PrimeOne - UK

PrimeOne flow is implemented via REST API, using Cowbell bespoke endpoint structure.

URLs to access staging and production environments are listed below:

UK Staging: https://console.cowshavebells.co.uk/login
UK Prod: https://console.cowbellcyber.co.uk/login

Step 1

This endpoint will return accountID which you can then use to submit subsequent API requests.

To update firmographics on an account, such as address, insured's name, revenue, etc. you can use Update Account endpoint.

Step 2

Send Security Assessment questions. List of required PrimeOne questions is available here.

In case of a successful response, you will receive 200 status code with a JSON that includes copy of submitted security questions:

{
    "training": true,
    "mfaEmail": "YES",
    "mfaRemoteSystemAccess": "YES",
    "mfaAdminAccounts": "YES",
    "mfaCloud": "YES",
    "mfaVendor": "YES",
    "mfaComments": "",
}

📘

List of security assessment questions can be found below:

FieldDescription
trainingIs cybersecurity training required for all employees with Computer System access at least annually?*
mfaEmailIs MFA deployed uniformly across all accounts and logins for access to the following?
backupFrequencyHow often does the Organisation perform backups of business-critical data?*
backupTypesAt least 1 is required if backupFrequency answer is not NEVER. Allowable values and it's descriptions are,BACKUP_FREQUENCY_SEGMENTED - Segmented(either offline or air-gapped),BACKUP_FREQUENCY_CLOUD - In a cloud service that is secured by login credentials separate from the Computer System credentials and/or requires MFA),BACKUP_FREQUENCY_TESTED_ANNUALLY - Tested at least annually,BACKUP_FREQUENCY_OTHER - Other
patchingFrequencyHow often does the Organisation apply updates to Computer Systems and applications when a patch is released?*
vendorManagementDoes the Organisation have a vendor management programme to ensure third parties' levels of security are commensurate with the Organisation's cybersecurity standard?*
encryptionOnDevicesIs encryption of sensitive information in place for the following? - On mobile devices
contentReviewProcedureAre content review procedures conducted by a qualified legal adviser (e.g. solicitor) before information is published and/or disseminated to third parties by the Organisation?
copyrightClearanceSearchHas the Organisation conducted copyright and trademark clearance searches for all trade and service marks that are or have been used by the Organisation?
cyberEventHas the Organisation sustained a Cyber Incident in the last five years?
edrIs an EDR tool in place across the Organisation’s Computer System?
encryptionAtRestIs encryption of sensitive information at rest in place?
encryptionInTransitIs encryption of sensitive information in place for information in transit?
encryptionOnDevicesIs encryption of sensitive information in place on mobile devices?
eolProductsAre any EOL products in use?
isAuthenticatingFundTransferRequestsIs there an established procedure to verify changes to funds transfer instructions using a predetermined phone number of the vendor?
isPreventingUnauthorizedWireTransfersDoes the Organisation prevent unauthorised employees from initiating wire transfers?
isVerifyingBankAccountsDoes the Organisation verify vendor/supplier bank accounts before adding them to their accounts payable systems?
mfaAdminAccountsIs MFA deployed uniformly across all Admin/Privileged Accounts?
mfaCloudIs MFA deployed uniformly across all accounts and logins for access to the cloud?
mfaEmailIs MFA deployed uniformly across all accounts and logins for access to the email?
mfaRemoteSystemAccessIs MFA deployed uniformly across all accounts and logins for access to the remote systems?
mfaVendorIs MFA deployed uniformly across all accounts and logins for vendor access to computer systems?
ngavIs Next Generation Antivirus in place across the Organisation’s Computer System?
patchingFrequencyHow often does the Organisation apply updates to Computer Systems and applications when a patch is released?
planBusinessContinuityDoes the Organisation have the written Business Continuity plan, in place and tested at least annually, related to a potential interruption of their Computer Systems?
planDisasterRecoveryDoes the Organisation have the written Disaster Recovery plan, in place and tested at least annually, related to a potential interruption of their Computer Systems?
planIncidentResponseDoes the Organisation have the written Incidence Response plan, in place and tested at least annually, related to a potential interruption of their Computer Systems?
priorCoverageDoes the Organisation have a current in-force Cyber insurance policy?
priorOrPendingClaimCircumstancesIs the Organisation or any person aware of any prior or pending circumstances that could lead to a claim under the proposed policy?
privacyLitigationIn the past five years, has the Organisation been subject to litigation resulting from a privacy incident? This includes regulatory and civil action.
unscheduledSystemDowntimeDuring the last three years, has the Organisation suffered loss of business income as a result of unscheduled system downtime?
unscheduledSystemDowntimeCommentsComments on unscheduledSystemDowntime
vendorManagementDoes the Organisation have a vendor management programme to ensure third parties' levels of security are commensurate with the Organisation's cybersecurity standard?

Step 3

Send a Request a Quote request and include the accountID in the request.

Step 4.1

Get Quote details

This endpoint returns information associated with the quote (premium, fees, etc.) along with a list of available cyber coverages.

📘

Note that all brokers are set up as agency billed.

Developer Tip: please introduce a minimum latency of 15 seconds before calling this endpoint.

📘

Information associated with the quote will be returned in the following fields:

"premium": 1276.0,
"brokerFee": 100.0,
"additionalBrokerFee": 0.0,
"mgaFee": 0.0,
"totalPremium": 1376.0,

Cowbell also returns broker's commission in the commission field.

To check the status of a quote, please use the following 2 fields:

agencyStatus (shows status of a quote)
agencyDescription (provides details of a status; e.g., in case of a declination, this field will explain declination reason). 

List of all possible quote statutes is listed here.


Please note that the response to this endpoint returns agencyDeepLinkURL field.

If account was submitted with a broker who did not exist in the Cowbell's platform, the broker can use the link to create an account and proceed with binding in the portal.

Step 4.2

Brokers can also upload a quote if they want an underwriter to review a particular case even if it didn't refer. The process is described in more detail on this page.

Once quote is submitted to an underwriter, quote status under 'agencyStatus' field will switch to 'IN_REVIEW'.

📘

Webhook Notice

API Partners can subscribe to webhook notices. Whenever quote status changes, Cowbell will trigger webhook notification. Detailed instruction on how to subscribe to webhook notices is available here.

Step 4.3

To download the quote proposal, please use this endpoint. This endpoint will return the URL to download the quote proposal PDF.

📘

Presenting Coverages

Please note that Cowbell returns coverages associated with a quote in the quote details response in the coverages field.

Full list of coverages and id's is available here.

Step 5

Approve/Bind a Quote.

If the effective date on a quote changes, you can get the latest premium by calling Get Latest Premium for a Quote endpoint.

🚧

Please note that Cowbell Policy Specimen endpoint is coming soon.