Surplus Cyber Quote

👍
API Autoquotes
The At-Bay API will automatically quote up to $3M in aggregate limits for companies up to $100M in annual revenues (for most classes of businesses). Submissions above this threshold will be referred for additional underwriter review.

To receive a Surplus Quote, we require answers/values to the following security and insurance questions:

Question	ID	Type	Acceptable values
Does the Applicant have a website Required only if the Applicant is <$25m in revenue and has no domain or website	Q2134	boolean	true/false
Applicant’s number of employees	Q2314	Numeric	Any whole number >0
Is the Applicant engaged in any of the following business activities? (select all that apply)	Q2244	multi select	["Adult Content", "Cannabis", "Cryptocurrency or Blockchain", "Debt collection agency", "Gambling", "Managed IT service provider (MSP or MSSP)", "Payment Processing (e.g., as a payment processor, merchant acquirer, or Point of Sale system vendor)", "None of the above"]
Does the Applicant store or process personal, health, or credit card information of more than 500,000 individuals?	Q2159	boolean	true/false
Does the Applicant keep offline backups that are disconnected from its network or store backups with a cloud service provider?	Q2142	boolean	true/false
Which of the following describes how the backup copies are stored? Select all that apply. Display only if Q2142 = "true"	Q2311	multi select	"Backups are offline/air-gapped", "Backups are stored without network separation", "Cloud sync (e.g. Google Drive, Microsoft OneDrive, Microsoft SharePoint)", "Dedicated cloud-based backup service (e.g. Acronis, Veeam, CrashPlan)", "Unknown"
Please provide the name(s) of the backup vendor(s). Display only if Q2311 appears	Q2312	free text
Are all critical backup copies configured as immutable (cannot be modified or deleted within their retention window)? Display only if Q2311 appears	Q2313	single select	"Yes", "No", "Unknown"
Does the Applicant have multi-factor authentication enforced on all email access?	Q2300	boolean	true/false
Does the Applicant have multi-factor authentication enforced on all remote access including VPN or other remote network access?	Q2301	boolean	true/false
Does the Applicant use a Managed Service Provider (MSP)?	Q2307	single select	"Yes", "No", "Unknown"
Please provide the name(s) of the MSP in use. Display only if Q2307 = "yes"	Q2308	free text
Which of the following Inbound Email Security products (i.e. Secure Email Gateway (SEG)) does the Applicant use, if any?	Q2302	multiple choice	"No SEG in Place", "Appriver", "Avanan", "Barracuda", "Darktrace", "Datto", "Google", "Inky", "Intermedia", "Ironscales", "Microsoft Defender for O365", "Mimecast", "Perception Point", "Proofpoint", "Vade", "Other/Unknown"
Please specify if other. Display only if Q2302 = "Other/Unknown"	Q2303	free text
Which of the following Endpoint Detection & Response (EDR) products does the Applicant use, if any?	Q2304	multiple choice	"No EDR in Place", "CrowdStrike Falcon Insight EDR", "Cybereason Endpoint Detection and Response (EDR)", "Cycraft XSensor", "Cynet AutoXDR", "Fortinet FortiEDR", "Huntress EDR", "IBM Security QRadar EDR MalwareBytes Endpoint Detection and Response (EDR)", "Microsoft Defender for Endpoint (E5)", "Palo Alto Networks Cortex XDR", "SentinelOne Singularity EDR", "Symantec Endpoint Detection and Response (EDR)", "Trellix Endpoint Detection and Response (EDR)", "Other/Unknown"
Please specify if other. Display only if Q2304 = "Other/Unknown"	Q2305	free text
How are the EDR solutions managed? Display only if Q2304 does NOT = "No EDR in place"	Q2309	single select	"Managed 24/7 by a third-party provider (e.g. MSSP or external IT vendor)", "Managed 24/7 by in-house security team", "Managed within business hours by in-house security team", "Deployed but not actively monitored", "Unknown"
Please provide the name of the third-party provider managing the EDR. Display only if Q2309 = "Managed 24/7 by a third-party provider (e.g. MSSP or external IT vendor)"	Q2310	free text
In the last three (3) years, has the Applicant experienced in excess of $10,000 any Cyber Event, Loss, or been the subject of any Claim made for a Wrongful Act that would fall within the scope of the Policy for which the Applicant is applying?	Q2146	boolean	true/false
Please provide details Display only if Q2146 = “true”	Q2124	free text
Is the Applicant aware of any fact, circumstance, situation, event, or Wrongful Act which reasonably could give rise to a Cyber Event, Loss, or a Claim being made against them that would fall within the scope of the Policy for which the Applicant is applying?	Q2147	boolean	true/false
Please provide details Display only if Q2147 = “true”	Q2119	free text

📘
At-Bay Embedded Security
At-Bay includes an Embedded Security fee on both primary and excess surplus Cyber and Tech E&O policies. Embedded Security is an additional fee in addition to the policy premium and will provide insureds with access to the At-Bay Stance platform
Where will the Embedded Security fee appear?

Embedded Security is returned as a new object in the GET/quote response called “fees”, which includes the fields “price” and “title”.
"fees": [
  {
    "price":50,
    "title":"Embedded Security"
  }
]
Embedded Security will also appear on the quote, binder, policy declarations, an additional Embedded Security endorsement, and the billing statement.

Note that the Embedded Security fee is separate from policy premium and may be treated differently based on state regulations. Please check with your insurance or surplus lines compliance team.