Cyber And TEO Question Sets
Instructions on how to request Cyber and Tech E&O quotes
At-Bay has specific question sets for each product. With each POST/quote request, specify the product you wish to get a quote for as well as the required product-specific question IDs and values.
For a cyber quote: "insurance_product": "CYB"
For a Tech E&O quote: "insurance_product": "TEO"
You may request a Cyber and Tech E&O quote for the same company (using the same company_id) and same broker. However, you may only bind a submission for one of those products. You’ll receive an error message upon trying to bind a submission for a second product.
Submitting Answers for Multiple Choice Questions
Multiple Choice Question Values
To submit answers for a multiple choice question, we accept an array of strings. To signify that an answer has been selected, this string must be formatted exactly as listed e.g.
["Cryptocurrency or Blockchain", "Payment Processing (e.g., as a payment processor, merchant acquirer, or Point of Sale system vendor)"]
Cyber Quote
To receive a Cyber Quote, we require answers/values to the following security and insurance questions:
Question | ID | Type | Acceptable values |
|---|---|---|---|
Is the Applicant engaged in any of the following business activities? (select all that apply) | 2244 | multiple choice (An array of strings representing each selected checkbox) | ["Adult Content", "Cannabis", "Cryptocurrency or Blockchain", "Debt collection agency", "Gambling", "Managed IT service provider (MSP or MSSP)", "Payment Processing (e.g., as a payment processor, merchant acquirer, or Point of Sale system vendor)", "None of the above"] |
Does the Applicant have controls in place which require all fund and wire transfers over $25,000 to be authorized and verified by at least two employees prior to execution? | 2141 | boolean | true/false |
Does the Applicant keep offline backups that are disconnected from its network or store backups with a cloud service provider? | 2142 | boolean | true/false |
Does the Applicant encrypt all sensitive information at rest? | 2143 | boolean | true/false |
Does the Applicant store or process personal, health, or credit card information of more than 500,000 individuals? | 2159 | boolean | true/false |
Does the Applicant have multi-factor authentication enabled on email access and remote network access? | 2245 | boolean | true/false |
In the last three (3) years, has the Applicant experienced in excess of $10,000 any Cyber Event, Loss, or been the subject of any Claim made for a Wrongful Act that would fall within the scope of the Policy for which the Applicant is applying? | 2146 | boolean | true/false |
Please provide details *Required only if 2146 = “true” | 2124 | free text | [any] |
Is the Applicant aware of any fact, circumstance, situation, event, or Wrongful Act which reasonably could give rise to a Cyber Event, Loss, or a Claim being made against them that would fall within the scope of the Policy for which the Applicant is applying? | 2147 | boolean | true/false |
Please provide details *Required only if 2147 = “true” | 2119 | free text | [any] |
Tech E&O Quote
To receive a Tech E&O Quote, we require answers to the following security, Tech E&O, and insurance questions in addition to the insured's general information.
A couple notes on Tech E&O:
Conditional questions: Some of our Tech E&O-related questions are conditional, meaning they’re only required based on how previous questions are answered. Only send answers for required questions, based on the insured’s nature of business and revenue.
Industry: While industry (in the form a 6-digit NAICS code) is required for a Cyber quote, it is marked as optional for Tech E&O. As part of the response to any Tech E&O quote request, an industry of ‘00’ is returned, which is our own classification for technology companies.
Tech E&O retro dates: An optional Tech E&O retro date field (teo_retro_date) can be passed through the POST/quotes and POST/bind requests. If no teo_retro_date field is specified, it will be defaulted to equal the effective date. If a teo_retro_date value is provided and is before the effective date of the policy, additional post-bind contingencies will apply.
For Tech E&O, we require the same security control questions (shared across cyber) in addition to our tech-specific questions.
Question | ID | Type | Acceptable values |
|---|---|---|---|
Does the Applicant have controls in place which require all fund and wire transfers over $25,000 to be authorized and verified by at least two employees prior to execution? | 2141 | boolean | true/false |
Does the Applicant keep offline backups that are disconnected from its network or store backups with a cloud service provider? | 2142 | boolean | true/false |
Does the Applicant encrypt all sensitive information at rest? | 2143 | boolean | true/false |
Does the Applicant store or process personal, health, or credit card information of more than 500,000 individuals? | 2159 | boolean | true/false |
Does the Applicant have multi-factor authentication enabled on email access and remote network access? | 2245 | boolean | true/false |
Do the Applicant's revenues derive primarily from technology services or products? | 2246 | boolean | true/false |
What is the Applicant’s primary technology business operations? | 2204 | multiple choice | Software Hardware Services |
What type of clients does the Applicant primarily target? | 2210 | multiple choice | People (e.g., consumers, patients) Organizations (e.g., businesses, non-profits, government) |
Are any of the following technology services a significant part of the Applicant’s revenue?
| 2209 | multiple choice | Custom computer programming or software development Technology training or education Technology consulting (including value added reseller) IT staffing or project management Managed IT services (MSP or MSSP) Digital marketing Computing infrastructure (e.g., cloud services, web hosting, data center, or co-location services) Telecommunications or * Internet Service Provider (ISP) Quality control / assurance (i.e., software or hardware testing) Business process outsourcing / data processing" E-recycling / data destruction None of the above |
Do the Applicant’s hardware products or services address any of the following specific activities?
| 2211 | multiple choice | Healthcare / medical hardware Finance / payments hardware Electrical components (e.g., semiconductors) None of the above |
Do the Applicant’s software products or services address any of the following specific activities?
| 2224 | multiple choice | Custom computer programming or software development IT security Finance / banking (including payments and POS systems) Medical / healthcare (including electronic medical records) Enterprise resource planning (ERP), Customer relationship management (CRM), Supply chain management (SCM) Emergency notification E-commerce Media broadcasting or streaming None of the above |
Is the Applicant’s technology addressing any of the following needs?
| 2208 | multiple choice | Financial (e.g., payments, exchanges, portfolio management, financial reports) Health (e.g., trackers, monitors, caregiving) Cyber security or identity protection services Social media E-commerce Media broadcasting or streaming Hardware repair or installation Hardware design or manufacturing Training None of the above |
Do the Applicant’s technology consulting services include any of the following activities?
| 2227 | multiple choice | ERP software implementation Payment systems implementation PCI/HIPAA compliance certification None of the above |
Is the Applicant engaged in any of the following activities? | 2226 | multiple choice | Financial trading, investment advice, or crowdfunding applications Payment processing or money transfer systems Adult entertainment, cannabis, relationship/dating apps, video games, or gambling Flight control systems, 911 paging systems, or military warfare applications Mechanical process control technology (e.g., industrial control, machinery) Medical diagnostic applications, biometric technology, or health information exchanges (HIE) Consumer data mining/broker, consumer VPN, or domain name registry services Sharing economy platforms None of the above |
Does the Applicant use written contracts or agreements with customers for the provision of services or products? | 2248 | boolean | true/false |
Does the Applicant have a formal process to ensure any products or services do not infringe on the intellectual property rights of others? | 2229 | boolean | true/false |
What is the Applicant’s largest active customer contract value?
| 2207 | free text | number |
Do the Applicant’s written contracts or agreements with customers typically include terms and conditions favorable to the Applicant (e.g., limitation of liability, hold harmless, warranty disclaimer)?
| 2249 | boolean | true/false |
Does the Applicant have a formal process in place to handle and resolve customer complaints?
| 2205 | boolean | true/false |
In the last three (3) years, has the Applicant experienced in excess of $10,000 any Cyber Event, Loss, or been the subject of any Claim made for a Wrongful Act that would fall within the scope of the Policy for which the Applicant is applying? | 2146 | boolean | true/fasle |
Please provide details *Required only if 2146 = “true” | 2124 | free text | [any] |
Is the Applicant aware of any fact, circumstance, situation, event, or Wrongful Act which reasonably could give rise to a Cyber Event, Loss, or a Claim being made against them that would fall within the scope of the Policy for which the Applicant is applying? | 2147 | boolean | true/false |
Please provide details *Required only if 2147 = “true” | 2119 | free text | [any] |
Updated 3 months ago