CoverforLossesResultingfromCyberSecurity

Breaches

CurrentasofAugust2015

Summary

ThisFactSheetdetailsComcover’spositioninrelationtocyberrelatedlossesunderthe

Comcover2015-16Statement ofCover.

Thereisno specificsection underthe Comcover2015-16 StatementofCoverforlossarising fromcyber securitybreaches.

However,dependingon thespecificcircumstancesofthebreachandsubject toall the terms andconditionscontained therein, theComcover2015-16StatementofCoverdoesprovide limited coverforfirstandthirdparty lossesasoutlined below.

First PartyLoss

Firstparty lossiswhenyou,theFundMember,sufferthelossofyourproperty fromacyber securitybreach.Forexample:

network/systemfailureresulting in businessinterruption and/orlossofrevenue;

loss or damagetosoftwareorhardware;

loss or damagetodataand/orrecords;or

costsresultingfrommanagingthebreach,includingcommunicationcosts,legalcosts andstaffing costs.

Dependingontheparticularcircumstancesofthebreach,coverageforfirstpartylossesmay be provided underChapter4 –Property(e.g.undersection 9or 12).

Thevalueofelectronic dataandrecords shouldbeincludedintheContentscolumn onthe Fund Member’s Asset Schedule located in the Gateway, which is shown on the Fund Member’sSchedule ofCover.

In addition, as outlined in section 19(6) under Chapter 7 – General Exclusions of the StatementofCover,any lossescauseddirectly orindirectlybyerasureorcorruption of informationoncomputersystemsorotherrecordsarisingfromyourincorrectprogramming,

punching, labelling, insertion orcancellation are notcovered.

FactSheetSeries |1

Comcover|

ThirdPartyLoss

Thirdparty lossesare when you can beheld liable toathird partyfroma cybersecuritybreach on a FundMember,forexample:

disclosureofpersonal information,includingfinancial information;

disclosureofcommercial information;

unauthorised disclosureofinformation;

defamation andinfringement ofintellectual property;

physicalinjuryand/orpropertydamage;

virustransmission; or

costsresultingfrommanagingthebreach,includingcommunicationcosts,legalcosts andstaffing costs.

Dependingon theparticularcircumstancesofthebreach,coverage foractiontaken by athird party againstaFundMembermay beprovidedunderSection7‘GeneralLiabilityand ProfessionalIndemnity’ofthe Statement ofCover.

Examples ofsectionsin the 2015-16Statementof Coverthat mayberelevant:

Section (2)(f) under Chapter 7–General Exclusions outlines that losses arenot coveredforanyliabilityarisingoutofliquidated damages clausesorsimilarpenalty clausesincontractsexcept to theextent thatliabilitywouldhaveattachedinthe absence ofsuchclauses.

Section 19(2)(e) under Chapter 7 – General Exclusions Section outlines losses resulting fromfines,penalties,ormultiple,punitive,exemplaryoraggravateddamages, arenotcovered.

Claims

IfaFundMemberexperiencesapotentiallossasaresultofacybersecurity breach,itis important thatthe Fund Member:

takeallreasonable stepstominimiseany loss;

notify Comcoverof the potential claim;and

assistComcoverin handlingtheclaim.

Formoreinformation onclaims,please refertothe Comcoverwebsiteat

CyberSecurityPolicyandGuidance

Cybersecurityislargelymanagedonawhole-of-governmentbasisbytheDepartmentof Prime Minister and Cabinet (referto . Commonwealth entitiesareresponsibleforprotectingtheirassetsandinformation fromcyberattacks.Entity businesscasesforICT-enabledproposalstoGovernmentmustidentifyhowcybersecurity riskswillbemanagedandhow theproposalwillcomplywithrelevantGovernmentcyber security policies. The Attorney-General’s Department also issue policy and guidance in relationtocyber/informationsecurity(referto TheDepartment ofFinanceprovidesguidancetoCommonwealthentitiesoncybersecurityrequirementsfor businesscases(refer to

Questions aboutCover?

Ifyou have anyquestionsin relation tocoverforcybersecuritybreaches,orthe Statement of

Cover,please contact phone yourRelationship Manageron

1800 651 540(option 3).