]
🇧🇪 Geographic expansion leadership. For the Belgium expansion, Augustin Brunelle is named as director for Nord-Est and BeLux expansion.[12]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Funding, valuation posture, and capitalisation
| Round | Date announced | Amount raised | Lead investor | Notable co-investors | Cumulative funding |
|---|---|---|---|---|---|
| Seed | Jun 2022 | €7M | XAnge | Business angels incl. Matthieu Bébéar | €7M |
| Series A | Aug 2023 | €11M | XAnge | Breega; Bpifrance | €18M |
💶 Total capital raised. Dattak raised a cumulative €18M across two rounds as of August 2023.[4] The stated use of Series A proceeds included doubling team size, expanding cybersecurity tooling, adapting the product offering for larger firms (ETI), improving the partner broker experience, and targeting more than €10M in business volume the following year.[4]
🏦 Investor profile. The investor base comprises early-stage venture capital (XAnge, Breega) and state-backed venture capital (Bpifrance).[4] No insurer corporate venture fund investment is disclosed. Bébéar, who invested as a business angel, has prior AXA executive history, and Couallier has prior AXA employment, but no AXA corporate venture entity appears in the disclosed investor set.[9]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Operating model, customer segments, and geographic expansion
🔧 Business model. Dattak functions as a cyber-focused insurtech intermediary combining broker/MGA-like delegated placement with bundled cybersecurity services and incident response capacity.[1][13] The firm distributes exclusively through a network of partner brokers supported by an online platform enabling quote generation in approximately one minute via a fully digital process.[4][9]
📈 Segment expansion. Dattak's disclosed client segmentation has broadened materially over time, using client revenue as the primary boundary. At launch, the firm targeted French TPE/SMEs.[9] By June 2023, it was addressing companies with €75M to €200M of revenue and a maximum capacity of €2M per insured, claiming over 600 clients.[11] In February 2024, the target expanded to companies with up to €500M of revenue with capacity reaching €5M per insured.[14] By September 2024, a partnership with Sompo extended coverage to French companies with revenues up to €1bn.[15] The current homepage claims coverage for companies up to €2bn of revenue.[16]
🏥 Vertical diversity. A June 2023 interview describes a diversified portfolio spanning healthcare, industry, services, education, and local authorities, and states the MGA has very few underwriting prohibitions.[11] Hard quantitative portfolio breakdown by revenue band or vertical is not publicly available. Investor press materials from August 2023 cite a portfolio of approximately 1,000 French companies, consistent with a volume-driven broker distribution model.[4]
🗺️ Geographic footprint. France is the home market, with the registered office in Paris.[1] Dattak subsequently expanded to Luxembourg, followed by Belgium, where Belgian companies already use the offering and a BeLux expansion lead has been named.[12] An entry on the Croatian HANFA notification list provides additional corroboration of EEA intermediary notification activity.[7]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Cyber insurance product and coverage analysis
📋 Underwriting triggers. Dattak's cyber insurance product covers multiple event types: malicious intrusion (cyberattack), human error, email fraud (optional module), malicious employees, internal programming errors, and IT outage due to internal defect (optional module).[17] The contract was expanded to explicitly cover major IT outages and IT provider failures — including scenarios analogous to the 2024 CrowdStrike incident — even absent a malicious attack, when they occur unexpectedly and disrupt operations.[18]
🛡️ First-party coverages. Business interruption is listed as a core coverage element.[17] System restoration and data reconstruction costs are covered.[17] Ransomware and cyber extortion coverage includes ransom payment, with a stated last-resort posture and a framing of payment clarity as a product attribute.[19][11] Hardware replacement for irrecoverable "bricking" following a cyberattack is explicitly included.[17] Additional first-party elements include:
- Notification costs for personal data theft (authority and impacted-party notifications)
- Monitoring and surveillance costs for leaked personal data
- Payment card losses including banking costs and legally due fines after a confidentiality breach
- Telecom overbilling and cloud cost spikes (optional)
- Software and application improvement costs following cyberattack impacts[17]
🤝 Third-party coverages. The policy provides cyber liability and media liability protection, including defence costs in connection with third-party claims arising from disclosure of confidential or compromising information.[17] Regulatory defence and investigation costs are covered for proceedings initiated by competent authorities following personal data violations or PCI DSS security breaches, including CNIL investigations.[17]
🆘 Embedded breach response. Dattak operates an internal CERT model with a 24/7 hotline, an average intervention time of under two minutes, and assistance without deductible, sublimit, or prerequisite validation — including for false positives.[2] The CERT coordinates technical response, legal support, crisis communications, and indemnification, relying on a network of specialised partners for complex cases while maintaining centralised control.[2] The CERT RFC 2350 document (v1.2, published 10 September 2025) details services spanning incident analysis, forensics, remediation, crisis management, vulnerability and malware analysis, and proactive activities such as vulnerability scanning, Active Directory assessment, cloud configuration assessment, penetration testing, and cybersecurity training.[6]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Cybersecurity services and technology stack
🔍 Pre-bind and preventive tooling. Dattak markets a prevention platform exclusively for its insureds, comprising several tools: Dattak Défense (a risk management platform for evaluating and controlling cyber risk), Scan Cyber (continuous surveillance of information systems with analysis reports and remediation guidance), a free advanced cybersecurity audit with corrective action mapping, a phishing campaign simulator for employee conditioning, and penetration testing.[13]
🖥️ In-force and post-incident services. During the policy term, CERT-DATTAK provides ongoing proactive activities including vulnerability scanning, Active Directory and cloud assessments, and cybersecurity training for its customer community under contract.[6] The CERT also functions as an always-on post-incident response capability, coordinating technical response and crisis handling.[2]
🛡️ MDR offering. Dattak markets a Managed Detection and Response (MDR) package bundling insurance with EDR and a managed SOC, claiming average premium reductions of 30 percent for insureds using this formula, along with simplified eligibility including subscription without a cybersecurity questionnaire.[13] Several cybersecurity tools are framed as included for all Dattak insureds, while MDR is presented as a distinct bundled tier tied to premium discounting, implying an upsell structure rather than universal inclusion.[13]
⚙️ Technology stack. Dattak states that its cyber scan is developed internally and characterises CERT as an in-house team, while also acknowledging reliance on a network of specialised partners for complex cases.[13] Specific third-party technology vendors for MDR, EDR, SOC, and telemetry are not publicly identified.
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Partnerships, capacity, and product expansion
🏛️ Capacity providers. Dattak's initial risk carrier was Wakam, established through a partnership announced at the seed round.[9][11] The carrier and reinsurer panel subsequently expanded to include Sompo, SCOR, Hannover Re, Chaucer, Hamilton, and Envelop Risk alongside Wakam.[20] The 2024 capacity expansion specifically cited Wakam, SCOR, and Envelop as backing partners.[14]
🛡️ Defence-industry partnership. Dattak partnered with the Direction générale de l'armement (DGA) to integrate the DGA cyber maturity framework ("RMC") for the Defence Industrial and Technological Base (BITD), with collaboration from ANSSI on the foundational level.[21] This linkage is described as impacting approximately 4,000 French SMEs, allowing compliant firms to subscribe directly to Dattak's cyber insurance.[21]
📄 Product expansion beyond cyber. Dattak now markets professional liability products for the technology and services sector, offering both a combined Cyber + RC Pro integrated contract and a standalone RC Pro product.[16] The combined offer features mutualized ceilings of up to €10M for RC Pro and €5M for cyber, simplified underwriting without questionnaire for companies up to €50M revenue, IT outage coverage even absent cyberattack, an included attack surface scan, and an optional USA/Canada extension.[22] This expansion captures adjacent financial lines and liability spend rather than pure cyber-only premium.[22]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Scale indicators
| KPI | Most recent figure | Earlier datapoint |
|---|---|---|
| Premiums placed | €10M (2024) | — |
| Premiums placed target | €22M (end-2025) | — |
| Policyholders / clients | ~1,000 companies | 600+ (Jun 2023) |
| Headcount | 25 (Aug 2023) | — |
| Max per-risk capacity | €5M per company | €2M (Jun 2023) |
📝 Data integrity note. The €10M and €22M premium figures are company-reported, drawn from Dattak's own blog summary of a third-party interview that could not be directly accessed due to publisher access controls at time of review.[23]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Competitive positioning
🏆 Disclosed differentiators. Within the cyber insurtech MGA ecosystem, Dattak's competitive positioning rests on four pillars. First, an integrated incident response capability built around a dedicated internal CERT with rapid engagement and formal RFC 2350 documentation.[2] Second, bundled prevention and cyber tooling — attack surface monitoring, phishing simulation, audits, and a platform exclusive to insureds — designed to reduce claim frequency and severity.[13] Third, a trajectory of capacity scaling and upward segment migration through successive increases in per-risk capacity and revenue ceilings from 2023 onward.[11] Fourth, adjacency expansion into professional liability for the technology and services sector via the combined Cyber + RC Pro contract.[22]
🌐 Peer context. Named peers in the broader cyber insurtech MGA landscape include At-Bay, Baobab Insurance, BOXX Insurance, Coalition, Cogitanda, Converge Insurance, Corvus Insurance, Cowbell, Elpha Secure, Emergence Insurance, Evolve MGA, Eye Security, Invision Cyber, Measured Analytics and Insurance, Onda, Pera, Resilience, SafeInside Insurance, Stoïk, and Sync Underwriting.
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Risk factors
⚠️ Capacity dependency. Dattak's model is fundamentally dependent on continued delegated capacity from its carrier and reinsurance panel. While multiple partners are displayed, the specific binding authority terms, renewal corridors, and performance triggers are not publicly disclosed.[20]
🌊 Systemic cyber exposure. Expansion into larger-company segments and explicit coverage of business interruption and IT outages/provider failures increases correlation risk under systemic events, absent robust reinsurance and accumulation controls.[18]
💸 Ransomware governance. Ransom payment coverage is publicly claimed, but the absence of disclosed wording constraints, sanctions screening mechanisms, and sublimits in public materials leaves a diligence gap.[19]
📜 Regulatory tightening. As a broker and underwriting agency under ACPR supervision and ORIAS registration, any tightening of intermediary conduct, disclosure, or delegated authority oversight requirements could affect economics and increase friction in the broker channel.[1]
✈️ Geographic execution risk. Cross-border expansion to Belgium and Luxembourg introduces distribution onboarding challenges, claims servicing logistics, and local market competition.[12]
📑 Product expansion risk. Moving into professional liability changes claim patterns, tail risk profile, and staffing requirements for underwriting and claims expertise, particularly at RC Pro limits of up to €10M.[22]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Strategic trajectory
🎯 Stated ambitions. Across investor and company communications, Dattak's strategic direction is consistent: building a European leadership position in cyber insurance combined with cybersecurity tooling;[4] continued scaling through broker distribution emphasising fast digital subscription and embedded services;[9] expansion into larger client segments via increased capacity and higher revenue ceilings;[11] and diversification of the product set into liability and financial lines for technology and services companies through the RC Pro and combined contract.[22]
❓ Open diligence questions. Key undisclosed areas include the full binding authority structure (carriers, syndicates, reinsurers, quota share versus excess of loss, aggregate limits, corridor triggers, cancellation and non-renewal rights); loss performance metrics (frequency, severity, net loss ratio, ransomware claim rate, claims cycle time); ransom governance procedures (sanctions screening, OFAC/EU compliance workflows, negotiation vendors, last-resort criteria in actual wording);[19] local intermediary registrations and fronting arrangements for Luxembourg and Belgium;[12] and the separation of economics between MGA commission and cybersecurity services margin.[20]
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
Timeline of key events
| Date | Event |
|---|---|
| 1 Dec 2021 | Company creation date in the official French registry.[3] |
| Jun 2022 | Seed round of €7M led by XAnge; business angels including Bébéar; partnership with Wakam to carry risk; launch of broker-first digital process.[9] |
| Oct 2022 | Couallier described as Télécom Paris graduate; receives "femme cyber 2022" trophy at Campus Cyber.[8] |
| Jun 2023 | Move up-market to €75M–€200M revenue clients; max capacity increased to €2M; over 600 clients claimed.[11] |
| Aug 2023 | Series A of €11M; total funding reaches €18M; team of 25; approximately 1,000 clients claimed; Couallier becomes CEO/PDG.[4] |
| Feb 2024 | Capacity expanded to €5M per company; target companies up to €500M revenue; partners cited include Wakam, SCOR, and Envelop.[14] |
| Mar 2024 | Partnership with DGA and adoption of RMC framework (with ANSSI collaboration); BITD scope and direct subscription claim.[21] |
| Sep 2024 | Sompo partnership expands coverage to companies up to €1bn revenue.[15] |
| Jun 2025 | Launch of combined Cyber + RC Pro offer for tech; disclosed limits and underwriting simplification thresholds.[22] |
| Jul 2025 | Belgium expansion announced; BeLux expansion lead named.[12] |
| Sep 2025 | CERT RFC 2350 document v1.2 published.[6] |
| Nov 2025 | IT outage and provider failure coverage explicitly framed as included.[18] |
{{safesubst:#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Center with unknown parameter "_VALUE_"|ignoreblank=y| 1 | style }}
References
- ↑ 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 1.12 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 2.0 2.1 2.2 2.3 2.4 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 3.0 3.1 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 4.00 4.01 4.02 4.03 4.04 4.05 4.06 4.07 4.08 4.09 4.10 4.11 4.12 4.13 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 6.0 6.1 6.2 6.3 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 7.0 7.1 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 8.0 8.1 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 9.00 9.01 9.02 9.03 9.04 9.05 9.06 9.07 9.08 9.09 9.10 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 11.0 11.1 11.2 11.3 11.4 11.5 11.6 11.7 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 12.0 12.1 12.2 12.3 12.4 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 13.0 13.1 13.2 13.3 13.4 13.5 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 14.0 14.1 14.2 14.3 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 15.0 15.1 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 16.0 16.1 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 17.0 17.1 17.2 17.3 17.4 17.5 17.6 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 18.0 18.1 18.2 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 19.0 19.1 19.2 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 20.0 20.1 20.2 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 21.0 21.1 21.2 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 22.0 22.1 22.2 22.3 22.4 22.5 {{#invoke:citation/CS1|citation |CitationClass=web }}
- ↑ 23.0 23.1 {{#invoke:citation/CS1|citation |CitationClass=web }}
{{#invoke:Check for unknown parameters|check|unknown=|preview=Page using Template:Reflist with unknown parameter "_VALUE_"|ignoreblank=y| 1 | colwidth | group | liststyle | refs }}