Surplus Cyber

Surplus Cyber Quote


API Autoquotes

For Surplus, the At-Bay API will autoquote up to $3M in aggregate limits for companies up to $100M in annual revenue. Submissions above this range will have to undergo manual underwriter review.

To receive a Surplus Quote, we require answers/values to the following security and insurance questions:

QuestionIDTypeAcceptable values
Does the Applicant have a website

*Required only if the Applicant is <$25m in revenue and has no domain or website
Is the Applicant engaged in any of the following business activities? (select all that apply)Q2244multiple choice (An array of strings representing each selected checkbox)["Adult Content",


"Cryptocurrency or Blockchain",

"Debt collection agency",


"Managed IT service provider (MSP or MSSP)",

"Payment Processing (e.g., as a payment processor, merchant acquirer, or Point of Sale system vendor)",

"None of the above"]
Does the Applicant keep offline backups that are disconnected from its network or store backups with a cloud service provider?Q2142booleantrue/false
Does the Applicant store or process personal, health, or credit card information of more than 500,000 individuals?Q2159booleantrue/false
Does the Applicant have multi-factor authentication enforced on all email access?Q2300booleantrue/false
Does the Applicant have multi-factor authentication enforced on all remote access including VPN or other remote network access?Q2301booleantrue/false
[Optional] Which of the following Inbound Email Security products (i.e. Secure Email Gateway (SEG)) products does the Applicant use, if any?Q2302multiple choice"No SEG in Place",










"Microsoft Defender for O365",


"Perception Point",



*Required only if Q2302 = "Other/Unknown"Q2303free text[any]
[Optional] Which of the following Endpoint Detection & Response (EDR) products does the Applicant use, if any?Q2304multiple choice"No EDR in Place",

"CrowdStrike Falcon Insight EDR",

"Cybereason Endpoint Detection and Response (EDR)",

"Cycraft XSensor",

"Cynet AutoXDR",

"Fortinet FortiEDR",

"IBM Security QRadar EDR
MalwareBytes Endpoint Detection and Response (EDR)",

"Microsoft Defender for Endpoint (E5)",

"Palo Alto Networks Cortex XDR",

"SentinelOne Singularity EDR",

"Symantec Endpoint Detection and Response (EDR)",

"Trellix Endpoint Detection and Response (EDR)",

*Required only if Q2304 = "Other/Unknown"Q2305free text[any]
In the last three (3) years, has the Applicant experienced in excess of $10,000 any Cyber Event, Loss, or been the subject of any Claim made for a Wrongful Act that would fall within the scope of the Policy for which the Applicant is applying?Q2146booleantrue/false
Please provide details

*Required only if Q2146 = “true”
Q2124free text[any]
Is the Applicant aware of any fact, circumstance, situation, event, or Wrongful Act which reasonably could give rise to a Cyber Event, Loss, or a Claim being made against them that would fall within the scope of the Policy for which the Applicant is applying?Q2147booleantrue/false
Please provide details

*Required only if Q2147 = “true”
Q2119free text[any]


At-Bay Embedded Security

Starting Sunday April 30, 2023, At-Bay is going live with a new Embedded Security fee on both primary and excess surplus Cyber and Tech E&O. Embedded Security is an additional fee in addition to the policy premium and will provide insureds with access to At-Bay Stance Exposure Manager and At-Bay Stance Managed Security.

When is the new Embedded Security fee applicable?

  1. /All new quotes, both new business and renewal, created on or after April 30th will include the Embedded Security fee.
  2. Quotes created prior to April 30th will not have the Embedded Security fee by default, but it can be added upon request.

Where will the Embedded Security fee appear?

  1. Embedded Security is returned as a new object in the GET/quote response called “fees”, which includes the fields “price” and “title”.
"fees": [
    "title":"Embedded Security"
  1. Embedded Security will also appear on the quote, binder, policy declarations, an additional Embedded Security endorsement, and the billing statement.