Send Prime 250 Security Assessment

put https://api.cowbellcyber.ai/api/account/v2/questions/p250

Required if using Register Account V2. Send security assessment responses to Cowbell. Only valid if Register Account V2 response indicates Prime250 product access.

Query Params

isFormattedError

boolean

isFormattedError

Body Params

accountId

string

required

Account Id

backupFrequency

string

required

How often does the organization perform backups of business-critical data? (Allowable values WEEKLY/MONTHLY/QUARTERLY/SIX_MONTHS/NEVER)

backupFrequencyEncrypted

boolean

At least 1 is required if backupFrequency answer is not NEVER

backupFrequencyOther

string

At least 1 is required if backupFrequency answer is not NEVER

backupFrequencySeparate

boolean

At least 1 is required if backupFrequency answer is not NEVER

backupFrequencyTested

boolean

At least 1 is required if backupFrequency answer is not NEVER

changeInScope

boolean

Only applicable if quote is renewal

changeInScopeDetail

string

Only applicable if quote is renewal

civilOrCriminalAction

boolean

required

Civil or criminal action or administrative proceeding alleging violation of any federal, state, local or common law?

claimHistory

int32

required

Has the Organization filed any claims due to a cyber event? 0=Never, 1=within last 12 months, 2=with last 2 years, 3=within last 3 years, 4=within last 4 years, 5=within 5years or more

dmzSeparation

boolean

Are all internet-accessible systems (e.g. web, email-servers) segregated from the organization’s trusted network (e.g. within a demilitarized zone (DMZ) or at a third-party service provider)?

incidentResponsePlan

boolean

required

Does the organization have an incident response plan - tested and in-effect - setting forth specific action items and responsibilities for relevant parties in the event of cyber incident or data breach matter?

isAuthenticatingFundTransferRequests

boolean

required

Do policy holder employees authenticate funds transfer requests (e.g. by calling a customer to verify the request at a predetermined phone number)? Affirmative answer is required to be eligible for Social Engineering endorsement

isPreventingUnauthorizedWireTransfers

boolean

required

Do policy holder employees prevent unauthorized employees from initiating wire transfers? Affirmative answer is required to be eligible for Social Engineering endorsement

isSecurityOfficer

boolean

required

Does the policyholder agree to be the designated Information Security Contact?

isSecurityTraining

boolean

required

Does policyholder provide mandatory information security training to all employees at least annually? If not, are they willing to implement it during the policy period?

isVerifyingBankAccounts

boolean

required

Do policy holder employees verify vendor/supplier bank accounts before adding to accounts payable systems. Affirmative answer is required to be eligible for Social Engineering endorsement

lossInBusinessIncome

boolean

required

During the last three years, has the organization suffered loss of business income as a result of unscheduled system downtime?

mfaAuthentication

boolean

required

Do you enforce Multi-Factor Authentication (MFA) for all employees, contractors, and partners?

mfaCloudDeployments

boolean

At least 1 is required if mfaAuthentication is true

mfaEmail

boolean

At least 1 is required if mfaAuthentication is true

mfaMissionCriticalSystems

boolean

At least 1 is required if mfaAuthentication is true

mfaOther

string

At least 1 is required if mfaAuthentication is true

mfaRemoteAccess

boolean

At least 1 is required if mfaAuthentication is true

pastCyberIncident

boolean

required

Had any past Cyber Incidents (Required to be true if claimHistory is answered with value greater than 0)

pastCyberIncidentDetails

string

required

Has the organization filed any claims due to a cyber event in last five years? If yes, attach loss detail herewith.

patchingFrequency

string

required

How often does the organization apply updates to critical IT-systems and applications? Allowable values WEEKLY/MONTHLY/QUARTERLY/SIX_MONTHS/NEVER)

pendingLitigation

boolean

required

Is there currently any pending litigation, administrative proceeding or claim against the named applicant, organization and/or any of the prospective insureds?

renewalChangeInAnswers

boolean

Only applicable if quote is renewal

renewalChangeInAnswersDetail

string

Only applicable if quote is renewal

securityBreachRequiringNotification

boolean

required

During the last three years, has the organization suffered a security breach requiring customer or third-party notification according to state or federal regulations?

testedFullFailover

boolean

Has the organization tested a full failover of the most critical servers?

thirdPartySecurityAgreement

boolean

Do agreements with third-party service providers require levels of security commensurate with the organization’s information security standard?

useCloudStorage

boolean

required

Does the policyholder have sensitive information stored on the cloud?

useEncryption

boolean

required

Does the policyholder encrypt all emails, mobile and computing devices containing sensitive information (e.g., PII, PHI, PCI) sent to external parties?

Responses

Response body

object

accountId

string

required

Account Id

backupFrequency

string

required

How often does the organization perform backups of business-critical data? (Allowable values WEEKLY/MONTHLY/QUARTERLY/SIX_MONTHS/NEVER)

MONTHLY NEVER QUARTERLY SIX_MONTHS WEEKLY

backupFrequencyEncrypted

boolean

At least 1 is required if backupFrequency answer is not NEVER

backupFrequencyOther

string

At least 1 is required if backupFrequency answer is not NEVER

backupFrequencySeparate

boolean

At least 1 is required if backupFrequency answer is not NEVER

backupFrequencyTested

boolean

At least 1 is required if backupFrequency answer is not NEVER

changeInScope

boolean

Only applicable if quote is renewal

changeInScopeDetail

string

Only applicable if quote is renewal

civilOrCriminalAction

boolean

required

Civil or criminal action or administrative proceeding alleging violation of any federal, state, local or common law?

claimHistory

int32

required

Has the Organization filed any claims due to a cyber event? 0=Never, 1=within last 12 months, 2=with last 2 years, 3=within last 3 years, 4=within last 4 years, 5=within 5years or more

1 2 3 4 5

dmzSeparation

boolean

Are all internet-accessible systems (e.g. web, email-servers) segregated from the organization’s trusted network (e.g. within a demilitarized zone (DMZ) or at a third-party service provider)?

incidentResponsePlan

boolean

required

isAuthenticatingFundTransferRequests

boolean

required

isPreventingUnauthorizedWireTransfers

boolean

required

Do policy holder employees prevent unauthorized employees from initiating wire transfers? Affirmative answer is required to be eligible for Social Engineering endorsement

isSecurityOfficer

boolean

required

Does the policyholder agree to be the designated Information Security Contact?

isSecurityTraining

boolean

required

Does policyholder provide mandatory information security training to all employees at least annually? If not, are they willing to implement it during the policy period?

isVerifyingBankAccounts

boolean

required

Do policy holder employees verify vendor/supplier bank accounts before adding to accounts payable systems. Affirmative answer is required to be eligible for Social Engineering endorsement

lossInBusinessIncome

boolean

required

During the last three years, has the organization suffered loss of business income as a result of unscheduled system downtime?

mfaAuthentication

boolean

required

Do you enforce Multi-Factor Authentication (MFA) for all employees, contractors, and partners?

mfaCloudDeployments

boolean

At least 1 is required if mfaAuthentication is true

mfaEmail

boolean

At least 1 is required if mfaAuthentication is true

mfaMissionCriticalSystems

boolean

At least 1 is required if mfaAuthentication is true

mfaOther

string

At least 1 is required if mfaAuthentication is true

mfaRemoteAccess

boolean

At least 1 is required if mfaAuthentication is true

pastCyberIncident

boolean

required

Had any past Cyber Incidents (Required to be true if claimHistory is answered with value greater than 0)

pastCyberIncidentDetails

string

required

Has the organization filed any claims due to a cyber event in last five years? If yes, attach loss detail herewith.

patchingFrequency

string

required

How often does the organization apply updates to critical IT-systems and applications? Allowable values WEEKLY/MONTHLY/QUARTERLY/SIX_MONTHS/NEVER)

MONTHLY NEVER QUARTERLY SIX_MONTHS WEEKLY

pendingLitigation

boolean

required

Is there currently any pending litigation, administrative proceeding or claim against the named applicant, organization and/or any of the prospective insureds?

renewalChangeInAnswers

boolean

Only applicable if quote is renewal

renewalChangeInAnswersDetail

string

Only applicable if quote is renewal

securityBreachRequiringNotification

boolean

required

During the last three years, has the organization suffered a security breach requiring customer or third-party notification according to state or federal regulations?

testedFullFailover

boolean

Has the organization tested a full failover of the most critical servers?

thirdPartySecurityAgreement

boolean

Do agreements with third-party service providers require levels of security commensurate with the organization’s information security standard?

useCloudStorage

boolean

required

Does the policyholder have sensitive information stored on the cloud?

useEncryption

boolean

required

Does the policyholder encrypt all emails, mobile and computing devices containing sensitive information (e.g., PII, PHI, PCI) sent to external parties?

400

Bad Request

401

Unauthorized

409

Conflict

Language

URL


xxxxxxxxxx
25
1
curl --request PUT \
2
     --url https://api.cowbellcyber.ai/api/account/v2/questions/p250 \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/json' \
5
     --data '
6
{
7
  "backupFrequency": "MONTHLY",
8
  "civilOrCriminalAction": true,
9
  "claimHistory": 0,
10
  "incidentResponsePlan": true,
11
  "isAuthenticatingFundTransferRequests": true,
12
  "isPreventingUnauthorizedWireTransfers": true,
13
  "isSecurityOfficer": true,
14
  "isSecurityTraining": true,
15
  "isVerifyingBankAccounts": true,
16
  "lossInBusinessIncome": true,
17
  "mfaAuthentication": true,
18
  "pastCyberIncident": true,
19
  "patchingFrequency": "MONTHLY",
20
  "pendingLitigation": true,
21
  "securityBreachRequiringNotification": true,
22
  "useCloudStorage": true,
23
  "useEncryption": true
24
}
25
'

Choose an example:

application/json

200Success