At-Bay Cyber
At-Bay offers a modern approach to cyber insurance, combining industry-leading coverage with advanced cybersecurity technology. Their flagship product, At-Bay Stance™, provides end-to-end prevention and protection for businesses in the digital age. The company’s insurance policies cover both primary and excess Surplus Cyber and Tech E&O and primary Surplus MPL coverage. By integrating insurance and security, At-Bay aims to tackle cyber risk proactively, offering businesses comprehensive protection against digital threats.
At-Bay Cyber
Help Prevent Loss
At-Bay Cyber Insurance
Designed to Help Prevent Loss
At-Bay offers cyber insurance designed to help businesses prevent and recover from cyber-attacks. Their comprehensive approach includes:
Key Features
- Detailed Security Report: Provided at the time of quote to assess security strength before policy purchase.
- At-Bay Stance™: Offers mission-critical products and services to reduce cyber risk as part of the insurance policy.
- In-house Claims & Incident Response Teams: Experienced professionals who help policyholders recover quickly from cyber events.
At-Bay policyholders are up to 5 times less likely than the industry average to experience a ransomware attack.
Coverage Highlights
At-Bay’s cyber policy covers various aspects of cyber risk, including:
- Ransomware
- Financial fraud and cybercrime
- Business interruption losses
- Breach response and data recovery
- Liability claims from network security or information privacy events
Why Cyber Insurance is Essential
Cyber insurance is crucial for businesses that:
- Sell products or services online
- Use technology to conduct business
- Store or process sensitive data or customer information
Even small businesses are frequent targets for cyber attacks due to their limited resources and expertise in combating evolving threats.
First-Party Coverage
At-Bay’s policy includes:
- Event Response & Recovery
- Event Response & Management
- Direct and Contingent Business Interruption
- System Failure Coverage
- Cyber Extortion
- Social Engineering & Computer Fraud
- Reputational Harm Coverage
Third-Party Coverage
The policy also covers:
- Information Privacy Liability
- Network Security Liability
- Regulatory Liability
- Payment Card Liability
- Media Liability
Real-World Examples
The document provides two case studies demonstrating At-Bay’s effectiveness:
1. A food retailer suffered wire fraud, resulting in a $60,000 reimbursement from At-Bay.
2. A construction company experienced email compromise, leading to At-Bay covering nearly $28,000 in breach-related costs.
At-Bay’s cyber insurance offers comprehensive protection against a wide range of cyber threats, combining financial coverage with proactive security measures to help businesses prevent, respond to, and recover from cyber incidents.
At-Bay Cyber
Admitted vs Surplus
At-Bay Cyber Insurance
Admitted vs. Surplus
At-Bay comprehensively compares its admitted and surplus cyber insurance coverage options. At-Bay takes an innovative approach to cyber insurance underwriting, continuously analyzing and monitoring the risk of every company in their portfolio to provide ongoing education, advice, and support to brokers and businesses.
Admitted vs. Surplus Coverage
The key differences between the admitted and surplus coverage options are:
Target Customer:
- Admitted: Micro to small businesses with standard risk profiles seeking affordable but comprehensive coverage
- Surplus: Small to midsize businesses seeking premium, customizable cyber insurance
Minimum Premium:
- Admitted: $100 for $100K aggregate limit ($750 for $1M aggregate)
- Surplus: $950 for $1M aggregate limit
Revenue Limit:
- Admitted: Up to $25M
- Surplus: Up to $100M
Coverage Limit:
- Admitted: Up to $1M
- Surplus: Up to $3M
Coverage Highlights
Both admitted, and surplus options include:
- Information Privacy – Event Response & Liability
- Network Security – Event Response & Liability
- Data Recovery
- PCI Liability
- Business Interruption (Direct and Contingent)
- System Failure (Direct and Contingent)
- Reputational Harm
- Cyber Extortion
- Financial Fraud
The surplus option offers additional coverages such as Media Liability & Event Response, Broker-Specific Amendatories, Contingent Bodily Injury, HIPAA Betterment, and PCI Betterment.
Additional Features
State Availability:
- Admitted: All states, including D.C., except for Alaska
- Surplus: All states, including D.C.
AM Best Rating:
- Both options are underwritten by A- (Excellent) rated carriers
Security Solutions:
- Both options include Active Risk Monitoring, At-Bay Response & Recovery, and access to the At-Bay Security Partner Network. The surplus option provides access to At-Bay Stance Exposure Manager and At-Bay Stance Managed Security.
Fees:
- Admitted: State surcharges (if applicable)
- Surplus: Surplus lines tax and embedded security fee based on risk exposure
At-Bay emphasizes that its approach to cyber insurance is dynamic, recognizing that numerous new threats emerge over an insurance year. Their regular risk analysis and monitoring allow them to provide ongoing support and education to their clients throughout the partnership.
At-Bay Cyber
Ransomware Attack
CFC Cyber Insurance
Claim Case Study: Ransomware Attack
At-Bay Cyber presents a case study of a ransomware attack on an engineering firm and the subsequent response. The attack targeted a company with 800-1,000 employees and revenue between $75M-$125M, exploiting an open Remote Desktop Protocol (RDP) port to access internal systems and hold project files, contracts, and sensitive client information for ransom.
The case study outlines a detailed timeline of the incident response:
1. Initial Contact: On a Sunday morning, the firm’s insurance broker contacted At-Bay and a breach coach.
2. Team Assembly: At-Bay quickly assembled a response team, including a breach coach, forensics firm, cryptocurrency payment facilitator, and ransom negotiator.
3. Assessment: The team conducted a scoping call and created a Statement of Work (SOW) to outline necessary actions.
4. Negotiation: At-Bay approved contact with the attacker, identified as the Lockbit ransomware group. After negotiations, the ransom was paid at a 50% reduction from the initial demand.
5. Resolution: The response team received a decryption tool, verified its safety, and began restoring the firm’s systems.
6. Recovery: The most critical systems were operational within three days, and the company resumed partial operations. Full business operations were restored within 10 days of the attack.
At-Bay maintained close communication with the client throughout the incident and conducted external scans to identify potential vulnerabilities. They discovered an open port connected to a third-party service provider, which was subsequently closed to reduce the risk of future attacks.
The document emphasizes At-Bay’s role as an “InsurSec provider,” offering a combination of insurance and cybersecurity technology. It claims that At-Bay’s approach makes its customers up to 5 times less likely than the industry average to experience a ransomware attack.
The case study highlights At-Bay’s commitment to providing prompt, efficient, and equitable claims handling, noting that response timelines may vary. It also includes a disclaimer that the information provided is for informational purposes only and does not define any policy commitments.
At-Bay Cyber Insurance
At-Bay: Pioneering InsurSec for the Digital Age
At-Bay represents a new generation of insurance providers, combining advanced cybersecurity technology with comprehensive insurance coverage to create an innovative approach to cyber risk management.
Company Overview
At-Bay has established itself as an InsurSec provider, uniquely positioning itself by integrating world-class technology with industry-leading insurance and security expertise. The company was specifically designed to help businesses of all sizes confront cyber risks through their comprehensive end-to-end protection approach.
Insurance Products and Coverage
Admitted Cyber Coverage
The admitted cyber product features:
- Coverage for businesses with up to $25 million in revenue
- Limits up to $1 million
- Available in all states except Alaska and Kentucky
Surplus Cyber Coverage
At-Bay offers substantial coverage limits for businesses of varying sizes:
- Up to $10 million in limits for businesses with revenue up to $5 billion
- Coverage available for both primary and excess lines
- Automated underwriting platform providing instant quotes for businesses up to $100 million in revenue
Unique Features and Benefits
Comprehensive Protection
At-Bay’s cyber insurance policies include:
- Direct and contingent coverage for business interruption
- Social engineering and invoice manipulation protection
- Full limits for crypto-jacking and bricking coverage
- Broad cyber extortion coverage, including cryptocurrency payments
- Reputational harm coverage with PR costs
Active Risk Monitoring
A distinctive feature of At-Bay’s offering is its Active Risk Monitoring service, which is provided at no additional cost to policyholders. This proactive approach helps identify and address potential security vulnerabilities before they can be exploited.
Technology Integration
The company has developed At-Bay Stance™, which combines insurance coverage with cybersecurity technology to deliver comprehensive prevention and protection. This integration of insurance and security creates a more robust risk management solution.
Coverage Areas
At-Bay’s policies protect against various cyber threats, including:
- Malware attacks
- Phishing incidents
- Ransomware attacks
- Password breaches
- IoT device compromises
- Social engineering schemes
Market Statistics and Risk Landscape
Current cyber threat statistics underscore the importance of At-Bay’s services:
- 69% of organizations experienced compromises through internet-facing assets
- The average data breach cost reached $4.45 million globally in 2023
- 66% of organizations faced ransomware attacks in the previous year
Exclusions and Limitations
While At-Bay’s coverage is comprehensive, certain aspects are not covered:
- Intentional acts or fraud by policyholders
- Known vulnerabilities left unaddressed
- Use of unapproved software
- Non-cyber-related losses
- Certain regulatory fines
- War or terrorism-related incidents
At-Bay Insurance & Technology
At-Bay stands out in the cyber insurance market through its innovative insurance and security technology combination. Their approach to cyber risk management, featuring active monitoring and comprehensive coverage options, positions them as a forward-thinking provider equipped to handle modern digital threats.
This description provides general information on cyber insurance and does not cover all specifics; actual coverage will depend on the terms of your individual policy.
Cyber Insurance: Your Business’s Safety Net
Learn More about At-Bay Coverage & Pricing
No Spam. Promise!
At-Bay: Defending Cyber Crime
At-Bay discusses combining cyber insurance with security services (InsurSec). They explain that their company’s perspective on cyber threats is based on empirical data from insurance claims and investigations, providing a more objective view than other sources. The speakers highlight the top five risks for businesses they insure, with 80% of their claims resulting from these issues: unpatched vulnerabilities, exposed remote access, stolen credentials, ineffective backups, and email security.
The speakers delve into each risk, emphasizing the importance of basic security measures like patching systems, controlling remote access, implementing multi-factor authentication, maintaining backups, and improving email security. They stress that many attacks exploit simple vulnerabilities rather than using sophisticated methods and that proper implementation of basic security controls can significantly mitigate risks. The discussion also touches on the ransomware ecosystem, explaining how different criminal groups specialize in various aspects of attacks, from initial access to ransomware development and deployment.
The video concludes with a case study of a large e-discovery company that fell victim to a ransomware attack. Despite seemingly adequate security measures, the company suffered a significant breach due to a single phishing email and a lack of basic security controls like multi-factor authentication. The attack resulted in extensive downtime, financial losses, and company reputation damage. The speakers emphasize that this case demonstrates how even companies with substantial resources can fall victim to attacks if they neglect fundamental security practices.