HomeMy WebLinkAboutR-2025-114 Purchase Cyber Liability Insurance from Node International Insurance RESOLUTION NO. R-2025-114
A RESOLUTION AUTHORIZING THE PURCHASE OF CYBER LIABILITY INSURANCE
FROM NODE INTERNATIONAL INSURANCE FOR THE ANNUAL PREMIUM IN AN
AMOUNT NOT TO EXCEED $9,651.00
WHEREAS, the City of Riverside has a need for cyber liability insurance as this is no
longer under the umbrella of our annual property and liability insurance carrier premium; and
WHEREAS, the City of Riverside in the adoption of its purchasing policy requires all
expenditures in excess of $10,000 to be presented to the Board of Aldermen for approval, and
the City's insurance carrier MIRMA recommended Node International, through Barker Phillips
Jackson, Inc., for cyber liability insurance and has presented an adequate policy in the amount
of $9,651.00 for the FY 2025-2026 for such coverage; and
WHEREAS, funds for such purpose is budgeted in the Fiscal Year 2024-2025 budget;
and
WHEREAS, the Board of Aldermen find it is in the best interest of the citizens of the City
of Riverside to authorize purchase of such insurance coverage and approve the payment to
Node International for cyber liability insurance coverage for the City of Riverside, in an amount
not to exceed $9,651.00.
NOW THEREFORE, BE IT RESOLVED BY THE BOARD OF ALDERMEN OF THE
CITY OF RIVERSIDE, MISSOURI, AS FOLLOWS:
THAT, the acquisition of such insurance coverages and payment to Node International
through Barker Phillips Jackson, Inc for cyber liability insurance coverage for the City of
Riverside, in an amount not to exceed $9,651.00 is hereby authorized and approved; and
FURTHER THAT the Mayor, City Administrator, or either of their designees, are hereby
authorized to execute all documents necessary or incidental to this transaction and the City
Clerk is authorized to attest thereto.
PASSED AND ADOPTED by the Board of Aldermen of the City of Riverside, Missouri,
the 1st day of July 2025.
Mayor Kathleen L. Rose
ATTEST:
Robin Kincaid, City Clerk
INVOICE
Barker Phillips Jackson, Inc
PO Box 4207 Customer City of Riverside
Springfield, MO 65808-4207 Acct# 25809
Date 06/19/2025
Customer Jerod Hicks
Service Brad Miller, CISR
Page 1 of 1
Payment Information
Invoice Summary $ 9,651.00
City of Riverside Payment Amount
2950 NW Vivion Rd. Payment for: Invoice#733356
Riverside, MO 64150 FLYRBCKFG42CGJ4
Thank You
Customer: City of Riverside
Invoice Effective Transaction Description Amount
Policy#FLYRBCKFG42CGJ4 07/01/2025-07/01/2026
Am WINS Brokerage
733356 07/01/2025 Renew policy
Cyber Liability-25-26 Cyber 9,001.00
Market Policy fee-25-26 Cyber 300.00
Broker fee-25-26 Cyber 350.00
Due Date: 7/1/2025
Robin Kincaid.
6-26-2025
1011200024100 Total
$ 9,651,00
Thank You
Barker Phillips Jackson, Inc (417) 887-3550 Date
PO Box 4207 06/19I2025
Springfield, MO 65808-4207 ins@bpj.com
node
# DigitalRisk INTERNATIONAL
Robin Kincaid rkincaid@riversidemo.gov
Applicant's Signature Applicant's Email Address
Robin Kincaid 816-741-3993
Applicant's Name Applicant's Phone Number
6-17-2025 July 1, 2025
Date Insurance Start Date
You can fill this form out online, use the link below:
https://node.insure/NODE2553612/49WYN3XW74R5
Risk Manager
Please list below the relevant parties who would like to receive security updates, information and
communication's regarding your digital wellbeing.
Jason Ketter IT Manager jketter@riversidemo.gov 816-451-8251
Name Position/Title Email Phone
Eddie Seasholtz IT Manager Asst eddie@enetkc.com 913-207-1130
Name Position/Title Email Phone
Name Position/Title Email Phone
FRAUD WARNING
General Fraud Warning: Any person who knowingly presents a false or fraudulent claim for payment of a loss or benefit
or knowingly presents false information in an application for insurance is guilty of a crime and may be subject to fines and
confinement in prison.(Not applicable in AL,AK,AZ,AR,CA,CO,DE, DC,FL,ID,IN, HI,KS,KY, LA, ME, MD, MN,NH, NJ,NM,
NY,OH,OK,OR, PA,PR,TN,VA,WA)
POLICYHOLDER DISCLOSURE
NOTICE OF TERRORISM INSURANCE COVERAGE
Coverage for acts of terrorism is included in your policy. You are hereby notified that under the Terrorism
Risk Insurance Act, as amended in 2015, the definition of act of terrorism has changed. As defined in
Section 102(1) of the Act:The term " act of terrorism" means any act or acts that are certified by the
Secretary of the Treasury—in consultation with the Secretary of Homeland Security, and the Attorney
General of the United States—to be an act of terrorism;to be a violent act or an act that is dangerous to
human life, property, or infrastructure;to have resulted in damage within the United States, or outside
the United States in the case of certain air carriers or vessels or the premises of a United States mission;
and to have been committed by an individual or individuals as part of an effort to coerce the civilian
population of the United States or to influence the policy or affect the conduct of the United States
Government by coercion. Under your coverage, any losses resulting from certified acts of terrorism may
be partially reimbursed by the United States Government under a formula established by the Terrorism
Risk Insurance Act, as amended. However, your policy may contain other exclusions which might affect
your coverage, such as an exclusion for nuclear events. Under the formula,the United States Government
Node #DigitalRisk Admitted US Attestation v1.0 2021 2 of 7
#DigitalRisk node
INTERNATIONAL
Quote Attestation - NODE2553612
Insuring Factors and Assumptions
Quote Reference NODE2553612
Named Insured City of Riverside, Missouri
Address 2950 NW Vivion Rd, Riverside, Montana, USA, 64150
Industry Other General Government Support
Number of Employees 100
Company Type Private
Date Established 1951-01-01
Number of claims Zero value in the last 3 years
Policy Period 01 July 2025 - 01 July 2026
Yourself and employees:
• Encrypt all emails containing sensitive information sent to external parties.
• Encrypt all sensitive information stored on mobile devices
• Have an individual officially designated for overseeing information security
• Verify vendor/supplier bank accounts before adding to your accounts payable systems
• Authenticate funds transfer requests
• Prevent unauthorized employees from initiating wire transfers.
• Undertake mandatory information security training at least annually and information security
personnel are provided with additional training to help them understand current security threats.
• Perform at least annual backups of company data
• Have in place at least one of the following, Business Continuity Plan, Disaster Recovery Plan,
Incident Response Plan
I affirm that I have read, and Node International has advised me to carefully read,the terms, conditions, limitations,
exclusions and any applicable endorsements of the commercial cyber insurance policy that I am applying for,which
have been made available to me.I affirm that the information that I have provided throughout the application for
this insurance is,to the best of my knowledge,true, accurate, and complete.I understand that any non-disclosure,
misrepresentation or non-payment of premium may result in cancellation of or non-renewal of this policy.
I have read, understood and agreed to the fraud warning, terrorism notice and no know loss statement.I
agree all policy documents will be distributed electronically.
Required Option/Coverage
Please refer to your quote for full coverage details.
OPTION POLICY LIMIT PREMIUM NODE DETECT TOTAL SELECTED
FEES
Option 1 USD$1,000,000 USD$9,101.00 USD $200 USD $9,301.00 0
Node#DigitalRisk Admitted US Attestation v1.0 2021 1 of 7
node
#DigitalRisk
INTERNATIONAL
generally reimburses 85%through 2015;84% beginning on January 1, 2016; 83% beginning on January
1, 2017; 82% beginning on January 1, 2018; 81% beginning on January 1, 2019 and 80% beginning on
January 1, 2020, of covered terrorism losses exceeding the statutorily established deductible paid by the
insurance company providing the coverage. The Terrorism Risk Insurance Act, as amended, contains a
$100 billion cap that limits U.S. Government reimbursement as well as insurers' liability for losses
resulting from certified acts of terrorism when the amount of such losses exceeds $100 billion in any one
calendar year.If the aggregate insured losses for all insurers exceed $100 billion,your coverage may be
reduced.
The portion of your annual premium that is attributable to coverage for acts of terrorism is_$0 , and
does not include any charges for the portion of losses covered by the United States government under
the Act.
I ACKNOWLEDGE THAT I HAVE BEEN NOTIFIED THAT UNDER THE TERRORISM RISK INSURANCE ACT, AS
AMENDED,ANY LOSSES RESULTING FROM CERTIFIED ACTS OF TERRORISM UNDER MY POLICY
COVERAGE MAY BE PARTIALLY REIMBURSED BY THE UNITED STATES GOVERNMENT AND MAY BE
SUBJECT TO A $100 BILLION CAP THAT MAY REDUCE MY COVERAGE, AND I HAVE BEEN NOTIFIED OF
THE PORTION OF MY PREMIUM ATTRIBUTABLE TO SUCH COVERAGE.
STATEMENT OF NO KNOWN LOSS
To: Node International TA RB Jones
Policyholder Name: City of Riverside, Missouri
Quote Number: NODE2553612
RE: Statement of No Known Loss
I represent that between time of quote and time of bind I am not currently aware of any accidents, facts
or circumstances occurring during that time that may result in future claims covered under Node
International TA RB Jones.
If I do become aware I must inform Node International immediately.
Node#DigitalRisk Admitted US Attestation v1.0 2021 3 of 7
# Digital:
node
INTERNATIONAL
NODE PREVENT PARTNERS
At Node International, we have formed a strategic alliance with a team of top-tier cyber experts to fortify
your digital presence and ensure comprehensive risk mitigation while you remain under our protection.
Our Node Prevent Cyber Partners bring an abundance of industry experience in privacy and data security,
conducting thorough risk assessments, implementing effective cyber risk mitigation strategies, and
safeguarding against data breaches.Your online safety is our utmost priority,and with our expert partners
by your side, you can rest assured that your cyber defenses are in the best possible hands.
Upon activation of your Cyber insurance policy, a host of exclusive services will become available to you.
Including: Legal Consultation; Incident Response and Ransomware Negotiation Vendors; Security and
Forensics Vendors; Notifications and Credit Monitoring Vendors. Experience the following exceptional
benefits included in your Cyber insurance policy:
Consultation Premier Security
Complimentary consultation with a Complimentary Perimeter Security
cyber expert to review your current review and vulnerability baseline
cyber risk landscape risk assessment
Newsletter Endpoint Detection
Monthly cyber security newsletter Free EDR(Endpoint Detection&
to your risk manager,detailing response) service*
current threat trends
-Claim Assistance Training
Free 24/7 Pre-Claim assistance Complimentary Security Awareness
to contain your attack,breach or Training*
ransomware
Node#DigitalRisk Admitted US Attestation v1.0 2021 *Please schedule a call with the BTA team to Iearn more 4 of 7
#DigitalRisk node
INTERNATIONAL
BLUE TEAM ALPHA
PARTNERSHIP BLUE TEAM
ALPHA
Node International has formed a partnership with Blue Team Alpha (BTA) to enhance the
benefits available for our cyber insurance policyholders. This collaboration empowers Node
International's policyholders to tap into Blue Team Alpha's extensive expertise in cybersecurity
tailored for small and mid-sized organizations. By seamlessly integrating with Blue Team Alpha's
cybersecurity services, Node International elevates its insurance coverage to a new level.
Blue Team Alpha, drawing on expertise from the Department of Defense, FBI, NSA, and other federal
agencies, extends its cybersecurity services and solutions to fortify the protection of small to midsize
businesses. With the goal of minimizing the likelihood of insurance claims, Blue Team Alpha assists
businesses at any stage of their cybersecurity journey, providing valuable insights to enhance their
security posture.
How Blue Team Alpha interacts with each Node International cyber insurance policy holder:
1. Welcome Email
Node International will provide a welcome email with your cyber insurance policy, upon
activation of your cyber insurance.At this time, ahost of exclusive services will become available
to you from Node International and BTA.
2. BTA Complimentary Consultation
Each policy holder should arrange a complimentary cyber security consultation with BTA to
review your current cyber risk posture. Sign up for a meeting by sending an email to:
node@blueteamalpha.com
3. Request Threat Profile
BTA, upon request from the policy holder, provides a complimentary Threat Profile highlighting
network risks, compromised passwords from the Dark Web and other vulnerabilities. The Threat
Profile is compiled by cybersecurity experts using a variety of open source databases and is
intended to give the policy holder insight as to how a hacker would gather reconnaissance to
identify vulnerabilities that can be used to launch a cyber attack.
4. Monthly Newsletter
You will receive a monthly BTA newsletter to educate you on the current cyber landscape and
how to mitigate risk as a small business. BTA can also be contacted directly to support your
ongoing monthly Node Detect scans (see page 7).
node# DigitalRisk
INTERNATIONAL
Leverage the expertise of our Node Prevent Partners as your dedicated privacy and security team.
Seamlessly integrate them with your in-house security or outsource entirely. Reach out to our Node
Prevent Partners for expert assistance and guidance in the following situations:
• Establishing comprehensive security awareness training programs.
• Implementing robust encryption solutions.
• Developing a strong incident response plan for enhanced preparedness.
• Considering risk assessment services and budgeting for top-notch EDR or MDR solutions.
Incident Respons.
Carbon Black. DIGITALGUARDIAN halcyon
vmw corelight CROWDSTRIKE
Apptega Microsoft Defender
Vulnerability DarkWeb Monitoring
Nessus DARKWEB ID
Security Awareness Training
KnowBe4 Wizer
Cloud
aws
Azure
Node #DigitalRisk Admitted US Attestation v1.0 2021 6 of 7
#DigitalRisk node
INTERNATIONAL
NODE DETECT
In addition to our Node Prevent Partners you will also gain exclusive access to our cyber security
report via Node Detect for a hassle free domain security solution. Non-intrusive security tests
and scans offer invaluable insights, analysis, and recommendations to fortify your domain with
the convenience of monthly reports sent directly to your inbox.
1. Hassle-Free Activation
Once you take out an insurance policy with us, Node Detect will automatically initiate the necessary scans without
any additional effort on your part. No complicated setup or configurations are required.Just sit back and relax as
Node Detect gets to work.
2. Monthly Domain Security Reports
Node Detect constantly monitors your domain security, capturing monthly snapshots to keep track of any
changes of potential vulnerabilities. Stay ahead of potential threats and keep your digital assets safe with your
comprehensive report delivered directly to your company.
3. Instant Chat
With Node Detect, you have direct access to our team of Node Detect Cyber Report (image)
security professionals through an instant chat feature.
Should you have any concerns or questions about the report
or any potential issues identified,you can reach out to them
4. Collaboration with Node Prevent Partners
Node Detect seamlessly links with our Node Prevent
partners, enhancing our capability to address and resolve
any identified security issues. This collaborative approach
ensures that any potential threats are tackled effectively,
further bolstering your company's security measures.
Our Node Prevent Partners, along with exclusive Node
Detect reports, offer unparalleled guidance, support,
and strategic recommendations to strengthen and
optimize your cyber defenses effectively.
nodeTM
NODE INTERNATIONAL CYBER
Cyberinsurance Attestation -
N0DE2553612
Thank you for considering Node International to provide your cyber
insurance.
Before you can purchase coverage, we need you to confirm you have read and
understood our terms and conditions and completed the form with your details
and signature.
COMPANY DETAILS
Business Name:
City of Riverside, Missouri
Business Address:
2950 NW Vivion Rd Riverside MT 64150
Industry:
Other General Government Support
Number Of Employees:
100
Date Established:
1951-01-01
Company Type:
Private
Number of claims:
Zero value in the last 3 years
Policy Inception (Start date):
01 July 2025
DECLARATIONS
Yourself and employees:
/ Encrypt all emails containing sensitive information sent to external parties.
✓ Encrypt all sensitive information stored on mobile devices
✓ Have an individual officially designated for overseeing information security
✓ Verify vendor/supplier bank accounts before adding to your accounts payable
systems
V Authenticate funds transfer requests
✓ Prevent unauthorized employees from initiating wire transfers.
✓ Undertake mandatory information security training at least annually and
information security personnel are provided with additional training to help them
understand current security threats.
✓ Perform at least annual backups of company data
✓ Have in place at least one of the following, Business Continuity Plan, Disaster
Recovery Plan, Incident Response Plan
non-renewal of this policy.
I understand and agree that my application for this Commercial Cyber Policy
will be submitted electronically and the policy documents related to this
insurance, including any notices and updates thereto (collectively, the "Policy
Documents"), will be made available to me electronically. Node International is
authorized to send, and I agree to accept delivery of, all Policy Documents
electronically; accordingly, I understand that I will not be receiving copies of
tha Pnliry flnri imantc by ctanrlarrl mail i inlacc rani iirari by tha rlanartmant of
COMPLETED
Thank you for completing the attestation. Please notify your broker you wish to
go ahead with your cyber insurance policy with Node International.
Signed By:
Robin Kincaid authorized by City of Riverside, Missouri
#DigitalRisk node
INTERNATIONAL
APPLICATION FOR A
COMMERCIAL CYBER INSURANCE POLICY
1 Your details
Name Of Organization (Applicant): City of Riverside
Mailing Address: 2950 NW Vivion Road, Riverside Mo 64150
Type of Ownership Structure: □ Private □ Public □X Government
□ Investment Fund □ Not for Profit
Description of Business&NAICS code City government administration offices, police & fire
Date Established: June 21, 1951 Number of Employees: 100 Annual Revenue($): 35,768,000
Website Address(es): www.riversidemo.gov
Policy Period Requested:
From: 7-1-2025 To:6-30-2026
2 I Risk Manager Contact Details
Please list below the relevent parties whom would like to receive security updates, information and
communications regarding your digital wellbeing.
Name: Jason Ketter- IT Manager
Email: jketter@riversidemo.gov
Name: Eddie Seasholtz- IT Assistant
Email: eddie@enetkc.com
Name: Brian Koral - City Administrator
Email: bkoral@riversidemo.gov
If you require more users on file please attach them to an email and send them to: it@nodedetect.com
Public Facing URLs: files.riversidemo.gov, rspd.riversidemo.gov
If.riversidemo.gov
publiclf.riversidemo.gov
Commerical cyber insurance policy application V1.0 2 of 4
#DigitalRisk node
INTERNATIONAL
3 Underwriting Questions
If you find that you do not have sufficient space below to thoroughly answer a question,please continue your responses on a
separate sheet of paper and attach to this Application.
1. Encryption YES NO
a. Does Your organization encrypt all emails containing sensitive information(including, but
not limited to, Personally Identifiable Information(PII), Personal Health Information(PHI), ✓❑ ❑
Payment Card Information (PCI))sent to external parties?
b.Does Your organization encrypt all sensitive information (including, but not limited to, PII,
PHI, PCI) stored on computing and/or mobile devices(including, but not limited to, phones, ✓❑ ❑
tablets, laptops,wearable computers,flash drives)?
2.Information Security Leadership
a. Does Your organization have an individual officially designated for overseeing information ✓❑ ❑
security?
3. Employee Management
a. Does Your organization provide mandatory information security training to all employees at ✓❑ ❑
least annually?
b.If yes,are Your information security personnel provided with additional training to help them ✓❑ ❑
understand current security threats?
4 Past Activites
1. Please attach Your organization's Loss History for the past five(5)years, if applicable.
2. Has your organization ever been a party to any of the following
YES NO
a.Civil or criminal action or administrative proceeding alleging violation of any federal, state, ❑ ❑✓
local or common law?
b.Is there currently any pending litigation,administrative proceeding or claim against the ❑ ❑✓
named applicant,organization and/or any of the prospective insured?
3. During the last three (3)years, has Your organization suffered a security breach requiring customer or
third-party notification according to state or federal regulations?
Commerical cyber insurance policy application V1.0 3 of 4
# DigitalRisk node
INTERNATIONAL
5 Optional Endorsement
YES NO
1. Do You want to add Additional Insured? ❑ ✓
If you answered Yes, please fill out the following for the Additional Insured:
i. Name of Organization: City of Riverside
ii. Mailing Address: 2950 NW Vivion Road, Riverside, MO 64150
iii. Description of Business&NIACS code:
6 Cyber Crime Questions
YES NO
la. Do You or Your employees verify vendor/supplier bank accounts before adding to your accounts ✓ ❑
payable systems?
b. Do You or Your employees authenticate funds transfer requests(e.g.by calling a customer to verify the ✓ ❑
request at a predetermined phone number)?
c. Do You or Your employees prevent unauthorized employees from initiating wire transfers? ✓ ❑
7 Important Notice
THIS INSURANCE POLICY PROVIDES COVERAGE ON A CLAIMS-MADE AND REPORTED BASIS AND APPLIES ONLY TO
CLAIMS FIRST MADE AND REPORTED TO THE INSURER DURING THE POLICY PERIOD OR ANY APPLICABLE EXTENDED
PERIOD.
DEFENSE EXPENSES, WHERE APPLICABLE, ARE INCLUDED IN THE LIMITS OF INSURANCE,AND PAYMENT THEREOF
WILL ERODE, AND MAY EXHAUST THE LIMITS OF INSURANCE.
IF ISSUED, PLEASE READ YOUR POLICY CAREFULLY.
The words"You"and "Your" in this Application refers to the Applicant's organization and any entity for whom this
insurance is intended.
Note:It is recommended that the person completing this Application consult with the person(s)within the company
who is responsible for information/technology.
Signed: Full Name:
Robin Kincaid Robin Kincaid
Position Held: City Clerk Date: June 5, 2025
Email address: rkincaid@riversidemo.gov Phone 816-372-9008
number:
Commerical cyber insurance policy application V1.0 4 of 4
#Digital node
INTERNATIONAL
Node International provides a unique package
of comprehensive coverage, leading cyber,
security prevention measures and expert
monitoring of your systems 24/7.
DETECTION
PREVENTION
INSURANCE
Node International - One Minster Court, Mincing Lane, London EC3R 7AA
Email: info@nodeinternational.com Telephone: (+44) 207 337 3524
Node International Ltd Authorised and Regulated by the Financial Conduct Authority //.
2020 Node International Ltd.All Rights Reserved.
node
INTERNATIONAL
COMMERCIAL CYBER INSURANCE POLICY
THIS POLICY IS A CONTRACT OF INSURANCE BETWEEN YOU AND US. YOUR POLICY CONTAINS ALL THE
DETAILS OF THE COVER THAT WE PROVIDE. THIS POLICY CONSISTS OF AND MUST BE READ TOGETHER
WITH THE DECLARATIONS PAGE AND ANY ENDORSEMENTS.
THE INSURANCE PROVIDED UNDER THIS POLICY FOR CLAIMS MADE AGAINST YOU IS ON A CLAIMS MADE
AND REPORTED BASIS, AND APPLIES TO CLAIMS ONLY IF THEY ARE FIRST DISCOVERED BY YOU DURING
THE POLICY PERIOD AND REPORTED TO US DURING THE POLICY PERIOD OR ANY APPLICABLE EXTENDED
REPORTING PERIOD.
THE SECURITY BREACH LIABILITY INSURING AGREEMENT CONTAINED IN THIS POLICY PROVIDES
COVERAGE FOR DEFENSE EXPENSES WHICH ARE PAYABLE WITHIN, AND NOT IN ADDITION TO, THE LIMIT
OF INSURANCE. PAYMENT OF DEFENSE EXPENSES UNDER THIS POLICY WILL REDUCE THE LIMIT OF
INSURANCE.
PLEASE READ THE ENTIRE POLICY CAREFULLY.
Various provisions in this Policy restrict coverage. Read the entire Policy carefully to determine rights, duties and
what is and is not covered.
Throughout this Policy, the words "You" and "Your" refer to the "Named Insured" shown in the Declarations. The
words"We,""Us,"and "Our" refer to the company providing this insurance.
All terms that appear in bold print are defined terms and have special meaning as set forth in Section I— Insuring
Agreements and Section VII—Definitions.
SECTION I—INSURING AGREEMENTS
Coverage is provided under the following Insuring Agreement up to the Limits of Insurance shown in the
Declarations.
Any Cyber Incident, Extortion Threat, Security Breach, or Claim that arises out of the same facts or
circumstances and results in Loss under one or more of the following Insuring Agreements will be deemed to be
related and, as such, will be deemed as have been Discovered during the earliest policy period that any such
related Cyber Incident, Extortion Threat, Security Breach, or Claim was Discovered.
1. Security Breach Expense
We will pay for Loss resulting directly from a Security Breach or Cyber Incident Discovered during the
Policy Period or any Extended Reporting Period, if applicable.
With respect to this Insuring Agreement 1, Loss means:
a. Forensics Expenses—Including Breach Counsel Expenses
The costs incurred with Our approval to establish whether a Security Breach or Cyber Incident
has occurred or is occurring.
If a Security Breach has occurred, the following costs are also included:
costs to investigate the cause, scope and extent of a Security Breach and to identify any
affected parties; and
SPCW990223 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 20
node
INTERNATIONAL
ii. costs to determine any action necessary to remediate the conditions that led to or resulted
from a Security Breach including, but not limited to, fees paid for legal and other
professional advice on how to respond to the Security Breach.
b. Notification Expenses—Including Breach Counsel Expenses
Costs to notify all parties affected by a Security Breach including, but not limited to, notice to be
transmitted through media:
i. as required by Privacy Regulations; or
ii. subject to Our prior approval, as appropriate on a voluntary basis.
c. Overtime Salaries
Reasonable overtime salaries paid to Employees assigned to handle inquiries from the parties
affected by a Security Breach.
d. Call Center Expenses
Fees and costs of a company hired by You with Our prior approval for the purpose of operating a
call center to handle inquiries from the parties affected by a Security Breach.
e. Post-event Monitoring Expenses
Costs to provide credit and identity monitoring services to the affected parties of a Security Breach
for up to one year, or longer if required by applicable law, from the date of notification to those
affected parties of such Security Breach.
f. Public Relations Expense
Fees and costs of a public relations firm and any other reasonable expenses incurred by You with
Our prior written consent to protect or restore Your reputation solely in response to "negative
publicity".
As used in this provision "negative publicity" means information which has been made public that
has caused, or is reasonably likely to cause, a decline or deterioration in the reputation of the
Named Insured or of one or more of its products or services.
g. Other Expenses
Any other reasonable expenses incurred by You in connection with a Security Breach or Cyber
Incident with Our prior written consent.
With respect to this Insuring Agreement 1, Loss does not include any costs or expenses associated with
upgrading or improving a Computer System as a result of a Security Breach.
2. Extortion Threats
We will pay for Loss resulting directly from an Extortion Threat that is Discovered during the Policy Period
or any extended reporting period, if applicable.
With respect to this Insuring Agreement 2, Loss means:
a. Fees and costs of:
i. a security firm; or
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 20
node
INTERNATIONAL
ii. a person or organization;
hired with Our consent to determine the validity and severity of an Extortion Threat made against
You.
b. Interest costs paid by You for any loan from a financial institution taken by You to pay a ransom
demand.
c. Reward payments paid by You to an "informant"which lead to the arrest and conviction of parties
responsible for Loss.
As used in this provision, "informant" means a person, other than an Employee, providing
information not otherwise obtainable, solely in return for a reward offered by You.
d. Any other reasonable expenses incurred by You with Our written consent, including, but not limited
to:
I. fees and costs of independent negotiators; and
ii. fees and costs of a company hired by You, upon the recommendation of the security firm,
to determine how to protect Your Electronic Data from further threats.
e. Monetary value of any Ransom Payment made by and a third party for Random Demands.
3. Replacement or Restoration of Electronic Data
We will pay for Loss of Your Electronic Data on "computer programs" stored within a Computer System
resulting directly from a Cyber Incident that is discovered during the Policy Period or any extended
reporting period, if applicable.
With respect to this Insuring Agreement, 3. Loss remains the costs to replace or restore Your Electronic
Data or"computer programs" as well as the cost of data entry, reprogramming and computer consultation
services.
With respect to this Insuring Agreement 3. Loss does not include the cost to duplicate research that led to
the development of Your Electronic Data or "computer programs". To the extent that any of Your
Electronic Data cannot be replaced or restored, We will pay the cost to replace the media on which such
Electronic Data was stored with blank media of substantially identical type.
As used in this Insuring Agreement 3, "computer programs" means a set of related electronic instructions,
which direct the operation and function of a computer or devices connected to it, which enables the
computer or devices to receive, process, store or send Your Electronic Data.
4. Business Income, Contingent Business Income and Extra Expense
We will pay for Loss due to an Interruption resulting directly from a Cyber Incident or an Extortion Threat
that is Discovered during the Policy Period or during any extended reporting period, if applicable.
With respect to this Insuring Agreement 4, Loss means the actual Loss of: (1) "business and contingent
business income"You sustain; and/or(2)"extra expense"You incur.
As used in this Insuring Agreement 4:
a. "Business and contingent business income"means the:
net income (net profit or loss before income taxes) that would have been earned or
incurred; and
SPCW990223 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 3 of 20
node
INTERNATIONAL
ii. continuing normal operating expenses incurred, including payroll.
"Business and contingent business" income does not include:
(1) Net Profit that may or would likely have been earned as a result of an increase in volume due
to favorable business conditions caused by the impact of network security failures impacting other
businesses, loss of market, or any other consequential loss
b. "Extra expense" means necessary and reasonable expenses You incur:
i. during an Interruption that You would not have incurred if there had been no interruption;
or
ii. to avoid or minimize the suspension of Your E-Commerce Activities.
"Extra expense"does not include:
(1) any costs or expenses associated with upgrading, maintaining, repairing, remediating or
improving a Computer System as a result of a Cyber Incident or Extortion Threat; or
(2) Extortion Expenses covered under Insuring Agreement -Extortion Threats.
5. Security Breach Liability Including Payment Card Industry (PCI) Fines and Penalties
We will pay for:
a. Loss that the Insured becomes legally obligated to pay and Defense Expenses as a result of a
Claim that is Discovered during the Policy Perod or any Extended Reporting Period, if
applicable, for a Wrongful Act or a series of interrelated Wrongful Acts taking place on or after
Your first date of continuous coverage with Us and before the end of the Policy Period.
b. Loss and Defense Expenses as a result of a Claim in the form of a Regulatory Proceeding that
is Discovered during the Policy Period any extended reporting period, if applicable, in response
to a Wrongful Act or a series of interrelated Wrongful Acts taking place on or after Your first
date of continuous coverage with Us and before the end of the Policy Period.
c. Loss and Defense Expenses as a result of a Claim in the form of an action by a Card Company
for non-compliance with the Payment Card Industry (PCI) Data Security Standards that is
Discovered during the Policy Period or any extended reporting period, if applicable, in response
to a Wrongful Act or a series of Interrelated Wrongful Acts taking place on or after Your first
date of continuous coverage with Us and before the end of the Policy Period.
With respect to this Insuring Agreement 5:
Loss means:
(1) compensatory damages, settlement amounts and costs awarded pursuant to
judgments or settlements;
(2) punitive and exemplary damages to the extent such damages are insurable by law;
(3) fines or penalties assessed against the Insured to the extent such fines or
penalties are insurable by law; or
(4) the monetary amount owed by You under the terms of a PCI merchant services
agreement with a Card Company as a direct result of a Security Breach.
Loss does not include:
(a) civil or criminal fines or penalties imposed by law, except civil fines or penalties as
provided under Paragraph i.(3)above;
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 4 of 20
node
INTERNATIONAL
(b) the multiplied portion of multiplied damages;
(c) taxes;
(d) royalties;
(e) the amount of any disgorged profits;
(f) matters that are uninsurable pursuant to law;
(g) any fees resulting from the recall, re-performance or correction of services,
content, goods or activities;
(h) the costs to comply with injunctive or other non-monetary relief; or
(i) liquidated damages pursuant to a contract,to the extent such amount exceeds the
amount for which You would have been liable in the absence of such contract,
except for amounts under Paragraph i.(4)above.
ii. Defense Expenses means the reasonable and necessary fees (attorneys' and experts'
fees) and expenses incurred in the defense or appeal of a Claim, including the cost of
appeal, attachment or similar bonds (without any obligation on Our part to obtain such
bonds)but excluding wages, salaries, benefits or expenses of Your Employees.
iii. Wrongful Act means any actual or alleged:
(1) Security Breach;
(2) failure to prevent unauthorized access to, or use.of, electronic or non-electronic
data containing Personal Information;
(3) failure to prevent the transmission of a Virus through a Computer System into a
computer network, any appplication software, or a computer operating system or
related network that is not rented, owned, leased by, by,licensed to or under the direct
operational control of the insured; or
(4) failure to provide notification of any actual or potential Security Breach if such
notification is required by any secuirty breach notification law;
by, or asserted against an Insured.
iv. Interrelated Wrongful Acts means all Wrongful Acts that have as a common nexus any
i) fact, circumstance, situation, event, transaction or cause; or ii) series of causally
connected facts, circumstances, situations, events, transactions or causes.
v. Regulatory Proceeding means an investigation, demand or proceeding brought by, or on
behalf of, the Federal Trade Commission, Federal Communications Commission, the
Department of Health and Human Services or other administrative or regulatory agency,
or any federal, state, local or foreign governmental entity in such entity's regulatory or
official capacity, including, but not limited to any investigation, demand, or proceeding,
brought by an administrative or regulatory agency whether involving the California
Consumer Privacy Act(CCPA),the General Data Protection Regulation(GDPR),or similar
privacy regulations.
SECTION II— LIMITS OF INSURANCE
1. Policy Aggregate Limit of Insurance
The most We will pay for all covered Loss and Defense Expenses is the Policy Aggregate Limit of
Insurance shown in the Declarations. The Policy Aggregate Limit of Insurance shall be reduced by any
payment, including Defense Expenses,made under the terms of this Policy. Upon exhaustion of the Policy
Aggregate Limit of Insurance by such payments, We will have no further obligations or liability of any kind
under this Policy.
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 5 of 20
node
INTERNATIONAL
2. Aggregate Sublimit(s)of Insurance
The Aggregate Sublimit(s)of Insurance set forth in the Declarations are part of, and not in addition to, the
Policy Aggregate Limit of Insurance.Any such Aggregate Sublimit(s)of Insurance shall be reduced by any
payment for Loss and, if applicable, Defense Expenses, under the Insuring Agreement to which such
Aggregate Sublimit of Insurance applies. Upon exhaustion of any Aggregate Sublimit of Insurance by such
payments, We will have no further obligations or liability of any kind with respect to Loss or Defense
Expenses, subject to such Sublimit of Insurance.
SECTION III—DEDUCTIBLE
Subject to Section II—Limits of Insurance:
1. Under Insuring Agreements 1 —Security Breach Expense, 2— Extortion Threats and 3—Replacement or
Restoration of Electronic Data, We will pay only the amount of Loss which is in excess of the Policy
Deductible amount shown in the Declarations.
2. Under Insuring Agreement 4—Business Income, Contingent Business Income and Extra Expense:
We will pay only the amount of Loss which exceeds the greater of the following deductible amounts:
a. The Policy Deductible Amount shown in the Declarations, or
b. The amount of Loss incurred during the Time Deductible shown in the Declarations.
3. Under Insuring Agreement 5—Security Breach Liability including Payment Card Industry (PCI) Fines and
Penalties:
We will pay only the amount of Loss and Defense Expenses, which is in excess of the Policy Deductible
Amount shown in the Declarations, resulting from the same Wrongful Act or Interrelated Wrongful Acts.
Such Policy Deductible Amount will b be borne by You, self-insured, and at Your own risk.
4. The Policy Deductible applies separately to each Cyber Incident, Extortion Threat, Security Breach,
Wrongful Act, Interrelated Wrongful Acts, or Claim. In the event a Loss is covered under more than one
Insuring Agreement, only the single highest deductible amount applicable to the Loss shall be applied.
SECTION IV—DEFENSE AND SETTLEMENT
The provisions contained within this section on apply only to Insuring Agreement 5—Security Breach Liability Including
Payment Card Industry(PCI) Fines and Penalties:
We shall have the right and duty to select counsel and defend the Insured against any Claim covered under
Paragraph 5.a of Insuring Agreement 5— Security Breach Liability Including Payment Card Industry (PCI) Fines
and Penalties, even if the allegations of such Claim are groundless, false or fraudulent. However, We shall have
the right but not the duty to defend the Insured against a Claim covered under Paragraph 5.b of Insuring Agreement
5-Security Breach Liability Including Payment Card Industry(PCI)Fines and Penalties and We shall have no duty
to defend the Insured against any Claim which is not covered under such Insuring Agreement.
We may, upon the written consent of the Insured, make any settlement of a Claim which We deem reasonable. If
the Insured withholds consent to such settlement, Our liability for all Loss resulting from such Claim will not exceed
the amount for which We could have settled such Claim, plus Defense Expenses incurred, as of the date We
proposed such settlement in writing to the Insured. Upon refusing to consent to a settlement We deem reasonable,
the Insured shall, at its sole expense, assume all further responsibility for its defense, including all additional
Defense Expenses, costs associated with the investigation, defense and/or settlement of such Claim.
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 6 of 20
node
INTERNATIONAL
SECTION V— EXCLUSIONS
We will not be liable for Loss or Defense Expenses directly or indirectly based upon, attributable to or arising out
of:
1. Lightning, earthquake, hail, volcanic action, wind, smoke, explosion, tidal wave or flood, landslide,
electromagnetic pulse, or other electromagnetic disturbances and/or any Space Weather as classified by
NOAA, tornado, or any other act of God or nature.
2. Any of the following:
a. War, including undeclared or civil war or civil unrest;
b. Warlike action by military force, including action hindering or defending against an actual or
expected attack, by any government, sovereign or other authority using military personnel or other
agents;
c. Insurrection, rebellion, revolution, usurped power or action taken by government authority in
hindering or defending against any of these;
d. Any Cyber Incident, Security Breach,or other Wrongful Act by or on behalf of any government,
sovereign, state, or other authority sponsored actor or group that results in, or is carried out in the
course of, any of the events in part a, b, or c above.
3. The dispersal or application of pathogenic or poisonous biological or chemical materials, nuclear reaction,
nuclear radiation or radioactive contamination, or any related act or incident, however caused.
4. Bodily Injury or physical damage to or destruction of tangible property, including loss of use thereof.
Bodily Injury means bodily injury, sickness or disease sustained by a person, including death resulting
from any of these at any time. It also means mentalinjury, mental anguish, mental tension, emotional
distress, pain or suffering or shock sustained by any person.
However, Bodily Injury does not mean mental anguish or emotional distress resulting directly from a
Security Breach or Cyber Inch.
5. Any disruption in normal computer function or network service or function due to insufficient capacity to
process transactions or due to an overload of activity on a Computer System or network. However, this
exclusion shall not apply if such disruption is caused by a Cyber Incident or Security Breach.
6. Any disruption of i) internet service, or ii)a ny external telecommunication network, regardless of the cause;
or iii)failure or termination of any core element of internet, telecommunications, or GPS infrastructure that
results in a regional, countrywide,or global outage of such infrastructure; or iv)failure of power supply and
other utilities unless the provision of power and other utility services is under the Named Insured's direct
control.
However, parts i) and ii) of this exclusion shall not apply if such disruption is caused by a denial of service
attack under Paragraph b. of Definition 5. Cyber Incident.
7. Any failure of, reduction in or surge of power, regardless of the cause.
8. Any actual or alleged violation of the Racketeer Influenced and Corrupt Organizations Act (RICO) and its
amendments, or similar provisions of any federal, state or local statutory or common law.
9. Any malfunction or failure of any satellite.
10. Any actual or alleged oral or written publication of material, if done by an Insured or at an Insured's
direction with knowledge of its falsity.
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 7 of 20
node
INTERNATIONAL
11. An Insured's assumption of liability by contract or agreement, whether oral or written. However, this
exclusion shall not apply to any liability that an Insured would have incurred in the absence of such contract
or agreement.
12. Any actual or alleged patent or trade secret violation, including any actual or alleged violation of the Patent
Act,the Economic Espionage Act of 1996 or the Uniform Trade Secrets Act and their amendments.
13. Any of the following:
a. The actual, alleged or threatened discharge, dispersal, seepage, migration, release or escape of
Pollutants at any time;
b. Any request, demand, order or statutory or regulatory requirement that any Insured or others test
for, monitor, clean up, remove, contain, treat, detoxify or neutralize, or in any way respond to, or
assess the effects of, Pollutants; or
c. Any Claim or Suit brought by, or on behalf of, any governmental authority for damages because
of testing for, monitoring,cleaning up, removing, containing,treating, detoxifying or neutralizing, or
in any way responding to, or assessing the effects of, Pollutants.
14. Any Claim, Suit or other proceeding against an Insured which was pending or existed prior to the Policy
Period or arising out of the same or substantially the same acts, facts, circumstances or allegations which
are the subject of, or the basis for, such Claim, Suit or other proceeding.
15. Any actions or activities related to an Insured's practices as an employer including, but not limited to,
refusal to employ, termination of employment, coercion, demotion, evaluation, reassignment, discipline,
defamation, harassment, humiliation, discrimination or prosecution. This exclusion applies:
a. Whether the injury-causing event described above occurs before employment,during employment
or after employment of that person;
b. Whether the Insured may be liable as an employer or in any other capacity; and
c. To any obligation to share damages with or repay someone else who must pay damages because
of the injury.
However, this exclusion will not apply to any Claim resulting directly from a Privacy Breach related to the
Personal information of an Employee.
16. Any Cyber Incident, Extortion Threat, Security Breach, Wrongful Act, or Interrelated Wrongful Acts
that any Insured became aware prior to the effective date of the Policy.
17. The same facts, Cyber Incident, Extortion Threat, Security Breach, Wrongful Act, or Interrelated
Wrongful Acts alleged or contained in any Claim which has been reported, or in any circumstances of
which notice has been given, under any insurance policy of which this Policy is a renewal or replacement.
18. Any criminal, dishonest, malicious or fraudulent act, error or omission or any willful violation of any statute
or regulation committed by an Insured, acting alone or in collusion with others.
However, with the exception of Claims excluded under Exclusion 12., this exclusion shall not apply to any
dishonest, malicious or fraudulent act, error or omission committed by an Employee which gives rise to a
Claim or Loss covered under Insuring Agreement 1 —Security Breach Expense or Insuring Agreement 5
— Security Breach Liability Including Payment Card Industry (PCI) Fines and Penalties. This exception
does not apply to any Employee who is a Chief Executive Officer, Chief Financial Officer, Chief Security
Officer, Chief Technology Officer, Chief Information Officer, Risk Manager, General Counsel, owner,
general manager or any functionally equivalent positions of the Insured or any Subsidiary, regardless of
title.
With the exception of Claims excluded under Exclusion 12,We will defend the Insured against any Claim
alleging such acts or violations until final adjudication is rendered against that Insured. Final adjudication
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 8 of 20
node
INTERNATIONAL
rendered against one Insured shall not be imputed to any other Insured.
We will not provide indemnification for any Claim to which any Insured enters a guilty plea or pleads no
contest and We will not provide a defense from the time We become aware that any Insured intends to so
plead.
19. Any action or proceeding brought by, or on behalf of, any governmental authority or regulatory agency
including, but not limited to:
a. The seizure or destruction of property by order of a governmental authority;
b. Regulatory actions or proceedings brought by, or on behalf of, the Federal Trade Commission,
Federal Communications Commission or other regulatory agency, except when covered under
Paragraph c.a of Insuring Agreement 5—Security Breach Liability Including Payment Card Industry
(PCI) Fines and Penalties; or
c. The shutdown or seizure of systems or services by a government or regulatory body.
However, this exclusion shall not apply to actions or proceedings brought by a governmental authority or a
regulatory agency acting solely in its capacity as a customer of the Named Insured or of a Subsidiary.
20. Any costs or expenses associated with upgrading or improving a Computer System regardless of the
reason.
21. Any Claim brought or alleged by one Insured against another, except for a Claim brought or alleged by an
Employee against an Insured as a result of a Security Breach or Cyber Incident.
22. Fines, penalties or assessments imposed pursuant to contract or agreement, whether oral or written,
including, but not limited to, Payment Card Industry (PC) fines, penalties or assessments. This exclusion
shall not apply to the coverage provided under Pagragraph c. of Insuring Agreement 5 - Security Breach
Liability Including Payment Card Indusry (PCI) Fines and Penalties.
23. Any costs related to loss of any virtual currency:
24. Any actual or alleged restraint of trade monopolization, unfair trade, price fixing, violation of the Federal
Trade Commission Act, the Sherman Antitrust Act, the Clayton Act, including any amendment thereto or
any rule or regulation promulgated under any such statute, or any similar foreign, federal, state or local
statute, rule or regulation. However, this exclusion shall not apply to a Claim alleging unfair or deceptive
acts or practices in or affecting commerce under Section 5(a) of the Federal Trade Commission Act (15
U.S.C.45(a)).
25. any of the following:
a. Unlawful or unauthorized collection, harvesting, processing, storage, transfer, distribution or sale
of Personal Information or other data;
b. Wiretapping, eavesdropping, improper consent practices, unlawful or unauthorized use of
tracking/monitoring/surveillance software tools, or audio or video recording; or
c. Violation of the Illinois Biometric Information Privacy Act or similar provisions of any federal, state,
local, or foreign statutory or common law, directive or regulation regulating the collection, handling,
use, or storage of biometric data and/or any required disclosures thereof.
However, section 25.b of this exclusion will not apply to Defense Expenses incurred for the failure to
prevent unauthorized access to, or use of, electronic or non-electronic data containing identity information.
26. a. The purchase or sale of or offer to purchase or sell any securities or any violation of the Securities
Exchange Act of 1934 or the Securities Act of 1933 and any amendments thereto or any other
foreign, federal, state or local statute, or any rule or regulation promulgated under such statutes,
that regulates the offering, sale or purchase of securities.
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 9 of 20
node
INTERNATIONAL
b. Any Claim brought by any security holder of the Insured,in their capacity as such,whether directly,
by class action, or derivatively on behalf of the Insured.
27. Any Claim arising out of, caused by or related to a"Technology Errors&Omissions Wrongful Act."
For purposes of this exclusion,the following definitions apply:
a. "Technology Errors & Omissions Wrongful Act" means any negligent act, error or omission,
including any negligent act, error or omission resulting in a breach of contract or in a failure of
"Technology Products"to perform the function or serve the purpose intended by an Insured or by
a person or entity for whom the Insured is legally liable, in the performance of "Technology
Services."
b. "Technology Services" means the following services performed for others for compensation by an
Insured or by any other person or entity for whom the Insured is legally liable:
i. analysis, design, integration, wiring, cabling, or conversion of computer and electronic
technology systems or networks;
ii. designing, developing, programming, servicing, distributing, licensing, installing,
maintaining and repairing computer software, computer code and computer firmware or
hardware;
iii. education and training in the use of computer hardware or software;
iv. information services;
v. computer consulting;
vi. computer and network security services, including but not limited to providing content
filtering, patch administration and security audits;
vii. internet services; or
viii. data processing in connection with any of the above listed services,including but not limited
to storing, collecting, compiling, processing, mining, conversion, encryption, recording or
analysis of data.
c. "Technology Products" mean any computer hardware, firmware, software, or related electronic
product, equipment or device, specifically designed or intended for use in connection with any
"Technology Services," telecommunication systems or telecommunication service that is created,
manufactured, developed, distributed, licensed, leased or sold by the Insured or for any Insured
by others acting under the Insured's trade name.
SECTION VI—CONDITION
1. Cancellation
a. The first Named Insured shown in the Declarations may cancel this Policy by mailing or delivering
to Us advance written notice of cancellation.
b. We may cancel this Policy by mailing or delivering to the first Named Insured written notice of
cancellation at least:
i. 10 days before the effective date of cancellation if We cancel for nonpayment of premium;
or
ii. 30 days before the effective date of cancellation if We cancel for any other reason.
c. We will mail or deliver Our notice to the first Named Insured's last mailing address known to Us.
d. Notice of cancellation will state the effective date of cancellation.The Policy Period will end on that
date.
e. If this Policy is canceled, We will send the first Named Insured any premium refund due. If We
cancel, the refund will be prorated. If the first Named Insured cancels, the refund may be less
than pro rata.The cancellation will be effective even if We have not made or offered a refund.
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 10 of 20
node
INTERNATIONAL
f. If notice is mailed, proof of mailing will be sufficient proof of notice.
2. Changes
This Policy contains all the agreements between You and Us concerning the insurance afforded. The first
Named Insured shown in the Declarations is authorized to make changes in the terms of this Policy with
Our consent. This Policy's terms can be amended or waived only by endorsement issued by Us and made
a part of this Policy.
3. Examination of Your Books and Records
We may examine and audit Your books and records as they relate to this Policy at any time during the
Policy Period shown in the Declarations and up to three years afterward.
4. Inspections and Surveys
We have the right to i)make inspections and surveys at any time; ii) give You reports on the conditions We
find; and iii)recommend changes.
We are not obligated to make any inspections,surveys, reports or recomendations,and any such actions
We do undertake relate only to insurability and the premiums to be charged. We do not make safety
inspections.We do not undertake to perform the duty of any person or organization to provide for the health
or safety of workers or the public.And We do not warrant that conditions 1) are safe or healthful;or ii)comply
with laws, regulations, codes or standards.
Paragraph 2 of this condition applies not only to Us, but also to any rating, advisory, rate service or similar
organization which makes insurance inspections, surveys, reports or recommendations.
5. Premiums
The first Named Insured shown in the Declarations: 1) is responsible for the payments of all premiums; and
ii)will be the payee for any return premiums We pay.
6. Transfer of Your Rights and Duties under This Policy
Your rights and duties under this Policy may not be transferred without Our written consent, except in the
case of death of an individual Named Insured.
If You are a sole proprietor and You die, Your rights and duties will be transferred to Your legal
representative but only while acting within the scope of duties as Your legal representative. Until Your legal
representative is appointed,anyone having proper temporary custody of Your property will have Your rights
and duties but only with respect to that property.
7. Subrogation
With respect to any payment made under this Policy, We shall be subrogated to the Insureds rights of
recovery to the extent of such payment. The Insured shall execute all papers required and shall do
everything necessary to secure and preserve such rights, including the execution of such documents
necessary to enable Us to bring suit in the Insured's name. Any recoveries, less the cost of obtaining
them, will be distributed as follows:
a. To You, until You are reimbursed for any Loss You sustain that exceed the sum of the Policy Limit
of Insurance and the Deductible Amount, if any;
b. Then to Us, until We are reimbursed for the payment made under this Policy; and
c. Then to You, until You are reimbursed for that part of the payment equal to the Deductible Amount,
if any.
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 11 of 20
node
INTERNATIONAL
8. Bankruptcy
Your bankruptcy, or the bankruptcy of Your estate if You are a sole proprietor, will not relieve Us of Our
obligations under this Policy.
9. Representations
You represent that all information and statements contained in the Application are true, accurate and
complete. All such information and statements are the basis for Our issuing this Policy. Misrepresentation
of any material fact may be grounds for the rescission of this Policy.
10. Changes in Exposure
a. Acquisition or Creation of Another Organization
If before or during the Policy Period:
You acquire securities or voting rights in another organization or create another
organization which, as a result of such acquisition or creation, becomes a Subsidiary; or
ii. You acquire any organization through merger or consolidation;
then such organization will be covered under this Policy but only with respect to Wrongful Acts or
Loss which occurred after the effective date of such acquisition or creation provided, with regard
to Paragraphs a.(i) and a.(ii) above, You:
(1) give Us written notice of the acquisition or creation of such organization within ninety(90)
days after the effective date of such action;
(2) obtain Our written consent to extend the coverage provided by this Policy to such
organization; and
(3) upon obtaining Our consent, pay Us an additional premium.
b. Acquisition of Named Insured
If during the Policy Period:
the Name Insured merges into or consolidates with another organization, such that the
Named Insured is not the surviving organization; or
ii. another organization,or person or group of organizations and/or persons acting in concert,
acquires securities or voting rights which result in ownership or voting control by the other
organization(s)or person(s)of more than fifty percent (50%)of the outstanding securities
or voting rights representing the present right to vote for the election of directors, trustees
or managers(if a limited liability company)of the Named Insured;
then the coverage afforded under this Policy will continue until the end of the Policy Period, but
only with respect to Claims arising out of Wrongful Acts which occurred prior to the effective date
of such merger, consolidation or acquisition.
The full annual premium for the Policy Period will be deemed to be fully earned immediately upon
the occurrence of such merger, consolidation or acquisition of the Named Insured.
The Named Insured must give written notice of such merger, consolidation or acquisition to Us as
soon as practicable, together with such information as We may reasonably require.
c. If, before or during the Policy Period, an organization ceases to be a Subsidiary, the coverage
afforded under this Policy with respect to such Subsidiary will continue until the end of the Policy
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 12 of 20
node
INTERNATIONAL
Period but only with respect to Claims arising out of Wrongful Acts which occurred prior to the
date such organization ceased to be a Subsidiary.
11. Other Insurance
Under Insuring Agreements 1 — Security Breach Expense, 2 — Extortion Threats or 3 — Replacement or
Restoration of Electronic Data: If any covered Claim or Loss is insured by any other valid policy, then this
Policy shall apply only in excess of the amount of any deductible, retention and limit applicable to such
other insurance, whether such other policy is stated to be primary, contributory, excess, contingent or
otherwise, unless such other policy is written specifically excess of this Policy by reference in such other
policy to this Policy's policy number.
When this Policy is excess, We shall have no duty under Insuring Agreement 5—Security Breach Liability
Including Payment Card Industry (PCI) Fines and Penalties to defend the Insured against any Suit if any
other insurer has a duty to defend the Insured against that Suit.
If any covered Claim or Loss is insured by any other valid policy issued by Us,our liability under this Policy
and such other policy combined shall not exceed the amount of th largest applicable Aggregate Limits or
Sublimit(s)of Insurance.
12. Legal Action Against Us
No person or organization has a right: i) to join Us as a party or otherwise bring Us into a Suit asking for
damages from an Insured; or ii)to sue Us under this Policy unless all of its terms have been fully complied
with.
A person or organization may sue Us to recover on an agreed settlement or on a final judgment against an
Insured, but We will not be liable for damages that are not payable under Insuring Agreement 5—Security
Breach Liability Including Payment Card Industry (PCI) Fines and Penalties, or that are in excess of the
Policy Aggregate Limit of Insurance. An agreed settlement means a settlement and release of liability
signed by Us,the first Named Insured and the claimant or the claimant's legal representative.
You may not bring any legal action against Us involving Loss: i) unless You have complied with all the
terms of this Policy; ii) until ninety (90) days after You have filed proof of loss with Us;and iii)unless brought
within two (2) years from the date You reported the Loss to Us.
If any limitation in this condition is prohibited by law, such limitation is amended so as to equal the minimum
period of limitation provide such law.
13. Separation of Insureds
Except with respect to the Policy Aggregate Limit of Insurance,and any rights or duties specifically assigned
in Insuring Agreement 5 — Security Breach Liability Including Payment Card Industry (PCI) Fines and
Penalties to the first Named Insured,this Policy applies separately to each Insured against whom a Claim
is made.
14. Duties in the Event of Claim or Loss
After a situation that results in,or may result in, a Loss covered under this Policy is Discovered,You must
notify Us in writing as soon as practicable, but not to exceed thirty (30) days from the date Discovered,
and cooperate with Us in the investigation and settlement of the Claim or Loss. Additionally:
a. Under Insuring Agreements 1 —Security Breach Expense, 2—Extortion Threats, 3—Replacement
or Restoration of Electronic Data, and 4—Business Income and Extra Expense, You must:
notify local law enforcement officials;
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 13 of 20
node
INTERNATIONAL
ii. submit to examination under oath at Our request and give Us a signed statement of Your
answers; and
iii. At Our request give Us a detailed, sworn proof of loss within one hundred twenty (120)
days.
In addition, under Insuring Agreement 2—Extortion Threats, You must also:
(1) determine that the Extortion Threat has actually occurred; and
(2) with respect to Ransomware, make every reasonable effort to access Your Electronic
Data from backup, if any, and to remediate the cause of the Ransomware; and
(3) make every reasonable effort to immediately notify Us before making any ransom payment
based upon the Extortion Threat; and
(4) approve any ransom payment based upon the Extortion Threat.
b. Under Insuring Agreement 5 — Security Breach Liability Including Payment Card Industry (PCI)
Fines and Penalties, You must:
i. immediately record the specifics of the Claim and the date Discovered;
ii. immediately send Us copies of any demands, notices, summonses or legal papers
received in connection with the Claims;
iii. authorize Us to obtain records and other information, and
iv. assist Us, upon Our request, in the enforcement of any right against any person or
organization which may be liable to You because of a Loss to which this Policy may also
apply.
You will not, except at Your own cost, voluntarily make a payment, assume any obligation or incur
any expense without Our consent.
15. Extended Reporting Periods
a. Automatic Extended Reporting Period
If the Named Insured cancels or non-renews this Policy, the Insurer cancels or non-renews this
Policy, or if there is a decrease in limits, reduction of coverage, increased deductible or self-insured
retention, new exclusion, or any other change less favorable to the Insured, then the Insured will
have an automatic,non-cancelable 60-day Extended Reporting Period.
b. Supplemental Extended Reporting Period
If the Named Insured cancels or non-renews this Policy, the Insurer cancels or non-renews this
Policy,or if there is a decrease in limits, reduction of coverage,increased deductible or self-insured
retention, new exclusion, or any other change less favorable to the Insured, the Named Insured
will have the right to purchase an optional Extended Reporting Period of up to three (3)years to
immediately follow the automatic Extended Reporting Period.
The optional Extended Reporting Periods and their respective additional premiums are stated in
the Declarations or by endorsement. The premium for such Extended Reporting Period is based
on the rating of the canceled or terminated Policy. We must receive written notice of the optional
Extended Reporting Period elected together with payment of the applicable additional premium,
within either 1) sixty (60) days after the end of the Policy Period or 2) thirty (30) days from the
effective date of mailing or deliver of the notification advising You of the availability of,the premium
for, and the importance of purchasing optional Extended Reporting Period. If the Insurer does
not receive payment within such period, the Insurer will not be required to provide any optional
Extended Reporting Period.
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 14 of 20
node
INTERNATIONAL
If an optional Extended Reporting Period is purchased, we will provide an Additional Extended
Reporting Period Additional Limit of Insurance equal to the remaining applicable Limit of Insurance
of the canceled or terminated Policy.
16. Valuation—Settlement
All premiums, limit(s)of insurance, deductible amounts, Loss and any other monetary amounts under this
Policy are expressed and payable in the currency of the United States of America. If judgment is rendered,
settlement is agreed to or another component of Loss under this Policy is expressed in any currency other
than United States of America dollars, payment under this Policy shall be made in United States dollars at
the rate of exchange published in The Wall Street Journal on the date the final judgment is entered,
settlement amount is agreed upon or the other component of Loss is due, respectively.
a. With respect to Loss covered under Insuring Agreement 4 — Business Income, Contingent
Business Income and Extra Expense, the amount of "business and contingent business income"
will be determined based on consideration of:
the net income generated from Your E-commerce Activities before the Interruption
occurred;
ii. the likely net income generated by Your E-commerce Activities if no Interruption had
occurred, but not including any net income that would likely have been earned as a result
of an increase in the volume of business due to favorable business conditions caused by
the impact of the Cyber Incident on customers or on other businesses;
iii. the operating expenses, including payroll, necessary to resume Your E-commerce
Activities with the same quality of service that existed before the Interruption; and
iv. other relevant sources of information including Your financial records and accounting
procedures, bills, invoices and other vouchers, and debts, liens and contracts.
However, the amount of "business and contingent business income" will be reduced to the extent
that the reduction in the volume of business from the affected E-commerce Activities is offset by
an increase in the volume of business from other channels of commerce such as via telephone,
mail or other sources.
b. With respect to Loss covered under Insuring Agreement 4—Business Income,Contingent Business
Income and Extra Expense, the amount of "extra expense" will be determined based on:
necessary expenses that exceed the normal operating expenses that would have been
incurred in the course of Your E-commerce Activities during the period of coverage if no
Interruption had occurred. We will deduct from the total of such expenses the salvage
value that remains of any property bought for temporary use during the period of coverage
once Your E-commerce Activities are resumed; and
ii. necessary expenses that reduce the"business and contingent business income"Loss that
otherwise would have been incurred during the period of coverage.
17. Confidentiality
Under Insuring Agreement 2 — Extortion Threats, Insureds must make every reasonable effort not to
divulge the existence of this coverage.
18. Territory
This Policy covers Wrongful Acts, Security Breaches, Cyber Incidents and Extortion Threats which
occur anywhere in the world. However. Suits must be brought in the United States of America (including
its territories and possessions).
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 15 of 20
node
INTERNATIONAL
19. Policy Bridge—Discovery Replacing Loss Sustained
If this Policy replaces insurance that provided You with an extended period of time after cancellation or
nonrenewal in which to Discover Loss resulting directly from any Cyber Incident, Extortion Threat,
Security Breach, or Claim and which did not terminate when this Policy became effective:
We will not pay for any Loss resulting directly from any Cyber Incident, Extortion Threat, Security
Breach,or Claim that occurred during the Policy Period of that prior insurance which is Discovered during
such extended period of time, unless the amount of that Loss exceeds the Limit of Insurance and
Deductible Amount of that prior insurance. In that case, We will pay for the excess Loss subject to the
terms and conditions of this Policy.
Condition 11 —Other Insurance does not apply to this condition.
20. Nonrenewal
We may non-renew this Policy for any reason allowable by applicable law. If We decide not to renew this
Policy, We will mail or deliver to the first Named Insured written notice of the nonrenewal not less than
thirty(30)days before the expiration date.
If notice is mailed, proof of mailing will be sufficient proof of notice.
SECTION VII— DEFINITIONS
1. Application means the signed application for this Policy, including any attachments,attestations,and other
materials submitted in conjunction with the signed application, digital or otherwise.
2. Card Company means American Express, Discover Financial Services, JCB International, MasterCard
Worldwide,Visa Inc.or any other credit card company that requires its merchants to adhere to the Payment
Card Industry(PCI) Data Security Standards.
3. Claim means:
a. A written demand for monetary or nonmonetary damages, including but not limited to injunctive
relief;
b. A civil proceeding commenced by the service of a complaint or similar proceeding;
c. Under Paragraph b. of Insuring Agreement 5 — Security Breach Liability Including Payment Card
Industry (PCI) Fines and Penalties,a Regulatory Proceeding commenced by the filing of a notice
of charges,formal investigative order, service of summons or similar document; or
d. Under Paragraph c. of Insuring Agreement 5 — Security Breach Liability Including Payment Card
Industry (PCI) Fines and Penalties an action brought by a Card Company of the Payment Card
Industry(PCI);
against any Insured for a Wrongful Act, including any appeal therefrom.
4. Computer System means any computer, including transportable or handheld devices, electronic storage
devices and related peripheral components; any systems and applications software, or any related
telecommunications networks connected to or used in connection with such computer or devices: i)which
collects, transmits, processes, stores or retrieves Your Electronic Data; and ii)which is:
a. Owned by You;
b. Leased by You and operated by any Insured;
c. Owned and operated by an Employee who has agreed in writing to Your personal device use
policy; or
d. Operated by an authorized Third Party, but only with respect to Your Electronic Data.
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 16 of 20
node
INTERNATIONAL
5. Cyber Incident means:
a. Any i)Hacker attack; ii)malicious code; or iii)Virus that is directed at, enacted upon or introduced
into a Computer System (including Your Electronic Data) and is designed to access, alter,
corrupt,damage,delete, destroy, disrupt,encrypt, use or prevent or restrict access to or the use of
any part of a Computer System (including Your Electronic Data)or otherwise disrupt its normal
functioning or operation.
Recurrence of the same Virus after a Computer System has been restored shall constitute a
separate Cyber Incident.
b. Any denial of service attack specifically directed at You which disrupts, prevents or restricts access
to or use of a Computer System or otherwise disrupts the normal functioning or operation of a
Computer System.
6. Discovery or Discovered means the time when any Employee who is a Chief Executive Officer, Chief
Financial Officer,Chief Security Officer, Chief Technology Officer, Chief Information Officer, Risk Manager,
General Counsel, owner, general manager, or any functionally equivalent positions of the Insured or any
Subsidiary, regardless of title first becomes aware of facts which would cause a reasonable person to
believe that a Loss covered by this Policy has been or will be incurred, regardless of when the act or acts
causing or contributing to such Loss occurred, even though the exact amount or details of Loss may not
then be known.
Discovery or Discovered also means the time when any Insured first receives notice of an actual or
potential Claim in which it is alleged that You are liable to a third party under circumstances which, if true,
would constitute a Loss under this Policy.
7. E-commerce Activities means those activities conducted by You in the normal conduct of Your business
via Your web site or Your e-mail system.
8. Electronic Data means information, facts, images or sounds stored as or on, created or used on, or
transmitted to or from computer software including systems and applications software) on electronic
storage devices including, but not limited to, hard or floppy disks, CD-ROMs, tapes, drives, cells, data
processing devices or any other media which are used with electronically controlled equipment.
Electronic Data is not tangible property.
Electronic Data does not include You Electronic Data that is licensed,leased, rented or loaned to others.
9. Employee means any natural person who was, now is, or will be:
a. Employed on a full-or part-time basis;
b. Furnished temporarily to You to substitute for a permanent employee on leave or to meet seasonal
or short-term workload conditions;
c. Leased to You by a labor leasing firm under an agreement between You and the labor leasing firm
to perform duties related to the conduct of Your business but does not mean a temporary employee
as defined in Paragraph 9.b. above;
d. An officer;
e. A director, trustee or manager(if a limited liability company);
f. A volunteer worker;
g. A partner or member(if a limited liability company); or
h. An Independent Contractor,
of the Named Insured and those of any organization qualifying as a Subsidiary under the terms of this
Policy, but only while acting within the scope of their duties as determined by the Named Insured or such
Subsidiary.
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 17 of 20
node
INTERNATIONAL
10. Extended Reporting Period means a designated period immediately following cancellation, nonrenewal,
decrease in limits, reduced coverage, increased deductible or self-insured retention, newly added
exclusions,or any other changes which are less favorable to the Insured of the Policy,during which Claims
first made against the Insured will be deemed made during the Policy Period, but only for Wrongful Acts
or Interrelated Wrongful Acts that first occurred on or after the Retroactive Date, if any, and prior to the
effective date of cancellation, nonrenewal, decrease in limits, reduced coverage, increased deductible or
self-insured retention, newly added exclusions, or any other changes which are less favorable to the
Insured, of the Policy.
11. Extortion Threat means a threat or series of related threats:
a. To perpetrate a Cyber Incident;
b. To disseminate,divulge or utilize:i)Your proprietary information;or ii)weakness in the source code
within a Computer System by gaining unauthorized access to a Computer System;
c. To destroy, corrupt or prevent normal access to a Computer System (including Your Electronic
Data)by gaining or having gained unauthorized access to a Computer System;
d. To inflict Ransomware on a Computer System; or
e. To publish Your client's or Employee's Personal Information.
Extortion Threat does not include a threat or series of threat to any Third Party.
12. Hacker means a person who accesses a Computer System (including Your Electronic Data)who is: i)
not authorized to have such access; or ii) authorized to have such access but who uses such access in an
unauthorized manner.
13. Independent Contractor means any person or entity contracted by the Named Insured to perform the
same business operations as the Named Insured, but only while in the course of their performance of such
business operations on behalf of, or at the direction of, the Named Insured.
14. Insured means any Named Insured and its Employees.
15. Interrelated Wrongful Acts means all Wrongful Acts that have as a common nexus any: i) fact,
circumstance, situation, event, transaction or cause; or ii) a series of casually connected facts,
circumstances, situations, events, transactions or causes.
16. Interruption means:
a. With respect to a Cyber Incident:
i. an unanticipated cessation or slowdown for Your E-Commerce Activities; or
ii. Your suspension of Your E-Commerce Activities for the purpose of avoiding or mitigating
the possibility of transmitting a Virus or malicious code to another person or organization;
and, with regard to Paragraphs 16a.i and 16.a.ii. above, shall be deemed to begin when
Your E-Commerce Activities are interrupted and ends at the earliest of:
(1) one hundred-eighty(180)days after the Interruption begins;
(2) the time when Your E-Commerce Activities are resumed; or
(3) the time when service is restored to You.
b. With respect to an Extortion Threat,Your voluntary suspension of Your E-Commerce Activities:
i. based upon clear evidence of a credible threat; or
ii. based upon the recommendation of a security firm, if any;
and, with regard to Paragraphs 16.b.i and 16.b.ii. above, shall be deemed to begin when
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 18 of 20
node
INTERNATIONAL
Your E-Commerce Activities are interrupted and ends at the earliest of:
(1) one hundred-eighty(180)days after the Interruption begins;
(2) the time when Your E-Commerce Activities are resumed; or
(3) the time when service is restored to You.
17. Loss means the definitions set forth in each of the respective Insuring Agreements of this Policy.
18. Named Insured means the entity or entities shown in the Declarations and any Subsidiary.
19. Personal Information means any information not available to the general public for any reason through
which an individual may be identified including, but not limited to, an individual's:
a. Social security number, driver's license number or state identification number;
b. Protected health information;
c. Financial account numbers;
d. Security codes, passwords, PINs associated with credit,debit or charge card numbers which would
permit access to financial accounts; or
e. Any other nonpublic information as defined in Privacy Regulations.
20. Policy Period means the period of time from the inception date of this Policy shown in the Declarations to
the expiration date shown in the Declarations, or its earlier cancellation or termination date,and specifically
excludes any Extended Reporting Period.
21. Pollutants means any solid, liquid, gaseous or thermal irritant or contaminant, including smoke, vapor,
soot, fumes, acids, alkalis, chemicals and waste. Waste includes materials to be recycled, reconditioned
or reclaimed.
22. Privacy Regulations means any of the following statutes and regulations, and their amendments,
associated with the control and use of personally identifiable financial, health or other sensitive information
including, but not limited to:
a. The Health Insurance Portability and Accountability Act of 1996 (HIPAA)(Public Law 104-191);
b. The Health Information Technology for Economic and Clinical Health Act (HITECH) (American
Recovery and Reinvestment Act of 2009);
c. The Gramm-Leach-Bliley Act of 1999;
d. Section 5(a) of the Federal Trade Commission Act (15 U.S.C. 45(a)), but solely for alleged unfair
or deceptive acts or practices in or affecting commerce;
e. The Identity Theft Red Flags Rules under the Fair and Accurate Credit Transactions Act of 2003;
or
f. Any other similar local, state, federal or foreign identity theft or privacy protection statute or
regulation.
23. Ransomware means any software that is used to demand a ransom payment by: i)restricting access to a
Computer System; or ii)encrypting Your Electronic Data held within a Computer System.
24. Ransom Demand means a demand by a third-party actor communicated in an electronic format to You as
a request for payment in any form, including virtual currency, to rectify an Extortion Threat that is
Discovered during the Policy Period.
Ransom Payment means a monetary payment made during the Policy Period in any form, including virtual
currency, to a third-party actor with Our prior written consent to resolve an Extortion Threat.
Security Breach means a privacy breach that includes the acquisition of Personal Information held within
a Computer System or in non-electronic form at or while in the care, custody or control of the Insured or
authorized Third Party by a person: i)not authorized to have access to such information; or ii)authorized
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 19 of 20
node
INTERNATIONAL
to have access to such information but whose access results in the unauthorized disclosure of such
information.
25. Subsidiary means any organization in which more than fifty percent(50%)of the outstanding securities or
voting rights representing the present right to vote for the election of directors, trustees, managers (if a
limited liability company) or persons serving in a similar capacity is owned, in any combination, by one or
more Named Insureds.
26. Suit means a civil proceeding in which damages to which this Policy applies are claimed against the
Insured. Suit includes:
a. An arbitration proceeding in which such damages are claimed and to which the Insured submits
with Our consent; or
b. Any other alternative dispute resolution proceeding in which such damages are claimed and to
which the Insured submits with Our consent.
Suit does not include a civil proceeding seeking recognition and/or enforcement of a foreign money
judgment.
27. Third Party means any entity that You engage under the terms of a written contract to perform services for
You.
28. Virus means any kind of malicious code designed to damage or destroy any part of a Computer System
(including Your Electronic Data)or disrupt its normal functionin.
29. Wrongful Act means any actual or alleged:
a. Security Breach;
b. Failure to prevent unauthorized access to, or use of, electronic or non-electronic data containing
identity information;
c. Failure to prevent the transmission of a Virus through a Computer System into a computer
network, any application software, or a computer operating system or related network that is not
rented, owned, leased by licensed to or under the direct operational control of the Insured; or
d. Failure to provide notification of any actual or potential Security Breach if such notification is
required by any security breach notification law;
by, or asserted against, an Insured.
SP CW 99 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 20 of 20
Policy Number: node
Endorsement Issued Date:
Endorsement Effective Date: INTERNATIONAL
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
COMPUTER AND FUNDS TRANSFER FRAUD
Computer And Funds Transfer Fraud Coverage Limit: See coverage sheet
Computer And Funds Transfer Fraud Deductible: See coverage sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
With regard to this Computer And Funds Transfer Fraud endorsement, the provisions of the Policy to which this
endorsement is attached remain unchanged and apply, unless modified by this endorsement.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENT:
Computer And Funds Transfer Fraud
a. Subject to the Computer and Funds Transfer Fraud Coverage Limit and Deductible set forth above, We
will pay for:
i. Loss resulting directly from a fraudulent:
1. Entry of Electronic Data Computer System into; or
2. Change of Electronic Data or Computer System within
a Computer System, by a person or organization without authorization to access such
Computer System, provided the fraudulent entry or fraudulent change causes, with regard to
Paragraphs a.i.(1) and a.i.(2):
a. Your money, securities or other property to be transferred, paid or delivered; or
b. Your account at a financial institution to be debited or deleted, or
ii. Loss resulting directly from a Fraudulent Instruction directing a financial institution to debit your
Transfer Account and transfer, pay or deliver money or securities from that account
that is first Discovered during the Policy Period and reported in accordance with Condition 14. Duties
in the Event of Claim or Loss in SECTION VI—CONDITIONS.
b. As used in Paragraph a.i., "fraudulent entry" or `fraudulent change" of Electronic Data or Computer
Program shall include such entry or change made by an Employee acting, in good faith, upon a
Fraudulent Instruction received from a computer software contractor who has a written agreement with
You to design, implement or service Computer Programs for a Computer System covered under this
Insuring Agreement.
II. Solely with respect to the coverage afforded under this endorsement:
SP CW 80 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 4
Policy Number: node
Endorsement Issued Date:
Endorsement Effective Date: INTERNATIONAL
a. Computer Program means a set of related electronic instructions,which direct the operation and
function of a computer or devices connected to it, which enables the computer or devices to
receive, process, store or send your Electronic Data.
b. Loss means:
1. In Paragraph I.a.i.:
(a) Your money,securities or other property fraudulently transferred,paid or delivered;
or
(b) Money or securities fraudulently debited or deleted from Your account at a financial
institution.
2. In Paragraph I.a.ii., transferring, paying or delivering money or securities from Your
Transfer Account.
c. Fraudulent Instruction means:
(1) With regard to Paragraph I.a.ii.
(a) A computer, telegraphic, cable, teletype, telefacsimile,telephone or other electronic
instruction directing a financial institution to debit Your Transfer Account and to
transfer, pay or deliver money or securities from that Transfer Account, which
instruction purports to have been issued by You, but which in fact was fraudulently
issued by somone else without Your knowledge or consent.
(b) A written instruction issued to a financial institution directing the financial institution
to debit Your Transfer Account and to transfer, pay or deliver money or securities
from that Transfer Account, through an electronic funds transfer system at
specified times or under specified conditions, which instruction purports to have
been issued by You, but which in fact was issued, forged or altered by someone
else without your knowledge or consent.
(2) With regard to Paragraph I.b.:
A computer,telegraphic,cable,teletype,telefacsimile,telephone or other electronic,
written or voice instruction directing an Employee to enter or change Electronic
Data or Computer Programs within a Computer System covered under this
Insuring Agreement, which instruction in fact was fraudulently issued by Your
computer software contractor.
d.Transfer Account means an account maintained by you at a financial institution from which You
can initiate the transfer, payment or delivery of Money and Securities:
(1) By means of computer, telegraphic, cable, teletype, telefacsimile, telephone or other
electronic instructions; or
(2) By means of written instructions establishing the conditions under which such transfers
are to be initiated by such financial institution through an electronic funds transfer
system.
III. The following is added to SECTION II—LIMITS OF INSURANCE, 2.Aggregate Sublimit(s)of Insurance:
SP CW 80 02 23 Includes copyrighted material of Insurance Services Office,Inc.,with its permission Page 2 of 4
Policy Number: node
Endorsement Issued Date:
Endorsement Effective Date: INTERNATIONAL
The most We will pay for all Loss covered under the Computer and Funds Transfer Fraud Insuring
Agreement is the Computer and Funds Transfer Fraud Sublimit of Insurance shown above, which is part
of, not in addition to the Policy Aggregate Limit of Insurance set forth in the Declarations to this Policy.
Upon exhaustion of any Aggregate Sublimit of Insurance by such payments, We will have no further
obligations or liability of any kind with respect to Loss subject to such Sublimit of Insurance.
IV. Paragraph 1.of Section III—Deductible is deleted in its entirety and replaced with the following:
1. Under Insuring Agreements 1. Security Breach Expense, 2. Extortion Threats, 3. Replacement Or
Restoration Of Electronic Data, and Paragraph l.a. of this endorsement:
We will pay only the amount of Loss which is in excess of the Policy Deductible Amount shown above.
V. The following is added to SECTION V—EXCLUSIONS:
1. We will not be liable for Loss based upon, attributable to, arising out of or resulting from:
i. A fraudulent:
1. Entry of Electronic Data or Computer Program into; or
2. Change of Electronic Data or Computer Program within
a Computer System, by a person or organization with authorized access to such Computer
System, except when covered under Paragraph 1.b.
ii. The use or purported use of credit, debit, charge, access, convenience, identification,
stored-value or other cards or the information contained on such cards.
iii. The giving or surrending of property in any exchange or purchase.
iv. An Emploee or financial institution acting upon any instruction to:
1. Transfer, pay or deliver money, securities or other property; or
2. Debit or delete Your account;
which instruction proves to be fraudulent, except when covered under Paragraph I.b.
2. We will not be liable for Loss, or that part of any Loss, the proof of which as to its existence or
amount is dependent upon:
i. An inventory computation; or
ii. A profit and loss computation.
VI. The introductory statement to paragraph a. of Condition 14. Duties in the Event of Claim or Loss in SECTION
VI—CONDITIONS is deleted in its entirety and replaced with the following:
a. Under Insuring Agreements 2. Extortion Threats, 3. Replacement Or Restoration Of Electronic Data and
SP CW 80 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 3 of 4
Policy Number: node
Endorsement Issued Date:
Endorsement Effective Date: INTERNATIONAL
this Computer Funds Transfer Fraud Insuring Agreement, you must:
All other terms and conditions remain unchanged.
SP CW 80 02 23 Includes copyrighted material of Insurance Services Office,Inc.,with its permission Page 4 of 4
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
HARDWARE REPLACEMENT COSTS ENDORSEMENT
Hardware Replacement Costs Coverage Limit: See coverage sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Hardware Replacement Costs Endorsement, all provisions of the Policy to which
this endorsement is attached, as all terms and conditions, remain unchanged and applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience.
Read the entire policy carefully to determine rights, duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENTS:
Hardware Replacement Costs:
Subject to the Hardware Replacement Costs Coverage Limit set forth above and any
Deductible specified in the Declarations to this policy, We will pay for Loss directly resulting
from a Cyber Incident first Discovered during the Policy Period and reported in accordance
with Condition 14. Duties in the Event of Claim or Loss in SECTION VI—CONDITIONS, to
mitigate the potential of a future Cyber Incident or Security Breach.
With respect to this Hardware Replacement Costs Insuring Agreement:
a. Loss means the cost to replace hardware, including but not limited to, computers or any
associated devices or equipment operated by, and either owned by or leased to, the Insured
that are unable to function as intended due to corruption or destruction of software or firmware.
b. Loss does not include any sums related to labor costs associated with installing, connecting
or setting up the hardware.
II. The following is added to SECTION II — LIMITS OF INSURANCE, 2. Aggregate Sublimit(s) of
Insurance:
The most We will pay for all Loss covered under the Hardware Replacement Costs Insuring
Agreement is the Hardware Replacement Costs Aggregate Sublimit of Insurance, if any, shown
above or in the Declarations,which are part of, and not in addition to,the Policy Aggregate Limit of
Insurance. Upon exhaustion of any Aggregate Sublimit of Insurance by such payments, We will
have no further obligations of liability of any kind with respect to Loss subject to such Sublimit of
Insurance.
SP CW 86 05 22 Includes copyrighted material of Insurance Services Office,Inc.,with its permission Page 1 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
III. The following is added to SECTION III—DEDUCTIBLE:
Under the Hardware Replacement Costs Insuring Agreement, We will pay only the amount of
Loss which is in excess of the Policy Deductible shown in the Declarations.
IV. Exclusion 4 in SECTION V—EXCLUSIONS is deleted in its entirety and replaced with the following:
4. Bodily Injury
Bodily Injury means bodily injury, sickness or disease sustained by a person, including death
resulting from any of these at any time. It also means mental injury, mental anguish, mental
tension, emotional distress, pain or suffering or shock sustained by any person.
However, Bodily Injury does not mean mental anguish or emotional distress resulting directly
from a Security Breach.
All other terms and conditions remain unchanged.
SP CW 86 05 22 Includes copyrighted material of Insurance Services Office,Inc.,with its permission Page 2 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
POST BREACH REMEDIATION COVERAGE
ENDORSEMENT
Post Breach Remediation Coverage Limit: See coverage sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Post Breach Remediation Coverage Endorsement, all provisions of the Policy to
which this endorsement is attached, as well as all terms and conditions, remain unchanged and applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience.
Read the entire policy carefully to determine rights, duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENTS:
Post Breach Remediation:
Subject to the Post Breach Remediation Coverage Limit set forth above and any Deductible
specified in the Declarations to this policy, We will pay Loss incurred with Our prior written
approval during the Policy Period and reported in accordance with Condition 14. Duties in the
Event of Claim or Loss in SECTION VI — CONDITIONS, to resolve any vulnerabilities or
weaknesses in your Computer System that are identified by an independent security firm after
a Cyber Incident or Security Breach.The upgrades or improvements must be determined by
the independent security firm to reduce the probability or potential damage from a Cyber
Incident or Security Breach in the future.
With respect to this Post Breach Remediation Insuring Agreement:
a. Loss solely means:
i. labor costs incurred by an independent security firm to determine whether any
vulnerabilities or weaknesses exist in Your Computer System that are identified by an
independent security firm after a Cyber Incident or Security Breach; and
ii. labor costs incurred to resolve any vulnerabilities or weaknesses in your Computer
System that are identified by an independent security firm after a Cyber Incident or
Security Breach.
II. The following is added to SECTION II — LIMITS OF INSURANCE. 2. Aggregate Sublimit(s) of
Insurance:
SP CW 87 05 22 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
The most We will pay for all Loss covered under the Post Breach Remediation Insuring
Agreement is the Post Breach Remediation Aggregate Sublimit of Insurance, if any, shown
above or in the Declarations, which are part of, and not in addition to, the Policy Aggregate
Limit of Insurance.Upon exhaustion of any Aggregate Sublimit of Insurance by such payments,
We will have no further obligations of liability of any kind with respect to Loss subject to such
Sublimit of Insurance.
III. The following is added to SECTION III—DEDUCTIBLE:
Under the Post Breach Remediation Insuring Agreement,We will pay only the amount of Loss
which is in excess of the Policy Deductible amount shown in the Declarations.
All other terms and conditions remain unchanged.
SP CW 87 05 22 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
SOCIAL ENGINEERING ENDORSEMENT
Social Engineering Coverage Limit: See coverage sheet
Social Engineering Deductible: See coverage sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Social Engineering Endorsement, all provisions of the Policy to which this
endorsement is attached, as well as all terms and conditions, remain unchanged and applicable.
In consideration of the premium charged for the Policy, it is hereby un.-rstood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENTS:
Social Engineering
Subject to the Social Engineering Coverage Limit and Deductible set forth above, We will pay for
Social Engineering Loss resulting direcly from a Social Engineering Incident that is first
Discovered during the Policy Period and reported in accordance with Condition 14. Duties in the
Event of Claim or Loss in SECTION VI-CONTITIONS.
With respect to this Social Enginering Insuring Agreement:
la. Money means currency, coins or bank notes in current use and having a face value, travelers'
checks, register checks and money orders held for sale to the public. The term Money does
not include digital currency other negotiable and nonnegotiable instruments or contracts
representing either Money or property.
b. Securities mean negotiable and non-negotiable instruments or contracts representing either
Money or property.
Securities does not include Money.
c. Social Engineering Incident means the intentional misleading of an Insured to transfer
Money to a person, place or account beyond the Named Insured's control resulting directly
from the Named Insured's employee's good faith reliance upon an instruction transmitted via
email, purporting to be from:
i. a natural person or entity who exchanges, or is under contract to exchange, goods or
services with the Named Insured for a fee (other than a financial institution, asset
manager, broker-dealer, armored motor vehicle"named insured"or any similar entity); or
ii. an employee of the Named Insured;
but which contained a fraudulent and material misrepresentation and was sent by an
imposter.
SP CW 91 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 3
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
As a condition precedent to coverage under this Social Engineering Endorsement, the Named
Insured must have an established and documented funds transfer request verification procedure
and that procedure must have been followed before acting upon any instruction.
d. Social Engineering Loss means the loss of Money as a result of a Social Engineering
Incident.
Social Engineering Loss does not include indirect and/or consequential loss.
II. The following is added to SECTION II — LIMITS OF INSURANCE, 2. Aggregate Sublimit(s) of
Insurance:
The most We will pay for all Loss covered under the Social Engineering Insuring Agreement is the
Social Engineering Aggregate Sublimit of Insurance, if any, shown above or in the Declarations.,
which are part of, and not in addition to, the Policy Aggregate Limit of Insurance. Upon exhaustion
of any Aggregate Sublimit of Insurance by such payments, We will have no further obligations of
liability of any kind with respect to Loss subject to such Sublimit of Insurance.
III. The following is added to SECTION III—DEDUCTIBLE:
Under the Social Engineering Insuring Agreement, We will pay only the amount of Loss which is
in excess of the Policy Deductible shown above, or in the Declarations.
IV. SECTION V—EXCLUSIONS is amended to include:
We will not be liable for Social Engineering Loss resulting from a Social Engineering Incident based
upon, attributable to or arising out of:
1. An actual or alleged infringement of, violation of, misappropriation of or assertion of any right to or
interest in any:
a. Patent, copyright , trademark, trade dress, certification mark, collective mark, service mark,
expression, idea, likeness, name, slogan, style of doing business, symbol,title,trade secret or
other intellectual property right by or on behalf of any Insured; or
b. Software or computer code or its source content or material by or on behalf of any Insured.
2. A fraudulent,dishonest or criminal act by any Employee or authorized representative of the Named
Insured,whether acting alone or in collusion with others.
3. The establishment of any credit or similar promise to pay,or to any party's use of or acceptance of
any credit card, debit card or similar instrument, whether or not genuine.
4. Any investment or ownership in any corporation, partnership, real property, or similar instrument,
whether or not such investment is genuine.
5. A kidnap, ransom or other extortion payment surrendered as a result of a threat to do bodily harm
to any natural person or a threat to harm, take, or transfer property.
SP CW 91 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 3
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
All other terms and conditions remain unchanged.
SP CW 91 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 3 of 3
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
TELECOMMUNICATIONS FRAUD ENDORSEMENT
Telecommunications Fraud Coverage Limit: See coverage sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Telecommunications Fraud Endorsement, all provisions of the Policy to which this
endorsement is attached, as well as all terms and conditions, remain unchanged and applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience.
Read the entire policy carefully to determine rights, duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENTS:
Telecommunications Fraud:
Subject to the Telecommunications Fraud Coverage Limit set forth above and any Deductible
specified in the Declarations to this policy, We will pay for any monetary Loss sustained by
You, including but not limited to•phone bills, first Discovered during the Policy Period and
reported in accordance Condition 14. Duties in the Event of Claim or Loss in SECTION VI-
CONDITIONS, directly resulting from an intentional unauthorized access to Your Telephone
System by a third party.
With respect to this Telecommunications Fraud Insuring Agreement:
a. Loss solely means the monetary cost of unauthorized calls or unauthorized use of Your
Telephone System's bandwidth.
b. Telephone System means the VolP phone system directly under Your control.
II. The following is added to SECTION II — LIMITS OF INSURANCE, 2. Aggregate Sublimit(s) of
Insurance:
The most We will pay for all Loss covered under the Telecommunications Fraud Insuring
Agreement is the Telecommunications Fraud Aggregate Sublimit of Insurance, if any, shown
above or in the Declarations., which are part of, and not in addition to, the Policy Aggregate
Limit of Insurance. Upon exhaustion of any Aggregate Sublimit of Insurance by such payments,
We will have no further obligations of liability of any kind with respect to Loss subject to such
Sublimit of Insurance.
SP CW 85 05 22 Includes copyrighted material of Insurance Services Office,Inc.,with its permission Page 1 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
III. The following is added to SECTION III—DEDUCTIBLE
Under the Telecommunications Fraud Insuring Agreement, We will pay only the amount of
Loss which is in excess of the Policy Deductible shown in the Declarations.
All other terms and conditions remain unchanged.
SP CW 85 05 22 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
WEBSITE MEDIA CONTENT LIABILITY
ENDORSEMENT
Website Media Content Liability Coverage Limit: See coverage sheet
Website Media Content Liability Deductible: See coverage sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Website Media Content Liability Endorsement, II provisions of the Policy to which
this endorsement is attached, as well as all terms and conditions, remain unchanged and applicable.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENTS:
Website Media Content Liability
Subject to the Website Media Content Liability Coverage Limit and Deductible set forth above,
We will pay for Loss that the Insured becomes legally obligated to pay and Defense Expenses
as a result of a Claim that is Discovered during the Policy Period and reported in accordance
with Condition 14. Duties in the Event of Claim or Loss in SECTION VI — CONDITIONS, for
one or more of the following acts first committed on or after the retroactive date and before the
end of the Policy Period in the course of Your display of Media Material on Your website or on
social media web pages created and maintained by or on behalf of You:
a. invasion of or interference with an individual's right of publicity, including commercial
appropriation of name, persona, voice or likeness; or
b. plagiarism, piracy or misappropriation of ideas under implied contract; or
c. infringement of copyright;or
d. infringement of domain name, trademark, trade name, trade dress, logo, title, metatag,
slogan, service mark, service name; or
e. improper deep-linking or framing within electronic content.
With respect to this Website Media Content Liability Insuring Agreement:
a. Media Material means any information in electronic form, including words, sounds,
numbers, images, or graphics and shall also include advertising, video, streaming
content, webcasting, online forums, bulletin boards and chat room content, but does not
mean computer software or the actual goods, products or services described, illustrated
or displayed in such Media Material.
II. Exclusions Applicable to the Website Media Content Liability Insuring Agreement:
SP CW 83 05 22 Page 1 of 2 Spinnaker Insurance Company
Includes copyrighted material of Insurance Services Office, Inc.,with its permission
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
We will not be liable for any Claim resulting from an act based upon, attributable to or arising out of:
1. An actual or alleged infringement of,violation of, misappropriation of or assertion of any right to or
interest in any:
a. Patent, copyright, trademark, trade dress, certification mark, collective mark, service mark,
expression, idea, likeness, name, slogan, style of doing business, symbol,title,trade secret or
other intellectual property right by or on behalf of any Insured, provided that this Exclusion
does not apply to a claim resulting from an act based upon, attributable to or arising out of
infringement of copyright,or infringement of domain name,trademark,trade name,trade dress,
logo,title, metatag, slogan, service mark, service name in the course of Your display of Media
Material on Your website or on social media web pages created and maintained by or on behalf
of You; or
b. Software or computer code or its source content or material by or on behalf of any Insured.
III. The following is added to SECTION II — LIMITS OF INSURANCE, 2. Aggregate Sublimit(s) of
Insurance:
The most We will pay for all Loss covered under the Website Media Content Liability Insuring
Agreement is the Website Media Content Liability Sublimit of Insurance shown above,which is part
of, not in addition to the Policy Aggregate Limit of Insurance set forth in the Declarations to this
Policy. Upon exhaustion of any Aggregage Sublimit of Insurance by such payments, We will have
no further obligations or liability of any kind with respect to Loss subject to such Sublimit of
Insurance.
All other terms and conditions remain unchanged.
SP CW 83 05 22 Page 2 of 2 Spinnaker Insurance Company
Includes copyrighted material of Insurance Services Office, Inc.,with its permission
Policy Number: ( OcJ€
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
SERVICE FRAUD INCLUDING CRYPTOJACKING
ENDORSEMENT
Service Fraud Coverage Limit: See policy cover sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Service Fraud Endorsement, all provisions of the Policy to which this endorsement
is attached,as well as all terms and conditions, remain unchanged and applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience.
Read the entire policy carefully to determine rights, duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION I —INSURING AGREEMENTS:
Service Fraud:
Subject to the Service Fraud Coverage Limit set forth above and any Deductible specified in
the Declarations to this policy, We will pay for any monetary Loss sustained by You, including
but not limited to phone and cloud based service bills, and Cryptojacking, first Discovered
during the Policy Period and reported in accordance Condition 14. Duties in the Event of
Claim or Loss in SECTION IV-CONDITIONS, directly resulting from an intentional
unauthorized access to Your Telephone System by a third party.
With respect to this Telemmunications Fraud Insuring Agreement:
a. Loss means the additional monetary costs incurred by You as a direct result of:
1. unauthorized calls or unauthorized use of Your Telephone System's bandwidth;
2. unauthorized access or use of Your Cloud Based Services; and
3. unauthorized access or use of a Computer System for the purpose of mining for
Virtual Currency with the use of any of the following services or resources:
• electricity
• natural gas
• oil
• internet.
b.Monetary Costs include only those additional amounts billed to You by the respective service
provider, including usage or consumption information, incurred in a periodic billing statement
pursuant to a written contract executed before the Loss first occurred with You, and does not
SP CW 70 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
include any amounts charged at a flat fee that does not scale with the rate or use of the
respective service due for payment during the Policy Period.
c. Telephone System means the Voice over Internet Protocol (VoIP) phone system directly
under Your control.
d. Cloud Based Services means Infrastructure as a Service (IaaS), Platform as a Service
(PaaS), and Software as a Service(SaaS).
e.Virtual Currency means a type of digital representation of currency or asset which is stored,
transferred, and transacted in electronic form, utilizes cryptography to secure its network,
regulate its generation, and verify its transfer, and operated independently of a central bank or
other central authority in the majority of financial jurisdictions.*
II. The following is added to SECTION II — LIMITS OF INSURANCE, 2. Aggregate Sublimit(s) of
Insurance:
The most We will pay for all Loss covered under the Service Fraud Insuring Agreement is the
Service Fraud Aggregate Sublimit of Insurance, if any, shown above or in the Declarations.,
which are part of, and not in addition to, the Policy Aggregate Limit of Insurance. Upon
exhaustion of any Aggregate Sublimit of Insurance by such payments,We will have no further
obligations of liability of any kind with respect to Loss subject to such Sublimit of Insurance.
III. The following is added to SECTION III— DEDUCTIBLE
Under the Service Fraud Insuring Agreement, We will pay only the amount of Loss which is in
excess of the Policy Deductible shown in the Declarations.
All other terms and conditions remain unchanged.
SP CW 70 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
DEDICATED BREACH COSTS ENDORSEMENT
Security Breach Expense Coverage Limit: See policy cover sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Security Breach Expense Outside of Limit Endorsement,all provisions of the Policy
to which this endorsement is attached, as well as all terms and conditions, remain unchanged and
applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience.
Read the entire policy carefully to determine rights, duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. Paragraph 1. Policy Aggregate Limit of Insurance of SECTION II—LIMITS OF INSURANCE is
deleted in its entirety and replaced with the following:
1. Policy Aggregate Limit of Insurance
Except as provided below under Paragraph 3. Security Breach Expense Limit of Insurance,
the most We will pay ffor all covered Loss and Defense Expenses is the Policy Aggregate
Limit of Insurance shown in the Declarations. Furthermore, except as provided below under
Paragraph 3. Security Breac Expense Limit of Insurance, the Policy Aggregate Limit of
Insurance shall be reduced by any payment, including Defense Expenses, made under the
terms of this Policy. Upon exhaustion of the Policy Aggregate Limit of Insurance and, only if
applicable, the Security Breach Expense Limit of Insurance, We will have no further
obligations or liability of any kind under this Policy.
II. Paragraph 2. Aggregate Sublimit(s) of Insurance of SECTION II— LIMITS OF INSURANCE is
deleted in its entirety and replaced with the following:
The Aggregate Sublimit(s)of Insurance set forth in the Declarations are part of,and not in addition
to, the Policy Aggregate Limit of Insurance.Any such Aggregate Sublimit(s) of Insurance shall be
reduced by any payment for Loss and, if applicable, Defense Expenses, under the Insuring
Agreement to which such Aggregate Sublimit of Insurance applies. Upon exhaustion of any
Aggregate Sublimit of Insurance by such payments, We will have no further obligations or liability
of any kind with respect to Loss or Defense Expenses, subject to such Sublimit of Insurance.
2.Aggregate Sublimit(s)of Insurance
Except as provided below under Paragraph 3.Additional Security Breach Expense Limit
of Insurance, Subject to the Policy Aggregate Limit of Insurance,the most We will pay for all
Loss covered under:
SP CW 71 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
a. Insuring Agreement 2—Extortion Threats, is the Ransom Payments Aggregate
Sublimit Of Insurance, if any, shown in the Declarations; and
b. Insuring Agreement 4—Business Income and Extra Expense, is the Business
Income and Extra Expense Aggregate Sublimit Of Insurance, if any, shown in the
Declarations.
The Aggregate Sublimit(s)of Insurance described in Paragraphs 2.a. and 2.b. above are part
of, and not in addition to, the Policy Aggregate Limit of Insurance. Any such Aggregate
Sublimit(s)of Insurance shall be reduced by any payment for Loss and, if applicable, Defense
Expenses, under the Insuring Agreement to which such Aggregate Sublimit of Insurance
applies. Upon exhaustion of any Aggregate Sublimit of Insurance by such payments, We will
have no further obligations or liability of any kind with re ct to Loss or Defense Expenses,
subject to such Sublimit of Insurance.
III. The following is added to SECTION II—LIMITS OF INSURANCE.
3.Additional Security Breach Expense Limit of Insurance
Solely with respect to SECTION I—INSURING AGREEMENTS, 1. Security Breach Expense:
a. All Loss covered under SECTION 1 - INSURING AGREEMENTS, 1.Security Breach
Expense incurred by the Named Insured in excess of the Policy Deductible amount
shown in the Declarations resulting directly from a Security Breach or Cyber Incident
Discovered during the Policy Period or any extended reporting period, if applicable,
shall only apply to, and reduce, the Additional Security Breach Expense Limit of
Insurance. All such Loss shall not apply to or reduce the Policy Aggregate Limit of
Insura .
b. Upon exhaustion of the Additional Security Breach Expense Limit of Insurance We
will have no further obligations or liability of any kind SECTION I — INSURING
AGREEMENTS, 1. Security Breach Expense under the Policy.
All other terms and conditions remain unchanged.
SP CW 71 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 2
Policy Number: ( OJ€
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
REVERSE SOCIAL ENGINEERING ENDORSEMENT
Reverse Social Engineering Coverage Limit: See cover sheet
Reverse Social Engineering Deductible: See cover sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Reverse Social Engineering Endorsement, all provisions of the Policy to which this
endorsement is attached, as well as all terms and conditions, remain unchanged and applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience.
Read the entire policy carefully to determine rights, duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENTS:
Reverse Social Engineering:
Subject to the Reverse Social Engineering Coverage Limit and Deductible set forth above,
We will pay for a Reverse Social Engineering Loss resulting directly from a Reverse
Social Engineering Event that is first Discovered during the Policy Period and
reported in accordance with Condition 14. Duties in the Event of Claim or Loss in
SECTION VI —CONDITIONS.
With respect to this Reverse Social Engineering Insuring Agreement:
a. Client means any person or entity with whom You have entered into a written contract to
provide services or deliverables.
b. Money means currency,coins or banknotes in current use and having a face value,travelers'
checks, register checks and money orders held for sale to the public. The term Money does
not include digital currency or other negotiable and nonnegotiable instruments or contracts
representing either Money or property.
c. Reverse Social Engineering Event means the intentional use of Your Computer System
by a person or organization that is not an Insured to mislead or deceive Your Client or Vendor
into transferring Money intended for You to another person or entity.
d. Reverse Social Engineering Loss means the loss of Money as a result of a Reverse
Social Engineering Event.
e. Vendor means any person or entity with whom You have entered into a written contract to
provide services to You provided that entity is not owned, operated or controlled by You.
Vendor does not include any financial institutions with which you directly or indirectly do
business.
SP CW 82 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 2
Policy Number: riOcJ€
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
II. The following is added to SECTION II — LIMITS OF INSURANCE, 2. Aggregate Sublimit(s) of
Insurance:
The most We will pay for all Loss covered under the Reverse Social Engineering Insuring
Agreement is the Reverse Social Engineering Aggregate Sublimit of Insurance, if any, shown
above, which is part of, not in addition to the Policy Aggregate Limit of Insurance set forth on
the Declarations to this Policy. Any such Aggregate Sublimit(s)of Insurance shall be reduced
by the amount of any payment for Loss under the Insuring Agreement to which such Aggregate
Sublimit of Insurance applies.Upon exhaustion of any Aggregate Sublimit of Insurance by such
payments,We will have no further obligations or liability of any kind with respect to Loss subject
to such Sublimit of Insurance.
III. The following is added to SECTION III-DEDUCTIBLE
Under the Reverse Social Engineering Insuring Agreement, We will pay only the amount of Loss
which is in excess of the Reverse Social Engineering Deductible amount shown above.
All other terms and conditions remain unchanged.
SP CW 82 02 23 Includes copyrighted material of Insurance Services Office,Inc.,with its permission Page 2 of 2
Policy Number: (''iOcJ€Endorsement Issued Date:
Endorsement Effective Date: INTERNATIONAL
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
ENHANCED BUSINESS INCOME, CONTINGENT BUSINESS
INCOME AND EXTRA EXPENSE COVERAGE
ENDORSEMENT - INCLUSIVE OF SYSTEMS FAILURE
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Endorsement,all provisions of the Policy to which this endorsement is attached, as well as all
terms and conditions, remain unchanged and applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience. Read the
entire policy carefully to determine rights, duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. Insuring Agreement 4. Business Income, Contingent Business Income and Extra Expense is deleted in its entirety
and replaced with the following:
4. Business Income, Contingent Business Income and Extra Expense
We will pay for Loss due to an Interruption resulting directly from a Cyber Incident, Extortion Threat or
System Failure that is Discovered during the Policy Period or during any extended reporting period, if
applicable.
With respect to this Insuring Agreement 4, Loss means the actual Loss of: (1) "business and contingent
business income "You sustain; and/or(2) "extra expense" You incur.
As used in this Insuring Agreement 4:
a. "Business and contingent business income" means the:
i. net income(net profit or loss before income taxes)that would have been earned or incurred;
and
ii. continuing normal operating expenses incurred, including payroll.
"Business and contingent business"income does not include:
(1)Net Profit that would likely have been earned as a result of an increase in volume due to favorable
business conditions caused by the impact of network security failures impacting other businesses,
loss of market, or any other consequential loss
b. "Extra expense" means necessary and reasonable expenses You incur during the period of
restoration as a result of the measurable Interruption of the Insured's business operations, in order
to reduce the period of restoration and minimize or reduce Business and Contingent Business income.
"Extra expense"does not include:
SP CW 76 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 3
Policy Number: rocJe
Endorsement Issued Date:
Endorsement Effective Date: INTERNATIONAL
(1) any costs or expenses associated with upgrading, maintaining, repairing, remediating or
improving a Computer System as a result of a Cyber Incident,Extortion Threat or System
Failure; or
(2) Extortion Expenses covered under Insuring Agreement 2—Extortion Threats.
II. The following definition in SECTION VII — DEFINITIONS is deleted in its entirety and replaced with the
following:
Interruption means:
a. With respect to a Cyber Incident or System Failure:
an unanticipated cessation or slowdown for Your business operations; or
ii. Your suspension of Your business operations for the purpose of avoiding or mitigating the
possibility of transmitting a Virus or malicious code to another person or organization;
and,with regard to Paragraphs 14.a.i and 14.a.ii. abovee,shall be deemed to begin when Your
business operations are interrupted and ends at the earliest of:
(1) one hundred-eighty (180) days after the Interruption begins;
(2) the time when Your business operations are resumed; or
(3) the time when service is restored to You.
b. With respect to an Extortion Threat, Your voluntary suspension of Your business operations:
based upon clear evidence of a credible threat; or
ii. based upon the recommendation of a security firm, if any;
and,with regard to Paragraphs 14.b.i and 14.b.ii.above, shall be deemed to begin when Your
business operatiopns are interrupted and ends at the earliest of:
(1) one hundred-eighty (180) days after the Interruption begins;
(2) the time when Your business operations are resumed; or
(3) the time when service is restored to You.
Ill. The following definition is added to SECTION VII—DEFINITIONS:
System Failure means:
any sudden, unintentional, or unexpected and continuous Interruption of your Computer System which
disrupts, prevents,or restricts the normal functioning of your business operations which would otherwise have
been handled in whole or in part by the Computer System and is directly caused by a Cyber Incident,
malfunction in normal computer function or network service, or hardware failure.
System Failure does not include:
(1) any hardware failure due to design/manufacturing defects or use of hardware past End of Life
Announcements (EOLA)or Last Date of Support(LODS);
(2) failure of hosted computer systems that results in an outage that extends beyond the services
being provided to you by hosted Computer Systems;
(3) failure to adequately anticipate or capacity plan for expected and/or above-normal operational
demand for Computer Systems except where this demand is a denial of service attack;
(4) any Interruption of a Computer System resulting from a Security Breach; or
(5) any Interruption of a Computer System operated by any Third Party.
SP CW 76 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 3
Policy Number: node
Endorsement Issued Date:
Endorsement Effective Date: INTERNATIONAL
IV. Condition 16. Valuation—Settlement in SECTION VI—CONDITIONS is deleted in its entirety and replaced
with the following:
16. Valuation—Settlement
All premiums, limit(s) of insurance, deductible amounts, Loss and any other monetary amounts under this
Policy are expressed and payable in the currency of the United States of America. If judgment is rendered,
settlement is agreed to or another component of Loss under this Policy is expressed in any currency other
than United States of America dollars, payment under this Policy shall be made in United States dollars at the
rate of exchange published in The Wall Street Journal on the date the final judgment is entered, settlement
amount is agreed upon or the other component of Loss is due, respectively.
a. With respect to Loss covered under Insuring Agreement 4—Business Income, Contingent Business
Income and Extra Expense, the amount of "business and contingent business income" will be
determined based on consideration of:
the net income generated from Your business activities before the Interruption occurred;
ii. the likely net income generated by Your busines ctivities if no Interruption had occurred,
but not including any net income that would likely have been earned as a result of an increase
in the volume of business due to favorable business conditions caused by the impact of the
Cyber Incident or System Failure on customers or on other businesses;
iii. the operating expenses, including payroll, necessary to resume Your business activities with
the same quality of service that existed before the Interruption; and
iv. other relevant sources of infomation, including Your financial records and accounting
procedures, bills, invoices and other vouchers, and debts, liens and contracts.
However,the amount of "business and contingent business income" will be reduced to the extent that
the reduction in the volume of business from the affected business activities is offset by an increase
in the volume of business from other channels of commerce such as via telephone, mail or other
sources.
b. With respect to Loss covered under Insuring Agreement 4—Business Income, Contingent Business
Income and Extra Expense, the amount of "extra expense" will be determined based on:
i. necessary expenses that exceed the normal operating expenses that would have been
incurred in the course of Your business activities during the period of coverage if no
Interruption had occurred. We will deduct from the total of such expenses the salvage value
that remains of any property bought for temporary use during the period of coverage once
Your business activities are resumed; and
ii. necessary expenses that reduce the "business and contingent business income" Loss that
otherwise would have been incurred during the period of coverage.
All other terms and conditions remain unchanged.
SP CW 76 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 3 of 3
Policy Number: node
Issued Date: INTERNATIONAL
Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
INCREASE OF OR ELIMINATION OF BUSINESS AND CONTINGENT
BUSINESS INCOME AND EXTRA EXPENSE SUBLIMIT
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
SCHEDULE
Effective Date of Endorsement: Inception Date
Business and Contingent Business Income and Extra Expense Sublimit: See coverage sheet
Premium: TBC
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
The following sentence is added to Paragraph 2, Aggregate Sublimit(s) of Insurance of SECTION
II—LIMITS OF INSURANCE, 2.Aggregate Sublimit(s) of Insurance:
Insuring Agreement 4 — Business and Contingent Business Income and Extra Expense: is the
Business Income and Extra Expense Aggregate Sublimit of Insurance, if any, shown in the
Schedule of this endorsement.
All other terms and conditions remain unchanged.
SP CW 72 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 1
Policy Number: node
Endorsement Issued Date:
Endorsement Effective Date: INTERNATIONAL
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
COMPUTER AND FUNDS TRANSFER FRAUD
Computer And Funds Transfer Fraud Coverage Limit: See coverage sheet
Computer And Funds Transfer Fraud Deductible: See coverage sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
With regard to this Computer And Funds Transfer Fraud endorsement, the provisions of the Policy to which this
endorsement is attached remain unchanged and apply, unless modified by this endorsement.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENTS:
Computer And Funds Transfer Fraud
a. Subject to the Computer and Funds Transfer Fraud Coverage Limit and Deductible set forth above, We
will pay for:
i. Loss resulting directly from a fraudulent:
1. Entry of Electronic Data or Computer System into; or
2. Change of Electronic Data or Computer System within
a Computer System, by a person or organization without authorization to access such
Computer System, provided the fraudulent entry or fraudulent change causes, with regard to
Paragraphs a.i.(1) and a.i.(2):
a. Your money, securities or other property to be transferred, paid or delivered; or
b. Your account at a financial institution to be debited or deleted, or
ii. Loss resulting directly from a Fraudulent Instruction directing a financial institution to debit your
Transfer Account and transfer, pay or deliver money or securities from that account
that is first Discovered during the Policy Period and reported in accordance with Condition 14. Duties
in the Event of Claim or Loss in SECTION VI—CONDITIONS.
b. As used in Paragraph a.i., "fraudulent entry" or "fraudulent change" of Electronic Data or Computer
Program shall include such entry or change made by an Employee acting, in good faith, upon a
Fraudulent Instruction received from a computer software contractor who has a written agreement with
You to design, implement or service Computer Programs for a Computer System covered under this
Insuring Agreement.
II. Solely with respect to the coverage afforded under this endorsement:
SP CW 80 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 4
Policy Number: node
Endorsement Issued Date:
Endorsement Effective Date: INTERNATIONAL
a. Computer Program means a set of related electronic instructions,which direct the operation and
function of a computer or devices connected to it, which enables the computer or devices to
receive, process, store or send your Electronic Data.
b. Loss means:
1. In Paragraph I.a.i.:
(a) Your money, securities or other property fraudulently transferred, paid or delivered;
or
(b) Money or securities fraudulently debited or deleted from Your account at a financial
institution.
2. In Paragraph I.a.ii., transferring, paying or delivering money or securities from Your
Transfer Account.
c. Fraudulent Instruction means:
(1) With regard to Paragraph I.a.ii.:
(a) A computer, telegraphic, cable, teletype, telefacsimile, telephone or other electronic
instruction directing a financial institution to debit Your Transfer Account and to
transfer, pay or deliver money or securities from that Transfer Account, which
instruction purports to have been issued by You, but which in fact was fraudulently
issued by someone else without Your knowledge or consent.
(b) A written instruction issued to a financial institution directing the financial institution
to debit Your Transfer Account and to transfer, pay or deliver money or securities
from that Transfer Account, through an electronic funds transfer system at
specified times or under specified conditions, which instruction purports to have
been issued by You, but which in fact was issued, forged or altered by someone
else without your knowledge or consent.
(2) With regard to Paragraph I.b.:
A computer, telegraphic,cable, teletype, telefacsimile, telephone or other electronic,
written or voice instruction directing an Employee to enter or change Electronic
Data or Computer Programs within a Computer System covered under this
Insuring Agreement, which instruction in fact was fraudulently issued by Your
computer software contractor.
d.Transfer Account means an account maintained by you at a financial institution from which You
can initiate the transfer, payment or delivery of Money and Securities:
(1) By means of computer, telegraphic, cable, teletype, telefacsimile, telephone or other
electronic instructions; or
(2) By means of written instructions establishing the conditions under which such transfers
are to be initiated by such financial institution through an electronic funds transfer
system.
III. The following is added to SECTION II—LIMITS OF INSURANCE,2.Aggregate Sublimit(s)of Insurance:
SP CW 80 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 4
Policy Number: node
Endorsement Issued Date:
Endorsement Effective Date: INTERNATIONAL
The most We will pay for all Loss covered under the Computer and Funds Transfer Fraud Insuring
Agreement is the Computer and Funds Transfer Fraud Sublimit of Insurance shown above, which is part
of, not in addition to the Policy Aggregate Limit of Insurance set forth in the Declarations to this Policy.
Upon exhaustion of any Aggregate Sublimit of Insurance by such payments, We will have no further
obligations or liability of any kind with respect to Loss subject to such Sublimit of Insurance.
IV. Paragraph 1.of Section III—Deductible is deleted in its entirety and replaced with the following:
1. Under Insuring Agreements 1. Security Breach Expense, 2. Extortion Threats, 3. Replacement Or
Restoration Of Electronic Data, and Paragraph I.a.of this endorsement:
We will pay only the amount of Loss which is in excess of the Policy Deductible Amount shown above.
V. The following is added to SECTION V—EXCLUSIONS:
1. We will not be liable for Loss based upon, attributable to, arising out of or resulting from:
i. A fraudulent:
1. Entry of Electronic Data or Computer Program into; or
2. Change of Electronic Data or Computer Program within
a Computer System, by a person or organization with authorized access to such Computer
System, except when covered under Paragraph 1.b.
ii. The use or purported use of credit, debit, charge, access, convenience, identification,
stored-value or other cards or the information contained on such cards.
iii. The giving or surrendering of property in any exchange or purchase.
iv. An Employ or financial institution acting upon any instruction to:
1. Transfer, pay or deliver money, securities or other property; or
2. Debit or delete Your account;
which instruction proves to be fraudulent, except when covered under Paragraph I.b.
2. We will not be liable for Loss, or that part of any Loss,the proof of which as to its existence or
amount is dependent upon:
i. An inventory computation; or
ii. A profit and loss computation.
VI. The introductory statement to paragraph a. of Condition 14. Duties in the Event of Claim or Loss in SECTION
VI—CONDITIONS is deleted in its entirety and replaced with the following:
a. Under Insuring Agreements 2. Extortion Threats, 3. Replacement Or Restoration Of Electronic Data and
SP CW 80 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 3 of 4
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
this Computer Funds Transfer Fraud Insuring Agreement, you must:
All other terms and conditions remain unchanged.
SP CW 80 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 4 of 4
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
HARDWARE REPLACEMENT COSTS ENDORSEMENT
Hardware Replacement Costs Coverage Limit: See coverage sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Hardware Replacement Costs Endorsement, all provisions of the Policy to which
this endorsement is attached, as all terms and conditions, remain unchanged and applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience.
Read the entire policy carefully to determine rights, duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENTS:
Hardware Replacement Costs:
Subject to the Hardware Replacement Costs Coverage Limit set forth above and any
Deductible specified in the Declarations to this policy, We will pay for Loss directly resulting
from a Cyber Incident first Discovered during the Policy Period and reported in accordance
with Condition 14. Duties in the Event of Claim or Loss in SECTION VI—CONDITIONS, to
mitigate the potential of a future Cyber Incident or Security Breach.
With respect to this Hardware Replacement Costs Insuring Agreement:
a. Loss means the cost to replace hardware, including but not limited to, computers or any
associated devices or equipment operated by, and either owned by or leased to, the Insured
that are unable to function as intended due to corruption or destruction of software or firmware.
b. Loss does not include any sums related to labor costs associated with installing,connecting
or setting up the hardware.
II. The following is added to SECTION II — LIMITS OF INSURANCE, 2. Aggregate Sublimit(s) of
Insurance:
The most We will pay for all Loss covered under the Hardware Replacement Costs Insuring
Agreement is the Hardware Replacement Costs Aggregate Sublimit of Insurance, if any, shown
above or in the Declarations,which are part of, and not in addition to, the Policy Aggregate Limit of
Insurance. Upon exhaustion of any Aggregate Sublimit of Insurance by such payments, We will
have no further obligations of liability of any kind with respect to Loss subject to such Sublimit of
Insurance.
SP CW 86 05 22 Includes copyrighted material of Insurance Services Office,Inc.,with its permission Page 1 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
III. The following is added to SECTION III—DEDUCTIBLE:
Under the Hardware Replacement Costs Insuring Agreement, We will pay only the amount of
Loss which is in excess of the Policy Deductible shown in the Declarations.
IV. Exclusion 4 in SECTION V—EXCLUSIONS is deleted in its entirety and replaced with the following:
4. Bodily Injury
Bodily Injury means bodily injury, sickness or disease sustained by a person, including death
resulting from any of these at any time. It also means mental injury, mental anguish, mental
tension, emotional distress, pain or suffering or shock sustained by any person.
However, Bodily Injury does not mean mental anguish or emotional distress resulting directly
from a Security Breach.
All other terms and conditions remain unchanged.
SP CW 86 05 22 Includes copyrighted material of Insurance Services Office,Inc., with its permission Page 2 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
POST BREACH REMEDIATION COVERAGE
ENDORSEMENT
Post Breach Remediation Coverage Limit: See coverage sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Post Breach Remediation Coverage Endorsement, all provisions of the Policy to
which this endorsement is attached,as well as all terms and conditions, remain unchanged and applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience.
Read the entire policy carefully to determine rights,duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENTS,
Post Breach Remediation:
Subject to the Post Breach Remediation Coverage Limit set forth above and any Deductible
specified in the Declarations to this policy, We will pay Loss incurred with Our prior written
approval during the Policy Period and reported in accordance with Condition 14. Duties in the
Event of Claim or Loss in SECTION VI — CONDITIONS, to resolve any vulnerabilities or
weaknesses in your Computer System that are identified by an independent security firm after
a Cyber Incident or Security Breach.The upgrades or improvements must be determined by
the independent security firm to reduce the probability or potential damage from a Cyber
Incident or Security Breach in the future.
With respect to this Post Breach Remediation Insuring Agreement:
a.Loss solely means:
i. labor costs incurred by an independent security firm to determine whether any
vulnerabilities or weaknesses exist in Your Computer System that are identified by an
independent security firm after a Cyber Incident or Security Breach; and
ii. labor costs incurred to resolve any vulnerabilities or weaknesses in your Computer
System that are identified by an independent security firm after a Cyber Incident or
Security Breach.
II. The following is added to SECTION II — LIMITS OF INSURANCE. 2. Aggregate Sublimit(s) of
Insurance:
SP CW 87 05 22 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 2
Policy Number: node.
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
The most We will pay for all Loss covered under the Post Breach Remediation Insuring
Agreement is the Post Breach Remediation Aggregate Sublimit of Insurance, if any, shown
above or in the Declarations, which are part of, and not in addition to, the Policy Aggregate
Limit of Insurance.Upon exhaustion of any Aggregate Sublimit of Insurance by such payments,
We will have no further obligations of liability of any kind with respect to Loss subject to such
Sublimit of Insurance.
III. The following is added to SECTION III—DEDUCTIBLE:
Under the Post Breach Remediation Insuring Agreement,We will pay only the amount of Loss
which is in excess of the Policy Deductible amount shown in the Declarations.
All other terms and conditions remain unchanged.
SP CW 87 05 22 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
SOCIAL ENGINEERING ENDORSEMENT
Social Engineering Coverage Limit: See coverage sheet
Social Engineering Deductible: See coverage sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Social Engineering Endorsement, all provisions of the Policy to which this
endorsement is attached, as well as all terms and conditions, remain unchanged and applicable.
In consideration of the premium charged for the Policy, it is hereby un rstood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENTS:
Social Engineering
Subject to the Social Engineering Coverage Limit and Deductible set forth above, We will pay for
Social Engineering Loss resulting directly from a Social Engineering Incident that is first
Discovered during the Policy Period and reported in accordance with Condition 14. Duties in the
Event of Claim or Loss in SECTION VI-CONDITIONS.
With respect to this Social Engineering Insuring Agreement:
a. Money means currency, coins or bank notes in current use and having a face value,travelers'
checks, register checks and money orders held for sale to the public. The term Money does
not include digital currency or other negotiable and nonnegotiable instruments or contracts
representing either Money or property.
b. Securities mean negotiable and non-negotiable instruments or contracts representing either
Money or property.
Securities does not include Money.
c. Social Engineering Incident means the intentional misleading of an Insured to transfer
Money to a person, place or account beyond the Named Insured's control resulting directly
from the Named Insured's employee's good faith reliance upon an instruction transmitted via
email, purporting to be from:
i. a natural person or entity who exchanges, or is under contract to exchange, goods or
services with the Named Insured for a fee (other than a financial institution, asset
manager, broker-dealer, armored motor vehicle"named insured"or any similar entity);or
ii. an employee of the Named Insured;
but which contained a fraudulent and material misrepresentation and was sent by an
imposter.
SP CW 91 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 3
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
As a condition precedent to coverage under this Social Engineering Endorsement, the Named
Insured must have an established and documented funds transfer request verification procedure
and that procedure must have been followed before acting upon any instruction.
d. Social Engineering Loss means the loss of Money as a result of a Social Engineering
Incident.
Social Engineering Loss does not include indirect and/or consequential loss.
II. The following is added to SECTION II — LIMITS OF INSURANCE, 2. Aggregate Sublimit(s) of
Insurance:
The most We will pay for all Loss covered under the Social Engineering Insuring Agreement is the
Social Engineering Aggregate Sublimit of Insurance, if any, shown above or in the Declarations.,
which are part of, and not in addition to, the Policy Aggregate Limit of Insurance. Upon exhaustion
of any Aggregate Sublimit of Insurance by such payments, We will have no further obligations of
liability of any kind with respect to Loss subject to such Sublimit of Insurance.
III. The following is added to SECTION III—DEDUCTIBLE:
Under the Social Engineering Insuring Agreement, We will pay only the amount of Loss which is
in excess of the Policy Deductible shown above, or in the declarations.
IV. SECTION V—EXCLUSIONS is amended to include:
We will not be liable for Social Engineering Loss resulting from a Social Engineering Incident based
upon, attributable to or arising out of:
1. An actual or alleged infringement of, violation of, misappropriation of or assertion of any right to or
interest in any:
a. Patent, copyright, trademark, trade dress, certification mark, collective mark, service mark,
expression, idea, likeness, name, slogan, style of doing business, symbol, title,trade secret or
other intellectual property right by or on behalf of any Insured; or
b. Software or computer code or its source content or material by or on behalf of any Insured.
2. A fraudulent,dishonest or criminal act by any Employee or authorized representative of the Named
Insured,whether acting alone or in collusion with others.
3. The establishment of any credit or similar promise to pay, or to any party's use of or acceptance of
any credit card, debit card or similar instrument,whether or not genuine.
4. Any investment or ownership in any corporation, partnership, real property, or similar instrument,
whether or not such investment is genuine.
5. A kidnap, ransom or other extortion payment surrendered as a result of a threat to do bodily harm
to any natural person or a threat to harm, take, or transfer property.
SP CW 91 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 3
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
All other terms and conditions remain unchanged.
SP CW 91 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 3 of 3
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
TELECOMMUNICATIONS FRAUD ENDORSEMENT
Telecommunications Fraud Coverage Limit: See coverage sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Telecommunications Fraud Endorsement, all provisions of the Policy to which this
endorsement is attached, as well as all terms and conditions, remain unchanged and applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience.
Read the entire policy carefully to determine rights, duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENTS:
Telecommunications Fraud:
Subject to the Telecommunications Fraud Coverage Limit set forth above and any Deductible
specified in the Declarations to this policy, We will pay for any monetary Loss sustained by
You, including but not limited to phone bills, first Discovered during the Policy Period and
reported in accordance Condition 14. Duties in the Event of Claim or Loss in SECTION VI-
CONDITIONS, directly resulting from an intentional unauthorized access to Your Telephone
System by a third party.
With respect to this Telecommunications Fraud Insuring Agreement:
a. Loss solely means the monetary cost of unauthorized calls or unauthorized use of Your
Telephone System's bandwidth.
b. Telephone System means the VoIP phone system directly under Your control.
II. The following is added to SECTION II — LIMITS OF INSURANCE, 2. Aggregate Sublimit(s) of
Insurance:
The most We will pay for all Loss covered under the Telecommunications Fraud Insuring
Agreement is the Telecommunications Fraud Aggregate Sublimit of Insurance, if any, shown
above or in the Declarations., which are part of, and not in addition to, the Policy Aggregate
Limit of Insurance. Upon exhaustion of any Aggregate Sublimit of Insurance by such payments,
We will have no further obligations of liability of any kind with respect to Loss subject to such
Sublimit of Insurance.
SP CW 85 05 22 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 2
Policy Number: rcKJ€
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
III. The following is added to SECTION III—DEDUCTIBLE
Under the Telecommunications Fraud Insuring Agreement, We will pay only the amount of
Loss which is in excess of the Policy Deductible shown in the Declarations.
All other terms and conditions remain unchanged.
SP CW 85 05 22 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
WEBSITE MEDIA CONTENT LIABILITY
ENDORSEMENT
Website Media Content Liability Coverage Limit: See coverage sheet
Website Media Content Liability Deductible: See coverage sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Website Media Content Liability Endorsement, aII provisions of the Policy to which
this endorsement is attached, as well as all terms and conditions, remain unchanged and applicable.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION—INSURING AGREEMENTS:
Website Media Content Liability
Subject to the Website Media Conten Liability Coverage Limit and Deductible set forth above,
We will pay for Loss that the Insured becomes legaIly obligated to pay and Defense Expenses
as a result of a Claim that is Discovered during the Policy Period and reported in accordance
with Condition 14. Duties in the Event of Claim or Loss in SECTION VI — CONDITIONS, for
one or more of the following acts first committed on or after the retroactive date and before the
end of the Policy Period in the course of Your display of Media Material on Your website or on
social media web pages created and maintained by or on behalf of You:
a. invasion of or intereference with an individual's right of publicity, including commercial
appropriation of name, persona, voice or likeness; or
b. plagiarism, piracy or misappropriation of ideas under implied contract; or
c. infringement of copyright; or
d. infringement of domain name, trademark, trade name, trade dress, logo, title, metatag,
slogan, service mark, service name; or
e. improper deep-linking or framing within electronic content.
With respect to this Website Media Content Liability Insuring Agreement:
a. Media Material means any information in electronic form, including words, sounds,
numbers, images, or graphics and shall also include advertising, video, streaming
content, webcasting, online forums, bulletin boards and chat room content, but does not
mean computer software or the actual goods, products or services described, illustrated
or displayed in such Media Material.
II. Exclusions Applicable to the Website Media Content Liability Insuring Agreement:
SP CW 83 05 22 Page 1 of 2 Spinnaker Insurance Company
Includes copyrighted material of Insurance Services Office, Inc.,with its permission
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
We will not be liable for any Claim resulting from an act based upon, attributable to or arising out of:
1. An actual or alleged infringement of, violation of, misappropriation of or assertion of any right to or
interest in any:
a. Patent, copyright, trademark, trade dress, certification mark, collective mark, service mark,
expression, idea, likeness, name,slogan, style of doing business, symbol,title,trade secret or
other intellectual property right by or on behalf of any Insured, provided that this Exclusion
does not apply to a claim resulting from an act based upon, attributable to or arising out of
infringement of copyright,or infringement of domain name,trademark,trade name,trade dress,
logo,title, metatag, slogan, service mark, service name in the course of Your display of Media
Material on Your website or on social media web pages created and maintained by or on behalf
of You; or
b. Software or computer code or its source content or material by or on behalf of any Insured.
III. The following is added to SECTION II — LIMITS OF INSURANCE, 2. Aggregate Sublimit(s) of
Insurance:
The most We will pay for all Loss covered under the Website Media Content Liability Insuring
Agreement is the Website Media Content Liability Sublimit of Insurance shown above,which is part
of, not in addition to the Policy Aggregate Limit of nsurance set forth in the Declarations to this
Policy. Upon exhaustion of any Aggregate Sublimit of Insurance by such payments, We will have
no further obligations or liability of any kind with respect to Loss subject to such Sublimit of
Insurance.
All other terms and conditions remain unchanged.
SP CW 83 05 22 Page 2 of 2 Spinnaker Insurance Company
Includes copyrighted material of Insurance Services Office, Inc.,with its permission
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
SERVICE FRAUD INCLUDING CRYPTOJACKING
ENDORSEMENT
Service Fraud Coverage Limit: See policy cover sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Service Fraud Endorsement, all provisions of the Policy to which this endorsement
is attached, as well as all terms and conditions, remain unchanged and applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience.
Read the entire policy carefully to determine rights, duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENTS:
Service Fraud:
Subject to the Service Fraud Coverage Limit set forth above and any Deductible specified in
the Declarations to this policy, We will pay for any monetary Loss sustained by You, including
but not limited to phone and cloud based service bills, and Cryptojacking, first Discovered
during the Policy Period and reported in accordance Condition 14. Duties in the Event of
Claim or Loss in SECTION VI - CONDITIONS, directly resulting from an intentional
unauthorized a Coeshone System by a third party.
With respect to this Telecommunications Fraud Insuring Agreement:
a. Loss means the additional monetary costs incurred by You as a direct result of:
1. unauthorized calls or unauthorized use of Your Telephone System's bandwidth;
2. unauthorized access or use of Your Cloud Based Services; and
3. unauthorized access or use of a Computer System for the purpose of mining for
Virtual Currency with the use of any of the following services or resources:
• electricity
• natural gas
• oil
• internet.
b.Monetary Costs include only those additional amounts billed to You by the respective service
provider, including usage or consumption information, incurred in a periodic billing statement
pursuant to a written contract executed before the Loss first occurred with You, and does not
SP CW 70 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 2
Policy Number: roc:Je
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
include any amounts charged at a flat fee that does not scale with the rate or use of the
respective service due for payment during the Policy Period.
c. Telephone System means the Voice over Internet Protocol (VolP) phone system directly
under Your control.
d. Cloud Based Services means Infrastructure as a Service (laaS), Platform as a Service
(PaaS), and Software as a Service (SaaS).
e.Virtual Currency means a type of digital representation of currency or asset which is stored,
transferred, and transacted in electronic form, utilizes cryptography to secure its network,
regulate its generation, and verify its transfer, and operated independently of a central bank or
other central authority in the majority of financial jurisdictions.*
II. The following is added to SECTION II — LIMITS OF INSURANCE, 2. Aggregate Sublimit(s) of
Insurance:
The most We will pay for all Loss covered under the Service Fraud Insuring Agreement is the
Service Fraud Aggregate Sublimit of Insurance, if any, shown above or in the Declarations.,
which are part of, and not in addition to, the Policy Aggregate Limit of Insurance. Upon
exhaustion of any Aggregate Sublimit of Insurance by such payments, We will have no further
obligations of liability of any kind with respect to Loss subject to such Sublimit of Insurance.
III. The following is added to SECTION III—DEDUCTIBLE
Under the Service Fraud Insuring Agreement, We will pay only the amount of Loss which is in
excess of the Policy Deductible shown in the Declarations.
II and conditions remain unchanged.
SP CW 70 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 2
Policy Number: roc:Je
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
DEDICATED BREACH COSTS ENDORSEMENT
Security Breach Expense Coverage Limit: See policy cover sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Security Breach Expense Outside of Limit Endorsement,all provisions of the Policy
to which this endorsement is attached, as well as all terms and conditions, remain unchanged and
applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience.
Read the entire policy carefully to determine rights, duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. Paragraph 1. Policy Aggregate Limit of Insurance of SECTION II—LIMITS OF INSURANCE is
deleted in its entirety and replaced with following:
1. Policy Aggregate Limit of Insurance
Except as provided below und Paragraph 3. Security Breach Expense Limit of Insurance,
the most We will pay for all covered Loss and Defense Expenses is the Policy Aggregate
Limit of Insurance shown in the Declarations. Furthermore, except as provided below under
Paragraph 3. Security Breach Expense Limit of Insurance, the Policy Aggregate Limit of
Insurance shall be reduced any payment, including Defense Expenses, made under the
terms of this Policy. Upon Exhaustion of the Policy Aggregate Limit of Insurance and, only if •
applicable, the Security Breach Expense Limit of Insurance, We will have no further
obligations or liability of kind under this Policy.
II. Paragraph 2. Aggregate Sublimit(s) of Insurance of SECTION II— LIMITS OF INSURANCE is
deleted in its entirety and replaced with the following:
The Aggregate Sublimit(s)of Insurance set forth in the Declarations are part of, and not in addition
to, the Policy Aggregate Limit of Insurance. Any such Aggregate Sublimit(s) of Insurance shall be
reduced by any payment for Loss and, if applicable, Defense Expenses, under the Insuring
Agreement to which such Aggregate Sublimit of Insurance applies. Upon exhaustion of any
Aggregate Sublimit of Insurance by such payments, We will have no further obligations or liability
of any kind with respect to Loss or Defense Expenses, subject to such Sublimit of Insurance.
2.Aggregate Sublimit(s)of Insurance
Except as provided below under Paragraph 3.Additional Security Breach Expense Limit
of Insurance, Subject to the Policy Aggregate Limit of Insurance, the most We will pay for all
Loss covered under:
SP CW 71 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 2
Policy Number: node
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
a. Insuring Agreement 2—Extortion Threats, is the Ransom Payments Aggregate
Sublimit Of Insurance, if any,shown in the Declarations; and
b. Insuring Agreement 4—Business Income and Extra Expense, is the Business
Income and Extra Expense Aggregate Sublimit Of Insurance, if any, shown in the
Declarations.
The Aggregate Sublimit(s)of Insurance described in Paragraphs 2.a. and 2.b. above are part
of, and not in addition to, the Policy Aggregate Limit of Insurance. Any such Aggregate
Sublimit(s)of Insurance shall be reduced by any payment for Loss and, if applicable, Defense
Expenses, under the Insuring Agreement to which such Aggregate Sublimit of Insurance
applies. Upon exhaustion of any Aggregate Sublimit of Insurance by such payments, We will
have no further obligations or liability of any kind with re ct to Loss or Defense Expenses,
subject to such Sublimit of Insurance.
III. The following is added to SECTION II—LIMITS OF INSURANCE
3.Additional Security Breach Expense Limit of Insurance
Solely with respect to SECTION I—INSURING AGREEMENTS, 1.Security Breach Expense:
a. All Loss covered under SECTION I - INSURING AGREEMENTS, 1.Security Breach
Expense incurred by the Named Insured in excess of the Policy Deductible amount
shown in the Declarations resulting directly from a Security Breach or Cyber Incident
Discovered during the Policy Period or any extended reporting period, if applicable,
shall only apply to, and reduce, the Additional Security Breach Expense Limit of
Insurance. All such loss shall not apply to or reduce the Policy Aggregate Limit of
Insurance.
b. Upon exhaustion of the Additional Security Breach Expense Limit of Insurance We
will have no further obligations or liability of any kind SECTION I — INSURING
AGREEMENTS, 1. Security Breach Expense under the Policy.
All other terms and conditions remain unchanged.
SP CW 71 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 2
Policy Number: r'iccJe
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
REVERSE SOCIAL ENGINEERING ENDORSEMENT
Reverse Social Engineering Coverage Limit: See cover sheet
Reverse Social Engineering Deductible: See cover sheet
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Reverse Social Engineering Endorsement, all provisions of the Policy to which this
endorsement is attached, as well as all terms and conditions, remain unchanged and applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience.
Read the entire policy carefully to determine rights, duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. The following Insuring Agreement is added to SECTION I—INSURING AGREEMENTS:
Reverse Social Engineering:
Subject to the Reverse Social Engineering Coverage Limit and Deductible set forth above,
We will pay for a Reverse Social Engineering Loss resulting directly from a Reverse
Social Engineering Event that is first Discovered during the Policy Period and
reported in accordance with Condition 14. Duties in the Event of Claim or Loss in
SECTION VI —CONDITIONS.
With respect to this Reverse Social Engineering Insuring Agreement:
a. Client means any person or entity with whom You have entered into a written contract to
provide services or deliverables.
b. Money means currency,coins or banknotes in current use and having a face value,travelers'
checks, register checks and money orders held for sale to the public. The term Money does
not include digital currency or other negotiable and nonnegotiable instruments or contracts
representing either Money or property.
c. Reverse Social Engineering Event means the intentional use of Your Computer System
by a person or organization that is not an Insured to mislead or deceive Your Client or Vendor
into transferring Money intended for You to another person or entity.
d. Reverse Social Engineering Loss means the loss of Money as a result of a Reverse
Social Engineering Event.
e. Vendor means any person or entity with whom You have entered into a written contract to
provide services to You provided that entity is not owned, operated or controlled by You.
Vendor does not include any financial institutions with which you directly or indirectly do
business.
SP CW 82 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 2
Policy Number: rocJe
Endorsement Issued Date: INTERNATIONAL
Endorsement Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
II. The following is added to SECTION II — LIMITS OF INSURANCE, 2. Aggregate Sublimit(s) of
Insurance:
The most We will pay for all Loss covered under the Reverse Social Engineering Insuring
Agreement is the Reverse Social Engineering Aggregate Sublimit of Insurance, if any, shown
above, which is part of, not in addition to the Policy Aggregate Limit of Insurance set forth on
the Declarations to this Policy. Any such Aggregate Sublimit(s)of Insurance shall be reduced
by the amount of any payment for Loss under the Insuring Agreement to which such Aggregate
Sublimit of Insurance applies.Upon exhaustion of any Aggregate Sublimit of Insurance by such
payments,We will have no further obligations or liability of any kind with respect to Loss subject
to such Sublimit of Insurance.
III. The following is added to SECTION III-DEDUCTIBLE
Under the Reverse Social Engineering Insuring Agreement, We will pay only the amount of Loss
which is in excess of the Reverse Social Engineering Deductible amount shown above.
All other terms and conditions remain unchanged.
SP CW 82 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 2
Policy Number: node.
Endorsement Issued Date:
Endorsement Effective Date: INTERNATIONAL
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
ENHANCED BUSINESS INCOME, CONTINGENT BUSINESS
INCOME AND EXTRA EXPENSE COVERAGE
ENDORSEMENT - INCLUSIVE OF SYSTEMS FAILURE
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
Unless modified by this Endorsement, all provisions of the Policy to which this endorsement is attached, as well as all
terms and conditions, remain unchanged and applicable.
This endorsement extends certain coverages. The headers in this endorsement are only for convenience. Read the
entire policy carefully to determine rights, duties and what is and is not covered.
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
I. Insuring Agreement 4. Business Income, Contingent Business Income and Extra Expense is deleted in its entirety
and replaced with the following:
4. Business Income, Contingent Business Income and Extra Expense
We will pay for Loss due to an Interruption resulting directly from a Cyber Incident, Extortion Threat or
System Failure that is Discovered during the Policy Period or during any extended reporting period, if
applicable.
With respect to this Insuring Agreement 4, Loss means the actual Loss of: (1) "business and contingent
business income "You sustain' and/or (2) "extra expense" You incur.
As used in this Insuring Agreement 4:
a. "Business and contingent business income"means the:
i. net income (net profit or loss before income taxes) that would have been earned or incurred;
and
ii. continuing normal operating expenses incurred, including payroll.
"Business and contingent business" income does not include:
(1)Net Profit that would likely have been earned as a result of an increase in volume due to favorable
business conditions caused by the impact of network security failures impacting other businesses,
loss of market, or any other consequential loss
b. "Extra expense" means necessary and reasonable expenses You incur during the period of
restoration as a result of the measurable Interruption of the Insured's business operations, in order
to reduce the period of restoration and minimize or reduce Business and Contingent Business income.
"Extra expense"does not include:
SP CW 76 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 3
Policy Number: r"iøcJ€
Endorsement Issued Date:
Endorsement Effective Date: INTERNATIONAL
(1) any costs or expenses associated with upgrading, maintaining, repairing, remediating or
improving a Computer System as a result of a Cyber Incident, Extortion Threat or System
Failure; or
(2) Extortion Expenses covered under Insuring Agreement 2—Extortion Threats.
II. The following definition in SECTION VII — DEFINITIONS is deleted in its entirety and replaced with the
following:
Interruption means:
a. With respect to a Cyber Incident or System Failure:
an unanticipated cessation or slowdown for Your business operations; or
ii. Your suspension of Your business operations for the purpose of avoiding or mitigating the
possibility of transmitting a Virus or malicious code to another person or organization;
and,with regard to Paragraphs 14.a.i and 14.above, shall be deemed to begin when Your
business operations are interrupted and ends at the earliest of:
(1) one hundred-eighty(180) days after the Interrupption begins;
(2) the time when Your business operations are reumed; or
(3) the time when service is restored to You.
b. With respect to an Extortion Threat, Your voluntary suspension of Your business operations:
based upon clear evidence of a credible threat; or
ii. based upon the recommendation of a security firm, if any;
and,with regard Paragraphs 14.b.i. and 14.b.ii.above,shall be deemed to begin when Your
business operations are interrupted and ends at the earliest of:
(1) one hundred-eighty (180) days after the Interruption begins;
(2) the time when Your business operations are resumed; or
(3) the time when service is restored to You.
III. The following definition is added to SECTION VII—DEFINITIONS:
System Failure means:
any sudden, unintentional, or unexpected and continuous Interruption of your Computer System which
disrupts,prevents,or restricts the normal functioning of your business operations which would otherwise have
been handled in whole or in part by the Computer System and is directly caused by a Cyber Incident,
malfunction in normal computer function or network service, or hardware failure.
System Failure does not include:
(1) any hardware failure due to design/manufacturing defects or use of hardware past End of Life
Announcements (EOLA)or Last Date of Support(LODS);
(2) failure of hosted computer systems that results in an outage that extends beyond the services
being provided to you by hosted Computer Systems;
(3) failure to adequately anticipate or capacity plan for expected and/or above-normal operational
demand for Computer Systems except where this demand is a denial of service attack;
(4) any Interruption of a Computer System resulting from a Security Breach; or
(5) any Interruption of a Computer System operated by any Third Party.
SP CW 76 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 2 of 3
Policy Number: node
Endorsement Issued Date:
Endorsement Effective Date: INTERNATIONAL
IV. Condition 16.Valuation—Settlement in SECTION VI—CONDITIONS is deleted in its entirety and replaced
with the following:
16. Valuation—Settlement
All premiums, limit(s) of insurance, deductible amounts, Loss and any other monetary amounts under this
Policy are expressed and payable in the currency of the United States of America. If judgment is rendered,
settlement is agreed to or another component of Loss under this Policy is expressed in any currency other
than United States of America dollars, payment under this Policy shall be made in United States dollars at the
rate of exchange published in The Wall Street Journal on the date the final judgment is entered, settlement
amount is agreed upon or the other component of Loss is due, respectively.
a. With respect to Loss covered under Insuring Agreement 4—Business Income, Contingent Business
Income and Extra Expense, the amount of "business and contingent business income" will be
determined based on consideration of:
the net income generated from Your business activ' 'es before the Interruption occurred;
ii. the likely net income generated by Your business activities if no Interruption had occurred,
but not including any net income that would likely have been earned as a result of an increase
in the volume of business due to favorable business conditions caused by the impact of the
Cyber Incident or System Failure on customers or on other businesses;
iii. the operating expenses, including payroll, necessary to resume Your business activities with
the same quality of service that existed before the Interruption; and
iv. other relevant sources of information, including Your financial records and accounting
procedures, bills, invoices and other vouchers, and debts, liens and contracts.
However,the amount of "business and contingent business income" will be reduced to the extent that
the reduction in the volume of business from the affected business activities is offset by an increase
in the volume of business from other channels of commerce such as via telephone, mail or other
sources.
b. With respect to Loss coverage under Insuring Agreement 4—Business Income, Contingent Business
Income and Extra Expense, the amount of "extra expense" will be determined based on:
i. necessary expenses that exceed the normal operating expenses that would have been
incurred in the course of Your business activities during the period of coverage if no
Interruption had occurred. We will deduct from the total of such expenses the salvage value
that remains of any property bought for temporary use during the period of coverage once
Your business activities are resumed; and
ii. necessary expenses that reduce the "business and contingent business income" Loss that
otherwise would have been incurred during the period of coverage.
All other terms and conditions remain unchanged.
SP CW 76 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 3 of 3
Policy Number: node
Issued Date: INTERNATIONAL
Effective Date:
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.
INCREASE OF OR ELIMINATION OF BUSINESS AND CONTINGENT
BUSINESS INCOME AND EXTRA EXPENSE SUBLIMIT
This endorsement modifies insurance provided under the following:
COMMERCIAL CYBER INSURANCE POLICY
SCHEDULE
Effective Date of Endorsement: Inception Date
Business and Contingent Business Income and Extra Expense Sublimit: See coverage sheet
Premium: TBC
In consideration of the premium charged for the Policy, it is hereby understood and agreed that:
The following sentence is added to Paragraph Aggregate Sublimit(s) of Insurance of SECTION
II—LIMITS OF INSURANCE, 2. Aggregate Sublimit(s) of Insurance:
Insuring Agreement 4 — Business and Contingent Business Income and Extra Expense: is the
Business Income and Extra Expense Aggregate Sublimit of Insurance, if any, shown in the
Schedule of this endorseme
All other terms and conditions remain unchanged.
SP CW 72 02 23 Includes copyrighted material of Insurance Services Office, Inc.,with its permission Page 1 of 1