Surplus Cyber
Surplus Cyber Quote
API Autoquotes
The At-Bay API will automatically quote up to $3M in aggregate limits for companies up to $100M in annual revenues (for most classes of businesses). Submissions above this threshold will be referred for additional underwriter review.
To receive a Surplus Quote, we require answers/values to the following security and insurance questions:
| Question | ID | Type | Acceptable values |
|---|---|---|---|
| Does the Applicant have a website *Required only if the Applicant is <$25m in revenue and has no domain or website | Q2134 | boolean | true/false |
| Applicant’s number of employees | Q2314 | Numeric | Any whole number >0 |
| Is the Applicant engaged in any of the following business activities? (select all that apply) | Q2244 | multi select | ["Adult Content", "Cannabis", "Cryptocurrency or Blockchain", "Debt collection agency", "Gambling", "Managed IT service provider (MSP or MSSP)", "Payment Processing (e.g., as a payment processor, merchant acquirer, or Point of Sale system vendor)", "None of the above"] |
| Does the Applicant store or process personal, health, or credit card information of more than 500,000 individuals? | Q2159 | boolean | true/false |
| Does the Applicant keep offline backups that are disconnected from its network or store backups with a cloud service provider? | Q2142 | boolean | true/false |
| [Optional] Which of the following describes how the backup copies are stored? Select all that apply. *Display only if Q2142 = "true" | Q2311 | multi select | "Backups are offline/air-gapped", "Backups are stored without network separation", "Cloud sync (e.g. Google Drive, Microsoft OneDrive, Microsoft SharePoint)", "Dedicated cloud-based backup service (e.g. Acronis, Veem, CrashPlan)", "Unknown" |
| [Optional] Please provide the name(s) of the backup vendor(s). *Display only if Q2311 appears | Q2312 | free text | [any] |
| [Optional] Are all critical backup copies configured as immutable (cannot be modified or deleted within their retention window)? *Display only if Q2311 appears | Q2313 | single select | "Yes", "No", "Unknown" |
| Does the Applicant have multi-factor authentication enforced on all email access? | Q2300 | boolean | true/false |
| Does the Applicant have multi-factor authentication enforced on all remote access including VPN or other remote network access? | Q2301 | boolean | true/false |
| Does the Applicant use a Managed Service Provider (MSP)? | Q2307 | single select | "Yes", "No", "Unknown" |
| [Optional] Please provide the name(s) of the MSP in use. *Display only if Q2307 = "true" | Q2308 | free text | [any] |
| [Optional] Which of the following Inbound Email Security products (i.e. Secure Email Gateway (SEG)) does the Applicant use, if any? | Q2302 | multiple choice | "No SEG in Place", "Appriver", "Avanan", "Barracuda", "Darktrace", "Datto", "Google", "Inky", "Intermedia", "Ironscales", "Microsoft Defender for O365", "Mimecast", "Perception Point", "Proofpoint", "Vade", "Other/Unknown" |
| *Display only if Q2302 = "Other/Unknown" | Q2303 | free text | [any] |
| [Optional] Which of the following Endpoint Detection & Response (EDR) products does the Applicant use, if any? | Q2304 | multiple choice | "No EDR in Place", "CrowdStrike Falcon Insight EDR", "Cybereason Endpoint Detection and Response (EDR)", "Cycraft XSensor", "Cynet AutoXDR", "Fortinet FortiEDR", "Huntress EDR", "IBM Security QRadar EDR MalwareBytes Endpoint Detection and Response (EDR)", "Microsoft Defender for Endpoint (E5)", "Palo Alto Networks Cortex XDR", "SentinelOne Singularity EDR", "Symantec Endpoint Detection and Response (EDR)", "Trellix Endpoint Detection and Response (EDR)", "Other/Unknown" |
| *Display only if Q2304 = "Other/Unknown" | Q2305 | free text | [any] |
| [Optional] How are the EDR solutions managed? *Display only if Q2304 does NOT = "No EDR in place" | Q2309 | single select | "Managed 24/7 by a third-party provider (e.g. MSSP or external IT vendor)", "Managed 24/7 by in-house security team", "Managed within business hours by in-house security team", "Deployed but not actively monitored", "Unknown" |
| [Optional] Please provide the name of the third-party provider managing the EDR. *Display only if Q2309 = "Managed 24/7 by a third-party provider (e.g. MSSP or external IT vendor)" | Q2310 | free text | [any] |
| In the last three (3) years, has the Applicant experienced in excess of $10,000 any Cyber Event, Loss, or been the subject of any Claim made for a Wrongful Act that would fall within the scope of the Policy for which the Applicant is applying? | Q2146 | boolean | true/false |
| Please provide details *Display only if Q2146 = “true” | Q2124 | free text | [any] |
| Is the Applicant aware of any fact, circumstance, situation, event, or Wrongful Act which reasonably could give rise to a Cyber Event, Loss, or a Claim being made against them that would fall within the scope of the Policy for which the Applicant is applying? | Q2147 | boolean | true/false |
| Please provide details *Display only if Q2147 = “true” | Q2119 | free text | [any] |
At-Bay Embedded Security
At-Bay includes an Embedded Security fee on both primary and excess surplus Cyber and Tech E&O policies. Embedded Security is an additional fee in addition to the policy premium and will provide insureds with access to the At-Bay Stance platform
Where will the Embedded Security fee appear?
- Embedded Security is returned as a new object in the GET/quote response called “fees”, which includes the fields “price” and “title”.
"fees": [ { "price":50, "title":"Embedded Security" } ]
- Embedded Security will also appear on the quote, binder, policy declarations, an additional Embedded Security endorsement, and the billing statement.
- Note that the Embedded Security fee is separate from policy premium and may be treated differently based on state regulations. Please check with your insurance or surplus lines compliance team.
Updated 4 days ago