Cyber And TEO Question Sets

Instructions on how to request Cyber and Tech E&O quotes

At-Bay has specific question sets for each product. With each POST/quote request, specify the product you wish to get a quote for as well as the required product-specific question IDs and values.

For a cyber quote: "insurance_product": "CYB"
For a Tech E&O quote: "insurance_product": "TEO"

You may request a Cyber and Tech E&O quote for the same company (using the same company_id) and same broker. However, you may only bind a submission for one of those products. You’ll receive an error message upon trying to bind a submission for a second product.

Submitting Answers for Multiple Choice Questions

📘

Multiple Choice Question Values

To submit answers for a multiple choice question, we accept an array of strings. To signify that an answer has been selected, this string must be formatted exactly as listed e.g.

["Cryptocurrency or Blockchain", "Payment Processing (e.g., as a payment processor, merchant acquirer, or Point of Sale system vendor)"]

Cyber Quote

To receive a Cyber Quote, we require answers/values to the following security and insurance questions:

Question

ID

Type

Acceptable values

Is the Applicant engaged in any of the following business activities? (select all that apply)

2244

multiple choice (An array of strings representing each selected checkbox)

["Adult Content",

"Cannabis",

"Cryptocurrency or Blockchain",

"Debt collection agency",

"Gambling",

"Managed IT service provider (MSP or MSSP)",

"Payment Processing (e.g., as a payment processor, merchant acquirer, or Point of Sale system vendor)",

"None of the above"]

Does the Applicant have controls in place which require all fund and wire transfers over $25,000 to be authorized and verified by at least two employees prior to execution?

2141

boolean

true/false

Does the Applicant keep offline backups that are disconnected from its network or store backups with a cloud service provider?

2142

boolean

true/false

Does the Applicant encrypt all sensitive information at rest?

2143

boolean

true/false

Does the Applicant store or process personal, health, or credit card information of more than 500,000 individuals?

2159

boolean

true/false

Does the Applicant have multi-factor authentication enabled on email access and remote network access?

2245

boolean

true/false

In the last three (3) years, has the Applicant experienced in excess of $10,000 any Cyber Event, Loss, or been the subject of any Claim made for a Wrongful Act that would fall within the scope of the Policy for which the Applicant is applying?

2146

boolean

true/false

Please provide details

*Required only if 2146 = “true”

2124

free text

[any]

Is the Applicant aware of any fact, circumstance, situation, event, or Wrongful Act which reasonably could give rise to a Cyber Event, Loss, or a Claim being made against them that would fall within the scope of the Policy for which the Applicant is applying?

2147

boolean

true/false

Please provide details

*Required only if 2147 = “true”

2119

free text

[any]

Tech E&O Quote

To receive a Tech E&O Quote, we require answers to the following security, Tech E&O, and insurance questions in addition to the insured's general information.

A couple notes on Tech E&O:

Conditional questions: Some of our Tech E&O-related questions are conditional, meaning they’re only required based on how previous questions are answered. Only send answers for required questions, based on the insured’s nature of business and revenue.

Industry: While industry (in the form a 6-digit NAICS code) is required for a Cyber quote, it is marked as optional for Tech E&O. As part of the response to any Tech E&O quote request, an industry of ‘00’ is returned, which is our own classification for technology companies.

Tech E&O retro dates: An optional Tech E&O retro date field (teo_retro_date) can be passed through the POST/quotes and POST/bind requests. If no teo_retro_date field is specified, it will be defaulted to equal the effective date. If a teo_retro_date value is provided and is before the effective date of the policy, additional post-bind contingencies will apply.

For Tech E&O, we require the same security control questions (shared across cyber) in addition to our tech-specific questions.

Question

ID

Type

Acceptable values

Does the Applicant have controls in place which require all fund and wire transfers over $25,000 to be authorized and verified by at least two employees prior to execution?

2141

boolean

true/false

Does the Applicant keep offline backups that are disconnected from its network or store backups with a cloud service provider?

2142

boolean

true/false

Does the Applicant encrypt all sensitive information at rest?

2143

boolean

true/false

Does the Applicant store or process personal, health, or credit card information of more than 500,000 individuals?

2159

boolean

true/false

Does the Applicant have multi-factor authentication enabled on email access and remote network access?

2245

boolean

true/false

Do the Applicant's revenues derive primarily from technology services or products?

2246

boolean

true/false

What is the Applicant’s primary technology business operations?

2204

multiple choice

Software

Hardware

Services

What type of clients does the Applicant primarily target?

2210

multiple choice

People (e.g., consumers, patients)

Organizations (e.g., businesses, non-profits, government)

Are any of the following technology services a significant part of the Applicant’s revenue?

  • required only if 2210 has "Organizations (e.g., businesses, non-profits, government) AND 2204 has "Services"

2209

multiple choice

Custom computer programming or software development

Technology training or education

Technology consulting (including value added reseller)

IT staffing or project management

Managed IT services (MSP or MSSP)

Digital marketing

Computing infrastructure (e.g., cloud services, web hosting, data center, or co-location services)

Telecommunications or * Internet Service Provider (ISP)

Quality control / assurance (i.e., software or hardware testing)

Business process outsourcing / data processing"

E-recycling / data destruction

None of the above

Do the Applicant’s hardware products or services address any of the following specific activities?

  • required only if 2204 has “Hardware” AND 2210 has “Organizations (e.g., businesses, non-profits, government)”

2211

multiple choice

Healthcare / medical hardware

Finance / payments hardware

Electrical components (e.g., semiconductors)

None of the above

Do the Applicant’s software products or services address any of the following specific activities?

  • required only if 2210 has "Organizations (e.g., businesses, non-profits, government)” AND 2204 has "Software”

2224

multiple choice

Custom computer programming or software development

IT security

Finance / banking (including payments and POS systems)

Medical / healthcare (including electronic medical records)

Enterprise resource planning (ERP), Customer relationship management (CRM), Supply chain management (SCM)

Emergency notification

E-commerce

Media broadcasting or streaming

None of the above

Is the Applicant’s technology addressing any of the following needs?

  • required if 2210 has "People (e.g., consumers, patients)"

2208

multiple choice

Financial (e.g., payments, exchanges, portfolio management, financial reports)

Health (e.g., trackers, monitors, caregiving)

Cyber security or identity protection services

Social media

E-commerce

Media broadcasting or streaming

Hardware repair or installation

Hardware design or manufacturing

Training

None of the above

Do the Applicant’s technology consulting services include any of the following activities?

  • required has 2210 = "Organizations (e.g., businesses, non-profits, government) AND 2209 has "Technology consulting (including value added reseller)"

2227

multiple choice

ERP software implementation

Payment systems implementation

PCI/HIPAA compliance certification

None of the above

Is the Applicant engaged in any of the following activities?

2226

multiple choice

Financial trading, investment advice, or crowdfunding applications

Payment processing or money transfer systems
Cryptocurrency blockchain or cryptomining

Adult entertainment, cannabis, relationship/dating apps, video games, or gambling

Flight control systems, 911 paging systems, or military warfare applications

Mechanical process control technology (e.g., industrial control, machinery)

Medical diagnostic applications, biometric technology, or health information exchanges (HIE)

Consumer data mining/broker, consumer VPN, or domain name registry services

Sharing economy platforms

None of the above

Does the Applicant use written contracts or agreements with customers for the provision of services or products?

2248

boolean

true/false

Does the Applicant have a formal process to ensure any products or services do not infringe on the intellectual property rights of others?

2229

boolean

true/false

What is the Applicant’s largest active customer contract value?

  • required only if applicant’s revenue >= $5M

2207

free text

number

Do the Applicant’s written contracts or agreements with customers typically include terms and conditions favorable to the Applicant (e.g., limitation of liability, hold harmless, warranty disclaimer)?

  • required only if applicant’s revenue >= $25M

2249

boolean

true/false

Does the Applicant have a formal process in place to handle and resolve customer complaints?

  • required only if applicant’s revenue >= $25M

2205

boolean

true/false

In the last three (3) years, has the Applicant experienced in excess of $10,000 any Cyber Event, Loss, or been the subject of any Claim made for a Wrongful Act that would fall within the scope of the Policy for which the Applicant is applying?

2146

boolean

true/fasle

Please provide details

*Required only if 2146 = “true”

2124

free text

[any]

Is the Applicant aware of any fact, circumstance, situation, event, or Wrongful Act which reasonably could give rise to a Cyber Event, Loss, or a Claim being made against them that would fall within the scope of the Policy for which the Applicant is applying?

2147

boolean

true/false

Please provide details

*Required only if 2147 = “true”

2119

free text

[any]