top of page


Thomas Stoesser comforte AG.jpeg

Thomas Stroesser,

Executive Vice President, Marketing and Product Management for comforte AG

Mirza Salihagic comforte AG.jpeg
Mirza Salihagic,
Head of Product Marketing for
comforte AG

1- Could you briefly introduce yourself: who are you? What is your job ? How long have you been working for comforte AG?


« Hello, my name is Thomas Stoesser, I’ve been with comforte AG for about seven years and I run global marketing (including product marketing, press relation, field marketing as well as product management). »

- « Hi, I'm Mirza Salihagic. I'm head of product marketing in Thomas' team. »

2- Could you introduce us to comforte AG? 

"comforte AG is a provider of security and privacy technologies. We help companies in three main areas:

First, we help companies reduce the risk of a data breach or reduce the impact of a data breach. 


Secondly, we help organisations comply with various global security or privacy regulations (PCI DSS, the credit card security standard, or privacy regulations such as GDPR, CCPA, etc).


Finally, the third pillar on which we help businesses is almost a continuation of the compliance value proposition I've just explained. Indeed, one of today's issues is the need for organisations to be able to do as much as possible with the data they process: to be able to use it for advanced analytics, to train AI and other models (to name just a few examples of data use cases). However, in recent years, compliance mandates have become so strong that within organisations, such innovation projects are hampered by compliance. Fundamentally, these organisations want to be able to take data and move it, for example, into the cloud or into an analytics environment. This is something they can't do because it contains PII data, which is considered to be protected by privacy regulations!

Organisations are therefore faced with a loss of opportunity because they can't use data the way they want to. 

And that's exactly where we come in: we enable businesses to stay compliant and secure their data while allowing them to continue using it at the same time (always for analytics purposes).

We see ourselves as a business enabler for executing data-driven innovation in large organisations."

3- Who are your clients?

"We are looking for larger customers. In terms of business sectors, we're interested in finance, banking and insurance, as well as retail. These are the three key categories we are interested in. The telecommunications sector is also relevant.

In terms of geographical regions, we are looking for customers in Europe and America. As I've explained, our customers are companies (large or medium-sized) that want to exploit their data to implement innovation projects that are generally hampered by security and confidentiality issues. 

And finally, of course, all companies that need to collect, process and analyse large quantities of data (data that needs to be transferred to the cloud or that is already in the cloud) and because we protect the data. 

When I say 'data', I mean sensitive data such as PII, Personally Identifiable Information, PCI, PHI, and so on. 

The fact is, we can't bring value to organisations that don't have data."


4- What is the added value for your offer?


"I think the added value of comforte AG's offering is pretty obvious.

Firstly, we help companies to reduce the impact of a data breach. In this way, we also help to reduce the costs of security audits. Organisations need to prove that they are compliant with regulations, so an annual or six-monthly audit must be carried out by an external audit company. However, all these audits have a cost, and the bigger the audit, the more it costs! That's why comforte AG helps to reduce the scope of the audit that needs to be carried out, thereby cutting audit costs. When it comes to compliance, we also avoid compliance costs. 

We are therefore able to provide great added value in terms of reducing security risks and regulatory compliance.

The other added value of comforte AG's offering to the market is the question of the loss of opportunity suffered by an organisation if, because of compliance, regulation and security, it cannot use data as freely as it could 20 years ago.

Indeed, any sales or marketing campaign needs advanced and powerful analytics to be as effective as possible. These analyses make it possible to know which message to send to which target audience, to determine which service or product is most likely to interest a customer or prospect. All these elements are fed into and driven by advanced analytics.

Many of our customers tell us that business initiatives around data analytics are either slowed down or prevented altogether, due to security and compliance issues. I think that's where our role comes in, because we make it possible for them to execute these projects, making their marketing campaigns more effective for cross-selling, up-selling, customer retention, new customer acquisition and so on. So that means there's a whole part of the value proposition that has nothing to do with risk reduction or compliance, but has to do with enabling organisations to really boost their business using the data they have, without being slowed down by compliance and security issues!

And if you then look at the business cases that underpin these initiatives, it's the value proposition that we bring. 

So it's not just about preventing costs and reducing risks, it's also about helping organisations boost their bottom line!"

5- Do you have any case study to share with us?

"Of course! I can give you two concrete case studies.

The first is that of a major American retailer, one of the largest distribution chains in the United States, which became our client two years ago. The trigger was compliance problems within the organisation. Of course, before coming to comforte AG, the company had an encryption solution, but it had some weaknesses. One of those weaknesses was the scalability of the solution: they needed to be able to quickly encrypt and decrypt a large volume of data being produced. This was a concern.

A second concern was that, even if they had an encryption solution, if you looked at where and how the data moved around the organisation, there were still gaps! So you had to be able to decrypt the data, move it somewhere else, encrypt it again, move it somewhere else, and so on. But each time, when you decrypt the data to move it, it means that you have an open breach into which attackers can infiltrate. So that was also a concern!

Finally, they began to ask themselves how they could ensure compliance not only in their head office and back office, but also in all their shops. And we were talking about thousands of shops across the US. Ultimately, we stepped in and deployed a data-centric security solution, starting with their entire payment infrastructure. 
In the meantime (about two years ago now), they started to deploy data-centric security in other areas of their business!

Recently, the CISO at this company said that they had reduced their audit costs by 75% - in their case, a saving of several thousand euros! So this is a fairly classic case of PCI DSS compliance that has been implemented in this company.



Another very interesting use case is that of a major insurance company, also in the United States. They had already deployed a security solution or a security solution provided by one of our competitors. However, the company had very specific needs that couldn't be met by that solution alone: it had to do with their call centre application, and how the call centre representatives worked with that application on a day-to-day basis.

In effect, the call centre representatives were entering text into an open text field, summarising what had been said with the customer. Although these call centre representatives were told that they should not record PII data in this open text field, they did so anyway. Sometimes they even entered a contract number, a name, a date of birth and so on. So we ended up with open text fields containing information such as: "the customer is really upset about his contract", accompanied by a contract number and other statements.

The difficulty lay in the fact that the insurance company needed to be able to use this information to carry out analyses and checks, in order to understand the degree of satisfaction or dissatisfaction of customers when they contacted the company. At the same time, the company also understood that they needed to protect this data contained in the free text field, as it often contains personal and/or confidential information.

However, if you encrypt all the data in this text field, a problem arises: you have protected the PII in this field, which is all very well, but you can no longer analyse it! So we had to come up with a fairly intelligent method for determining where the PII was located in these text fields, so that the insurance company could benefit from the best of both worlds! 

In this way, PII is always protected in this field, but our customer can continue to use this data to analyse customer satisfaction. We asked them what was at stake for them in being able to continue to use this data while guaranteeing its security, and they explained to us that they were expecting around a hundred million dollars in additional benefits, just by being able to identify customers at risk, by analysing their interactions with the insurance company, and by increasing customer retention!

These are two case studies that illustrate the added value of comforte AG's offering to the market."

6- Are you looking for new strategic and/or commercial partners?


"Obviously, we are always open to working with new strategic partners, particularly in regions where our presence is not very strong. So there are a number of criteria that we take into account when looking for new partners.

The first criterion is obviously geographical and sector coverage. Our customers are mainly companies in the financial, banking and retail sectors: if we find major partners in these sectors who have strong links with companies with profiles similar to those of our customers, they are obviously good partners for us!


Secondly, we are looking for partners in areas where we lack sector knowledge, but where we would like to play a role.

However, our offerings are not suitable for traditional small or medium-sized businesses. As a result, our partners would mainly be companies whose customer base is made up of mid-sized companies or large corporations.

So geographical coverage, thematic coverage, the right customer portfolio are the main criteria to help us assess whether a partner is a good fit for our ecosystem or not."

7- The extra info

""We have shared with you some of the case studies we have. We've also carried out a study with Forrester on the economic impact of our solution. It's actually an extensive report on the return on investment enabled by our solution, and I think it will help you understand exactly where and how we deliver value."


The entire CyberSecura team would like to thank Thomas and Mirza for their testimonial!

Discover comforte AG website.

bottom of page