Small Business Cyber
The Boost Small and Medium Business (SMB) Cyber program is designed as a modular product in order to allow Partners significant flexibility. The multitude of available endorsements, limits and deductibles means that Partners can build an insurance offering that best suits their specific customer base, or that they can opt to let the customer choose from a wide range of available options.
The Boost Cyber product is an Admitted, Commercial Lines product in all filed states.
Basic Structure
Boost Cyber was created for small to medium enterprises with a revenue cap of $100,000,000. The product offers a maximum limit of $5,000,000 aggregate, and a minimum deductible of $1,000 per policy.
The base form includes six insuring agreements: Security Breach Expense, Extortion Threat, Replacement or Restoration of Electronic Data, Business Income and Extra Expense, Public Relations Expense, Security Breach Liability (including PCI fines and penalties). Please refer to the policy form for full coverage details.
A Partner's offering can be modified to add additional coverage, or to reduce costs through a number of endorsements laid out below.
Base Forms
Coverages and Forms
Below is a myriad of available coverages along with a short description of each and link to the filed forms.
Form | Description | Available Limits | Available Deductibles |
---|---|---|---|
Additional Insured Endorsement | Includes as an insured, the person(s) or organization(s) shown in the schedule of the endorsement. Additional Insured are subject to the same eligibility requirements as the primary named insured. | Matches the Policy Limit | Matches the Policy Deductible |
Computer Funds Transfer Endorsement | Provides coverage for loss incurred by the Insured resulting directly from a fraudulent entry or electronic data or computer program info, provided the fraudulent entry or change causes money, securities, or other property to be transferred, paid, or delivered or an account of the Insured’s at a financial institution to be debited or deleted. | Matches the Policy Limit | Matches the Policy Deductible |
Hardware Replacement Endorsement | Provides coverage to replace hardware that is permanently damaged after a Cyber incident, rendering it unusable (i.e. “the blue screen of death”). | Matches the Policy Limit | Matches the Policy Deductible |
Include Retroactive Date Endorsement | Applies to coverage provided under Security Breach Expense, Extortion Threats, Replacement or Restoration of Electronic Data, Business Income and Extra Expense, and Public Relations Expense. The related incident discovered during the policy period must take place on or after the retroactive date shown in the schedule and before the end of the policy period. Three (3) years of retroactive cover is built into the product pricing and reducing this coverage will apply a discount to the base premium. If 3y+ is selected there is no discount while selecting 2y or 1y will apply a 10% or 15% discount to the base premium respectively. | Matches the Policy Limit | Matches the Policy Deductible |
Increase of or Elimination of Business and Contingent Business Income Endorsement | Base coverage defaults to 10% of the policy coverage limit, subject to an aggregation sublimit, and does not require an endorsement. Adding the endorsement removes the sublimit altogether and matches the Business Income and Extra Expense with the policy coverage limit or increases the sublimit, up to $1,000,000 in coverage, depending on the policy limit. Ex1: Policy with a $50,000 Coverage Limit has a policy default of 10% = $5,000 BI coverage IF the user purchased the Eliminate Sublimit they would have $50,000 of BI coverage Ex2: Policy with a $2,000,000 Coverage Limit has a policy default of 10% = $200,000 BI coverage IF the user purchased Increase Sublimit they would have $1,000,000 (max) of BI coverage | See examples | Matches the Policy Deductible |
Post-Breach Remediation Endorsement | Pays expenses related to improving the Insured’s computer systems after a data breach to avoid or mitigate damages from further events. | $50,000 | Matches the Policy Deductible |
Ransom Payments Endorsement | Increases the available sublimit for Ransom Payments. Please note that the Ransom Payments Endorsement is being folded into the base form during our Fall 2023 product refiling and this standalone endorsement will be deprecated as the revised base form is approved in each state | $50,000 $100,000 $250,000 $500,000 $1,000,000 | Matches the Policy Deductible |
Social Engineering Endorsement | Pays for losses resulting directly from the intentional misleading of an Insured to transfer money to an outside entity. | $50,000 $100,000 $250,000 | $5,000 minimum for $50,000 $10,000 minimum for $100,000 $10,000 minimum for $250,000 |
Enhanced Business and Contingent Business Income | This endorsement removes the e-commerce restriction for BI and CBI within the base form | N/A | N/A |
Enhanced Business and Contingent Business Income - Inclusive of Systems Failure | This endorsement broadens coverage for Business Income and Extra Expense coverage inclusive of System Failure. | N/A | N/A |
Telecommunications Fraud Endorsement | Coverage to reimburse the Insured for invoices incurred after a fraudulent and unauthorized use of the Insured’s telecommunications systems (i.e. pays for the phone company bill). | $50,000 | Matches the Policy Deductible |
Website Media Content Liability Endorsement] | Coverage specifically for Electronic Media Content disseminated by the Insured. This includes Copyright & Trademark Infringement for IP that is owned by the insured. | $0 $50,000 $100,000 $250,000 $500,000 $1,000,000 | Matches the Policy Deductible |
Reverse Social Engineering Endorsement | Coverage for losses resulting directing from a Reverse Social Engineering Event. The Insured must also purchase the Social Engineering coverage | $50,000 | Matches the Social Engineering Deductible |
Exclusion - Contingent Business Income | This endorsement excludes coverage from the Contingent Business Interruption | N/A | N/A |
Dedicated Breach Costs Endorsement | This endorsement provides insureds an option to have breach costs outside of the aggregate limit. | $50,000 $100,000 $250,000 $500,000 | Matches the Policy Deductible |
Service Fraud Including Cryptojacking Endorsement | This endorsement covers unauthorized calls or unauthorized use of telephone system’s bandwidth and monetary costs related to unauthorized access or use of the insured’s cloud based services. In addition, this endorsement includes coverage for a loss when the unauthorized access or use of a computer system for the purpose of mining for virtual currency is compromised. | $50,000 | Matches the Policy Deductible |
Exclusion - Certified Acts of Terrorism | This endorsement excludes coverage for any loss or defense expenses resulting from a Claim based upon, attributable to, or arising, out of a Certified Act of Terrorism. | N/A | N/A |
Supplemental ERP Elected | Provides an Extended Reporting Period to the policy. State laws and regulations regarding minimum reporting periods must be followed. |
Digital Signature
Before policy issuance Customers must attest to the fact that everything they have stated in the application is true and to a no known loss letter (NKLL). The NKLL simply states that the Insured does not know of any current losses that would impact the Policy. Partners can choose one of two ways for their customers to attest. Boost supports a digital signature flow leveraging PandaDoc where documents needing signature can be sent to the Partner (via webhook) or directly to the end user (via email). Once the documents are signed the quote can be converted into a Policy by the Partner. Alternatively, the Partner can build an affirmative acceptance of the Terms and Conditions through some sort of checkbox (think Apple TOS). This attestation takes the place of a digital signature and may simplify things for the Customer.
No Known Loss Letter (NKLL)
A No Known Loss Letter (NKLL) from the Customer is required before policy issuance and when modifying a policy via the below midterm endorsements:
- Increased Limits
- Decreased Retention/Deductible
- Addition of Coverage endorsements:
- Additional Insured
- Computer and Funds Transfer Fraud
- Hardware Replacement
- Increase of or Elimination of Business Income and Extra Expense Sublimit
- Post-Breach Remediation
- Ransom Payments
- Social Engineering
- Telecommunications Fraud
- Addition of a Subsidiary or Named Insured
- Reinstatement of a Policy
- Backdating of a Policy or Endorsement Effective Date
Retroactive Period
Full Prior Acts are included in the base policy.
Policy Quoting and Issuance
This section deals with the insurance and operations requirements related to the quoting and issuance of policies for the cyber liability product. For technical guidance of the quoting an issuance process in the API, please refer to the our Getting Started API Guide.
Quote Generation
- All application questions listed in the Underwriting Guidelines must be answered in order to return a quote.
- If allowable under Your product structure and UI, customers can modify various coverage aspects - including limits and deductibles - to see rating impacts prior to final selection and purchase.
- The quote returned via the Boost API will be the annual premium, including all applicable taxes and fees.
- Boost invoices on a monthly basis for the annual written premium from the preceding month. For more detail, please refer to the billing section.
Policy Issuance
- Policies do not become legally binding until the customer electronically signs the application or accepts the Terms & Conditions.
- The policy, including the base form and any selected endorsements, will be issued via the Boost API and sent via webhook or email for delivery to the Insured.
Policy Mechanics
- Future effective dates are acceptable and match those set at the program level, currently set at +7 days
- Policies may be backdated up to 7 days prior to the policy issuance date
- The Insured may make any changes to the policy at renewal, including changing deductibles, limits, endorsements, within Your offered policy options, subject to Your underwriting guidelines.
- The policy term is no less than 6 months and no more than 12 months and policies do not automatically renew at the end of the term.
- An updated application will be required ahead of renewal to ensure accurate underwriting during each policy term.
Policy Cancellations
Cancellations are a fact of life in insurance and are subject to the policy provisions and may vary by state. Partners are responsible for indicating to Boost via API that a cancellation has taken place (insured requested, non-pay, etc.) and Boost will take care of the rest including any postal mail requirements. Remember that policy cancellations are auditable so you must maintain a record of all cancellation requests. This record can be an email, a call, an API log, etc as long as you are able to provide proof of the request, including the date the cancellation was requested, when and if required during an audit.
Renewals
Boost provides an automated renewal solution focused on ensuring that customers can enjoy a simple renewal flow. Cyber renewals require that the customers attest to information in a renewal application. In cases where the details have changed over the year the customer can obtain a new rate through the same mechanism as the original quoting flow.
Claims
London Fischer (LF) will service all claims made under this Program. As the TPA, they may appoint counsel and vendors from a pre-approval panel of experts. If there are additional vendors that you would like to have included on this list please let us know.
As Cyber claims can be fairly complex, LF will take a significant role in the research and adjudication of each specific claim. As these claims require a lot of information to service the First Notice of Loss (FNOL) requirements are actually setup to get the parties in contact rather than really dig into the claim.
FNOL Requirements are:
- Policy Number
- Business Name
- Business Address
- FNOL Point of Contact Name
- FNOL Point of Contact Email Address
- FNOL Point of Contact Phone Number
- Loss Description
FNOL data and any Supporting Documentation are tied to the relevant Policy in the Boost Claims database. This information is then transmitted to London Fischer on a daily basis. Once the TPA receives FNOL they will provide automated daily updates to Boost on the adjudication status of any open Claim. This data will include any status changes, notes from conversations with customers and other relevant updates and is available to the Partner.
Once all information has been received, London Fischer will begin the investigation and adjudication process of the claim. London Fisher is responsible for handling all processing including validation to prevent fraud, whether or not the claim should be covered under the policy and communicating with the insured for any follow ups. Partners may choose to be copied on all communication to the policyholder as it relates to the claims.
Updated over 1 year ago