Requesting a P250 involves the following steps:

Step 1

This endpoint will return accountID which you can then use to submit subsequent API requests.

Step 2

📘
List of security assessment questions can be found below:

Field Description Required?
accountId Policyholder's account id Y
backupFrequency How often does the organization perform backups of business-critical data? (Allowable values WEEKLY/MONTHLY/QUARTERLY/SIX_MONTHS/NEVER) Y
civilOrCriminalAction Civil or criminal action or administrative proceeding alleging violation of any federal, state, local or common law? Y
claimHistory Has the Organization filed any claims due to a cyber event? 0=Never, 1=within last 12 months, 2=with last 2 years, 3=within last 3 years, 4=within last 4 years, 5=within 5years or more Y
dmzSeparation Are all internet-accessible systems (e.g. web, email-servers) segregated from the organization’s trusted network (e.g. within a demilitarized zone (DMZ) or at a third-party service provider)? N
incidentResponsePlan Does the organization have an incident response plan - tested and in-effect - setting forth specific action items and responsibilities for relevant parties in the event of cyber incident or data breach matter? Y
isAuthenticatingFundTransferRequests Do policy holder employees authenticate funds transfer requests (e.g. by calling a customer to verify the request at a predetermined phone number)? Affirmative answer is required to be eligible for Social Engineering endorsement T
isPreventingUnauthorizedWireTransfers Do policy holder employees prevent unauthorized employees from initiating wire transfers? Affirmative answer is required to be eligible for Social Engineering endorsement N
isSecurityOfficer Does the policyholder agree to be the designated Information Security Contact? Y
isSecurityTraining Does policyholder provide mandatory information security training to all employees at least annually? If not, are they willing to implement it during the policy period? Y
isVerifyingBankAccounts Do policy holder employees verify vendor/supplier bank accounts before adding to accounts payable systems. Affirmative answer is required to be eligible for Social Engineering endorsement N
lossInBusinessIncome During the last three years, has the organization suffered loss of business income as a result of unscheduled system downtime? Y
mfaAuthentication Do you enforce Multi-Factor Authentication (MFA) for all employees, contractors, and partners? Y
pastCyberIncident Had any past Cyber Incidents Y
pastCyberIncidentDetails Has the organization filed any claims due to a cyber event in last five years? If yes, attach loss detail herewith. Y
patchingFrequency How often does the organization apply updates to critical IT-systems and applications? Allowable values WEEKLY/MONTHLY/QUARTERLY/SIX_MONTHS/NEVER) Y
pendingLitigation Is there currently any pending litigation, administrative proceeding or claim against the named applicant, organization and/or any of the prospective insureds? Y
securityBreachRequiringNotification During the last three years, has the organization suffered a security breach requiring customer or third-party notification according to state or federal regulations? Y
testedFullFailover Has the organization tested a full failover of the most critical servers? N
thirdPartySecurityAgreement Do agreements with third-party service providers require levels of security commensurate with the organization’s information security standard? N
useCloudStorage Does the policyholder have sensitive information stored on the cloud? Y
useEncryption Does the policyholder encrypt all emails, mobile and computing devices containing sensitive information (e.g., PII, PHI, PCI) sent to external parties? Y

Field	Description	Required?
accountId	Policyholder's account id	Y
backupFrequency	How often does the organization perform backups of business-critical data? (Allowable values WEEKLY/MONTHLY/QUARTERLY/SIX_MONTHS/NEVER)	Y
civilOrCriminalAction	Civil or criminal action or administrative proceeding alleging violation of any federal, state, local or common law?	Y
claimHistory	Has the Organization filed any claims due to a cyber event? 0=Never, 1=within last 12 months, 2=with last 2 years, 3=within last 3 years, 4=within last 4 years, 5=within 5years or more	Y
dmzSeparation	Are all internet-accessible systems (e.g. web, email-servers) segregated from the organization’s trusted network (e.g. within a demilitarized zone (DMZ) or at a third-party service provider)?	N
incidentResponsePlan	Does the organization have an incident response plan - tested and in-effect - setting forth specific action items and responsibilities for relevant parties in the event of cyber incident or data breach matter?	Y
isAuthenticatingFundTransferRequests	Do policy holder employees authenticate funds transfer requests (e.g. by calling a customer to verify the request at a predetermined phone number)? Affirmative answer is required to be eligible for Social Engineering endorsement	T
isPreventingUnauthorizedWireTransfers	Do policy holder employees prevent unauthorized employees from initiating wire transfers? Affirmative answer is required to be eligible for Social Engineering endorsement	N
isSecurityOfficer	Does the policyholder agree to be the designated Information Security Contact?	Y
isSecurityTraining	Does policyholder provide mandatory information security training to all employees at least annually? If not, are they willing to implement it during the policy period?	Y
isVerifyingBankAccounts	Do policy holder employees verify vendor/supplier bank accounts before adding to accounts payable systems. Affirmative answer is required to be eligible for Social Engineering endorsement	N
lossInBusinessIncome	During the last three years, has the organization suffered loss of business income as a result of unscheduled system downtime?	Y
mfaAuthentication	Do you enforce Multi-Factor Authentication (MFA) for all employees, contractors, and partners?	Y
pastCyberIncident	Had any past Cyber Incidents	Y
pastCyberIncidentDetails	Has the organization filed any claims due to a cyber event in last five years? If yes, attach loss detail herewith.	Y
patchingFrequency	How often does the organization apply updates to critical IT-systems and applications? Allowable values WEEKLY/MONTHLY/QUARTERLY/SIX_MONTHS/NEVER)	Y
pendingLitigation	Is there currently any pending litigation, administrative proceeding or claim against the named applicant, organization and/or any of the prospective insureds?	Y
securityBreachRequiringNotification	During the last three years, has the organization suffered a security breach requiring customer or third-party notification according to state or federal regulations?	Y
testedFullFailover	Has the organization tested a full failover of the most critical servers?	N
thirdPartySecurityAgreement	Do agreements with third-party service providers require levels of security commensurate with the organization’s information security standard?	N
useCloudStorage	Does the policyholder have sensitive information stored on the cloud?	Y
useEncryption	Does the policyholder encrypt all emails, mobile and computing devices containing sensitive information (e.g., PII, PHI, PCI) sent to external parties?	Y

Step 3

Create a Quote

Step 4

Get Quote details (optional)

This endpoint returns information associated with the quote (premium, fees, etc.) along with a list of available cyber coverages.
Developer Tip: please introduce a minimum latency of 15 seconds before calling this endpoint.

📘
Below you will find premium breakdown:

Field How Cowbell present on the proposal
premium Premium with TRIA
tria TRIA
mgaFee Underwriting Fees
surplusLineTax Surplus Line Tax
surplusStampingFee Stamping Fee, Surcharge, etc.
totalPremium Total Amount

Prime250

Step 1

Step 2

📘
List of security assessment questions can be found below:

Step 3

Step 4

📘
Below you will find premium breakdown:

Step 1

Step 2

📘List of security assessment questions can be found below:

Step 3

Step 4

📘Below you will find premium breakdown:

📘
List of security assessment questions can be found below:

📘
Below you will find premium breakdown: