CoverforLossesResultingfromCyberSecurity
Breaches
CurrentasofAugust2015
Summary
ThisFactSheetdetailsComcover’spositioninrelationtocyberrelatedlossesunderthe
Comcover2015-16Statement ofCover.
Thereisno specificsection underthe Comcover2015-16 StatementofCoverforlossarising fromcyber securitybreaches.
However,dependingon thespecificcircumstancesofthebreachandsubject toall the terms andconditionscontained therein, theComcover2015-16StatementofCoverdoesprovide limited coverforfirstandthirdparty lossesasoutlined below.
First PartyLoss
Firstparty lossiswhenyou,theFundMember,sufferthelossofyourproperty fromacyber securitybreach.Forexample:
network/systemfailureresulting in businessinterruption and/orlossofrevenue;
loss or damagetosoftwareorhardware;
loss or damagetodataand/orrecords;or
costsresultingfrommanagingthebreach,includingcommunicationcosts,legalcosts andstaffing costs.
Dependingontheparticularcircumstancesofthebreach,coverageforfirstpartylossesmay be provided underChapter4 –Property(e.g.undersection 9or 12).
Thevalueofelectronic dataandrecords shouldbeincludedintheContentscolumn onthe Fund Member’s Asset Schedule located in the Gateway, which is shown on the Fund Member’sSchedule ofCover.
In addition, as outlined in section 19(6) under Chapter 7 – General Exclusions of the StatementofCover,any lossescauseddirectly orindirectlybyerasureorcorruption of informationoncomputersystemsorotherrecordsarisingfromyourincorrectprogramming,
punching, labelling, insertion orcancellation are notcovered.
FactSheetSeries |1
Comcover|
ThirdPartyLoss
Thirdparty lossesare when you can beheld liable toathird partyfroma cybersecuritybreach on a FundMember,forexample:
disclosureofpersonal information,includingfinancial information;
disclosureofcommercial information;
unauthorised disclosureofinformation;
defamation andinfringement ofintellectual property;
physicalinjuryand/orpropertydamage;
virustransmission; or
costsresultingfrommanagingthebreach,includingcommunicationcosts,legalcosts andstaffing costs.
Dependingon theparticularcircumstancesofthebreach,coverage foractiontaken by athird party againstaFundMembermay beprovidedunderSection7‘GeneralLiabilityand ProfessionalIndemnity’ofthe Statement ofCover.
Examples ofsectionsin the 2015-16Statementof Coverthat mayberelevant:
Section (2)(f) under Chapter 7–General Exclusions outlines that losses arenot coveredforanyliabilityarisingoutofliquidated damages clausesorsimilarpenalty clausesincontractsexcept to theextent thatliabilitywouldhaveattachedinthe absence ofsuchclauses.
Section 19(2)(e) under Chapter 7 – General Exclusions Section outlines losses resulting fromfines,penalties,ormultiple,punitive,exemplaryoraggravateddamages, arenotcovered.
Claims
IfaFundMemberexperiencesapotentiallossasaresultofacybersecurity breach,itis important thatthe Fund Member:
takeallreasonable stepstominimiseany loss;
notify Comcoverof the potential claim;and
assistComcoverin handlingtheclaim.
Formoreinformation onclaims,please refertothe Comcoverwebsiteat
CyberSecurityPolicyandGuidance
Cybersecurityislargelymanagedonawhole-of-governmentbasisbytheDepartmentof Prime Minister and Cabinet (referto . Commonwealth entitiesareresponsibleforprotectingtheirassetsandinformation fromcyberattacks.Entity businesscasesforICT-enabledproposalstoGovernmentmustidentifyhowcybersecurity riskswillbemanagedandhow theproposalwillcomplywithrelevantGovernmentcyber security policies. The Attorney-General’s Department also issue policy and guidance in relationtocyber/informationsecurity(referto TheDepartment ofFinanceprovidesguidancetoCommonwealthentitiesoncybersecurityrequirementsfor businesscases(refer to
Questions aboutCover?
Ifyou have anyquestionsin relation tocoverforcybersecuritybreaches,orthe Statement of
Cover,please contact phone yourRelationship Manageron
1800 651 540(option 3).