👍

API Autoquotes

For Tech E&O, the At-Bay API autoquotes up to $2M in aggregate limits for companies up to $25M in annual revenue. Submissions above this range will have to undergo manual underwriter review.

Differences between TEO and Surplus Cyber

Conditional questions: Some Tech E&O-related questions are conditional, meaning they’re only required based on previous answers. Only send answers for required questions, based on the insured’s nature of business and revenue.

Industry: industry (6-digit NAICS code) is optional for Tech E&O. As part of the response to any Tech E&O quote request, an industry of ‘00’ is returned, which is our own classification for technology companies.

Tech E&O Retro Dates

An optional Tech E&O retro date field (teo_retroactive_date) can be passed through the POST /quotes and POST /bind requests.

If no teo_retroactive_date field is specified, it will be defaulted to equal the effective date.
If a teo_retroactive_date value is provided and is before the effective date of the policy, additional post-bind contingencies will apply.

"dates":{
       "effective": "2022-09-27",
       "teo_retroactive_date": "2021-09-27" //will trigger post-bind contingencies
}

Example Mock Response from GET /quotes after teo_retroactive_date is supplied.

"contingencies": [
        {
            "contingency_id": 123456,
            "status": "open",
            "text": "A copy of the Applicant's expiring policy within 30 days of the effective date of the new policy.",
            "type": "post_bind"
        },
        {
            "contingency_id": 123457,
            "status": "open",
            "text": "A signed and dated version of the submitted insurance application. Application to be signed and dated by a member of the control group no more than 45 days before a bind is requested.",
            "type": "post_bind"
        }
]

❗️

Triggering Post-Bind Contingencies

Post-bind contingencies will effectively turn the quote into a manual submission(the bind stage will have to be reviewed by an UW). If your polling/integration is not yet setup for this, please check out our work around on deep linking quotes within your portal.

Tech E&O Question Set

QuestionIDTypeAcceptable values
Does the Applicant have controls in place which require all fund and wire transfers over $25,000 to be authorized and verified by at least two employees prior to execution?2141booleantrue/false
Does the Applicant keep offline backups that are disconnected from its network or store backups with a cloud service provider?2142booleantrue/false
Does the Applicant encrypt all sensitive information at rest?2143booleantrue/false
Does the Applicant store or process personal, health, or credit card information of more than 500,000 individuals?2159booleantrue/false
Does the Applicant have multi-factor authentication enabled on email access and remote network access?2245booleantrue/false
Do the Applicant's revenues derive primarily from technology services or products?2246booleantrue/false
What is the Applicant’s primary technology business operations?2204multiple choiceSoftware

Hardware

Services
What type of clients does the Applicant primarily target?2210multiple choicePeople (e.g., consumers, patients)

Organizations (e.g., businesses, non-profits, government)
Are any of the following technology services a significant part of the Applicant’s revenue?

* required only if 2210 has "Organizations (e.g., businesses, non-profits, government) AND 2204 has "Services"
2209multiple choiceCustom computer programming or software development

Technology training or education

Technology consulting (including value added reseller)

IT staffing or project management

Managed IT services (MSP or MSSP)

Digital marketing

Computing infrastructure (e.g., cloud services, web hosting, data center, or co-location services)

Telecommunications or * Internet Service Provider (ISP)

Quality control / assurance (i.e., software or hardware testing)

Business process outsourcing / data processing

E-recycling / data destruction
Do the Applicant’s hardware products or services address any of the following specific activities?

* required only if 2204 has “Hardware” AND 2210 has “Organizations (e.g., businesses, non-profits, government)”
2211multiple choiceHealthcare / medical hardware

Finance / payments hardware

Electrical components (e.g., semiconductors)

None of the above
Do the Applicant’s software products or services address any of the following specific activities?

* required only if 2210 has "Organizations (e.g., businesses, non-profits, government)” AND 2204 has "Software”
2224multiple choiceCustom computer programming or software development

IT security

Finance / banking (including payments and POS systems)

Medical / healthcare (including electronic medical records)

Enterprise resource planning (ERP), Customer relationship management (CRM), Supply chain management (SCM)

Emergency notification

E-commerce

Media broadcasting or streaming

None of the above
Is the Applicant’s technology addressing any of the following needs?

* required if 2210 has "People (e.g., consumers, patients)"
2208multiple choiceFinancial (e.g., payments, exchanges, portfolio management, financial reports)

Health (e.g., trackers, monitors, caregiving)

Cyber security or identity protection services

Social media

E-commerce

Media broadcasting or streaming

Hardware repair or installation

Hardware design or manufacturing

Training

None of the above
Do the Applicant’s technology consulting services include any of the following activities?

* required has 2210 = "Organizations (e.g., businesses, non-profits, government) AND 2209 has "Technology consulting (including value added reseller)"
2227multiple choiceERP software implementation

Payment systems implementation

PCI/HIPAA compliance certification

None of the above
Is the Applicant engaged in any of the following activities?2226multiple choiceFinancial trading, investment advice, or crowdfunding applications

Payment processing or money transfer systems
Cryptocurrency blockchain or cryptomining

Adult entertainment, cannabis, relationship/dating apps, video games, or gambling

Flight control systems, 911 paging systems, or military warfare applications

Mechanical process control technology (e.g., industrial control, machinery)

Medical diagnostic applications, biometric technology, or health information exchanges (HIE)

Consumer data mining/broker, consumer VPN, or domain name registry services

Sharing economy platforms

None of the above
Does the Applicant use written contracts or agreements with customers for the provision of services or products?2248booleantrue/false
Does the Applicant have a formal process to ensure any products or services do not infringe on the intellectual property rights of others?2229booleantrue/false
What is the Applicant’s largest active customer contract value?

* required only if applicant’s revenue >= $5M
2207free textnumber
Do the Applicant’s written contracts or agreements with customers typically include terms and conditions favorable to the Applicant (e.g., limitation of liability, hold harmless, warranty disclaimer)?

* required only if applicant’s revenue >= $25M
2249booleantrue/false
Does the Applicant have a formal process in place to handle and resolve customer complaints?

* required only if applicant’s revenue >= $25M
2205booleantrue/false
In the last three (3) years, has the Applicant experienced in excess of $10,000 any Cyber Event, Loss, or been the subject of any Claim made for a Wrongful Act that would fall within the scope of the Policy for which the Applicant is applying?2146booleantrue/false
Please provide details

*Required only if 2146 = “true”
2124free text[any]
Is the Applicant aware of any fact, circumstance, situation, event, or Wrongful Act which reasonably could give rise to a Cyber Event, Loss, or a Claim being made against them that would fall within the scope of the Policy for which the Applicant is applying?2147booleantrue/false
Please provide details

*Required only if 2147 = “true”
2119free text[any]