Surplus Tech E&O
API Autoquotes
For Tech E&O, the At-Bay API autoquotes up to $3M in aggregate limits for companies up to $25M in annual revenue. Submissions above this range will have to undergo manual underwriter review.
Differences between TEO and Surplus Cyber
Conditional questions: Some Tech E&O-related questions are conditional, meaning they’re only required based on previous answers. Only send answers for required questions, based on the insured’s nature of business and revenue.
Industry: industry (6-digit NAICS code) is optional for Tech E&O. As part of the response to any Tech E&O quote request, an industry of ‘00’ is returned, which is our own classification for technology companies.
Tech E&O Retro Dates
An optional Tech E&O retro date field (teo_retroactive_date) can be passed through the POST /quotes and POST /bind requests.
If no teo_retroactive_date field is specified, it will be defaulted to equal the effective date.
If a teo_retroactive_date value is provided and is before the effective date of the policy, additional post-bind contingencies will apply.
"dates":{
"effective": "2022-09-27",
"teo_retroactive_date": "2021-09-27" //will trigger post-bind contingencies
}
Example Mock Response from GET /quotes after teo_retroactive_date is supplied.
GET /quotes after teo_retroactive_date is supplied."contingencies": [
{
"contingency_id": 123456,
"status": "open",
"text": "A copy of the Applicant's expiring policy within 30 days of the effective date of the new policy.",
"type": "post_bind"
},
{
"contingency_id": 123457,
"status": "open",
"text": "A signed and dated version of the submitted insurance application. Application to be signed and dated by a member of the control group no more than 45 days before a bind is requested.",
"type": "post_bind"
}
]
Triggering Post-Bind Contingencies
Post-bind contingencies will effectively turn the quote into a manual submission (the bind stage will have to be reviewed by an UW). If your polling/integration is not yet setup for this, please check out our work around on deep linking quotes within your portal.
Tech E&O Question Set
| Question | ID | Type | Acceptable values |
|---|---|---|---|
| Does the Applicant store or process personal, health, or credit card information of more than 500,000 individuals? | Q2159 | boolean | true/false |
| Does the Applicant have multi-factor authentication enforced on all email access? | Q2300 | boolean | true/false |
| Does the Applicant have multi-factor authentication enforced on all remote access including VPN or other remote network access? | Q2301 | boolean | true/false |
| Does the Applicant keep offline backups that are disconnected from its network or store backups with a cloud service provider? | Q2142 | boolean | true/false |
| [Optional] Which of the following Inbound Email Security products (i.e. Secure Email Gateway (SEG)) products does the Applicant use, if any? | Q2302 | multiple choice | "No SEG in Place", "Appriver", "Avanan", "Barracuda", "Darktrace", "Datto", "Google", "Inky", "Intermedia", "Ironscales", "Microsoft Defender for O365", "Mimecast", "Perception Point", "Proofpoint", "Vade", "Other/Unknown" |
| *Required only if 2302 = "Other/Unknown" | Q2303 | free text | [any] |
| [Optional] Which of the following Endpoint Detection & Response (EDR) products does the Applicant use, if any? | Q2304 | multiple choice | "No EDR in Place", "CrowdStrike Falcon Insight EDR", "Cybereason Endpoint Detection and Response (EDR)", "Cycraft XSensor", "Cynet AutoXDR", "Fortinet FortiEDR", "IBM Security QRadar EDR MalwareBytes Endpoint Detection and Response (EDR)", "Microsoft Defender for Endpoint (E5)", "Palo Alto Networks Cortex XDR", "SentinelOne Singularity EDR Symantec Endpoint Detection and Response (EDR)", "Trellix Endpoint Detection and Response (EDR)", "Other/Unknown" |
| *Required only if “Other/Unknown” in Q2304 is selected | Q2305 | free text | [any] |
| Do the Applicant's revenues derive primarily from technology services or products? | 2246 | boolean | true/false |
| What is the Applicant’s primary technology business operations? | 2204 | multiple choice | "Software", "Hardware", "Services" |
| What type of clients does the Applicant primarily target? | 2210 | multiple choice | "People (e.g., consumers, patients)", "Organizations (e.g., businesses, non-profits, government)" |
| Are any of the following technology services a significant part of the Applicant’s revenue? * required only if 2210 has "Organizations (e.g., businesses, non-profits, government) AND 2204 has "Services" | 2209 | multiple choice | "Custom computer programming or software development", "Technology training or education", "Technology consulting (including value added reseller)", "IT staffing or project management", "Managed IT services (MSP or MSSP)", "Digital marketing", "Computing infrastructure (e.g., cloud services, web hosting, data center, or co-location services)", "Telecommunications or Internet Service Provider (ISP)", "Domain name services (DNS)", "Quality control / assurance (i.e., software or hardware testing)", "Business process outsourcing / data processing", "E-recycling / data destruction" |
| Do the Applicant’s hardware products or services address any of the following specific activities? * required only if 2204 has “Hardware” AND 2210 has “Organizations (e.g., businesses, non-profits, government)” | 2211 | multiple choice | "Healthcare / medical hardware", "Finance / payments hardware", "Electrical components (e.g., semiconductors)", "None of the above" |
| Do the Applicant’s software products or services address any of the following specific activities? * required only if 2210 has "Organizations (e.g., businesses, non-profits, government)” AND 2204 has "Software” | 2224 | multiple choice | "Custom computer programming or software development", "IT security", "Finance / banking (including payments and POS systems)", "Medical / healthcare (including electronic medical records)", "Enterprise resource planning (ERP), Customer relationship management (CRM), Supply chain management (SCM)", "Emergency notification", "E-commerce", "Media broadcasting or streaming", "None of the above" |
| Is the Applicant’s technology addressing any of the following needs? * required if 2210 has "People (e.g., consumers, patients)" | 2208 | multiple choice | "Financial (e.g., payments, exchanges, portfolio management, financial reports)", "Health (e.g., trackers, monitors, caregiving)", "Cyber security or identity protection services", "Social media", "E-commerce", "Media broadcasting or streaming", "Hardware repair or installation", "Hardware design or manufacturing", "Training", "None of the above", |
| Do the Applicant’s technology consulting services include any of the following activities? * required has 2210 = "Organizations (e.g., businesses, non-profits, government) AND 2209 has "Technology consulting (including value added reseller)" | 2227 | multiple choice | "ERP software implementation", "Payment systems implementation", "PCI/HIPAA compliance certification", "None of the above", |
| Is the Applicant engaged in any of the following activities? | 2226 | multiple choice | "Financial trading, investment advice, or crowdfunding applications", "Payment processing or money transfer systems", Cryptocurrency blockchain or cryptomining", "Adult entertainment, cannabis, relationship/dating apps, video games, or gambling", "Flight control systems, 911 paging systems, or military warfare applications", "Mechanical process control technology (e.g., industrial control, machinery)", "Medical diagnostic applications, biometric technology, or health information exchanges (HIE)", "Consumer data mining/broker, consumer VPN, or domain name registry services", "Sharing economy platforms", "None of the above" |
| Does the Applicant use written contracts or agreements with customers for the provision of services or products? | 2248 | boolean | true/false |
| Does the Applicant have a formal process to ensure any products or services do not infringe on the intellectual property rights of others? | 2229 | boolean | true/false |
| What is the Applicant’s largest active customer contract value? * required only if applicant’s revenue >= $5M | 2207 | free text | number |
| Do the Applicant’s written contracts or agreements with customers typically include terms and conditions favorable to the Applicant (e.g., limitation of liability, hold harmless, warranty disclaimer)? * required only if applicant’s revenue >= $25M | 2249 | boolean | true/false |
| Does the Applicant have a formal process in place to handle and resolve customer complaints? * required only if applicant’s revenue >= $25M | 2205 | boolean | true/false |
| In the last three (3) years, has the Applicant experienced in excess of $10,000 any Cyber Event, Loss, or been the subject of any Claim made for a Wrongful Act that would fall within the scope of the Policy for which the Applicant is applying? | 2146 | boolean | true/false |
| Please provide details *Required only if 2146 = “true” | 2124 | free text | [any] |
| Is the Applicant aware of any fact, circumstance, situation, event, or Wrongful Act which reasonably could give rise to a Cyber Event, Loss, or a Claim being made against them that would fall within the scope of the Policy for which the Applicant is applying? | 2147 | boolean | true/false |
| Please provide details *Required only if 2147 = “true” | 2119 | free text | [any] |
Updated 3 months ago