Cyber Insurance SGGet Quotes

Chubb — Singapore cyber exclusions

Verbatim exclusion clauses extracted from the ingested Chubb policy wordings. Every clause below is quoted verbatim from the source PDF. The authoritative reference is the policy wording itself, not this list.

Chubb Cyber ERM

Wording effective from 2026-01-01.

  1. 4.1 Prior Knowledge: alleging, based upon, arising out of or attributable to a Wrongful Act actually or allegedly committed prior to the beginning of the Policy Period if, on or before the earlier of the effective date of this Policy or the effective date of any Policy issued by us of which this Policy is a continuous renewal or a replacement, any member of the Control Group of the Insured knew or reasonably could have foreseen that the Wrongful Act did or could lead to any Loss.
  2. 4.2 Pending or Prior Proceedings: alleging, based upon, arising out of, or attributable to any prior or pending litigation, Privacy and Network Security Claim, Media Claim, demand, arbitration, administrative or regulatory proceeding or investigation filed or commenced against you, and of which you had notice, on or before the earlier of the effective date of this Policy or the effective date of any policy issued by us of which this Policy is a continuous renewal or a replacement, or alleging or derived from the same or substantially the same fact, circumstance or situation underlying or alleged therein; or any Wrongful Act, fact, circumstance or situation that has been the subject of any notice given under any other policy before the effective date of this Policy; or any other Wrongful Act whenever occurring which, together with a Wrongful Act that has been the subject of such notice, would constitute a Single Claim.
  3. 4.3 Conduct: directly or indirectly caused by, arising out of or in any way connected with your conduct, or of any person for whose conduct you are legally responsible, that involves: (A) committing or permitting any knowing or wilful breach of duty, or violation, of any laws; or (B) committing or permitting any criminal, deliberately fraudulent or deliberately dishonest act or omission; or (C) any actual or attempted gain of personal profit, secret profit or advantage by you to which you were not entitled. This exclusion only applies where such conduct has been established to have occurred by final adjudication (after the exhaustion of any appeals), or written admission.
  4. 4.4 Intentional Wrongful Collection or Use: alleging, based upon, arising out of, attributable to, directly or indirectly resulting from, in consequence of, or in any way involving the unauthorised, surreptitious, or wrongful use or collection of Personal Data by you or the failure to provide adequate notice that Personal Data is being collected or used. However, this exclusion shall not apply to your unintentional violation of any Privacy Regulation, including but not limited to the unintentional wrongful use or collection of Personal Data.
  5. 4.5 Discrimination or Employment Practices: alleging, based upon, arising out of or attributable to any discrimination of any kind; humiliation, harassment or misconduct based upon, arising out of or related to any such discrimination; Wrongful Employment Practices.
  6. 4.6 Insured v. Insured: brought or maintained by you, or on your behalf, or any other natural person or entity for whom or which you are legally liable, arising out of a Privacy and Network Security Claim or Media Claim.
  7. 4.7 Contract: for breach of any express, implied, actual or constructive contract, warranty, guarantee, or promise, including liquidated damages provisions or any liability assumed by you.
  8. 4.8 Fees: Solely with respect to coverage under Insuring Agreements 1.5 and 1.6, alleging, based upon, arising out of or attributable to any fees, expenses, or costs paid to or charged by you.
  9. 4.9 Bodily Injury and Property Damage: alleging, based upon, arising out of or attributable to any Bodily Injury or Property Damage.
  10. 4.10 Infrastructure Outage: alleging, based upon, arising out of or attributable to any electrical or mechanical failure or interruption, electrical disturbance, surge, spike, brownout, blackout, or outages to electricity, gas, water, telecommunications or other infrastructure. However, this exclusion shall not apply to failures, interruptions, disturbances or outages of telephone, cable or telecommunications systems, networks or infrastructure, under an Insured's operational control, which is a result of a failure of Computer Malicious Act, Unauthorised Use or Access, or a failure of Network Security.
  11. 4.11 Force Majeure: alleging, based upon, arising out of or attributable to fire, smoke, explosion, lightning, wind, flood, earthquake, volcanic eruption, tidal wave, landslide, hail, act of God or any other physical event, however caused.
  12. 4.12 War: alleging, based upon, arising out of or attributable to war, invasion, acts of foreign enemies, terrorism, hostilities or warlike operations (whether war is declared or not), strike, lock-out, riot, civil war, rebellion, revolution, insurrection, civil commotion assuming the proportions of or amounting to an uprising, military or usurped power. However, this exclusion shall not apply to an Act of Cyber-Terrorism which results in a Claim.
  13. 4.13 Pollution: alleging, based upon, arising out of or attributable to the actual, alleged or threatened discharge, release, escape, seepage, migration, or disposal of Pollutants, or any direction, formal mandate or request that any Insured test for, monitor, clean up, remove, contain, treat, detoxify or neutralise Pollutants, or any voluntary decision to do so.
  14. 4.14 Wear and Tear and Governmental Authority Intervention: Solely with respect to coverage under Insuring Agreements 1.1, 1.2 and 1.3: (A) alleging, based upon, arising out of, or attributable to the ordinary wear and tear or gradual deterioration of a Covered Computer System or Data, including any data processing media. (B) for any action of a public or governmental authority, including the seizure, confiscation or destruction of a Covered Computer Systems or Data.
  15. 4.15 Patent and Trade Secret: alleging, based upon, arising out of or attributable to any claim, dispute or issues with the validity, invalidity, infringement, violation or misappropriation of any patent or Trade Secret by or on behalf of you.
  16. 4.16 Intellectual Property: alleging, based upon, arising out of or attributable to any infringement, violation or misappropriation by you of any copyright, service mark, trade name, trademark or other intellectual property of any third party. However, this exclusion shall not apply to a Privacy and Network Security Wrongful Act or Media Wrongful Act expressly covered under Insuring Agreements 1.5 or 1.6.
  17. 4.17 Advertising or Misrepresentation: Solely with respect to coverage under Insuring Agreement 1.6, alleging, arising out of, or attributable to the actual goods, Products or services described, illustrated or displayed in Media Content.
  18. 4.18 Products: alleging, based upon, arising out of or attributable to any Products.
  19. 4.19 Trading: alleging, based upon, arising out of or attributable to any financial loss due to the inability to trade, invest, divest, buy or sell any financial security or financial asset of any kind; fluctuations in any value of assets; financial value in any of your accounts held at a financial institution; or inability to earn interest or appreciation on any asset.
  20. 4.20 Cyber Crime: Solely with respect to coverage under Insuring Agreement Extension 2.3 Cyber Crime, we will not pay for Direct Financial Loss consisting of or which is due to: (A) any acts by employees or independent contractors of the Insured, including any Claims caused by collusion with an employee or independent contractor; (B) any acts by your directors, executive officers or executive managers, including any Claims caused by collusion with a director, executive officer or executive manager; (C) any government seizures of your Money or Securities; (D) any fluctuation in value in any Monies or Securities; (E) indirect or consequential loss, including but not limited to income or profit; or (F) recall costs or expenses.
  21. 5.23 Trade and Economic Sanctions: We shall not be deemed to provide cover and we shall not be liable to pay any Loss or provide any benefit hereunder to the extent that the provision of such cover, payment of such Loss or provision of such benefit would expose us, or our parent or ultimate holding company, to any sanction, prohibition or restriction implemented pursuant to resolutions of the United Nations or the trade and economic sanctions, laws or regulations of the Republic of Singapore, the European Union, United Kingdom, Commonwealth of Australia or the United States of America.
  22. Data and System Recovery Costs do not include: (a) costs or expenses incurred to identify or remediate software vulnerabilities; (b) costs to replace any hardware or physical property; (c) costs incurred to research and develop Data, including Trade Secrets; (d) the economic or market value of Data, including Trade Secrets; (e) any other consequential loss or damage; (f) Incident Response Expenses; or (g) costs to update, upgrade, replace, maintain, or improve any Data or Computer System beyond what is provided in 3.20, D, i.
  23. Incident Response Expenses shall not include: (a) costs or expenses incurred to update or otherwise improve privacy or network security controls, policies or procedures to a level beyond that which existed prior to the Cyber Incident or Business Interruption Incident or to be compliant with Privacy Regulations, except to the extent Betterment Costs are applicable; (b) taxes, fines, penalties, injunctions, or sanctions; (c) Damages; (d) any other Expenses, except for Incident Response Expenses; (e) your wages, salaries, internal operating costs or expenses, or fees; or (f) costs to respond to, commence or defend third party litigation related to the Cyber Incident or Business Interruption Incident.
  24. Payment Card Loss shall not include: (A) subsequent fines or monetary assessments for continued noncompliance with the Payment Card Industry Data Security Standard beyond a period of three months from the date of the initial fine or monetary assessment; or (B) costs or expenses incurred to update or otherwise improve privacy or network security controls, policies or procedures.
  25. Consumer Redress Fund shall not include any sums paid which constitute taxes, fines, penalties, injunctions or sanctions.
  26. Regulatory Proceeding does not include any action, proceeding or suit, or the portion of any action, proceeding or suit, that is based on or related to a criminal violation of Privacy Regulations.
  27. Cyber Extortion Event shall not include any threats or connected series of threats made against you expressing intent to perform or cause any of the above if made, approved or directed by a member of the Control Group.
  28. Programming Error does not include integration, installation, upgrade or patching of any software, hardware or firmware on a Covered Computer System unless you can evidence that the Programming Error arises from an Accepted Program.

Source PDF: file:///Users/rob/Pangaea/cyberinsurance.com.sg/wordings/chubb/cyber-erm-2026.pdf