Computer Network Security Coverage

Form # PCES CNSC

Coverage Computer Network Security Coverage

In consideration of Additional Premium, it is hereby agreed and understood that limits of liability stated in the Policy, this Policy shall apply to Claims as set forth in this Endorsement.

  1. The Underwriters agree, subject to the statements contained in the Schedule, the Special Conditions and Exclusions of this Endorsement, and the Condition of this Policy, to pay on behalf of the Insured all sums which the Insured shall become legally liable to pay as Damages and claimants’ costs, fees and expenses as a result of any Claim first made against the Insured and notified to Underwriters during the Policy Period stated the Schedule or during the Extended Reporting Period in the course of managing the Insured’s Networkthat results in:
  2. the inability of a third party, who is authorized to do so, to gain access to the Insured’s Network or Insured’s Professional business;
  3. the actual failure or inability to prevent:
  4. the use of or access to the Insured’s Networkby a third party not authorized to do so or the authorized use of or access to the Insured’s Network in a manner not authorized by the Insured;
  5. transmittance or reception of unauthorized corrupting or harmful piece of code, including, but not limited to, computer viruses, Trojan Horses, worms, time or logic bombs, spyware, malware or spiderware
  6. an attack launched by a third party, whether an individual or individuals, that sends an excessive volume of Electronic Datato the Insured’s Network in order to deplete such Insured’s Network capacity, and prevent those who are authorized to do so from gaining access to the Insured’s Network in a manner in which they are legally entitled, provided such depletion of capacity is not caused by a mistake in determining capacity requirements.
  7. the physical theft of hardware or firmware controlled by the Insured on which ElectronicData is stored from premises occupied and controlled by the Insured; or
  8. unauthorized taking, misuse, or disclosure of ElectronicData on the Insured’s Network, including but not limited to charge, debit, and credit card information, banking, financial, and investment services account information, proprietary information, and personal, private, and confidential information.

however, any failure or inability to prevent Items i. to v. above that result in the same or interrelated failure or inability to prevent Items i. to v. above shall be considered a single actual or alleged breach of duty, neglect, error, negligent misstatement, misleading statement or omission committed by the Insured or on the Insured’s behalf.

  1. the actual or alleged breach of duty, neglect, error, negligent misstatement, misleading statement or omission committed by the Insured results in:
  2. the disclosure of any one of an individual’s:
  3. social insurance number or social security number;
  4. medical or healthcare information or data;
  5. drivers license or passport number; or
  6. financial account information that would permit access to that individual’s financial account;

in combination with an individual’s first and last name.

  1. breach of federal, provincial, state or local identity theft and privacy protection laws requiring commercial entities that collect personal information to post privacy policies, adopt specific privacy controls, or notify individuals in the event that personal information has potentially be compromised.
  1. Only with respect to Item c of Coverage – Computer Network Security Coverage, Item 2.3 Defence Costs of Section 2 DEFINITIONS found in the Policy the following is added:
  2. (e) Expenses incurred by the Insured, or on the Insured’s behalf, to provide

notice to third party or parties of any actual or alleged compromise of personal information in compliance with any federal, provincial, state or local identity theft and privacy protection laws requiring commercial entities that collect personal information to post privacy policies, adopt specific privacy controls, or notify individuals in the event that personal information has potentially be compromised;

  1. (f) Expenses incurred by the Insured to recover information which has been

accessed without the individual’s permission where expenses of recovery

would minimize any damages otherwise covered under this Policy orto the extent required by any federal, provincial, state or local identity theft and privacy protection laws requiring commercial entities that collect personal information to post privacy policies, adopt specific privacy controls, or notify individuals in the event that personal information has potentially be compromised;

  1. (g) Expenses incurred by the Insured to provide credit monitoring to minimize

any damages otherwise covered under this Policy or to the extent required by any federal, provincial, state or local identity theft and privacy protection laws requiring commercial entities that collect personal information to post privacy policies, adopt specific privacy controls, or notify individuals in the event that personal information has potentially be compromised;;

  1. (h) Expenses incurred by the Insured, or on the Insured’s behalf, with the prior

approval of the Underwriters to:

(i)pay a third party to conduct an investigation, also known as cyber investigation, of the Insured’s Network from which sensitive personal information has been accessed in order to determine the manner in which and the date and time of such information was accessed;

(ii)pay a public relations, law, or crisis management firm(s) to perform crisis management services to minimize the potential harm to an individual(s) resulting from unauthorized disclosure or access to sensitive personal information.

Such expenses do not include compensation, fees, benefits, overhead or the charges or expenses of the Insured.

3.EXCLUSIONS

With respect to the coverage provided by this Endorsements, the Underwriters shall not be liable to pay any Defence Costs or indemnify the Insured against any Claim or Claims arising directly or indirectly out of or in respect of:

(a)Infrastructure Malfunction

The malfunction, stoppage, or crash of telephone lines, data transmission lines or other infrastructure comprising or supporting the Internet,unless such lines or infrastructure were under the Insured’s operational control.

(b)Failure Known at Inception

Any circumstance which could give rise to a claim under this Policy of which the Insuredwas aware or ought reasonably to have been aware at or prior to the inception date of this Policy stated in Item 3 of the Schedule, whether notified under any other insurance or not.

(c)Failure to Perform

Any circumstance which could give rise to a claim under this Policy of which the Insured failed to take steps to use, maintain, or upgrade the Insured’s Network in a reasonable manner. Including circumstances arising out the use of or performance of, software that is:

  1. due to expire, been cancelled, or been withdrawn;
  2. still in testing or beta phase; or
  3. that has not passed all test runs or proven successful in applicable daily operations.

(d)Adequate Notice

Any actual or alleged failure to provide adequate notice regarding purposes for which the sensitive personal information is collected.

(e)Named Viruses

Named Viruses as identified by Information Technology Security and Governmental authorities

(f)Official Confiscation

Any liability based upon, arising from or in consequence of any seizure, confiscation, nationalization, or destruction of Insured’s Network by order of any governmental or public authority; or

(g)Wear and Tear

Any liability based upon, arising from or in consequence of any wear and tear or gradual deterioration of the Insured’s Network.

  1. Item 3.16 of Section 3 EXCLUSIONS found in the Policy is deleted and replaced with the following:

3.16 Personal Injury

Any actual or alleged Personal Injury. Personal Injury shall mean:

Injury, including consequential bodily injury, arising out of one or more of the following:

(a)false arrest, detention or imprisonment;

(b)malicious prosecution;

(c)the wrongful eviction from, wrongful entry into, or invasion of the right of private occupancy of a room, dwelling or premises that a person occupies, committed by or on behalf of its owner, landlord, or lessor;

(d)oral, written or electronic publication of material that slanders or libels a person or organization or disparages a person’s or organization’s goods, products or services; or

(e)oral, written or electronic publication of material that violates a person’s right of privacy.

Items (e) above do not apply to Computer Network Security Coverage attaching to

this Policy.

5. Item 3.30, Unauthorized Access, of Section 3 EXCLUSIONS found in the Policy is deleted and replaced with the following:

6. Definitions

Wherever used in this Endorsement:

(a)“Internet” shall meanthe worldwidecomputernetwork which enables the movement of Electronic Data which includes commercial, educational, governmental, and other networks, whether intranets, extranets and virtual private networks.

(b)“Insured’s Website”shall mean the content, software and other materials accessible via the Internetat a designated Uniform Resource Locator (URL) address owned by the Insured.

(c)“Insured’s Network”shall mean computers and associated data storage devices, networking equipment, backup facilities, and input and output devices that link together through a network of two or more computers and such networks are accessible through the internet, intranets, extranets or virtual private networks. Insured’s Network is:

  1. operated by or either owned by or leased to the Insured; or
  2. operated by a third party service provider and used for the purpose of providing hosted computer application services to the Insured or for processing, maintaining, hosting, storing the Insured’s ElectronicData, pursuant to written contract with the Insured for such services.

Nothing herein contained shall vary, alter or extend any provision or condition of the Policy other than as above stated. This Endorsement attaches to and forms part of Form # PCES-100EO.

PCES CNSC (edition 7th March 2014)Page 1 of 3