At-Bay Redefines MDR with Transparent, Risk-Aligned Email Defense
100%
Nearly 100% reduction in financial fraud from BEC attacks
1/3
More than one-third of the investigated alerts were tied to BEC/fraud
Discover Sublime
We used to pay for these losses, now we prevent them. Every dollar we stop saves a customer, and saves us from paying a claim.
At-Bay is a full-stack cybersecurity and insurance company, serving more than 40,000 customers. As an insurance provider, At-Bay's incentives are uniquely aligned with their customers: if a customer suffers a breach, or a business interruption, At-Bay pays the claim. That accountability drives its security business to go further than a typical MDR provider.
At-Bay’s leadership saw a growing opportunity to use its unique position as an insurer to build a proactive managed detection and response (MDR) service, one that could directly reduce the financial losses it was covering. The first target: business email compromise (BEC), which had become both the most frequent and costly source of insurance claims.
Financial fraud had overtaken ransomware as the top source of cyber insurance claims. At-Bay’s data showed that 90% of all financial fraud claims stemmed from BEC attacks. Mercier noted that financial fraud had rapidly become the primary driver of losses across their insured portfolio. “We’re tied directly to the purse strings, if a customer gets breached, we pay the claim. That drives us to go further, do more, and make sure our customers are truly protected.
Mid-market and SMB, which make up the majority of At-Bay’s insured base, were especially vulnerable. They lacked dedicated security teams and relied on outdated email security tools that missed advanced impersonation and financial fraud attempts that increased with the emergence of generative AI.
To close the gap, At-Bay set out to build a managed email detection and response service that could identify and neutralize financial fraud at scale. Informed by their claims data, the team tested five different vendors across 40 real-world attack scenarios, (ranging from basic phishing to advanced language-based impersonation and supply-chain compromise) and 100 different technical requirements.
At the end of the six month process, Sublime Security was the only vendor who over-achieved in both categories. Its distributed detection architecture and transparent logic gave At-Bay’s team the on-demand control they needed to tailor coverage for each customer’s risk profile, without vendor bottlenecks or ticket delays.
“Sublime’s platform was the only one that consistently identified the sophisticated social-engineering attacks that others missed,” said Mercier. “It passed every scenario we built.”
Built on Sublime’s agentic architecture that analyzes, adapts, and responds automatically, At-Bay gained a layer of protection that evolves as quickly as attackers do. By integrating Sublime’s platform into its MDR service, At-Bay was able to solve a persistent customer problem without burdening the SOC.
The relationship quickly deepened into true collaboration. “We see Sublime as part of our team,” Mercier added. “It’s not a vendor relationship; it’s a joint mission to stop financial fraud before it becomes a claim.”
Mike Scutt, Vice President of MDR Security Operations, agreed: “Our analysts treat Sublime like an extension of our detection engineering team. We rely on them to iterate quickly and help us stay ahead of evolving fraud patterns.”
The results have been transformative. Customers who once experienced multiple account compromises per month now see none. User-reported phishing has dropped dramatically, and the number of financial fraud-related claims in the insured population has fallen to near zero.
But the impact extends beyond reduced risk. MDR for Email has become one of At-Bay’s fastest-growing security offerings, driving strong customer adoption and retention.
At-Bay’s MXDR portfolio now includes four core services — Email, Endpoint, Identity, and Cloud — with Sublime powering the most differentiated of the set. The attach rate continues to rise as customers experience how seamlessly email defense fits into their broader risk strategy.
By embedding Sublime’s detection capabilities into its MDR offering, At-Bay can offer enterprise-grade protection at scale and at a price point aligned with mid-market needs, turning email security into both a risk-reduction tool and a revenue engine. At-Bay MDR for Email customers also get enhanced financial fraud protection in their insurance policy.
Today, At-Bay has expanded the program to integrate data and insights from its incident response teams and insurance claim data directly into Sublime’s detection models.
Mercier noted that At-Bay is now feeding intelligence from its DFIR and claims teams back into Sublime to strengthen coverage across its customer base. “That data helps improve detections not just for our customers, but across the ecosystem. The more we share, the better we all get,” said Mercier.
With Sublime’s adaptive, agentic architecture and At-Bay’s unique risk-driven business model, the company is redefining what it means to both insure and protect.
The average financial fraud loss is about $286,000, and our largest single claim hit over $5 million. That’s the kind of event that can shut a business down overnight.
Email security is really hard to do well; attackers evolve daily, and no two customers use email the same way. A black box would never cut it.
Customers get excited when they see a solution that finally catches what their legacy tools miss. During POCs, the data speaks for itself and it's an easy yes.
This partnership goes beyond email. By connecting our claims and IR data into our MDR for Email offering using Sublime, we’re shaping how cyber insurance and prevention evolve together.
See how Sublime delivers autonomous protection by default, with control on demand.
.svg)
