The Front Lines
SubscribeContent Studio
Vincenz Klemm.
CEO & Co-Founder · Baobab
Vincenz Klemm is a Berlin-based entrepreneur and investor, currently CEO & Co-Founder of Baobab, a company protecting organizations from existing and emerging cyber threats through technology, expertise, and insurance. Previously, he co-founded Gabi (a major U.S. online P&C insurance broker) and worked in early-stage investing at ProSiebenSat.1, with earlier finance/investing roles at Bertelsmann, Partech Ventures, and Aurelius. He holds an MA from Johns Hopkins SAIS (International Relations & International Economics) and a BSc from the University of Passau.
Guest
Vincenz Klemm
CEO & Co-Founder
Company:
Baobab
Location:
Berlin, Berlin, Germany
Loading episode...
Listen onApple PodcastsSpotify

When the Insurance Industry Can't Price the Risk, Someone Builds a Better Model

Every few years, an entire industry discovers it has been flying blind.

For European cyber insurance, that moment came when loss ratios across the continent turned ugly. Carriers were paying out more in claims than they were collecting in premiums — not because cyber risk was uninsurable, but because nobody had built the infrastructure to understand it accurately. Underwriters were pricing million-dollar exposures based on self-reported questionnaires.

Vincenz Klemm had spent five years building an insurtech in Silicon Valley before returning to Europe. What he found was a market with three compounding failures and no one addressing all three simultaneously. In a recent episode of BUILDERS, the CEO and Co-Founder of Baobab walked through exactly how he approached it.

The Three-Problem Diagnosis

Most founders identify one pain point and build toward it. Vincenz mapped three before writing a line of code — and the real insight was recognizing they were structurally connected.

The first was customer-facing: insurance products offered protection after a breach but did nothing to prevent one. The second was economics: "These insurance products were not profitable... the insurance companies had trouble in really understanding the risk." The third was distribution: the broker channel controlling access to commercial buyers lacked the technical literacy to confidently sell cyber, and was quietly stepping back from deals it didn't feel equipped to close.

These three failures weren't independent. Accurate risk understanding enables profitable pricing. Preventing breaches reduces claims. Technically equipped brokers close deals they'd otherwise avoid. Baobab's model was designed to address all three through a single compounding mechanism.

Building the Risk Model From the Outside In

Baobab's underwriting process starts before a policy is written. The company maps the external attack surface of every company it considers insuring — exposed APIs, open databases, leaked credentials on the dark web, misconfigured assets visible from the public internet.

What they find is consistently surprising to customers. "We oftentimes find credentials clearly written in the code... we found webcams of a whole factory and offices that are just openly accessible security cameras." Vincenz notes that most standard security scanners miss this class of exposure entirely because they scan for categorized vulnerabilities — a developer leaving credentials in deployed code doesn't fit a known signature.

This reconnaissance feeds an AI model that correlates surface patterns with historical breach data across their book of business, identifying the most probable attack vectors for each specific company. The output is then handed directly to the customer — not as a retention tactic, but because the incentive structure demands it.

"Our incentive is that we don't have to pay out if you get hacked." Every prevented breach is a claim that never materializes. That alignment is also Baobab's most credible sales message: unlike a consultant billing by the hour, Baobab has no business flagging problems that don't matter.

The Channel Nobody Wanted to Disrupt

One of the more deliberate decisions Baobab made was to go deeper into the broker channel rather than around it. Commercial insurance buyers at mid-market and enterprise scale don't shop for coverage independently — they delegate to brokers who manage their entire risk portfolio, often across decades of relationship. That trust isn't easily replicated by a new entrant.

"The broker really has the trust of the customer to manage the insurance of the company on their behalf." Rather than treat that as a barrier, Baobab built tools and technical education to make underprepared brokers effective at selling cyber — converting a channel weakness into a distribution advantage that compounds over time as those brokers close deals they previously avoided.

What Moving Upmarket Actually Requires

Baobab started insuring companies from zero to €100 million in revenue. They pushed that ceiling to €500 million, then €1 billion. What reads as a sales strategy shift was actually a simultaneous rebuild of product, process, and internal expertise.

At enterprise scale, buyers aren't generalists. "Quite large companies oftentimes have professional insurance buyers... they know exactly every clause." These are former brokerage professionals who negotiate deductible structures, coverage limits, and individual policy terms with precision. The existing product couldn't support that level of configurability.

"We had to create the product in a bit more flexible way... to also give brokers different clauses that they want for their customers." Three things had to change in parallel: the product needed configurable clause architecture, the team needed people who could negotiate at that level, and the sales cycle had to accommodate a fundamentally different buyer. Founders treating upmarket as a pricing adjustment typically discover the hard way that it's an organizational one.

The Talent Moat

Baobab's hiring challenge can't be solved by compensation alone. The company needs people from two professional cultures that almost never intersect: cybersecurity, where the threat landscape reinvents itself every few years, and commercial insurance, where expertise accumulates over decades of relationship, legal precision, and institutional trust.

Vincenz is direct about why this is defensible: "I don't think that the likes of Allianz are particularly good at it... and I don't think that CrowdStrike can attract people from this conservative insurance world so well and basically create a culture that works for both equally."

The mechanism Baobab uses internally to hold that culture together is worth noting. Every employee carries what Vincenz calls an "obligation to dissent" — not just the right to raise a contrary view, but the requirement to do so when they can substantiate it. In a company where two expert cultures need to challenge each other productively, that norm isn't a culture perk. It's an operating necessity.

What's Next

Baobab expanded into the Netherlands and Belgium at the end of 2024, with broader European markets ahead. A new cybersecurity product suite — extending from outside-in attack surface monitoring to active internal network data feeds and deeper dark web research — is set for announcement in the coming months.

The structural problem Vincenz identified hasn't been solved at the industry level. Cyber risk is expanding faster than most carriers can model it. The companies that build proprietary data infrastructure to understand it accurately won't just underwrite better — they'll define what the category looks like for the next decade.

Five takeaways from this conversation.

Actionable for Insurtech founders

  1. The most durable GTM wedge is a perfectly aligned incentive model
    Baobab provides something that looks like free security consulting — proactively flagging open databases, exposed APIs, leaked credentials, accessible security cameras. They do it because every prevented breach is a claim they don't pay. That incentive alignment is also their most credible sales message: unlike a consultant billing by the hour, Baobab has no business flagging problems that don't matter. For founders, the question worth stress-testing is whether your business model structurally rewards your customer's success — and if it does, whether you're actually leading with that in your GTM motion.
  2. Broken unit economics in an incumbent market are often a data problem in disguise
    Cyber insurance wasn't unprofitable because the risk was uninsurable — it was unprofitable because carriers were pricing it blind. Baobab's answer was to build proprietary data infrastructure: external attack surface mapping, AI-correlated breach vectors, dark web monitoring. That data layer is what makes accurate underwriting possible and what competitors can't easily replicate. When you're entering a market where incumbents have poor margins, it's worth diagnosing whether the economics are broken because of a structural data gap — and whether you're positioned to close it.
  3. Enabling a channel is often more defensible than disrupting it
    Baobab competes in a market where the average insurance broker is 55, has deep customer relationships, but lacks the technical literacy to confidently sell cyber products. Rather than going direct, Baobab built tooling and support to make those brokers effective — because the broker already owns years of trust with the buyer that no new entrant can shortcut. The GTM insight is nuanced: it's not about choosing between direct and channel, it's about identifying who already holds buyer trust and whether equipping them is faster and more defensible than replacing them.
  4. Moving upmarket requires disaggregating what actually changes
    Baobab's move from €100M to €1B revenue customers wasn't a simple price increase. Enterprise buyers at that scale often have in-house professional insurance buyers — former brokerage professionals who negotiate individual policy clauses, deductible structures, and coverage limits. That required Baobab to rebuild their product with configurable clause architecture, bring in senior expertise to handle those negotiations, and accept a fundamentally different sales cycle. Founders planning an upmarket move should map the specific capability gaps — product flexibility, people, process — before assuming the existing motion extends.
  5. Cultural bridging between two opposite talent pools is an underrated moat
    Baobab's team requires people from cybersecurity — fast-moving, technically deep, where the threat landscape looks completely different every three years — and from insurance — conservative, legally oriented, built on decade-long customer relationships. Vincenz's view is that even Allianz can't do this well: large insurers can recruit from their own backyard, and firms like CrowdStrike can't attract the insurance side. The ability to build a culture where both groups are equally effective is hard to replicate and worth investing in as a deliberate strategic asset, not just an HR challenge.

More episodes

James Allgood
Head of Marketing · CompScience
Wesley Pergament
CEO & Co-Founder · Sola Insurance
Wayne Slavin
CEO & Co-Founder · Sure
Spike Lipkin
CEO and Co-founder · Newfront