Sapphire vs Stoik
Sapphire is a Services firm that works with your existing tools. Stoik is a Cyber insurer that works with your existing tools. Sapphire targets SMB, Mid-market, and Enterprise organizations; Stoik serves SMB. Sapphire includes 4 attack surfaces in base pricing (Endpoint, Cloud, SaaS, Network), compared to 1 for Stoik (Endpoint).
Buyer brief
Sapphire is a Services firm that works with your existing tools. Stoik is a Cyber insurer that works with your existing tools. Sapphire targets SMB, Mid-market, and Enterprise organizations; Stoik serves SMB. Sapphire includes 4 attack surfaces in base pricing (Endpoint, Cloud, SaaS, Network), compared to 1 for Stoik (Endpoint).
Sapphire (Services firm) and Stoik (Cyber insurer) serve different buyer profiles. Your decision depends on whether you prioritize Sapphire's sapphire mdr is strongest for uk buyers that value local ownership, a crest-accredited uk soc and... or Stoik's stoik removes the friction of buying cyber insurance and mdr separately by bundling both for euro....
At a glance
| FIELD |  |  |
|---|---|---|
| Best fit | UK organisations that want MDR from a UK-owned provider with a UK-based CREST-accredited SOC | European SMEs wanting cyber insurance and MDR in one broker-sold bundle |
| Price | Custom quote | Custom quote |
| Response authority | 1/6 actions · Configurable | 0/6 actions · Approval required |
| Stack | Works with existing stack | Works with existing stack |
| Data access | Dashboards | Dashboards |
| Warranty | None listed | None listed |
- Best fit
- UK organisations that want MDR from a UK-owned provider with a UK-based CREST-accredited SOC
- Price
- Custom quote
- Response authority
- 1/6 actions · Configurable
- Stack
- Works with existing stack
- Data access
- Dashboards
- Warranty
- None listed
- Best fit
- European SMEs wanting cyber insurance and MDR in one broker-sold bundle
- Price
- Custom quote
- Response authority
- 0/6 actions · Approval required
- Stack
- Works with existing stack
- Data access
- Dashboards
- Warranty
- None listed
›› Detailed comparison
| FIELD | SapphireTECH-AGNOSTIC | StoikTECH-AGNOSTIC |
|---|---|---|
| ›› Fit | ||
| Target size | SMB, Mid-market, Enterprise | SMB |
| Sentiment | Mixed | Mixed |
| ›› Your stack | ||
| Approach | Works with your tools | Works with your tools |
| EDR integrations | EDR toolsMicrosoft technologies | CrowdStrike |
| SIEM integrations | ExabeamSIEM tools | None listed |
| Coverage | EPEndpoint: CoveredCloudCloud: CoveredIDIdentity: LimitedSaaSSaaS: CoveredNetNetwork: CoveredOTOT/IoT: Optional add-on | EPEndpoint: CoveredCloudCloud: Not coveredIDIdentity: Not coveredSaaSSaaS: Not coveredNetNetwork: Not coveredOTOT/IoT: Not covered |
| ›› Response | ||
| Response type | Active Remediation | Guided Response |
| Approval policy | Configurable | Approval Required |
| Response actions | Custom playbooks | Alert and notify only |
| IR included | ✓ Included | ✓ Included |
| ›› Cost | ||
| Price range | Not published | Not published. MDR is not priced separately from insurance. |
| Minimum seats | None | None |
| Breach warranty | – | – |
| ›› More details | ||
| Requires own agent | No | No |
| Endpoints | ✓ Included | ✓ Included |
| Cloud workloads | ✓ Included | Not offered |
| Identity | ~ Limited | Not offered |
| SaaS apps | ✓ Included | Not offered |
| Network | ✓ Included | Not offered |
| OT/ICS | + Optional | Not offered |
| Threat hunting | ✓ Included | Extra cost |
| Response SLA | Not disclosed | Not disclosed |
| 24/7 coverage | ✓ | ✓ |
| Pricing model | Custom quote. Sapphire does not publish MDR package pricing. | Bundled annual pricing combining cyber insurance and MDR. Price varies by company size, revenue, sector and coverage tier. Sold through 2,000+ broker partners only. |
| Hidden cost warnings | Public pages do not publish response SLAs or exact response-authority rules.. MDR, MXDR and OT SOC scope can differ materially, so buyers should define monitored surfaces in the order form.. The page publishes vendor-reported comparative metrics without independent methodology.. IR hours are included as standard, but buyers should confirm number of hours, coverage triggers and overage rates. | Requires CrowdStrike Falcon EDR deployment. Cannot use a competing endpoint agent.. MDR is only available bundled with a Stoik insurance policy. No standalone MDR purchase option.. Sold through broker partners only. No direct purchase from Stoik.. Revenue cap: companies up to 1B EUR turnover (expanded from 750M EUR after CyberContract acquisition in September 2025). |
| Data portability | Partial | Limited |
| Contract terms | Custom | Annual |
| Channels | PortalEmailPhone | EmailPortalPhone |
| Data access | Dashboards | Dashboards |
| Dedicated analyst | – | – |
| SOC regions | Europe | Europe |
| Onboarding | Sapphire references onboarding and implementation that can be shorter than expected, but no standard public MDR onboarding timeline was found. | CrowdStrike Falcon agent deployment, no minimum endpoint requirement published |
| Industry focus | Public SectorDefenceFinancial ServicesProfessional ServicesIndustrialsManufacturingOperational TechnologyHealthcare | Professional ServicesRetailManufacturingTechnology |
| MTTD | Not published | Not published |
| MTTR | Not published | Not published |
| Community view | Sapphire has limited MDR-specific community review volume. The public buyer case is strongest for UK ownership, UK-based SOC delivery, CREST SOC accreditation and IT/OT services depth. Buyers should validate response authority, price, metrics and the exact split between MDR, MXDR, OT SOC and incident-response work. | Almost no English-language reviews. 10,000+ insured companies and 200%+ YoY growth show market traction in continental Europe. Backed by a16z, Munich Re Ventures and Alven (~$78M raised through Series C in Jan 2026). Practitioner sentiment on MDR quality is impossible to gauge from public sources. |
| Compliance | ISO 27001NISTHIPAADORACyber Essentials PlusCRESTGDPRPCI DSS | GDPR |
| Certifications | CREST SOCCREST Penetration TestingCyber Essentials PlusISO 27001 | – |
| Founded | 1996 | 2021 |
| Data retention | Not published as a standard MDR retention period. | Not published |
| API available | – | – |
| Website | Visit → | Visit → |
›› FAQ
What is the main difference between Sapphire and Stoik?
Sapphire is a Services firm that is technology-agnostic (works with your existing tools). Stoik is a Cyber insurer that is technology-agnostic (works with your existing tools). Sapphire covers 4 attack surfaces in base pricing vs. 1 for Stoik.
How do Sapphire and Stoik differ in response capabilities?
Sapphire supports 1 autonomous actions (custom playbooks) and approval is configurable. Stoik supports 0 autonomous actions (none) and requires approval before acting.
How does Sapphire pricing compare to Stoik?
Sapphire pricing: Not published. Stoik pricing: Not published. MDR is not priced separately from insurance.. Watch for with Sapphire: Public pages do not publish response SLAs or exact response-authority rules.; MDR, MXDR and OT SOC scope can differ materially, so buyers should define monitored surfaces in the order form.. Watch for with Stoik: Requires CrowdStrike Falcon EDR deployment. Cannot use a competing endpoint agent.; MDR is only available bundled with a Stoik insurance policy. No standalone MDR purchase option..
Should I choose Sapphire or Stoik?
Choose Sapphire if: uK organisations that want MDR from a UK-owned provider with a UK-based CREST-accredited SOC. Choose Stoik if: european SMEs wanting cyber insurance and MDR in one broker-sold bundle. Sapphire is not ideal for buyers that need public MDR pricing or contractual response SLAs before sales engagement. Stoik is not ideal for organizations needing active remediation or autonomous containment.
Daylight Security
AI-native MDR for buyers comparing active remediation across endpoint, cloud, identity, and SaaS. Daylight works with existing EDR/SIEM stacks and uses ChatOps-native collaboration, so it can be a useful third reference point in this comparison.