QBE Cyber Insurance Singapore — Independent Review

Rule:

QBE shall pay on behalf of the insured those amounts which the insured is legally obliged to pay, including any legal and investigation costs, as a result of a civil regulatory action, regulatory compensatory award, civil penalty, or fines to the extent insurable by law, imposed by a government or public authority regulator against the insured after the insured sustains an insured event, or in the event of a claim under insured section – 'Cyber, data security and multimedia cover' or insured section – 'Data breach notification costs cover', provided that QBE's maximum liability will not exceed the limit of indemnity stated in the schedule which amount is inclusive of defence costs, fees and expenses, and the maximum payable for any one claim and in the aggregate during the period of insurance.

Covered:

Notwithstanding the 'Fines and contractual penalties' exclusion, QBE shall pay on behalf of the insured those amounts which the insured is legally obliged to pay, including any legal and investigation costs, as a result of a civil regulatory action, regulatory compensatory award, civil penalty, or fines to the extent insurable by law, imposed by a government or public authority regulator against the insured after the insured sustains an insured event

Sublimit Sgd:

rule string — subject to the limit of indemnity stated in the schedule for Insured section – Regulatory Defence and Penalty costs cover; no fixed sublimit specified in the wording

Where Insurable Only:

true

Rule:

QBE agrees to indemnify the insured for cyber extortion expenses to the extent insurable by law, arising from a cyber extortion threat during the period of insurance provided that: (a) the insured can demonstrate to QBE that the insured has taken all reasonable efforts to determine that the threat is genuine and not a hoax; and (b) if a ransom is demanded by a hacker that at least one director of the insured has agreed to the payment of the ransom; (c) QBE has provided consent to the payment of the ransom; and (d) QBE's maximum liability will not exceed the limit of indemnity stated in the schedule which amount is inclusive of costs covered under Insured section - Forensics costs cover, and is the maximum payable for any one claim and in the aggregate during the period of insurance.

Covered:

true

Sublimit Sgd:

rule string — subject to the limit of indemnity stated in the schedule for Insured section – Cyber extortion cover; no fixed monetary sublimit specified in the wording

Sanctions Clause:

true

Panel Negotiator Required:

false

Rule:

Notwithstanding the 'Trading loss and liabilities' a) or b) exclusion, QBE agrees it will indemnify the insured for loss of business income incurred by the insured during the period of reinstatement directly as a result of the total or partial interruption, degradation in service, or failure of information and communication assets caused by the failure by the insured or a service provider to protect against unauthorised access to, unauthorised use of, a denial of service attack against, or transmission of a computer virus to, information and communication assets. Provided that: (a) no indemnity shall be provided for any losses incurred during the time retention period; and (b) QBE's liability will not exceed the lesser of: (i) the amount of the business income the insured would have earned during the period of reinstatement but for the total or partial interruption, degradation in service, or failure of information and communication assets; or (ii) the maximum amount specified in the schedule.

Waiting Period Hours:

rule string — 'time retention period' as stated in the schedule; specific hours not defined in the wording

Contingent Bi Covered:

rule string — cover applies to interruption caused by the failure by the insured or a service provider to protect against unauthorised access to, unauthorised use of, a denial of service attack against, or transmission of a computer virus to, information and communication assets; service provider failures are included

Indemnity Period Months:

rule string — 'period of reinstatement' as stated in the schedule; specific months not defined in the wording

Rule:

Forensics: the forensic consultant, security specialist or data storage facility shall be chosen by QBE who shall take into account the nature of the claim or loss and the cost and quality of the services that they can deliver, unless the insured has reasonable cause to request a different consultant and QBE and insured mutually agree upon such company. PR: the public relations and/or crisis management consultants shall be chosen by QBE who shall take into account the nature of the claim or loss and the cost and quality of the services that they can deliver, unless the insured has reasonable cause to request a different public relations consultancy and QBE and insured mutually agree upon such a company. Credit monitoring: the provider of credit monitoring services shall be chosen by QBE who shall take into account the nature of the claim or loss and the cost and quality of the services that they can deliver, unless the insured has reasonable cause to request a different consultant and QBE and insured mutually agree upon such company.

Panel Required:

true

Forensic Covered:

true

Pr Crisis Covered:

true

Credit Monitoring Months:

rule string — QBE will pay all reasonable costs the insured incurs with QBE's written consent for credit monitoring services in order to comply with data breach law; duration not specified in the wording

Notification Costs Covered:

true

Rule:

Financial Transfer Indemnification (1.3.3): Notwithstanding the 'Trading loss and liabilities' c) exclusion, QBE agrees that if during the period of insurance the insured has a claim or loss under this insured section and has also had money, property, products, goods, services or any other financial benefit transferred, to a third party and for which the insured has not received any benefit and cannot recoup, QBE will indemnify the insured to the value of the loss. QBE's liability to indemnify under this clause shall not exceed the sub-limit of indemnity stated in the schedule. Hacker Financial Crime Cover (1.3.4): QBE will indemnify the insured against all sums which the insured shall become legally liable to pay above the deductible as a result of any claim against the insured during the period of insurance as a result of a third party's good faith reliance on a hacker's fraudulent use of information and communication assets where there was a clear intention to cause the insured loss or obtain a personal gain for the hacker. QBE's liability to indemnify under this clause shall not exceed the sub-limit of indemnity as stated in the schedule.

Sublimit Sgd:

rule string — Financial Transfer Indemnification and Hacker Financial Crime Cover are each subject to their respective sub-limit of indemnity as stated in the schedule; no fixed monetary amounts specified in the wording

Social Engineering:

false

Invoice Redirection:

false

Funds Transfer Fraud:

true

Rule:

any claim, liability, loss or defence costs of whatsoever nature directly or indirectly caused by, resulting from or in connection with war or terrorism regardless of any other cause or event contributing concurrently or in any other sequence to the claim. This exclusion also excludes any claim, liability costs, defence costs or expense of whatsoever nature directly or indirectly caused by, resulting from or in connection with any action taken in controlling, preventing, suppressing or in any way relating to any of the above. The unlawful act of a hacker that damages information and communication assets of the insured shall not be regarded as an act of terrorism.

Excluded:

true

Lloyds 2022 Clause:

false

• any claim, liability, loss or defence costs brought or maintained by or on behalf of: (a) any insured or any parent of the insured or any subsidiary; or (b) any firm, partnership or entity in which the insured or any director or partner of the insured has a financial or executive interest; or (c) any person who, at the time of the act, error or omission giving rise to the claim, is a family member unless such a person is acting without any prior or indirect solicitation or co-operation of any insured
• any claim, liability, loss or defence costs directly or indirectly arising out of any contractual or assumed liability, guarantee or warranty unless the insured would in any event be legally liable in the absence of such contractual or other assumed liability, guarantee or warranty
• any costs in repairing, replacing or restoring information and communication assets to a level beyond that which existed prior to any claim or loss; or the insured's own costs of performing, rectifying, repairing, replacing, restoring or improving any work undertaken by the insured
• any claim, liability, loss or defence costs directly or indirectly arising out of any defamatory statement that was made deliberately or recklessly by the insured, not including amendments made to matter by a hacker
• any claim, liability, loss or defence costs arising out of the dishonest, fraudulent, criminal or reckless acts of any principal, partner or past or present director, officer, trustee of the insured or member of the insured's senior management team
• the amount of the deductible stated in the schedule
• any claim, liability, loss or defence costs made against or by the insured prior to the period of insurance; or any claim, liability, loss or defence costs directly or indirectly arising out of, or in any way involving any fact or circumstance of which written notice has been given under any previous policy or of which the insured first became aware prior to the period of insurance and which the insured knew or ought reasonably to have known had the potential to give rise to a claim or loss
• any claim, liability, loss or defence costs arising directly or indirectly out of any regulated activities as defined under any applicable financial services legislation in any jurisdiction or any insurance mediation activities which are authorised and regulated by any financial or prudential authority in any jurisdiction
• any fines, penalties, liquidated damages or contractual penalties other than those that are covered under Insured section – 'Regulatory Defence and Penalty costs cover'; or any punitive, multiple or exemplary damages where such have been identified separately within any award of any court or tribunal
• any claim, liability, loss or defence costs arising directly or indirectly out of the use or provision of any gaming, gambling or lotteries except when such services are included in business services
• any claim, liability, loss or defence costs arising directly or indirectly out of confiscation, commandeering, requisition, destruction of or damage to information and communication assets including personally identifiable information by order of a government or public authority
• any claim, liability, loss or defence costs arising directly or indirectly out of inaccurate, inadequate or incomplete description of the price of goods, products or services but this clause does not exclude amendments made to matter by a hacker
• any claim, liability, loss or defence costs arising out of or relating directly or indirectly to an insolvency event
• any claim, liability, loss or defence costs arising directly or indirectly out of the insured's own costs of performing, rectifying or improving any work undertaken by the insured
• any claim, liability, loss or defence costs arising directly or indirectly out of or relating to any failure of the insured to adhere to legal advice with regard to clearances or dissemination of matter or the collection, use, disclosure, handling, management, storage, retention or control of personally identifiable information
• any claim, liability, loss or defence costs arising out of the insured's breach of any taxation, violation of any law governing criminal liability, unconscionable conduct, competition, restraint of trade or antitrust legislation or regulation
• any claim, liability, loss or defence costs arising from the liability to any employee, former employee or prospective employee in respect of any obligation owed to the employee, former employee or prospective employee by the insured as an employer
• any claim, liability, loss or defence costs arising directly or indirectly from any non-payment or under payment of royalties or any other payments due under a license
• liability in excess of the limit of indemnity or any applicable sub-limit of indemnity, whichever is the lower, as stated in the schedule
• any claim for loss of goodwill and reputational harm, other than those claims covered under insured section – Public Relations Costs Cover
• any claim, liability, loss or defence costs caused by or arising from any personal liability incurred by a director or officer of the insured when: (a) acting in that capacity or managing the insured's business; or (b) in breach of their fiduciary duty, other than when performing business services for a client; or (c) making or issuing any statement, representation or information concerning the insured and the business services contained in any accounts, reports or financial statements
• any claim, liability, loss or defence costs arising directly or indirectly from physical cause or natural peril, including but not limited to fire, wind, water, flood, subsidence, or earthquake, that results in the physical damage to property including to information and communication assets
• any claim, liability, loss or defence costs, in respect of any proceedings (including arbitration or regulatory proceedings), judgment, award, payment, defence costs or settlement delivered, made or incurred within countries which operate under the laws of North America (unless jurisdiction is stated to be worldwide in the schedule)
• any claim, liability, loss or defence costs arising directly or indirectly from or attributable to: (a) ionising radiations or contamination by radioactivity from any nuclear fuel or from any nuclear waste from the combustion of nuclear fuel; or (b) the radioactive, toxic, explosive or other hazardous properties of any explosive nuclear assembly or nuclear component thereof
• any claim, liability, loss or defence costs where the insured is entitled to indemnity under any other policy except in respect of any excess beyond the amount which would have been payable under such policy had this policy not been effected
• any claim, liability, loss or defence costs arising directly or indirectly out of the infringement of any patent
• any claim, liability, loss or defence costs directly or indirectly arising out of, or in any way involving: (a) personal injury unless arising directly from any claim seeking compensatory damages for mental anguish or distress where such damages arise from claims covered under insured section – 'Cyber, data security and multimedia cover'; or (b) property damage except for cover provided by 3.1 Information and Communication Asset Rectification Costs Cover or 1.3.5 Loss of or damage to documents extension
• any claim, liability, loss or defence costs: (a) for personal injury, sickness, disease, death or property damage directly or indirectly caused by seepage, pollution or contamination; or (b) for removing nullifying or cleaning-up seeping, polluting or contaminating substances; or (c) directly or indirectly arising out of resulting from or in consequence of or in any way involving asbestos or any materials containing asbestos in whatever form or quantity; or (d) directly or indirectly arising out of electromagnetic fields, electromagnetic radiation or electromagnetism
• any claim, liability, loss or defence costs directly or indirectly arising out of, or in any way involving goods or products (being tangible property or merchandise) sold, supplied, repaired, recalled, altered, treated, manufactured, installed or maintained by the insured or on behalf of the insured
• any claim, liability, loss or defence costs arising directly or indirectly out of breach of any obligation owed by the insured regarding any statement or representation (express or implied) contained in the insured's report and accounts, reports or financial statements, or concerning the insured's financial viability
• any claim, liability, loss or defence costs arising from any act committed, or alleged to have been committed prior to the retroactive date
• any claim, liability, loss or defence costs arising out of, based upon or attributable to the return, restitution or offset of fees, expenses or costs either by service level credits or by any other means
• QBE shall not provide cover nor be liable to pay any claim, liability, loss or defence costs or provide any other benefit to the extent that the provision of any such cover, payment of any such claim or provision of any such benefit would expose QBE or any member of QBE group to any sanction, prohibition or restriction under the United Nations resolutions or the trade or economic sanctions, laws or regulations of any country
• any claim, liability, loss or defence costs arising from or alleged to have been caused by or sustained from an act committed outside the territorial limit and/or from any claim first brought in a court outside the jurisdiction
• any claim, liability, loss or defence costs arising directly or indirectly from: (a) the insured's lost profit, mark-up or liability for VAT, GST or its equivalent other than those claims covered under Insured section - Cyber business interruption cover; or (b) the insured's trading loss or trading liability including those arising from the loss of any client, account or business other than those claims covered under Insured section - Cyber business interruption cover; or (c) any monetary value of electronic fund transfers or transactions by or on behalf of the insured
• any claim, liability, loss or defence costs directly or indirectly arising under an uninsured insured section of this policy
• any claim, liability, loss or defence costs arising directly or indirectly out of the insured's knowing use of software in violation of software protection laws
• any claim, liability, loss or defence costs arising directly or indirectly out of the failure of an internet, telecommunications or electricity provider or other utility provider except when such services are included in business services
• any claim, liability, loss or defence costs arising directly or indirectly out of wear and tear of information and communication assets
• any claim, liability, loss or defence costs of whatsoever nature directly or indirectly caused by, resulting from or in connection with war or terrorism regardless of any other cause or event contributing concurrently or in any other sequence to the claim

Withdrawal Of Content (1.3.6):

sub-limit of indemnity as stated in the schedule (inclusive of defence costs); no fixed amount specified in wording

Cyber Extortion Cover (Section 9):

limit of indemnity stated in the schedule (inclusive of forensics costs cover); no fixed amount specified in wording

Forensics Costs Cover (Section 6):

limit of indemnity stated in the schedule (inclusive of defence costs, fees and expenses); no fixed amount specified in wording

Hacker Financial Crime Cover (1.3.4):

sub-limit of indemnity as stated in the schedule (inclusive of defence costs); no fixed amount specified in wording

Loss Of Or Damage To Documents (1.3.5):

sub-limit of indemnity stated in the schedule (inclusive of defence costs); no fixed amount specified in wording

Public Relations Costs Cover (Section 5):

limit of indemnity stated in the schedule (inclusive of defence costs, fees and expenses); no fixed amount specified in wording

Credit Monitoring Costs Cover (Section 7):

limit of indemnity stated in the schedule (inclusive of defence costs, fees and expenses); no fixed amount specified in wording

Financial Transfer Indemnification (1.3.3):

sub-limit of indemnity stated in the schedule (inclusive of defence costs); no fixed amount specified in wording

Cyber Business Interruption Cover (Section 8):

maximum amount specified in the schedule; no fixed amount specified in wording

Data Breach Notification Costs Cover (Section 2):

limit of indemnity stated in the schedule (inclusive of defence costs, fees and expenses); no fixed amount specified in wording

Regulatory Defence And Penalty Costs Cover (Section 4):

limit of indemnity stated in the schedule (inclusive of defence costs, fees and expenses); no fixed amount specified in wording

Information And Communication Asset Rectification Costs Cover (Section 3):

limit of indemnity stated in the schedule (inclusive of fees and expenses); no fixed amount specified in wording

1. Insured section - Cyber, data security and multimedia cover
2. Insured section - Data breach notification costs cover
3. Insured section - Information and communication asset rectification costs cover
4. Insured section - Regulatory defence and penalty costs cover
5. Insured section - Public relations costs cover
6. Insured section - Forensics costs cover
7. Insured section - Credit monitoring costs cover
8. Insured section - Cyber business interruption cover
9. Insured section - Cyber extortion cover
10. General exclusions
11. Duties in the event of a claim or potential claim
12. General terms and conditions
13. General definitions and interpretation

---

This **policy** is between **QBE** and the **insured** as declared in the **schedule**. This document, together with its **schedule** and any attached endorsements is the **policy** which sets out this insurance. It is a legal contract so please read all of it carefully.

Words in bold typeface used in this policy document, other than in the headings, have specific meanings attached to them as set out in the General definitions and interpretation.

Each **insuring clause section** sets out the scope of the main coverage and the circumstances in which **QBE's** liability to the **insured** is limited or may be excluded. Further, each **insuring clause section** sets out other terms and conditions relevant to that **insuring clause section**. The cover provided by each **insuring clause section** is only operative if stated as 'insured' in the **schedule**. Where any **schedule** heading or sub-heading states 'n/a', 'not applicable' or 'not insured' then no cover applies for that item.

Additional clauses set out terms, exclusions or limitations that may apply to more than one **insuring clause section**.

The **policy** will provide insurance as described herein for the **period of insurance** provided the premium(s) and other charges are paid to and accepted by **QBE** on or before the payment date shown in the **schedule**. Taxes, levies and other relevant fiscal charges are payable in addition to the premium.

The premium is deemed paid and accepted on receipt by **QBE** or the broker appointed to place this insurance with **QBE**. If any premium (including a premium instalment) is not paid and accepted by **QBE** on or before its payment date shown in the **schedule**, **QBE** can give written notice to the **insured** at its address shown in the **schedule**, cancelling the **policy** with effect from the seventh (7th) day after the notice has been served. Cancellation will be prevented from taking effect and the **policy** will continue if the late premium instalment and any other remaining premium instalments are paid and accepted before the cancellation takes effect. Without prejudice to other forms of service, notice of cancellation is deemed to be served on the third (3rd) day after being posted if sent by pre-paid letter post properly addressed.

---

**QBE** agrees to indemnify the **insured** for liability imposed by law to pay compensatory damages or awards, including any related injunction or restraining order costs and claimant costs recoverable from the **insured**, for any **claim** first made against the **insured** and/or **service provider** during the **period of insurance** and where the **claim** arises out of any actual or alleged **insured event**.

**QBE** will pay compensation to the **insured**, with the prior written consent (such consent not to be unreasonably withheld) of **QBE**, in the event that the legal advisers acting on behalf of the **insured** require any **insured**, any **employee** or any other relevant party (not including expert witnesses), to attend court or any arbitration or adjudication hearing as a witness of fact in connection with a **claim** made against the **insured** for which cover is afforded under this **policy**, at the following rates for each day or part thereof on which attendance is required:

a) any principal, partner, member or director of the **insured** USD1,000;
b) any **employee** or other relevant party up to USD500.

a) Following any event which is or may be the subject of indemnity under this **insured section QBE** agrees to indemnify the **insured** for **defence costs**;

b) Where the **schedule** states that **defence costs** are payable in addition to the **limit of indemnity QBE** agrees to indemnify the **insured** for **defence costs**, provided that if the **limit of indemnity** is exhausted by the payment or settlement of any **claim** or loss **QBE's** liability to pay **defence costs** in respect of that **claim** or loss shall be limited to such proportion of those **defence costs** as the **limit of indemnity** available for payment or settlement of that **claim** or loss bears to the total payment (including where applicable claimants' costs) required to dispose of that **claim** or loss.

a) **QBE's** liability under this **insured section** in respect of any one **claim** and in the aggregate (unless expressly stated otherwise in the **schedule**) shall not exceed the amount stated as the **limit of indemnity** in the **schedule** inclusive of **defence costs** that will be payable as part of the **limit of indemnity** unless such **defence costs** are expressly stated in any clause as being in addition to the **limit of indemnity**;

b) Where provided, the **limit of indemnity** in respect of North America will always be in the aggregate inclusive of **defence costs** and the limit granted is deemed to be part of and not in addition to the overall **policy limit of indemnity** specified in the **schedule**.

The coverage provided under this **insured section** is extended to provide cover for the following.

a) Where the **insured** creates or acquires a company or companies subsequent to the commencement of the **period of insurance** and the turnover relating to all such created or acquired companies does not exceed ten percent (10%) of the estimated turnover of the companies covered under this **policy** at inception (less the turnover for companies sold during the **period of insurance**), then this **policy** shall include as an **insured** any such company created or acquired automatically from the date of creation or acquisition without additional premium provided that:

i) the **business services** carried out by such company is similar to that of the **insured**; and

ii) prior to the acquisition the acquired company did not pay or reserve any professional liability **claims** in the five years prior to the acquisition where the total paid or reserved amount was greater than the **deductible** of this **policy**; and

iii) the **retroactive date** applicable to the **business services** of the new entity is deemed to be the date of acquisition; and

iv) the **insured**:
   - I. controls the composition of the board of directors; or
   - II. controls more than twenty five (25%) percent of the voting power at a general meeting of shareholders; or
   - III. holds more than half of the issued share capital (regardless of class of share); and

v) such company does not have an incorporated entity in a different country to the **insured**.

b) Where the **insured** creates or acquires a company or companies subsequent to inception and the turnover relating to all such created or acquired companies exceeds ten percent (10%) of the estimated turnover of the companies covered under this **policy** at inception (less the turnover for companies sold during the **period of insurance**), then this **policy** shall include as an **insured** any such company created or acquired automatically from the date of creation or acquisition provided that:

i) the terms stated in 'Acquisition and creations' a) i), to v) above also apply to such created or acquired companies; and

ii) the **insured** notifies **QBE** as soon as is reasonably practicable of the creation or acquisition; and

iii) the **insured** accepts the revised premium and or terms applying to each and every such creation and or acquisition; and

iv) all insurance in respect of such created or acquired entities will terminate thirty (30) days following creation or acquisition if terms cannot be agreed between the **insured** and **QBE**.

**QBE** will indemnify the **insured** against all sums which the **insured** becomes legally liable to pay as a result of any **claim** against the **insured** during the **period of insurance** when alleged in conjunction with a **claim** covered under this **policy** arising directly or indirectly from any dishonest, fraudulent, malicious, reckless or criminal act or omission of any of the **insured's** **employees** but the insurance provided by this **policy** excludes any indemnity to the said **employee**.

Notwithstanding the 'Trading loss and liabilities' c) exclusion, **QBE** agrees that if during the **period of insurance** the **insured** has a **claim** or loss under this **insured section** and has also had money, property, products, goods, services or any other financial benefit transferred, to a third party and for which the **insured** has not received any benefit and cannot recoup, **QBE** will indemnify the **insured** to the value of the loss.

**QBE's** liability to indemnify under this clause shall not exceed the **sub-limit of indemnity** stated in the **schedule** which amount is inclusive of **defence costs** and is the maximum payable for any one **claim** and in the aggregate during the **period of insurance**.

**QBE** will indemnify the **insured** against all sums which the **insured** shall become legally liable to pay above the **deductible** as a result of any **claim** against the **insured** during the **period of insurance** as a result of a third party's good faith reliance on a **hacker's** fraudulent use of **information and communication assets** where there was a clear intention to cause the **insured** loss or obtain a personal gain for the **hacker**.

**QBE's** liability to indemnify under this clause shall not exceed the **sub-limit of indemnity** as stated in the **schedule** which amount is inclusive of **defence costs** and the maximum payable any one **claim** and in the aggregate during the **period of insurance**.

**QBE** will indemnify the **insured** for costs and expenses reasonably incurred in replacing or restoring **documents** discovered by the **insured** to be lost, damaged or destroyed and, after diligent search, cannot be found provided that:

a) the discovery of such loss of **documents** occurred during the **period of insurance** and is notified to **QBE** in accordance with the terms of this **policy**; and

b) such coverage shall be limited to the costs, charges and expenses of whatsoever nature incurred by the **insured** in replacing and/or restoring such **documents** and any **claim** for such costs, charges and expenses shall be supported by bills and/or accounts which shall be subject to prior written approval by a competent person nominated by **QBE** with the consent of the **insured**; and

c) such coverage shall be limited to the loss of any **documents** which were in the physical custody or control of the **insured** or any other person to whom the **insured** entrusted, lodged or deposited such **documents** in the ordinary course of business; and

**QBE's** liability to indemnify under this clause shall not exceed the **sub-limit of indemnity** stated in the **schedule** which amount is inclusive of **defence costs** and the maximum payable any one **claim** and in the aggregate during the **period of insurance**.

**QBE** will indemnify the **insured** against all costs and expenses incurred above the **deductible**, which the **insured** shall become legally liable to pay for and as a result of the withdrawal or alteration of any **matter** by order of a court as a result of or in mitigation of a **claim** covered under this **insured section** within the **territorial limit**, but only to the extent that such costs and expenses cannot be avoided or curtailed and providing that the **insured** in the first instance:

a) obtains the approval of **QBE** before incurring any costs or expenses; and

b) satisfies **QBE** that such **matter** would, if not rectified, result in damages equal to or in excess of the indemnified costs and expenses; and

c) satisfies **QBE** that the costs and expenses incurred are necessary to successfully avoid a **claim**.

Except that **QBE** will not indemnify the **insured** for any:

i) payment recovered by the **insured** from others; or

ii) element of profit or savings for the **insured** in any payment or fees; or

iii) salaries, wages, overhead or any benefit expenses of or associated with the **insured** incurred for the withdrawal of the content.

**QBE's** liability to indemnify under this clause shall not exceed the **sub-limit of indemnity** as stated in the **schedule** which amount is inclusive of **defence costs** and the maximum payable for any one **claim** and in the aggregate during the **period of insurance**.

---

**QBE** agrees that if during the **period of insurance** the **insured** sustains an **insured event**, or in the event of a **claim**, **circumstance** or loss under **insured section** – 'Cyber, data security and multimedia cover' **QBE** will pay for **data breach notification costs**. **QBE's** maximum liability will not exceed the **limit of indemnity** stated in the **schedule** which amount is inclusive of **defence costs**, fees and expenses, and the maximum payable for any one **claim** and in the aggregate during the **period of insurance**.

---

**QBE** agrees that if during the **period of insurance** the **insured** sustains an **insured event**, or in the event of a **claim**, **circumstance** or loss under **insured section** – 'Cyber, data security and multimedia cover' where the **information and communication assets** were damaged, destroyed, altered, corrupted, copied, stolen or misused by a **hacker**, then **QBE** will pay the costs to repair, restore or replace the affected parts of the **information and communication assets** to the same equivalent standard, condition, functionality, level of service and/or with the same content or as near as reasonably possible as immediately before the **information and communication assets** were damaged, destroyed, altered, corrupted, copied, stolen or misused by a **hacker**. **QBE's** maximum liability will not exceed the **limit of indemnity** stated in the **schedule** which amount is inclusive of fees and expenses, and the maximum payable for any one **claim** and in the aggregate during the **period of insurance**.

---

Notwithstanding the 'Fines and contractual penalties' exclusion, **QBE** shall pay on behalf of the **insured** those amounts which the **insured** is legally obliged to pay, including any legal and investigation costs, as a result of a civil regulatory action, **regulatory compensatory award**, civil penalty, or fines to the extent insurable by law, imposed by a government or public authority regulator against the **insured** after the **insured** sustains an **insured event**, or in the event of a **claim** under **insured section** – 'Cyber, data security and multimedia cover' or **insured section** – 'Data breach notification costs cover', provided that **QBE's** maximum liability will not exceed the **limit of indemnity** stated in the **schedule** which amount is inclusive of **defence costs**, fees and expenses, and the maximum payable for any one **claim** and in the aggregate during the **period of insurance**.

---

Following:

**QBE** will pay all reasonable costs the **insured** incurs with **QBE's** written consent for a public relations and crisis management consultant to avert or mitigate any material damage to any of the **insured's** reputation, brands and business operations; provided that:

a) **QBE's** maximum liability will not exceed the **limit of indemnity** stated in the **schedule** which is inclusive of **defence costs**, fees and expenses, and the maximum payable for any one **claim** and in the aggregate during the **period of insurance**; and

b) the public relations and/or crisis management consultants shall be chosen by **QBE** who shall take into account the nature of the **claim** or loss and the cost and quality of the services that they can deliver, unless the **insured** has reasonable cause to request a different public relations consultancy and **QBE** and **insured** mutually agree upon such a company.

---

Following:

then where required **QBE** will pay all reasonable costs the **insured** incurs with **QBE's** written consent for;

a) a forensic consultant to establish the identity or methods of the **hacker** or other details required by **QBE** following a **data breach**; and / or

b) a security specialist to assess the **insured's** electronic security and the costs of reasonable security improvement; and / or

c) the temporary storage of the **insured's** electronic data at a third-party host location, if it is viewed that the insureds' **information and communication assets** remain vulnerable to damage, destruction, alteration, corruption, copying, stealing or misuse by a **hacker**.

Provided that

i) **QBE's** maximum liability will not exceed the **limit of indemnity** stated in the **schedule** which amount is inclusive of **defence costs**, fees and expenses, and the maximum payable for any one **claim** and in the aggregate during the **period of insurance**; and

ii) the forensic consultant, security specialist or data storage facility shall be chosen by **QBE** who shall take into account the nature of the **claim** or loss and the cost and quality of the services that they can deliver, unless the **insured** has reasonable cause to request a different consultant and **QBE** and **insured** mutually agree upon such company;

iii) in the event of a **claim** under this **insured section** for costs following a **cyber extortion threat QBE's** liability in respect of the cyber extortion expenses and the cover under this **insured section** combined shall not exceed the **limit of indemnity** under the **insured section** - Cyber extortion cover.

---

Following

**QBE** will pay all reasonable costs the **insured** incurs with **QBE's** written consent (such consent not to be unreasonably withheld) for credit monitoring services in order to comply with **data breach law** provided that;

a) **QBE's** maximum liability will not exceed the **limit of indemnity** stated in the **schedule** which amount is inclusive of **defence costs**, fees and expenses, and the maximum payable for any one **claim** and in the aggregate during the **period of insurance**; and

b) the provider of credit monitoring services shall be chosen by **QBE** who shall take into account the nature of the **claim** or loss and the cost and quality of the services that they can deliver, unless the **insured** has reasonable cause to request a different consultant and **QBE** and **insured** mutually agree upon such company.

---

Notwithstanding the 'Trading loss and liabilities' a) or b) exclusion, **QBE** agrees it will indemnify the **insured** for loss of **business income** incurred by the **insured** during the **period of reinstatement** directly as a result of the total or partial interruption, degradation in service, or failure of **information and communication assets** caused by the failure by the **insured** or a **service provider** to protect against unauthorised access to, unauthorised use of, a denial of service attack against, or transmission of a **computer virus** to, **information and communication assets**.

Provided that:

a) no indemnity shall be provided for any losses incurred during the time **time retention** period; and

b) **QBE's** liability will not exceed the lesser of:

i) the amount of the **business income** the **insured** would have earned during the **period of reinstatement** but for the total or partial interruption, degradation in service, or failure of **information and communication assets**; or

ii) the maximum amount specified in the **schedule**.

The calculation of the **insured's** losses under this **Insured section** shall be based on an analysis of the revenues and costs generated during each month of the twelve (12) months prior to the loss occurring (as recorded in the **insured's** accounts) and will also take into account the reasonable projection of future profitability or otherwise had no loss occurred and will include all material changes in market conditions which would affect the future profits generated.

The calculation of the **insured's** losses under this **Insured section** will not include any cost, expense or other amount which is indemnified under any other **Insured section** or is excluded under this **policy**.

The calculation of the **insured's** losses under this **Insured section** will be reduced by any increase in **business income** in the 30 days immediately following the **period of reinstatement** from the sale of goods or services that would have been recorded during the **period of reinstatement** but for the total or partial interruption, degradation in service, or failure of **information and communication assets**.

Requests made by the **insured** for indemnity by **QBE** shall be accompanied by a computation of the loss. This shall set out in detail how the loss has been calculated and what assumptions have been made. The **insured** shall produce any documentary evidence, including any applicable reports, books of accounts, bills, invoices and other vouchers and copies of the such which **QBE** may require, and the **insured** shall afford them every assistance in their investigations.

Any **claims** payment under **Insured section** – 'Cyber business interruption' will, where applicable, be reduced by the extent to which the **insured**:

a) could have and/or does use damaged or undamaged **information and communication assets**; or

b) makes use of available stock, merchandise or other data; or

c) uses substitute facilities, equipment or personnel.

a) Any particulars or details contained in the **insured's** books of account or other **business books** or documents which may be required by **QBE** under 'Duties in the event of a claim or potential claim' clause to this **policy** for the purpose of investigating or verifying any **claim** made under this **policy** may be produced by professional accountants if at the time they are regularly acting as such for the **insured** and their report will be the basis for evidence of the particulars and details to which such report relates, unless any such contradictory circumstance or evidence is apparent in which case the onus to prove the loss shall be upon the **insured**.

b) **QBE** will indemnify the **insured** for the reasonable and necessary charges payable by the **insured** to their professional accountants for producing such particulars or details or any other proofs, information or evidence as may be required by **QBE** under the terms of 'Duties in the event of a claim or potential claim' clause to this **policy** and reporting that such particulars or details are in accordance with the **insured's** books of account or other **business books** or documents.

---

**QBE** agrees to indemnify the **insured** for **cyber extortion expenses** to the extent insurable by law, arising from a **cyber extortion threat** during the **period of insurance** provided that:

a) the **insured** can demonstrate to **QBE** that the **insured** has taken all reasonable efforts to determine that the threat is genuine and not a hoax; and

b) if a **ransom** is demanded by a **hacker** that at least one director of the **insured** has agreed to the payment of the **ransom**;

c) **QBE** has provided consent to the payment of the **ransom**; and

d) **QBE's** maximum liability will not exceed the **limit of indemnity** stated in the **schedule** which amount is inclusive of costs covered under **Insured section** - Forensics costs cover, and is the maximum payable for any one **claim** and in the aggregate during the **period of insurance**.

---

This **policy** excludes and does not cover:

any **claim**, liability, loss or **defence costs** brought or maintained by or on behalf of:

a) any **insured** or any **parent** of the **insured** or any **subsidiary**; or

b) any firm, partnership or entity in which the **insured** or any director or partner of the **insured** has a financial or executive interest; or

c) any person who, at the time of the act, error or omission giving rise to the **claim**, is a family member unless such a person is acting without any prior or indirect solicitation or co-operation of any **insured** (family member means any spouse, domestic partner, parent, parent of a spouse or domestic partner, sibling or child);

provided that this exclusion shall not apply to such **claims** originating from an independent third party.

any **claim**, liability, loss or **defence costs** directly or indirectly arising out of any contractual or assumed liability, guarantee or warranty unless the **insured** would in any event be legally liable in the absence of such contractual or other assumed liability, guarantee or warranty.

a) any costs in repairing, replacing or restoring **information and communication assets** to a level beyond that which existed prior to any **claim** or loss; or

b) the **insured's** own costs of performing, rectifying, repairing, replacing, restoring or improving any work undertaken by the **insured**.

any **claim**, liability, loss or **defence costs** directly or indirectly arising out of any defamatory statement that was made deliberately or recklessly by the **insured**, not including amendments made to **matter** by a **hacker**.

any **claim**, liability, loss or **defence costs** arising out of the dishonest, fraudulent, criminal or reckless acts of any principal, partner or past or present director, officer, trustee of the **insured** or member of the **insured's** senior management team.

This exclusion will only apply where it is established by an admission of such **insured** or by a final judgment, award, finding or other adjudication of a court, tribunal, commission or arbitrator that such conduct did in fact occur.

the amount of the **deductible** stated in the **schedule**.

a) any **claim**, liability, loss or **defence costs** made against or by the **insured** prior to the **period of insurance**; or

b) any **claim**, liability, loss or **defence costs** directly or indirectly arising out of, or in any way involving any fact or **circumstance**:

i) of which written notice has been given under any previous policy (whether insured by **QBE** or not); or

ii) of which the **insured** first became aware prior to the **period of insurance** and which the **insured** knew or ought reasonably to have known had the potential to give rise to a **claim** or loss.

any **claim**, liability, loss or **defence costs** arising directly or indirectly out of any regulated activities as defined under any applicable financial services legislation in any jurisdiction or any insurance mediation activities which are authorised and regulated by any financial or prudential authority in any jurisdiction.

a) any fines, penalties, liquidated damages or contractual penalties other than those that are covered under **Insured section** – 'Regulatory Defence and Penalty costs cover'; or

b) any punitive, multiple or exemplary damages where such have been identified separately within any award of any court or tribunal.

any **claim**, liability, loss or **defence costs** arising directly or indirectly out of the use or provision of any gaming, gambling or lotteries except when such services are included in **business services**.

any **claim**, liability, loss or **defence costs** arising directly or indirectly out of confiscation, commandeering, requisition, destruction of or damage to **information and communication assets** including **personally identifiable information** by order of a government or public authority.

any **claim**, liability, loss or **defence costs** arising directly or indirectly out of inaccurate, inadequate or incomplete description of the price of goods, products or services but this clause does not exclude amendments made to **matter** by a **hacker**.

any **claim**, liability, loss or **defence costs** arising out of or relating directly or indirectly to an **insolvency event**.

any **claim**, liability, loss or **defence costs** arising directly or indirectly out of the **insured's** own costs of performing , rectifying or improving any work undertaken by the **insured**.

any **claim**, liability, loss or **defence costs** arising directly or indirectly out of or relating to any failure of the **insured** to adhere to legal advice with regard to clearances or dissemination of **matter** or the collection, use, disclosure, handling, management, storage, retention or control of **personally identifiable information**.

any **claim**, liability, loss or **defence costs** arising out of the **insured's** breach of any taxation, violation of any law governing criminal liability, unconscionable conduct, competition, restraint of trade or antitrust legislation or regulation.

This exclusion will only apply to persons who have committed, aided, abetted or knowingly participated in such conduct.

any **claim**, liability, loss or **defence costs** arising from the liability to any **employee**, former **employee** or prospective **employee** in respect of any obligation owed to the **employee**, former **employee** or prospective **employee** by the **insured** as an employer including but not limited to **personal injury** or property damage, products liability, employment-related libel, slander, humiliation or defamation, unfair or wrongful dismissal, repudiation or breach of any employment contract or arrangement, termination of a training contract or contract of apprenticeship, harassment, discrimination or like conduct.

However this exclusion will not apply to **employees** affected under **insured sections** 2.1 or 7.1, or to **claims** made by **employees** under **insured section** 1.1.

any **claim**, liability, loss or **defence costs** arising directly or indirectly from any non-payment or under payment of royalties or any other payments due under a license.

liability in excess of the **limit of indemnity** or any applicable **sub-limit of indemnity**, whichever is the lower, as stated in the **schedule**.

any **claim** for loss of goodwill and reputational harm, other than those **claims** covered under **insured section** – Public Relations Costs Cover.

any **claim**, liability, loss or **defence costs** caused by or arising from any personal liability incurred by a director or officer of the **insured** when:

a) acting in that capacity or managing the **insured's** business; or

b) in breach of their fiduciary duty, other than when performing **business services** for a client; or

c) making or issuing any statement, representation or information concerning the **insured** and the **business services** contained in any accounts, reports or financial statements.

any **claim**, liability, loss or **defence costs** arising directly or indirectly from physical cause or natural peril, including but not limited to fire, wind, water, flood, subsidence, or earthquake, that results in the physical damage to property including to **information and communication assets**.

unless **jurisdiction** is stated to be worldwide in the **schedule**;

any **claim**, liability, loss or **defence costs**, in respect of any proceedings (including arbitration or regulatory proceedings), judgment, award, payment, **defence costs** or settlement delivered, made or incurred within countries which operate under the laws of North America (or to any order made anywhere in the world to enforce such judgment, award, payment, **defence costs** or settlement either in whole or in part).

any **claim**, liability, loss or **defence costs** arising directly or indirectly from or attributable to:

a) ionising radiations or contamination by radioactivity from any nuclear fuel or from any nuclear waste from the combustion of nuclear fuel; or

b) the radioactive, toxic, explosive or other hazardous properties of any explosive nuclear assembly or nuclear component thereof.

any **claim**, liability, loss or **defence costs** where the **insured** is entitled to indemnity under any other policy except in respect of any excess beyond the amount which would have been payable under such policy had this **policy** not been effected. Where any policy more specific to the matter for which indemnity is sought exists, this **policy** shall sit in excess of any such policy.

any **claim**, liability, loss or **defence costs** arising directly or indirectly out of the infringement of any patent.

any **claim**, liability, loss or **defence costs** directly or indirectly arising out of, or in any way involving:

a) **personal injury** unless arising directly from any **claim** seeking compensatory damages for mental anguish or distress where such damages arise from **claims** covered under **insured section** -– 'Cyber, data security and multimedia cover; or

b) property damage except for cover provided by 3.1 Information and Communication Asset Rectification Costs Cover or 1.3.5 Loss of or damage to documents extension.

any **claim**, liability, loss or **defence costs**:

a) for **personal injury**, sickness, disease, death or property damage directly or indirectly caused by seepage, **pollution** or contamination; or

b) for removing nullifying or cleaning-up seeping, polluting or contaminating substances; or

c) directly or indirectly arising out of resulting from or in consequence of or in any way involving asbestos or any materials containing asbestos in whatever form or quantity; or

d) directly or indirectly arising out of electromagnetic fields, electromagnetic radiation or electromagnetism.

any **claim**, liability, loss or **defence costs** directly or indirectly arising out of, or in any way involving goods or products (being tangible property or merchandise) sold, supplied, repaired, recalled, altered, treated, manufactured, installed or maintained by the **insured** or on behalf of the **insured**.

any **claim**, liability, loss or **defence costs** arising directly or indirectly out of breach of any obligation owed by the **insured** regarding any statement or representation (express or implied) contained in the **insured's** report and accounts, reports or financial statements, or concerning the **insured's** financial viability.

any **claim**, liability, loss or **defence costs** arising from any act committed, or alleged to have been committed prior to the **retroactive date**.

any **claim**, liability, loss or **defence costs** arising out of, based upon or attributable to the return, restitution or offset of fees, expenses or costs either by service level credits or by any other means.

**QBE** shall not provide cover nor be liable to pay any **claim**, liability, loss or **defence costs** or provide any other benefit to the extent that the provision of any such cover, payment of any such **claim** or provision of any such benefit would expose **QBE** or any member of **QBE** group to any sanction, prohibition or restriction under the United Nations resolutions or the trade or economic sanctions, laws or regulations of any country.

any **claim**, liability, loss or **defence costs** arising from or alleged to have been caused by or sustained from an act committed outside the **territorial limit** and/or from any **claim** first brought in a court outside the **jurisdiction**.

any **claim**, liability, loss or **defence costs** arising directly or indirectly from:

a) the **insured's** lost profit, mark-up or liability for VAT, GST or its equivalent other than those **claims** covered under **Insured section** - Cyber business interruption cover; or

b) the **insured's** trading loss or trading liability including those arising from the loss of any client, account or business other than those **claims** covered under **Insured section** - Cyber business interruption cover; or

c) any monetary value of electronic fund transfers or transactions by or on behalf of the **insured**;

any **claim**, liability, loss or **defence costs** directly or indirectly arising under an uninsured **insured section** of this **policy**.

any **claim**, liability, loss or **defence costs** arising directly or indirectly out of the **insured's** knowing use of software in violation of software protection laws.

any **claim**, liability, loss or **defence costs** arising directly or indirectly out of the failure of an internet, telecommunications or electricity provider or other utility provider except when such services are included in **business services**.

any **claim**, liability, loss or **defence costs** arising directly or indirectly out of wear and tear of **information and communication assets**.

any **claim**, liability, loss or **defence costs** of whatsoever nature directly or indirectly caused by, resulting from or in connection with war or **terrorism** regardless of any other cause or event contributing concurrently or in any other sequence to the **claim**.

This exclusion also excludes any **claim**, liability costs, **defence costs** or expense of whatsoever nature directly or indirectly caused by, resulting from or in connection with any action taken in controlling, preventing, suppressing or in any way relating to any of the above.

The unlawful act of a **hacker** that damages **information and communication assets** of the **insured** shall not be regarded as an act of **terrorism**.

---

Except for notification relating to a **circumstance**, the due observance and fulfilment of the provisions of 'Claim notification', 'Insured's duties' and 'Claim procedure' are a condition precedent to **QBE's** liability for any **claim** under this **policy**. The 'Observance' clause sets out the consequences of a failure to comply with conditions precedent or **policy** provisions such as the said clauses.

the **insured** will give notice to **QBE** as soon as reasonably practicable of any **claim** or **circumstance**, but in any event not later than seven (7) days from receipt of any **claim** or any notice of the intention to make a **claim** with full particulars thereof, provided always that such written notice is given to **QBE** during the same **period of insurance** or (if the **insured** does not renew this insurance with **QBE**) within thirty (30) days of its expiry.

the **insured** will give notice to **QBE** and **cyber and data security representative** as soon as reasonably practicable but in any event no later than seven (7) days, after the **insured** first receives a **claim**, or any notice of the intention to make a **claim** or discovers a **data breach** provided always that such notice is given to **QBE** within the **period of insurance**.

the **insured** will give notice to **QBE** and **cyber and data security representative** as soon as reasonably practicable, but in any event not later than seven (7) days after,

a) any **claim** made under **insured section** – 'Cyber, data security and multimedia cover'; or

b) discovery of a **data breach**:

that the **insured** reasonably believes will or has resulted in:

a) damage, destruction, alteration, corruption, copying, stealing or misuse by a **hacker** to **information and communication assets**, and within the **period of insurance**; and / or

b) the total or partial interruption, degradation in service, or failure of **information and communication assets**, during the **period of insurance**.

The **insured** will provide all such information that **QBE** may reasonably require in order to substantiate the amount of loss including but not limited to those item specified in the **Insured section** – 'Cyber business interruption cover'.

the **insured** will give notice to **QBE** and **cyber and data security representative** reasonably practicable, but in any event no later than seven (7) days, after a **cyber extortion threat** provided always that such notice is given to **QBE** within the **period of insurance**.

In addition the **insured** must inform or allow **QBE** or **cyber and data security representative** to inform the appropriate law enforcement authorities of the **cyber extortion threat**.

For each and every **claim** or **circumstance** the **insured** and any person acting on behalf of the **insured** must:

not admit responsibility, make an offer or promise, nor offer payment or indemnity without the written consent of **QBE**; and

not incur any expense without the consent of **QBE** except at the **insured's** own cost; and

always act honestly, there being no right to any form of payment or indemnity under the **policy** in the event that any **claim** is made fraudulently; and

give all such information or assistance possible and forward all documents, to enable **QBE** and/or the **cyber and data security representative** to investigate, settle or resist any **claim** as **QBE** may require; and

provide such proofs and information with respect to the **claim** as may reasonably be required, together with (if demanded) a statutory declaration of the truth of the **claim** and any matters connected therewith; and

not destroy evidence, supporting information or documentation without **QBE's** prior consent; nor destroy any plant or other property relating to an occurrence, loss or suit that may give rise to a **claim** under this **policy**.

For each and every **claim** the **insured** and any person acting on behalf of the **insured** must:

send **QBE** and/or **cyber and data security representative** copies of any request, demand, order, notice, summons, legal paper and all documents relating thereto, in connection with an **insured event** as soon as practicable upon receipt by the **insured**. In addition, the **insured** must co-operate with **QBE**, **cyber and data security representative** and/or any other appointed agents of **QBE** to allow them to comply with such relevant practice directions and pre-action protocols as may be issued and approved from time to time by the head of civil justice; and

authorise **QBE** to obtain medical records or other pertinent information upon request, in the event of an **insured event** involving **personal injury**; and

prove, if it is alleged that an event is not covered or that the indemnity is otherwise limited by war or an act of **terrorism** that the said exclusion or **limit of indemnity** does not apply, it being understood and agreed that any portion of an exclusion or **limit of indemnity** being found invalid, inapplicable or unenforceable will not in any way render the remainder of the exclusion or limit invalid, inapplicable or unenforceable.

If any dispute arises between the **insured** and **QBE** as to whether a prosecution should be defended or an appeal made, such dispute will be referred to a legal counsel (or Solicitor with at least 20 years' experience in the field of insurance law) to be mutually agreed between the parties or in default of agreement to be nominated by the President of the Law Society) whose decision will be final. In the event of conflict between any person falling within the definition of **insured** separate representation will be arranged for each party.

For each and every **claim** the **insured** and any person acting on behalf of the **insured** must not waive any rights of recourse or recovery against any other person, including any **service provider**, relating to any loss, liability or **defence costs** that may give rise to a **claim** under this insurance and must assist **QBE** in all respects in exercising such rights if requested to do so by **QBE**.

The **insured** will at the request and expense of **QBE** do and concur in doing and permit to be done all such acts and things as may be necessary or reasonably required by **QBE** for the purpose of enforcing any rights and remedies or of obtaining relief or indemnity from other parties to which **QBE** will be or would become entitled or subrogated upon its paying for or the making good of any **claim** under this **policy**, whether such acts and things will be or become necessary or required before or after their indemnification by **QBE**.

In the event of any payment under this insurance, **QBE** will act in concert with all other interested persons (including the **insured**) concerned in the exercise of any rights of recovery.

The apportioning of any amounts which may be so recovered will follow the principle that any interested persons (including the **insured**) that will have paid an amount over and above any payment hereunder, will first be reimbursed up to the amount paid by them; **QBE** is then to be reimbursed out of any balance then remaining up to the amount paid hereunder; lastly, the interested persons (including the **insured**) to whom this coverage is in excess shall be entitled to claim the residue, if any.

Expenses necessary for the recovery of any such amounts will be apportioned between the interested parties concerned, in the ratio of their respective recoveries as finally settled.

**QBE** agrees that it shall not exercise any subrogation rights against an **employee** of the **insured** unless the **claim** has been brought about or contributed to by the dishonest fraudulent criminal or malicious act or omission of the **employee**.

---

All disputes arising out of or under this **policy** shall be subject to determination by any court of competent jurisdiction within the country in which this **policy** was issued according to the laws of Singapore.

No change in, or modification of, or assignment of interest under this **policy** will be effective except when made by written endorsement to this **policy** and signed by **QBE**.

The **insured** may cancel this **policy** at any time by notifying **QBE** in writing and **QBE** will provide a refund of premium for the unexpired **period of insurance** less 20 percent. If any **claim** and/or **circumstance** have been notified to **QBE** under this **policy**, then **QBE** will be entitled to the entire premium and no refund of premium will be made. If the **insured** withdraws any such **claim** and/or **circumstance** and subsequently cancels this **policy**, then **QBE** will allow a refund of the proportionate part of the premium for the unexpired **period of insurance** on the same basis as that described above.

**QBE** will not cancel this **policy** on any other ground except for non-payment of premium.

The **insured** will not disclose the terms, conditions, exclusions, or the **limit of indemnity** of this **policy** or the amount of the premium paid to any third party except to the extent that they are required to do so by law, for contractual purposes, or **QBE** consents in writing to such disclosure.

Any person who is not a party to this **policy** has no rights under the Contracts (Rights of Third Parties) Act 2001 or any other applicable law to enforce any term of this **policy**.

**QBE** may at any time pay to the **insured** in respect of any **claim**, being the subject of one **limit of indemnity**, the balance of that **limit of indemnity** and upon that payment **QBE** will relinquish conduct or control of and be under no further liability under this **policy** in connection with that **claim**, except for:

a) costs and expenses recoverable from the **insured** for all or part of the period prior to such payment; and

b) **defence costs** covered prior to such payment.

All matters in dispute between the **insured**, any other party covered by this insurance and **QBE** arising out of or in connection with the construction or formation of this insurance will be referred to a mediator to be agreed by the parties within fourteen (14) working days of a written notice served on one party by the other requesting such an agreement. If a mediator is not agreed, then either party may apply for the appointment of a mediator of their choice and each party shall share equally the costs of the mediator and the reference, conduct and any settlement of the dispute at mediation will be conducted in confidence.

The parties shall continue to perform their respective continuing obligations under this insurance, if any, while the dispute is resolved unless the nature of the dispute prevents such continued performance of those obligations.

If any such dispute is not resolved by mediation or the parties cannot agree upon the appointment of a mediator or the form that the mediation will take, the dispute will be referred by either party to arbitration in Singapore and the laws of Singapore will apply. The arbitration tribunal will consist of a single arbitrator appointed by agreement between the parties. If the parties are unable to agree within 30 days of a written request for arbitration made by either party, an arbitrator will be appointed in accordance with the Rules of the Singapore International Arbitration Centre. The arbitration will itself be conducted in accordance with the Rules of the International Arbitration Centre. The language of the arbitration shall be English.

**QBE** may hold documents relating to this insurance and any **claims** under it in electronic form and may destroy the originals. An electronic copy of any such document will be admissible in evidence to the same extent as, and carry the same weight as, the original.

This **policy**, **policy schedule**, endorsements and **proposal** will be read together as one contract.

The **insured** will give immediate, but in any event no later than seven (7) days, notice in writing to **QBE** should there be any material alteration to the risk and **QBE** will be entitled to amend the terms, exclusions and conditions of this **policy** and if **QBE** accept the alteration to risk may charge additional premium if **QBE** deem there has been an increase in risk exposure.

The information provided by or on behalf of the **insured** in connection with this insurance (whether at inception or during the **period of insurance**) shall be materially accurate and not omit material information which is known by the **insured's** board members or equivalent and/or the **insured's** risk manager or ought to have been known by them following their reasonable enquiry.

If the **insured** or anyone acting on its behalf breaches any condition contained in the 'Material inaccuracy' paragraph above (whether at inception or otherwise) by fraud or a dishonest act or omission, **QBE** may:

a) avoid this **policy** from inception; or

b) impose such terms, conditions and/or additional premium as **QBE** may in its sole discretion determine; and

any benefit which the **insured** has received under this **policy** which resulted from any such fraud or dishonest act or omission shall immediately be repaid to **QBE**. **QBE** will promptly give the **insured** written notice of any applicable additional premium, amended terms and conditions or both.

If the **insured** or anyone acting on its behalf breaches this condition (other than by fraudulent or dishonest means), **QBE** may:

a) Void this **policy** from inception; and/or

b) impose such terms and conditions (effective at inception or otherwise) as **QBE** would have imposed in the absence of such breach; and/or

c) charge such additional premium (effective at inception or otherwise) as **QBE** would have required in the absence of the breach; and

d) apply such applicable additional premium, amended terms and conditions or both to any notified **claim** or potential **claim**; and

**QBE** will promptly give the **insured** written notice of any applicable additional premium, amended terms and conditions or both.

Within fourteen (14) days of receipt of such notice, the **insured** will give **QBE** written confirmation of:

a) acceptance of and a promise to pay the applicable additional premium in accordance with the terms of trade applying to this insurance; or

b) the **insured's** acceptance of the amended terms and conditions; or

c) both as applicable.

If **QBE** can demonstrate that **QBE** would have declined to enter into this insurance at inception or to accept the proposed amendment to this insurance during the **period of insurance** on any terms, **QBE** may avoid this **policy** from inception and, if no **claims** have been paid or accepted under this **policy**, **QBE** shall promptly return to the **insured** all premiums received by **QBE** at the date of breach; and, if **QBE** has paid **claims** monies under this **policy**, the **insured** shall promptly repay all such **claim** monies to **QBE**.

The due observance and fulfilment of the provisions of this **policy** insofar as they may relate to anything to be done or complied with by the **insured**, and are not described in the **policy** as conditions precedent, will be a condition of this **policy**. Any waiver by **QBE** of any provision will not prevent **QBE** from relying on such term or condition or condition precedent in the future.

Where the context so admits or requires, words importing the singular will include the plural and vice versa and words importing the masculine will import the feminine and the neuter. References to 'a person' will be construed so as to include any individual, company, partnership, or any other legal entity. References to a statute or regulation will be construed to include all its amendments or replacements. All headings within the **policy** are included for convenience only and will not form part of this **policy**. All references to statutes shall include amendments thereof as well as re-enactments or consolidations intended to replace such statutes.

All personal information (including sensitive personal data such as health details or criminal convictions) provided in connection with this **policy** will be processed in accordance with the Personal Data Protection Act 2012 or any other applicable law governing privacy and data protection. The **insured** consents to all personal information so provided being used for the purposes and being disclosed to the parties set out below.

Where personal information is provided about another person, the **insured** is required to inform that person of the insurers' identity, and why their personal information will be processed and disclosed. The **insured** is also required to obtain their written consent to the processing of their personal information in this way and provide the **QBE** with such consent upon request.

Personal information is used:

a) to administer the **policy**, including underwriting, renewal information, validation of **claims** history and **claims** handling;

b) for research, analysis, statistic creation, and customer profiling;

c) for fraud prevention and debt recovery.

Personal information may be disclosed to:

a) other members of the **QBE** Insurance Group;

b) other insurance entities interested in the risk written under this **policy**;

c) agents and service providers appointed by **QBE** to carry out activities in connection with the **policy**;

d) credit reference and fraud databases;

e) law enforcement and other statutory bodies;

f) potential purchasers of the whole or part of the our business.

If false or inaccurate information is provided and fraud is suspected this fact will be recorded and the information will be available to other organisations that have access to the fraud databases.

Personal information may be transferred to third parties in countries outside the country of which the **insured** is domiciled which may not have the same standards of protection for personal information as the **insured's** domiciled country. **QBE** will ensure that such transfers comply with the data protection law and the personal information is kept securely and protected from unauthorised access.

**QBE** maintains protections and procedures in the storage and disclosure of personal information to keep it secure and prevent unauthorised access to or loss of such information.

**QBE** may monitor and record all communications with the **insured** for compliance and training purposes.

Should the **insured** wish to see the information held, have any queries in relation to the way such information is used or discover any inaccuracies, the **insured** should contact **QBE**.

Any person falling within the definition of the **insured** agrees that the business is their agent for the purpose of giving and receiving of any notices from **QBE** or their representatives including any notice of cancellation. The payment to the **insured** of any return premium that may be payable under this **policy** will satisfy **QBE's** obligations to return premium to the business.

Where a covered entity or **subsidiary** ceases to exist or to operate or is acquired by, consolidated with or merged into any other entity, then **QBE** agree that the coverage provided under this **policy** with respect to that entity or **subsidiary** of the **insured** will continue until the expiry date of the **period of insurance**, provided that such coverage will only apply in respect of the **insured's** liability arising out of any conduct happening prior to the effective date that such entity or **subsidiary** ceased to exist or to operate or was acquired by, consolidated with or merged into any other entity, unless otherwise agreed by **QBE** in writing.

**QBE's** obligations under this **policy** are several and not joint and are limited solely to the extent of **QBE's** individual subscriptions. **QBE** are not responsible for the subscription of any co-subscribing insurer(s) who for any reason do not satisfy all or part of its obligations.

Any premium due must be paid and received by **QBE** within sixty (60) days of the inception of this **policy**. In the event that **QBE** does not receive such payment, this **policy** will be automatically cancelled and **QBE** will be entitled to the pro-rata premium for the time for which **QBE** was on risk.

---

The following words will have the same meaning attached each time they appear in this **policy** in bold type face, whether with a capital first letter or not.

Where the context so admits or requires, words importing the singular will include the plural and vice versa and words importing the masculine will import the feminine and the neuter. References to 'a person' will be construed so as to include any individual, company, partnership, or any other legal entity. References to a statute or regulation will be construed to include all its amendments or replacements. All headings within the **policy** are included for convenience only and will not form part of this **policy**.

**Business income** means the amount of net income (net operating profit or loss, excluding profits from capital and investment gains, before tax) which would have been earned or incurred.

**Business services** mean the performance by the **insured** of those services specified in the **schedule** including but not limited to the provision of **multimedia activities**.

**Circumstance** means an incident, occurrence, dispute, fact, matter, act or omission that is likely to give rise to a **claim**.

**Claim** means:

a) the receipt by the **insured** of any written notice of demand for compensation made by a third party against the **insured**; or

b) any writ, statement of claim, claim form, summons, application or other originating legal or arbitral process, cross-claim, counterclaim or third or similar party notice served upon the **insured**; or

c) any notice of intention in writing to commence legal proceedings against the **insured**.

For the purposes of applying any **deductible** or limit hereunder, all **claims**, loss, liability, expenses and costs otherwise recoverable under this **policy** resulting from;

a) one and the same act error or omission; or

b) a series of acts errors or omissions arising out of or attributable to the same originating cause, source or event; or

c) infidelity or fraud committed by any person acting alone or by persons acting in collusion;

shall be deemed to be one **claim** regardless of the number of claimants involved.

**Computer virus** means any computer program, including but not limited to, any file virus, boot sector virus, macro virus, hostile applet, Trojan horse program, java virus, ActiveX virus or other executable program which contains instructions to initiate an event on the infected computer, causing modification of, corruption of or damage to data, memory or data media or otherwise adversely affecting the operation of any **information** and communications technology system.

**Cyber and data security representative** means the party specified as **cyber and data security representative** in the **schedule**.

**Cyber extortion expenses** mean reasonable and necessary expenses incurred by the **insured** including the value of any **ransom** paid by the **insured** for the purpose of terminating a **cyber extortion threat**.

**Cyber extortion threat** means threat from a **hacker**:

a) to damage, destroy, alter, corrupt, copy, steal or misuse **information and communication assets** including by introducing a **computer virus**, worm, logic bomb or trojan horse;

b) to cause a failure of the security protecting **information and communication assets**;

c) to attack **information and communication assets** in order to restrict or prevent access to **information and communication assets** by authorised persons or entities;

d) to divulge **information and communication assets** into the public domain which will cause commercial and financial harm;

e) to fraudulently use **information and communication assets** to cause a loss to either a third-party or the **insured**.

**Data breach** means failure by the Insured or their **service provider** to comply with any **data breach law**.

**Data breach law** means, statutes and regulations, as they currently exist and as amended and replaced from time to time, within the **jurisdiction**, associated with the confidentiality, access, control and use of **personally identifiable information**.

**Data breach notification costs** means those reasonable and necessary expenses incurred by the **insured** or which the **insured** becomes legally obliged to pay for:

a) the provision of consumer notifications to comply with **data breach law** following a **data breach** including;

i) the legal fees incurred to identify notification communication obligations and draft notification communications;

ii) the costs to draft, send and administer notification communications;

iii) the costs of call centre services to respond to enquiries and queries following a notification communication;

The **limit of indemnity** is additional to the **deductible** and **deductible** means the first amount specified in the **schedule** payable by the **insured** in respect of each and every **claim**, series of **claims** or **circumstance** as ascertained after the application of all other terms and conditions of this insurance. The **deductible** will be applied to **defence costs**, fees and expenses (unless expressly stated otherwise in the **schedule**).

**Defence cost(s)** mean all legal costs, fees and expenses incurred with the prior written and continuing consent of **QBE** (such consent not to be unreasonably withheld or unreasonably delayed or unreasonably withdrawn) in the investigation, defence, settlement or incident response of any **claim** and/or **circumstance(s)** including the management of the **insured's** response to any **circumstance(s)**, **cyber extortion threat** or **data breach** subject to the applicable **limit of indemnity**. It does not include the **insured's** own costs and expenses or any costs of the person who is making the **claim** or asserting the liability against the **insured**.

**Documents** means deeds, wills, written agreements, maps, plans, books, letters, policies, certificates, forms and documents of any nature whatsoever, whether written, printed or reproduced by any method, including computer records and electronic data material, but shall not include bearer bonds or coupons, stamps, bank or currency notes or any other negotiable instrument.

**Employee** means any person including trainees and freelance consultants acting under a contract of service with the **insured** in respect of the conduct of business by the **insured**.

**Employee** does not include any principal, shareholder, partner, director or member of the **insured** in their capacity as such.

**Hacker** means anyone who specifically targets the **insured** and gains unauthorised access to **information and communication assets** by circumventing electronically or otherwise the security system in place to protect against such unauthorised access. **Hacker** will also include anyone who threatens to specifically target the **insured** and gain unauthorised access to **information and communication assets**. **Hacker** does include **employees** but does not include any principal, shareholder, partner, director or other officer of the **insured**.

**Information and communication assets** means the **insured's** computer and telecommunication system software and hardware, including but not limited to the **insured's** email system, encrypted electronic signature, encrypted electronic certificate, website, intranet, network, internet-connected telephone system, firmware, program or any data held electronically.

**Insolvency event** in relation to the **insured** means:

a) an application being made for an administration order or the purported appointment of, or the filing at court or issue of any notice of intention to appoint, an administrator in relation to the **insured** or any of its **subsidiary** undertakings; or

b) a petition being presented, a meeting being convened or an effective resolution being passed otherwise than with the prior written consent of **QBE** as part of a solvent reconstruction or amalgamation for the winding up of the **insured** or any of its **subsidiary** undertakings; or

c) possession being taken of, or a receiver, sequestrator or similar officer being appointed in respect of, the whole or any part of the assets or undertaking of the **insured** or any of its **subsidiary** undertakings; or

d) the **insured** or any of its **subsidiary** undertakings suspending or threatening to suspend payment of its debts as they fall due or being, or unlikely to become, unable to pay its debts; or

e) the directors, partners or members of the **insured** or any of its **subsidiary** undertaking making a proposal that it enter into a voluntary arrangement or taking any steps to obtain a moratorium or is taking or being subject to any proceedings under the law for the readjustment, rescheduling or deferment of all or any of its debts, or proposing or entering into any general assignment or composition with or for the benefit of its creditors; or

f) the **insured** or any of its **subsidiary** undertakings ceasing or threatening to cease to carry on all or a substantial part of its business or operations, or selling, transferring or otherwise disposing of the whole or a substantial part of its undertaking or assets, either by a single transaction or by a number of transactions; or

g) the occurrence in respect of the **insured** or any of its **subsidiary** undertakings of any event in any jurisdiction to which it is subject having an effect similar to that of any of the events referred to in paragraphs a) to f) above.

**Insured** means the company or other organisation shown as **insured** in the **schedule** including any **subsidiary** companies of the **insured** that are in existence at the inception date of the insurance and have been declared to **QBE** until such time as they may be sold or otherwise disposed of (but not excluding any liabilities incurred prior to disposal), and:

a) partners, directors, members and **employees** of the business during the **period of insurance**;

b) former partners and/or former directors and/or former members of the business;

c) persons named as consultants or former consultants in the **proposal** in respect of the **business services** undertaken on behalf of the business;

d) retired partner, director, member or **employee** of the business remaining as a consultant to the business; and,

e) the estate, heirs and executors and/or legal/personal representatives of those parties mentioned in above in the event of their death, incapacity, insolvency or bankruptcy for legal liabilities incurred due to any act, error or omission of such deceased, incompetent or bankrupt person.

**Insured event** means:

a) failure of the **insured** to protect against unauthorised access to, unauthorised use of, a denial of service attack against, or transmission of a **computer virus** to, **information and communication assets**;

b) failure of the **insured** to protect against the unauthorised use of **information and communication assets** to attack, or transmit a **computer virus** to, a third party's computer systems; or

c) unintentional transmission of a **computer virus**; or

d) improper deep-linking, framing, web scraping, web harvesting or web data extraction; or

e) defamation or other tort related to disparagement of character, reputation or feelings of any person or organisation, including libel, slander, product disparagement, trade libel, infliction of emotional distress, malicious falsehood, outrage or outrageous conduct, breach of comparative advertising regulations, failure to attribute authorship or provide credit under any agreement to which the **insured** is a party, arising from **multimedia activities**; or

f) failure of the **insured** to properly collect, use, disclose, handle, manage, store, destroy or otherwise control **personally identifiable information** including but not limited to any form of invasion, infringement or interference with rights of privacy or publicity, including false light, public disclosure of private facts, intrusion, breach of confidence and commercial appropriation of name or likeness; or

g) failure to properly handle, manage, store, destroy or otherwise control third party corporate information in any format held by the **insured** and/or **service providers**, including that protected under a non-disclosure agreement or similar contract with the **insured**; or

h) unintentional violation by the **insured** of any government or public authority legislation or regulation regarding privacy or data protection; or

i) unintentional infringement of intellectual property rights including but not limited to copyright, design (including in respect of semiconductor topographies), title, slogan, trade secret, trademark, trade name, trade dress, service mark, service name, domain name or metatag, database rights, breach of moral rights (including failure to attribute authorship or provide credit under any agreement to which the **insured** is a party), passing off, plagiarism, piracy or misappropriation of ideas under implied contract, including a breach of a hold harmless or indemnity agreement specified in a written contract for the supply of **matter** arising from **multimedia activities**.

**Insured section** means the section(s) providing insurance cover.

**Jurisdiction** means the jurisdiction specified in the **schedule**.

a) **Limit of indemnity** means the amount specified in the **schedule** which shall be the maximum amount payable by **QBE** in respect of any one **claim** and in the aggregate inclusive of **defence costs** (unless expressly stated otherwise in the **schedule**):

i) regardless of the number of **insured** parties, persons or organisations bringing a **claim** against the **insured**; and

ii) regardless of the number of **claims** made by the **insured**.

b) Any **sub-limit of indemnity** stated in the **schedule** applies as if it was the **limit of indemnity** for the **claims** specified in the **schedule** for that **sub-limit of indemnity** and is deemed to be part of and not in addition to the **limit of indemnity** specified in the **schedule**.

**Matter** means any data, text, sounds, images or similar content disseminated, including but not limited to the content of the **insured's** email, intranet, extranet, website, bulletin board, chat room or other on-line discussion or information forum, and the marketing and advertising of the **insured's** **business services**. **Matter** will include any alteration or addition made by a **hacker**.

**Multimedia activities** mean the publishing, dissemination, releasing, gathering, transmission, production, webcasting or other distribution of **matter** by the **insured**.

**North America** means the United States of America or Canada including the territories or possessions of the United States of America and Canada.

**Parent** means a company which by itself, or in concert with other companies with the same majority ownership or control as itself:

a) controls the composition of the board of directors, of the **insured**; or

b) controls more than half the voting power of the **insured**; or

c) holds more than twenty five percent (25%) of the issued share capital of the **insured**.

**Period of insurance** means the period shown in the **schedule**, with times taken as being local to the **insured's** address as stated in the **schedule**.

**Period of reinstatement** means the period commencing from the total or partial interruption, degradation in service, or failure of **information and communication assets**, and ending either:

a) at the time when **QBE** is satisfied **information and communication assets** are repaired, restored and/or replaced to the same equivalent standard, condition, functionality, level of service and/or with the same content, or as near as reasonably possible as immediately before the total or partial interruption, degradation in service, or failure of **information and communication assets** began, or;

b) ninety (90) days thereafter;

whichever is the sooner.

**Personal injury** means:

a) physical injury, death, sickness, disease, disability, shock, fright, mental anguish, mental injury or loss of consortium;

b) the effects of false arrest, false imprisonment, wrongful eviction, wrongful detention or malicious prosecution;

c) the effects of assault and/or battery not committed by the **insured** or at the **insured's** direction unless committed for the purpose of preventing or eliminating danger to persons or property.

**Personally identifiable information** means any information from which an individual may be uniquely and reliably identified or contacted, including an individual's name, telephone number, national security number, medical or healthcare data, drivers licence number, bank or building society account number, credit card number, debit card number, access code or password that would permit access to that individuals financial account.

**Policy** means this document, the **schedule** (including any **schedules** issued in substitution) and any endorsements attaching to this document or the **schedule** that will be considered part of the legal contract and any word or expression in bold type face on any of these documents will bear the specific meaning stated in these definitions.

**Policy limit of liability** means the amount stated in the **schedule** which is the maximum amount of **QBE's** liability under any one and all **insured sections** for any one **period of insurance**.

**Pollutant** means any solid, liquid, gaseous or thermal irritant or contaminant including smoke, vapour, soot, fumes, acids, alkalis, chemicals or waste. Waste is deemed to include materials to be recycled, reconditioned or reclaimed.

**Pollution** means:

a) the actual, alleged or threatened discharge, seepage, migration, dispersal, release or escape of **pollutants** at any time; and

b) the actual, alleged or threatened discharge, seepage, migration, dispersal, release or escape of **pollutants** at any time that the **insured** or any other **insured** party test for, monitor, clean up, remove, contain, treat, detoxify, or neutralise or in any way respond to, or assess the effects of **pollutants**.

a) physical damage to or destruction of tangible property (which includes loss of property) including the resulting loss of use of the property damaged or destroyed; and

b) loss of use of tangible property which has not been physically damaged or destroyed provided such loss of use is caused by physical damage to or destruction of other tangible property during the **period of insurance**.

**Proposal** means any information supplied by or on behalf of the **insured** in written or electronic format, deemed to be a completed proposal form, application form, medical questionnaire including in each case attachments thereto and other relevant information that **QBE** may require.

**QBE** means the party specified as **QBE** in the **schedule** and any other subscribing insurers.

**Ransom** means any money, products, goods, services or property of the **insured**.

**Regulatory compensatory award** means a sum of money which the **insured** is legally obliged to pay as an award or fund for the affected individuals following a regulators monetary award to a third party. This does not include any criminal penalty or fine.

**Retroactive date** means the date (if any) stated in the **schedule**.

a) Unlimited retroactive cover – where no **retroactive date** is specified in the **schedule**, coverage under this **policy** shall be in respect of acts, errors or omissions committed or alleged to have been committed irrespective of when such acts, errors or omissions were committed or alleged to have been committed;

b) Limited retroactive cover – where a **retroactive date** is specified in the **schedule**, then coverage under this **policy** shall only be in respect of acts, errors or omissions first committed or alleged to have been first committed on or after the **retroactive date**.

**Schedule** means the document titled schedule that includes the name and address of the **insured**, the premium and other variables to this **policy** (including endorsement clauses) and is incorporated in this **policy** and accepted by the **insured**. **Schedules** may be re-issued from time to time where each successor overrides the earlier document.

**Service provider** means a business the **insured** does not own, operate, or control, but that the **insured** hires for a fee under contract to perform **business services** on behalf of the **insured**.

**Subsidiary** means any company in respect of which the **insured** or the **parent** (either directly or indirectly through one or more of its **subsidiary** companies):

a) controls the composition of the board of directors; or

b) controls more than half the voting power; or

c) holds more than half of the issued share capital.

**Territorial limit** means the territory(ies) specified in the **schedule**.

**Terrorism** means an activity that involves a violent act or the unlawful use of force or an unlawful act dangerous to human life, tangible or intangible property or infrastructure, or a threat thereof; and appears to be intended to:

a) intimidate or coerce a civilian population, or

b) disrupt any segment of the economy of a government de jure or de facto, state, or country, or

c) overthrow, influence, or affect the conduct or policy of any government de jure or de facto by intimidation or coercion, or

d) affect the conduct or policy of any government de jure or de facto by mass destruction, assassination, kidnapping or hostage-taking.

a) **Time retention** means the number of hours specified in the **schedule** under Business Interruption that must elapse before the recovery of **business income** can be considered;

b) The **time retention** shall commence from either:

i) when the total or partial interruption, degradation in service, or failure of their **information and communication assets** began; or

ii) the moment the **insured's** **business income** loss begins;

whichever is the later.

**War** means war, invasion, acts of foreign enemies, hostilities or warlike operations (whether war be declared or not), civil war, mutiny, revolution, rebellion, insurrection, uprising, military or usurped power or confiscation by order of any public authority or government de jure or de facto or martial law but not including **terrorism**.

---

The following are channels available for complaints on insurance related matters. You can contact our Complaint Unit for assistance at 03-7861 8400 or the following authorised bodies:

LEVEL 25, DATARAN KEWANGAN DARUL TAKAFUL
NO. 4, JALAN SULTAN SULAIMAN
50000 KUALA LUMPUR
TEL : 03-2272 2811
FAX : 03-2274 5752

BANK NEGARA MALAYSIA
P.O BOX 10922
50929 KUALA LUMPUR
TEL: 1-300-88-5465 (LINK)
FAX: 03-2174 1515

---

QBE Insurance (Malaysia) Berhad
No. 638, Level 6, Block B1, Leisure Commerce Square
No. 9, Jalan PJS8/9, 46150 Petaling Jaya, Selangor
Tel : +603 78618400
Visit us on the web at www.qbe.com.my