As cyber threats escalate and insurance markets tighten, a group of major corporates—including Sonepar—are using a mutual captive model to share risk, intelligence and resilience strategies.
As cyber threats grow more complex and frequent, traditional insurance markets are struggling to provide affordable, stable cover.
For many large corporates, captives are emerging as a vital solution - not just for risk transfer, but for resilience.
At the Risk-!n conference in Zurich, Charles de la Horie, CEO of MIRIS, and François Beaume, SVP risk and insurance at Sonepar, explained how their mutual insurance model is transforming cyber risk management.
MIRIS – Mutual Insurance and Reinsurance for Information Systems - is a cyber risk captive co-founded by 12 major European corporates including Sonepar, Airbus, L’Oréal and Solvay. Its mission is to bring stability to a volatile cyber insurance market and to foster collective intelligence across its members.
“We are sharing capital and sharing losses. So this makes us very collaborative and transparent,” explained de la Horie. “Our aim is not to be a competitor to the market but to be a complement, to fix some imperfections or improve in a risk or threat that is volatile.”
For members, the benefits are twofold. First, MIRIS provides a stable €30m layer of cyber capacity, smoothing out the peaks and troughs of market cycles. Second, it creates a collaborative platform for CISOs and risk managers to benchmark their cyber maturity and share threat intelligence in real time.
We need to make sure that the quality of the members that are joining the family is very strong in terms of cyber DNA and also in terms of, quality of assessment on a regular basis” said de la Horie.
Collective intelligence in action
That collaboration proved critical when Sonepar experienced a cyber incident in September 2023. A ransomware attack hit its Swedish operations, disrupting €700m worth of annual revenue. “That business was stopped almost for three weeks,” said Beaume. “Two weeks of full stop and one week of partial restart.”
Within hours, Sonepar shared indicators of compromise (IOCs) with other members. “Actually, the answer was yes - some members were finding the very same IOCs in their system and were able to patch that… By sharing these IOCs, we were preventing other members from facing a very similar event. And it was also confirming the pertinence of the idea of building this trust model between us” Beaume said.
Crucially, the event did not meet MIRIS’s €10m attachment point, nor trigger other insurance policies. “That event was really smaller than could have been - but not only for us, for the members also,” said Beaume.
Ensuring confidentiality wh.ile building trust
While transparency is a cornerstone of MIRIS, confidentiality is tightly controlled. “When you inform me that you are facing an issue… it’s confidential,” said de la Horie. “It remains under a very limited number of people that are bound by a confidentiality agreement.”
Beyond insurance, MIRIS is developing mutualised cyber defence tools—starting with a platform for sharing curated threat indicators. “What we are trying to develop now is a platform where all the members can share curated IOCs on a real-time basis that can be consumed with everybody, and that makes us different,” said de la Horie.
The mutual also runs peer-led cyber maturity assessments. “Each member is free of choosing his own methodology, but has to explain it to the others involved in the peer-to-peer review… to create and build and maintain and reinforce the trust between us.”
As MIRIS grows, the ambition is to deepen this model of collaborative cyber resilience. He concluded with a challenge to the broader cyber risk community: “Let’s try collectively to outsmart topic by being much more collectively smarter and bringing also much more solidarity between us.”
No comments yet