Small Business Cyber

The Boost Small and Medium Business (SMB) Cyber program is designed as a modular product in order to allow Partners significant flexibility. The multitude of available endorsements, limits and deductibles means that Partners can build an insurance offering that best suits their specific customer base, or that they can opt to let the customer choose from a wide range of available options.

The Boost Cyber product is an Admitted, Commercial Lines product in all filed states.

Basic Structure

Boost Cyber was created for small to medium enterprises with a revenue cap of $100,000,000. The product offers a maximum limit of $5,000,000 aggregate, and a minimum deductible of $1,000 per policy.

The base form includes six insuring agreements: Security Breach Expense, Extortion Threat, Replacement or Restoration of Electronic Data, Business Income and Extra Expense, Public Relations Expense, Security Breach Liability (including PCI fines and penalties). Please refer to the policy form for full coverage details.

A Partner's offering can be modified to add additional coverage, or to reduce costs through a number of endorsements laid out below.

Base Forms

Coverages and Forms

Below is a myriad of available coverages along with a short description of each and link to the filed forms.

FormDescriptionAvailable LimitsAvailable Deductibles
Additional Insured EndorsementIncludes as an insured, the person(s) or organization(s) shown in the schedule of the endorsement. Additional Insured are subject to the same eligibility requirements as the primary named insured.Matches the Policy LimitMatches the Policy Deductible
Computer Funds Transfer EndorsementProvides coverage for loss incurred by the Insured resulting directly from a fraudulent entry or electronic data or computer program info, provided the fraudulent entry or change causes money, securities, or other property to be transferred, paid, or delivered or an account of the Insured’s at a financial institution to be debited or deleted.Matches the Policy LimitMatches the Policy Deductible
Hardware Replacement EndorsementProvides coverage to replace hardware that is permanently damaged after a Cyber incident, rendering it unusable (i.e. “the blue screen of death”).Matches the Policy LimitMatches the Policy Deductible
Include Retroactive Date EndorsementApplies to coverage provided under Security Breach Expense, Extortion Threats, Replacement or Restoration of Electronic Data, Business Income and Extra Expense, and Public Relations Expense. The related incident discovered during the policy period must take place on or after the retroactive date shown in the schedule and before the end of the policy period.

Three (3) years of retroactive cover is built into the product pricing and reducing this coverage will apply a discount to the base premium. If 3y+ is selected there is no discount while selecting 2y or 1y will apply a 10% or 15% discount to the base premium respectively.
Matches the Policy LimitMatches the Policy Deductible
Increase of or Elimination of Business and Contingent Business Income EndorsementBase coverage defaults to 10% of the policy coverage limit, subject to an aggregation sublimit, and does not require an endorsement.

Adding the endorsement removes the sublimit altogether and matches the Business Income and Extra Expense with the policy coverage limit or increases the sublimit, up to $1,000,000 in coverage, depending on the policy limit.

Ex1: Policy with a $50,000 Coverage Limit has a policy default of 10% = $5,000 BI coverage

IF the user purchased the Eliminate Sublimit they would have $50,000 of BI coverage

Ex2: Policy with a $2,000,000 Coverage Limit has a policy default of 10% = $200,000 BI coverage

IF the user purchased Increase Sublimit they would have $1,000,000 (max) of BI coverage
See examplesMatches the Policy Deductible
Post-Breach Remediation EndorsementPays expenses related to improving the Insured’s computer systems after a data breach to avoid or mitigate damages from further events.$50,000Matches the Policy Deductible
Ransom Payments EndorsementIncreases the available sublimit for Ransom Payments. Please note that the Ransom Payments Endorsement is being folded into the base form during our Fall 2023 product refiling and this standalone endorsement will be deprecated as the revised base form is approved in each state$50,000
$100,000
$250,000
$500,000
$1,000,000
Matches the Policy Deductible
Social Engineering EndorsementPays for losses resulting directly from the intentional misleading of an Insured to transfer money to an outside entity.$50,000
$100,000
$250,000
$5,000 minimum for $50,000

$10,000 minimum for $100,000

$10,000 minimum for $250,000
Enhanced Business and Contingent Business IncomeThis endorsement removes the e-commerce restriction for BI and CBI within the base formN/AN/A
Enhanced Business and Contingent Business Income - Inclusive of Systems FailureThis endorsement broadens coverage for Business Income and Extra Expense coverage inclusive
of System Failure.
N/AN/A
Telecommunications Fraud EndorsementCoverage to reimburse the Insured for invoices incurred after a fraudulent and unauthorized use of the Insured’s telecommunications systems (i.e. pays for the phone company bill).$50,000Matches the Policy Deductible
Website Media Content Liability Endorsement]Coverage specifically for Electronic Media Content disseminated by the Insured. This includes Copyright & Trademark Infringement for IP that is owned by the insured.$0
$50,000
$100,000
$250,000
$500,000
$1,000,000
Matches the Policy Deductible
Reverse Social Engineering EndorsementCoverage for losses resulting directing from a Reverse Social Engineering Event.

The Insured must also purchase the Social Engineering coverage
$50,000Matches the Social Engineering Deductible
Exclusion - Contingent Business IncomeThis endorsement excludes coverage from the Contingent Business InterruptionN/AN/A
Dedicated Breach Costs EndorsementThis endorsement provides insureds an option to have breach costs outside of the aggregate
limit.
$50,000
$100,000
$250,000
$500,000
Matches the Policy Deductible
Service Fraud Including Cryptojacking EndorsementThis endorsement covers unauthorized calls or unauthorized use of telephone system’s
bandwidth and monetary costs related to unauthorized access or use of the insured’s cloud
based services. In addition, this endorsement includes coverage for a loss when the
unauthorized access or use of a computer system for the purpose of mining for virtual currency
is compromised.
$50,000Matches the Policy Deductible
Exclusion - Certified Acts of TerrorismThis endorsement excludes coverage for any loss or defense expenses resulting from a Claim based upon, attributable to, or arising, out of a Certified Act of Terrorism.N/AN/A
Supplemental ERP ElectedProvides an Extended Reporting Period to the policy. State laws and regulations regarding minimum reporting periods must be followed.

Digital Signature

Before policy issuance Customers must attest to the fact that everything they have stated in the application is true and to a no known loss letter (NKLL). The NKLL simply states that the Insured does not know of any current losses that would impact the Policy. Partners can choose one of two ways for their customers to attest. Boost supports a digital signature flow leveraging PandaDoc where documents needing signature can be sent to the Partner (via webhook) or directly to the end user (via email). Once the documents are signed the quote can be converted into a Policy by the Partner. Alternatively, the Partner can build an affirmative acceptance of the Terms and Conditions through some sort of checkbox (think Apple TOS). This attestation takes the place of a digital signature and may simplify things for the Customer.

No Known Loss Letter (NKLL)

A No Known Loss Letter (NKLL) from the Customer is required before policy issuance and when modifying a policy via the below midterm endorsements:

  • Increased Limits
  • Decreased Retention/Deductible
  • Addition of Coverage endorsements:
    • Additional Insured
    • Computer and Funds Transfer Fraud
    • Hardware Replacement
    • Increase of or Elimination of Business Income and Extra Expense Sublimit
    • Post-Breach Remediation
    • Ransom Payments
    • Social Engineering
    • Telecommunications Fraud
  • Addition of a Subsidiary or Named Insured
  • Reinstatement of a Policy
  • Backdating of a Policy or Endorsement Effective Date

Retroactive Period

Full Prior Acts are included in the base policy.

Policy Quoting and Issuance

This section deals with the insurance and operations requirements related to the quoting and issuance of policies for the cyber liability product. For technical guidance of the quoting an issuance process in the API, please refer to the our Getting Started API Guide.

Quote Generation

  • All application questions listed in the Underwriting Guidelines must be answered in order to return a quote.
  • If allowable under Your product structure and UI, customers can modify various coverage aspects - including limits and deductibles - to see rating impacts prior to final selection and purchase.
  • The quote returned via the Boost API will be the annual premium, including all applicable taxes and fees.
  • Boost invoices on a monthly basis for the annual written premium from the preceding month. For more detail, please refer to the billing section.

Policy Issuance

  • Policies do not become legally binding until the customer electronically signs the application or accepts the Terms & Conditions.
  • The policy, including the base form and any selected endorsements, will be issued via the Boost API and sent via webhook or email for delivery to the Insured.

Policy Mechanics

  • Future effective dates are acceptable and match those set at the program level, currently set at +7 days
  • Policies may be backdated up to 7 days prior to the policy issuance date
  • The Insured may make any changes to the policy at renewal, including changing deductibles, limits, endorsements, within Your offered policy options, subject to Your underwriting guidelines.
  • The policy term is no less than 6 months and no more than 12 months and policies do not automatically renew at the end of the term.
    • An updated application will be required ahead of renewal to ensure accurate underwriting during each policy term.

Policy Cancellations

Cancellations are a fact of life in insurance and are subject to the policy provisions and may vary by state. Partners are responsible for indicating to Boost via API that a cancellation has taken place (insured requested, non-pay, etc.) and Boost will take care of the rest including any postal mail requirements. Remember that policy cancellations are auditable so you must maintain a record of all cancellation requests. This record can be an email, a call, an API log, etc as long as you are able to provide proof of the request, including the date the cancellation was requested, when and if required during an audit.

Renewals

Boost provides an automated renewal solution focused on ensuring that customers can enjoy a simple renewal flow. Cyber renewals require that the customers attest to information in a renewal application. In cases where the details have changed over the year the customer can obtain a new rate through the same mechanism as the original quoting flow.

Claims

London Fischer (LF) will service all claims made under this Program. As the TPA, they may appoint counsel and vendors from a pre-approval panel of experts. If there are additional vendors that you would like to have included on this list please let us know.

As Cyber claims can be fairly complex, LF will take a significant role in the research and adjudication of each specific claim. As these claims require a lot of information to service the First Notice of Loss (FNOL) requirements are actually setup to get the parties in contact rather than really dig into the claim.

FNOL Requirements are:

  • Policy Number
  • Business Name
  • Business Address
  • FNOL Point of Contact Name
  • FNOL Point of Contact Email Address
  • FNOL Point of Contact Phone Number
  • Loss Description

FNOL data and any Supporting Documentation are tied to the relevant Policy in the Boost Claims database. This information is then transmitted to London Fischer on a daily basis. Once the TPA receives FNOL they will provide automated daily updates to Boost on the adjudication status of any open Claim. This data will include any status changes, notes from conversations with customers and other relevant updates and is available to the Partner.

Once all information has been received, London Fischer will begin the investigation and adjudication process of the claim. London Fisher is responsible for handling all processing including validation to prevent fraud, whether or not the claim should be covered under the policy and communicating with the insured for any follow ups. Partners may choose to be copied on all communication to the policyholder as it relates to the claims.