The URL can be used to link to this page

2019/20 Cyber Liability Program - Memorandum of CoverageCALIFORNIA 1 , P , I , A Providing innovative risk management solutions for our public agency partners Issued to the City of La Quinta INTEGRITY EXCELLENCE INNOVATION TEAMWORK MEMORANDUM OF OVERAGE DYBER LIABILITY ADMINISTERED BY THE CALIFORNIA JOINT POWERS INSURANCE MEMBER: La Quinta MAILING ADDRESS: 78-495 Calle Tampico La Quinta, CA 92253-2839 PROTECTION LIMITS: $1,000,000 Per Occurrence Limit of Coverage $1,000,000 Aggregate Limit of Coverage per Policy Period per Member for all categories of Coverage combined including Claims Expenses $10,000,000 Aggregate Limit of Coverage for all Members per Policy Period for all categories of Coverage combined including Claims Expenses RETENTION: $50,000 (including Claims Expenses) PROTECTION PERIOD: From July 1, 2019 at 12:01 a.m. Pacific Time until July 1, 2020 at 12:01 a.m. Pacific Time. This Memorandum is a description of the terms and conditions of the Program through which certain specified and limited self -insured risks of liability are administered by the Authority and shared by its Members. This Memorandum is not an insurance policy. As provided in Section 990.8 of the California Government Code and appellate court cases of Orange County Water District v. Association of California Water Agencies JPIA (1997) and City of South El Monte v. Southern California Joint Powers Insurance Authority (1995), the pooling of self - insured claims or losses among the Members of the Authority shall not be considered insurance nor be subject to regulation under the Insurance Code. California JPIA President MEMORANDUM COVERAGE — CYBER LIABILITY CALIFORNIA JOINT POWERS INSURANCE AUTHORITY 1. INTRODUCTION This Memorandum is a description of the terms and conditions of the Program through which certain self -insured risks of liability are administered by the Authority and shared by its Members pursuant to the Joint Powers Agreement creating the Authority under the provisions of Section 6500 et seq. of the Government Code. As provided in Section 990.8 of the Government Code, pooling of losses in this Program is not insurance. The sole duty of the Authority is to administer the Program adopted by the Members. The Authority can indemnify only Claims or losses, which are pooled under the terms of this Memorandum and the Joint Powers Agreement. There is no transfer of risk from the Member or any Protected Party to the Authority, nor assumption of risk by the Authority. The provisions of the Program are subject to and subordinated to the Joint Powers Agreement or any action taken by the Executive Committee or the Board of Directors in connection with the Program. This Program has been adopted pursuant to action taken by the Executive Committee, and is subject to any amendment, modification or extension by the Executive Committee or the Board of Directors. The terms of this Memorandum shall be construed in an evenhanded fashion in accordance with the principles of California contract law. If the language of this Memorandum is alleged to be ambiguous or unclear, the issue of how the protection should apply shall be resolved in a manner most consistent with the relevant terms of this Memorandum without regard to authorship of the language and without any presumption of arbitrary interpretation or construction in favor of either the Protected Party or the Authority. Any controversy or dispute arising out of or related to an interpretation or breach of this Memorandum shall be settled in accordance with the appeals procedures as set forth in this Memorandum. 2. PROTECTION PROVIDED Subject to all provisions of this Memorandum, the Authority will cause the Program to pay on behalf of the Protected Party all sums for which coverage is provided within the terms of the attached "Policy Form." As used in the Policy Form, the term "you" or "your" or "your organization" shall refer to the Protected Party, which is a Member of the Authority and participant in the Program. The term "we" shall refer to the Authority. 3. NON -CONCURRENT CONDITIONS Section IX — Terms and Conditions of the attached Policy Form are hereby amended as follows: Section D, "Other Insurance", Section E, "Action Against Us", Section I, "Cancellation", and Section M, "Service of Suit Clause" are deleted. They are replaced with the following: The terms of the Authority's Memorandum of Liability Coverage are incorporated here by reference as through fully set forth herein, at Section 5, Conditions and Responsibilities, Sections D "Other Protection," E "Termination or Amendment," F "Changes", I "Joint Powers Agreement", J "Appeal of Disputes", and K "Arbitration." These provisions of the Memorandum of Liability Coverage shall apply to coverage furnished under this Memorandum of Privacy Protection Coverage as well. Policy Form Notice: this policy contains one or more coverages. Certain coverages are limited to liability for claims that are first made against You and notified to Us during the Policy Period as required. Claim Expenses shall reduce the applicable limits of liability and are subject to the applicable retention(s). Terms that appear in bold face type have special meanings. See the definitions for more information. Please read this policy carefully. In consideration of the payment of the premium and reliance upon the statements made by You in the application and subject to the Limit of Liability, exclusions, conditions and other terms of this Policy, it is agreed as follows: A. Privacy liability (including employee privacy) We shall pay on Your behalf Damages and Claim Expenses that You become legally obligated to pay in excess of the applicable retention resulting from a Claim first made against You and reported to Us during the policy period or extended reporting period arising out of a Privacy Wrongful Act on or after the retroactive date and before the end of the policy period, harming any third party or employee. B Privacy Regulatory Claims coverage We shall pay on Your behalf Regulatory Fines, Consumer Redress Funds and Claim Expenses that You become legally obligated to pay in excess of the applicable retention resulting from a Regulatory Claim first made against You and reported to Us during the policy period or extended reporting period arising out of a Privacy Wrongful Act on or after the retroactive date and before the end of the policy period. C. Security Breach response coverage We shall reimburse Your Organization for Crisis Management Costs and Breach Response Costs in excess of the applicable retention that Your Organization incurs in the event of a Security Breach with respect to personal, non-public information of Your customers or employees. We will not make any payment under this Coverage unless the Security Breach first occurs on or after the retroactive date and before the end of the policy period and You first learn of the Security Breach within the policy period and report the Security Breach to Us as soon as practicable within the policy period. D. Security liability We shall pay on Your behalf Damages and Claim Expenses that You become legally obligated to pay in excess of the applicable retention resulting from a Claim first made against You and reported to Us during the policy period or extended reporting period arising out of a Security Wrongful Act on or after the retroactive date and before the end of the policy period. E. Multimedia liability We shall pay on Your behalf Damages and Claim Expenses that You become legally obligated to pay in excess of the applicable retention resulting from a Claim first made against You and reported to Us during the policy period or extended reporting period arising out of a Multimedia Wrongful Act on or after the retroactive date and before the end of the policy period. A. We shall have the right and duty to defend, subject to the applicable policy aggregate limit and applicable sublimits of liability, exclusions and other terms and conditions of this Policy, any Claim against You seeking Damages which are payable under the terms of this Policy, even if any of the allegations of the Claim are groundless, false, or fraudulent and We shall have the right to appoint defense counsel. We agree that You may settle any Claim where the Damages and Claim Expenses do not exceed 50% of the Retention, provided the entire Claim is resolved and You receive a full release from all claimants. We shall have the right to make any investigation We deem necessary, including, without limitation, any investigation with respect to the application and statements made in the application and with respect to coverage. The applicable policy aggregate limit and sublimits of liability available to pay Damages shall be reduced and may be completely exhausted by payment of Claim Expenses. Damages and Claim Expenses shall be applied against the applicable retention You pay. B. If You refuse to consent to a settlement or compromise We recommend and acceptable to the claimant and elect to contest the Claim, then: 1. Subject to the applicable limit of liability, Our liability for any Damages and Claim Expenses shall not exceed: a. the amount for which the Claim could have been settled, plus the Claim Expenses incurred prior to the date of such refusal; and b. fifty percent (50%) of the Damages and Claim Expenses in excess of the amount in a. above incurred in such Claim; provided that You bear the remaining 50% of the Damages and Claim Expenses in excess of the amount in a. above incurred in such Claim uninsured and at Your own risk; and 2. We shall have the right to withdraw from the further defense of such Claim by tendering control of the defense to You. This clause shall not apply to any settlement where the total of the proposed settlement and incurred Claim Expenses do not exceed all applicable retentions. C. We shall not be obligated to pay any Damages or Claim Expenses, or to undertake or continue defense of any Claim, after the applicable policy aggregate limit or applicable sublimits of liability has been exhausted by payment of Damages and/or Claim Expenses or after deposit of the applicable limit of liability in a court of competent jurisdiction, and that upon such payment or deposit, We shall have the right to withdraw from the further defense thereof by tendering control of said defense to You. This insurance applies to Claims made and acts, errors or omissions committed or alleged to have been committed anywhere in the world. The coverage under this Policy shall not apply to any Damages or Claim Expenses incurred with respect to any Claim, or any Crisis Management Costs, Breach Response Costs or other amounts, arising out of or resulting, directly or indirectly, from: A. Bodily injury or property damage; B. Your employment practices or any alleged or actual discrimination against any person or entity on any basis, including without limitation, race, creed, color, religion, ethnic background, national origin, age, handicap, disability, sex, sexual orientation, or pregnancy; C. The failure, malfunction or inadequacy of any satellite; any electrical or mechanical failure and/or interruption, including but not limited to electrical disturbance, spike, brownout or blackout; or any outage to gas, water, telephone, cable, telecommunications or other infrastructure, unless such infrastructure is under Your operational control; D. Fire, smoke, explosion, lightning, wind, water, flood, earthquake, volcanic eruption, tidal wave, landslide, hail, an act of God or any other physical event, however caused; E. Any alleged or actual defects in any goods, services or products sold, supplied, repaired, altered, manufactured, installed or maintained by You or by any person, persons, partnership, firm, or company acting for You or on Your behalf; F. Breach of any express, implied, actual or constructive contract, agreement, warranty, guarantee or promise, provided, however, this exclusion shall not apply to: 1. any liability or obligation You would have in the absence of such contract or agreement; 2. any breach of Your privacy statement; or 3. any indemnity by You in a written contract or agreement with Your client regarding any Privacy Wrongful Act or Security Wrongful Act by You in failing to preserve the confidentiality or privacy of personal information of customers of Your client; G. Any of the following: 1. Any presence of pollutants or contamination of any kind; 2. Any actual, alleged or threatened discharge, dispersal, release, or escape of pollutants or contamination of any kind; 3. Any direction or request to test for, monitor, clean up, remove, contain, treat, detoxify, or neutralize pollutants or in any way respond to or assess the effects of pollutants or contamination of any kind; or 4. Manufacturing, mining, use, sale, installation, removal, distribution of or exposure to asbestos, materials, or products containing asbestos, asbestos fibers or dust; 5. Ionizing radiation or contamination by radioactivity from any nuclear fuel or any nuclear waste from the combustion of nuclear fuel; 6. Actual, potential or alleged presence of mold, mildew or fungi of any kind; 7. The radioactive, toxic, or explosive or other hazardous properties of any explosive nuclear assembly or nuclear component thereof; or 8. The existence, emission or discharge of any electromagnetic field, electromagnetic radiation or electromagnetism that actually or allegedly affects the health, safety or condition of any person or the environment or that affects the value, marketability, condition or use of any property; H. Any of the following: 1. Purchase, sale, offer of or solicitation of an offer to purchase or sell securities, or alleged or actual violation of any securities law, including but not limited to the provisions of the Securities Act of 1933, or the Securities Exchange Act of 1934, as amended, the Sarbanes-Oxley Act of 2002, or any regulation promulgated under the foregoing statutes, or any federal, state, local or foreign laws similar to the foregoing statutes (including "Blue Sky" laws), whether such law is statutory, regulatory or common law; 2. Alleged or actual violation of the Organized Crime Control Act of 1970 (commonly known as "Racketeer Influenced And Corrupt Organizations Act" or "RICO"), as amended, or any regulation promulgated thereunder, or any federal, state, local or foreign law similar to the foregoing statute, whether such law is statutory, regulatory or common law; 3. Alleged or actual violation of the responsibilities, obligations or duties imposed upon fiduciaries by the Employee Retirement Income Security Act of 1974, as amended; 4. Alleged or actual anti-trust violations, restraint of trade or unfair competition, including without limitation, violations of the Sherman Act, the Clayton Act or the Robinson-Patman Act, or any other federal, state, local, or foreign laws regulating the same or similar conduct; provided, however, this exclusion HA shall not apply to a Claim for a Multimedia Wrongful Act. Any act of terrorism; strike or similar labor action, war, invasion, act of foreign enemy, hostilities or warlike operations (whether declared or not), civil war, mutiny, civil commotion assuming the proportions of or amounting to a popular rising, military rising, insurrection, rebellion, revolution, military or usurped power, or any action taken to hinder or defend against these actions; including all amounts, Damages, or Claim Expenses of whatsoever nature directly or indirectly caused by, resulting from or in connection with any action taken in controlling, preventing, suppressing, or in any way relating to the above; however, if We allege that by reason of this exclusion any Damages or Claim Expenses are not covered by this Policy, the burden of proving the contrary shall be upon You. Any of the following: 1. Any circumstance occurring, or act, error, or omission committed, prior to the inception date of this Policy, if on or before the inception date of this Policy, You knew or could reasonably have foreseen such circumstance, act, error, or omission would be the basis of a Claim; 2. Any Claim or circumstance previously notified to a prior insurer that could reasonably be expected to be the type of Claim or loss covered by this Policy; or K. Any criminal, dishonest, intentional violation of the law, unfair or deceptive business practice, fraudulent or malicious act, error or omission committed by You with actual criminal, dishonest, fraudulent or malicious purpose or intent; provided, however, this exclusion shall not apply to: 1. Claim Expenses incurred in defending any such Claim until there is a final adjudication, judgment, binding arbitration decision or conviction against You in such Claim or an admission by You establishing such conduct, or a plea of nolo contendere or no contest by You regarding such conduct, in which event You shall reimburse Us for all Claim Expenses that We have paid and We shall have no further liability for Claim Expenses from such Claim; and 2. any of You who did not personally commit or personally participate in committing or personally acquiesce in such conduct, except that the exclusion shall apply with respect to Your Organization if an admission, final adjudication, or finding in a proceeding separate or collateral to the Claim establishes that a current principal, partner, director, or officer of Your Organization in fact engaged in such conduct; L. Any Claim made by or on behalf of: 1. Any person or entity within the definition of You against any other Insured person or entity within the definition of You provided this exclusion shall not apply to an otherwise covered Claim under Coverage A made by a current or former employee of Your Organization; or Any entity which: a. Is operated, managed, or controlled by You or in which You have an ownership interest in excess of 15% or in which You are an officer or director; or b. Operates, controls, or manages Your Organization, or has an ownership interest of more than 15% in Your Organization; M. Your activities as a trustee, partner, officer, director, or employee of any employee trust, charitable organization, corporation, company or business other than Your Organization; N. Any alleged or actual infringement or violation of patent rights or misappropriation, theft, copying, display or publication of any trade secret by, or with active cooperation, participation, or assistance of, You, any of Your former employees, subsidiaries, directors, officers, partners, trustees, or any of Your successors or assignees; or O. Any trading losses or trading liabilities; the monetary value of any electronic fund transfers or transactions by or on behalf of You which is lost, diminished, or damaged during transfer from, into or between accounts; or the face value of coupons, price discounts, prizes, awards, or any other valuable consideration given in excess of the total contracted or expected amount. P. Any fine or penalty imposed by a payment card company, merchant bank or payment processor under any agreement by You to comply with or follow the Payment Card Industry Data Security Standard, as amended, or any payment card company programs, rules, bylaws, policies, procedures, regulations or requirements, or to implement, maintain or comply with security measures or standards concerning payment card data. A. Act of terrorism means: 1. any act certified an act of terrorism pursuant to the federal Terrorism Risk Insurance Act of 2002 or otherwise declared an act of terrorism by any government; 2. any act committed by any person or group of persons designated by any government as a terrorist or terrorist group or any act committed by any person or group of persons acting on behalf of or in connection with any organization designated by any government as a terrorist organization; or 3. the use of force or violence and/or the threat thereof by any person or group of persons, whether acting alone or on behalf of or in connection with any organization or government, committed for political, religious, ideological, or similar purposes, including the intention to influence any government and/or put the public, or any section of the public, in fear. B. Application means all applications, including any attachments thereto, and all other information and materials submitted by You or on Your behalf to Us in connection with the underwriting of this Policy. All such applications, attachments, information and materials are deemed attached to and incorporated into this Policy. C. Bodily Injury means injury to the body, sickness, or disease sustained by any person, and where resulting from such injuries, mental anguish, mental injury, shock, humiliation, emotional distress loss of consortium, or death. D. Breach Response Costs means the following fees, costs, charges or expenses, if reasonable and necessary, that You incur in responding to a Security Breach during the period of twelve (12) months after You first learn of such Security Breach: 1. computer forensic professional fees and expenses to determine the cause and extent of such Security Breach; 2. costs to notify customers or employees affected or reasonably believed to be affected by such Security Breach, including printing costs, publishing costs, postage expenses, call center costs or costs of notification via phone or a -mail; 3. legal fees and expenses to determine whether You are obligated under applicable Privacy Regulations to notify applicable regulatory agencies or customers or employees affected or reasonably believed to be affected by such Security Breach, effect compliance with any applicable Privacy Regulations, draft the text of privacy notifications to customers or employees affected or reasonably believed to be affected by such Security Breach, and coordinate the investigation of such Security Breach; or 4. credit monitoring expenses, but only if ordered by a court or if You provide reasonable evidence that the disclosure of personal information from such Security Breach has resulted, or is likely to result, in the unauthorized opening of a line of credit or other financial account; Provided, however, We shall have no obligation to reimburse You for such Breach Response Costs unless: (a)You provide an opinion from legal counsel that You were obligated under applicable Privacy Regulations to notify applicable regulatory agencies or customers or employees affected or reasonably believed to be affected by such Security Breach of such Security Breach; or (b)You voluntarily incur with Our prior written consent such Breach Response Costs (including credit monitoring expenses), such as in a jurisdiction where You have no obligation to notify applicable regulatory agencies or customers or employees affected or reasonably believed to be affected by such Security Breach of such Security Breach. Breach Response Costs do not include Your overhead expenses or any salaries, wages, fees, or benefits of Your employees. E. Claim means: 1. A written demand received by You for money or services, including the service of a civil suit or institution of arbitration proceedings; 2. Initiation of a civil suit against You seeking injunctive relief (meaning a temporary restraining order or a preliminary or permanent injunction); or 3. Solely with respect to Coverage B., a Regulatory Claim made against You. Multiple Claims arising from the same or a series of related or repeated acts, errors, or omissions or from any continuing acts, errors, or omissions shall be considered a single Claim for the purposes of this policy, irrespective of the number of claimants or You involved in the Claim. All such Claims shall be deemed to have been made at the time of the first such Claim was made or deemed made under Section IX.A. F. Claim Expenses means: 1. reasonable and necessary fees charged in the defense or settlement of a Claim by an attorney whom We designate or whom You designate with Our prior written consent, such consent not to be unreasonably withheld; and 2. all other legal costs and expenses resulting from the investigation, adjustment, defense and appeal of a Claim, if incurred by Us or by You with Our prior written consent; however, Claim Expenses do not include Your overhead expenses or any salaries, wages, fees, or benefits of Your employees for any time spent in cooperating in the defense or investigation of any Claim or circumstance that might lead to a Claim. G. Computer system means electronic, wireless, web or similar systems (including all hardware and software) used to process data or information in an analog, digital, electronic or wireless format, including computer programs, electronic data, operating systems, and components thereof, including but not limited to laptops, personal digital assistants, cellular phones, media storage and peripheral devices, media libraries, associated input and output devices, networking equipment, and electronic backup equipment. H. Consumer Redress Funds means any sums of money You are legally required to deposit in a fund for the payment of consumer Claims due to a settlement of, or an adverse judgment in, a Regulatory Claim. I. Credit monitoring expenses means the reasonable and necessary expense of providing free credit reports, identity theft protection services, credit monitoring services, credit freezes or fraud alerts for customers affected or reasonably believed to be affected by a Security Breach; provided, however, We shall not be obligated to reimburse You for more than one (1) year of credit monitoring services or identity theft protection services for customers who are at least eighteen (18) years old, unless there is a rule, regulation, or statutory requirement requiring otherwise. J. Crisis Management Costs means any reasonable and necessary fees and expenses You incur with Our prior written consent to employ a public relations consultant to avert or mitigate any material damage to any of Your brands due to a Newsworthy Event that has arisen due to a Security Breach or a Claim or Regulatory Claim for a Privacy Wrongful Act, regardless of whether the expenses are incurred prior or subsequent to any such Claim or Regulatory Claim being made against You. K. Damages means: 1. Solely with respect to Coverages A, D and E, a monetary judgment, award or settlement, including: a. Pre -judgment interest; b. Post -judgment interest that accrues after entry of the judgment or award and before We have paid, offered to pay or deposited in court that part of the judgment or award within the applicable limit of liability; and c. subject to this Policy's terms, conditions, and exclusions, punitive or exemplary damages (where insurable by the applicable law that most favors coverage for such damages); and 2. Solely with respect to Coverage B, Regulatory Fines and Consumer Redress Funds. Damages shall not include or mean: 1. Your future profits, restitution, or disgorgement of profits; or Your cost to comply with any order granting injunctive or non -monetary relief, including specific performance, or any agreement to provide such relief; 2. Your return or offset of fees, charges, royalties, or commissions for goods or services already provided or contracted to be provided; 3. Fines or penalties of any nature (except as covered under Coverage B); 4. Any amount You are not financially or legally obligated to pay; 5. Multiple damages; 6. Any donations or contributions to any charitable organization; or 7. Matters that may be deemed uninsurable under the law pursuant to which this Policy may be construed. L. Employee means any individual in Your Organization's service, including any part-time, seasonal, and temporary employee, who is compensated by salary, wages, fees or commissions and over whom You have the right to direct and control, but excluding any partner or director of Your Organization. M. Extended Reporting Period means the period of time after the end of the policy period for reporting Claims as provided in Section Vill. of this Policy. N. Intranet means a private computer network inside a company or organization that uses the same kinds of software found on the Internet, but only for internal use. O. Internet means the worldwide public network of computer networks which enables the transmission of electronic data between different users, commonly referred to as the internet, including a private communications network existing within a shared or public network platform. P. Malicious code means any unauthorized and corrupting or harmful computer code, including but not limited to computer viruses, spyware, Trojan horses, worms, logic bombs, and mutations of any of the proceeding. Q. Media content means data, digital code, images, graphics, sounds, text or any other similar material. R. Multimedia Wrongful Act means any of the following acts committed in the ordinary course of Your Organization's business in gathering, communicating, reproducing, publishing, disseminating, displaying, releasing, transmitting or disclosing media content via any computer system that You own or operate or is operated on Your behalf by a third party, including any web -based social media authorized or operated by Your Organization or any internet or intranet website, or via any non -electronic media: 1. defamation, libel, slander, product disparagement, trade libel, infliction of emotional distress, outrage, outrageous conduct, or other tort related to disparagement or harm to the reputation or character of any person or organization; 2. invasion of or interference with the right to privacy or publicity; 3. false arrest, detention or imprisonment or malicious prosecution; 4. infringement of any right to private occupancy, including trespass, wrongful entry, eviction or eavesdropping; 5. infringement of copyright, domain name, trade dress, title or slogan, or the dilution or infringement of trademark, service mark, service name or trade name; 6. plagiarism, piracy or misappropriation of ideas; or 7. liability regarding any media content for which You are responsible; provided always that any Multimedia Wrongful Act was committed or alleged to have been committed by You, or any person for whom or entity for which You are legally responsible, including an independent contractor or outsourcing organization. S. Newsworthy Event means an event that has been caused by a Claim or Security Breach within one of the coverages which You have purchased, that has been publicized through any media channel, including television, print media, radio or electronic networks, the internet, and/or electronic mail. T. Policy period means the period of time from the effective date to the expiration date specified in Item 2 of the Declarations, or any earlier cancellation date. U. Privacy Breach means a common law breach of confidence, infringement, or violation of any rights to privacy, including but not limited to breach of Your privacy statement, breach of a person's right of publicity, false light, intrusion upon a person's seclusion, public disclosure of a person's private information, or misappropriation of a person's picture or name for commercial gain. V. Privacy Regulations means any federal, state, local or foreign statute or regulation requiring You to limit or control the collection, use of, or access to, personally identifiable, non-public information in Your possession or under Your control, or obligating You to inform customers of the unauthorized access to or disclosure of such personally identifiable, non-public information, including the following statutes and regulations: 1. The Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), including Title II requiring protection of confidentiality and security of electronic protected health information, and as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH), any rules and regulations promulgated thereunder as they currently exist and as amended, and any related state medical privacy laws as they currently exist and as amended; 2. The Gramm -Leach -Bliley Act of 1999, also known as the Financial Services Modernization Act of 1999, including sections concerning security protection and standards for customer records maintained by financial services companies, and the rules and regulations promulgated thereunder as they currently exist and as amended; 3. Section 5(a) of the Federal Trade Commission Act, 15 U.S.C. 45(a), but solely with respect to alleged unfair or deceptive acts or practices in or affecting commerce; 4. Federal, state or local privacy protection regulations or laws, such as the California Database Protection Act of 2003 (previously called SB 1386), as they currently exist now or may be amended, associated with the control and use of, or limiting unauthorized access to, personal information, including but not limited to requirements to post privacy policies, adopt specific privacy controls, or inform customers of breaches of security that has or may impact their personal information; 5. Federal, state or local data breach regulations or laws, as they currently exist now or in the future, imposing liability for failure to take reasonable care to guard against unauthorized access to credit or debit account information that is in Your possession or under Your control; 6. Identity Theft Red Flags under the Fair and Accurate Credit Transactions Act of 2003; 7. Federal and state consumer credit reporting laws, such as the Federal Fair Credit Reporting Act (FCRA) and the California Consumer Credit Reporting Agencies Act (CCCRAA); 8. the Children's Online Privacy Protection Act of 1998;; or 9. Privacy protection regulations or laws adopted by countries outside of the United States, such as the EU Data Protection Directive and the Canadian Personal Information Protection and Electronic Documents Act, as they currently exist now or may be amended, associated with the collection, control and use of, or limiting unauthorized access to, personal information. W.Privacy Wrongful Act means any Privacy Breach or breach of Privacy Regulations committed by You or by any person or entity for which You are legally responsible, including an independent contractor or outsourcing organization. X. Property damage means physical injury to or destruction of any tangible property, including the loss thereof. Data is not considered tangible property. Y. Regulatory Claim means: 1. any formal investigation of You by an administrative or regulatory agency or similar governmental body concerning a Privacy Breach or possible breach of Privacy Regulations; or 2. any administrative adjudicative proceeding against You by an administrative or regulatory agency or similar governmental body for a breach of Privacy Regulations. Z. Regulatory Fines means fines, penalties, or sanctions awarded for a violation of any Privacy Regulation(s). AA. Retroactive date means the date specified in Item 5 of the Declarations. BB. Security Breach means: 1. the loss or disclosure of personal, non-public information of customers or employees in Your care, custody or control, including such information stored on paper or on a computer system operated by You or on Your behalf; or 2. Theft of data, unauthorized access to or unauthorized use of personal, non-public information of customers or employees in Your care, custody or control, including such information stored on paper or on a computer system operated by You or on Your behalf; that results in or may result in the compromise of the privacy or confidentiality of such personal, non-public information. More than one Security Breach arising from the same or a series of continuous, repeated or related acts, errors, or omissions shall be considered a single Security Breach, which shall be deemed to have first occurred at the time of the first such Security Breach. CC. Security Wrongful Act means any act, error, or omission committed by You or a person or entity for which You are legally responsible, including an independent contractor or outsourcing organization, in the conduct of computer systems security and the protection of the security and confidentiality of Your customer records or information, that results in: 1. The inability of a third party, who is authorized to do so, to gain access to Your computer systems; 2. The failure to prevent or hinder unauthorized access to or unauthorized use of a computer system operated by You or on Your behalf, the failure to prevent physical theft of hardware or firmware You control, the failure to prevent people or processes security failures, or the failure to prevent false communications designed to trick the user into surrendering personal information (such as "phishing", "pharming" or "vishing"), any of which results in: a. The alteration, copying, corruption, destruction or deletion of, or damage to, electronic data on a computer system operated by You or on Your behalf; b. Unauthorized disclosure of commercial, personal or private information; c. Theft of data (including identity theft); or d. Denial of service attacks against internet sites or computer systems of a third party; or 3. The failure to prevent transmission of malicious code from a computer system operated by You or on Your behalf to a third party's computer system. DD. Subsidiary means any corporation where more than 50% of the outstanding securities representing the present right to vote for the election of such corporation's directors are owned by the Named Assured directly or indirectly, if such corporation was so. owned on the inception date of this Policy; or 1. becomes so owned after the inception date of this Policy, provided the revenues of the newly acquired corporation do not exceed 15% of Your Organization's annual revenues as set forth in its most recent audited financial statement; or 2. becomes so owned after the inception date of this Policy, provided that if the revenues of the newly acquired corporation exceed 15% of Your Organization's annual revenues as set forth in its most recent audited financial statement, the provisions of Section IX. G. must be fulfilled. EE. Theft of data means the unauthorized taking, misuse or disclosure of information on computer systems, including but not limited to charge, debit, or credit information, banking, financial and investment services account information, proprietary information, and personal, private or confidential information. FF. Unauthorized access means the gaining of access to a computer system by an unauthorized person or an authorized person in an unauthorized manner. GG. Unauthorized use means the use of a computer system by an unauthorized person or persons or an authorized person in an unauthorized manner. HH. We, Us or Our means the underwriters providing this insurance. You or Your or Yours means: 1. the entity named in Item 1 of the Declarations ("Named Assured") and its subsidiaries (together "Your Organization"); 2. Any present or future director, officer, or trustee of Your Organization, but only with respect to the performance of his or her duties as such on behalf of Your Organization; 3. Any present or future employee of Your Organization but only with respect to work done while acting within the scope of his or her employment and related to the conduct of Your Organization's business; 4. In the event that the Named Assured is a partnership, limited liability partnership, or limited liability company, then any general or managing partner, principal, or owner thereof, but only while acting within the scope of his or her duties as such; 5. Any person who previously qualified as You under 2, 3, or 4 above prior to the termination of the required relationship with Your Organization, but only with respect to the performance of his or her duties as such on behalf of Your Organization; and 6. The estate, heirs, executors, administrators, assigns and legal representatives of any of You in the event of Your death, incapacity, insolvency or bankruptcy, but only to the extent that You would otherwise be provided coverage under this insurance. A. The amount indicated in Item 3.A. of the Declarations (herein the "policy aggregate limit") is the most We will pay in the aggregate under this Policy, under all coverages combined, for: 1. all Damages, including Regulatory Fines, Consumer Redress Funds and all Claim Expenses from all Claims; and 2. all Crisis Management Costs and Breach Response Costs from all Security Breaches; regardless of the number of acts, errors, or omissions, persons or entities covered by this Policy, claimants, Claims or Security Breaches, or Coverages triggered. B. When purchased as indicated in Item 3.13. of the Declarations: 1. the amount indicated as the Per Claim/Breach Sub -Limit of Liability applicable to Coverage A. is the most We will pay for all Damages and Claim Expenses from each Claim arising out of a Privacy Wrongful Act, subject to the amount indicated as the Aggregate Sub -Limit of Liability under Coverage A. for all Damages and Claim Expenses from all such Claims; 2. the amount indicated as the Per Claim/Breach Sub -Limit of Liability applicable to Coverage B. is the most We will pay for all Regulatory Fines, Consumer Redress Funds and Claim Expenses from each Regulatory Claim arising out of a Privacy Wrongful Act, subject to the amount indicated as the Aggregate Sub -Limit of Liability under Coverage B. for all Regulatory Fines and Claim Expenses from all such Claims; 3. the amount indicated as the Per Claim/Breach Sub -Limit of Liability applicable to Coverage C. is the most We will pay for all Crisis Management Costs and Breach Response Costs from each Security Breach, subject to the amount indicated as the Aggregate Sub -Limit of Liability under Coverage C. for all Crisis Management Costs and Breach Response Costs from all Security Breaches; 4. the amount indicated as the Per Claim/Breach Sub -Limit of Liability applicable to Coverage D. is the most We will pay for all Damages and Claim Expenses from each Claim arising out of a Security Wrongful Act, subject to the amount indicated as the Aggregate Sub -Limit of Liability under Coverage D for all Damages and Claim Expenses from all such Claims; and 5. the amount indicated as the Per Claim/Breach Sub -Limit of Liability applicable to Coverage E. is the most We will pay for all Damages and Claim Expenses from each Claim arising out of a Multimedia Wrongful Act, subject to the amount indicated as the Aggregate Sub -Limit of Liability under Coverage E. for all Damages and Claim Expenses from all such Claims; and such Per Claim/Breach Sub -Limits of Liability and Aggregate Sub -Limits of Liability being referred to herein as the "sublimits of liability", each of which is part of, and not in addition to the, policy aggregate limit. C. If any Claim or any single Claim is covered under more than one Coverage, the highest applicable sublimit of liability shall be the most We shall pay as to such Claim or single Claim and such Claim or single Claim shall be subject to the highest applicable retention. The retention for each Coverage is stated in Item 4 of the Declarations. The applicable retention shall be first applied to Damages, Claim Expenses, Crisis Management Costs and Breach Response Costs covered by this Policy and You shall make direct payments within the retention to appropriate other parties designated by Us. We shall be liable only for the amounts in excess of the retention, not to exceed the applicable sublimit of liability or policy aggregate limit. With respect to Coverages A, B, D and E, the retention shall be satisfied by Your payments of Damages and Claim Expenses resulting from Claims first made and reported to Us during the policy period or extended reporting period. One retention shall apply to each single Claim under such Coverages. With respect to Coverage C, the retention shall be satisfied by Your payments of Crisis Management Costs and Breach Response Costs resulting from a Security Breach that occurred during the policy period and is reported by You to Us during the policy period or extended reporting period. One retention shall apply to each single Security Breach under such Coverage. A. Basic Extended Reporting Period: In the event of cancellation or non -renewal of this Policy by You or Us, an extended reporting period of thirty (30) days immediately following such cancellation or non -renewal shall be automatically granted hereunder at no additional premium. Such extended reporting period shall cover Claims first made and reported to Us during such thirty (30) day extended reporting period but only in respect of any act, error, or omission committed prior to the date of cancellation or non -renewal, and subject to all other terms, conditions, and exclusions of this Policy. No Claim in such thirty (30) day extended reporting period shall be covered under this Policy if You are entitled to indemnity under any other insurance or would have been entitled to indemnity under such insurance but for the exhaustion thereof. B. Optional Extended Reporting Period: In the event of cancellation or non -renewal of this policy by You or Us, You shall have the right, upon payment in full and not proportionally or otherwise in part, of 100% of the annual premium shown in Item 6 of the Declarations, to have issued an endorsement providing a twelve (12) month optional extended reporting period from the cancellation or non -renewal date. 1. Such optional extended reporting period shall cover Claims made and reported to Us during this optional extended reporting period, but only in respect of any Claim arising out of any act, error, or omission committed prior to the date of cancellation or non -renewal, and subject to all other terms, conditions, and exclusions of the Policy. 2. In order for You to invoke the optional extended reporting period, the payment of additional premium as stated in this provision must be paid to Us within thirty (30) days of the non - renewal or cancellation. 3. At the commencement of the optional extended reporting period, the entire premium shall be deemed fully earned, and in the event You terminate the optional extended reporting period for whatever reason prior to its natural expiration, We will not be liable to return any premium paid for the optional extended reporting period. C. Terms and conditions of basic and optional extended reporting period 1. At renewal of this policy, Our quotation of different premium, retention or limit of indemnity or changes in policy language shall not constitute non -renewal by Us for the purposes of granting the optional extended reporting period. 2. The right to the extended reporting period shall not be available to You where We cancel or non -renew due to non-payment of premium. 3. The limit of liability for the extended reporting period shall be part of, and not in addition to, the limit of liability for the policy period. 4. All notices and premium payments with respect to the extended reporting period shall be directed to Us through the entity named in the Declarations. A. Notice of Claim or circumstance that might lead to a Claim 1. If any Claim is made against You during the policy period, then as soon as practicable after Your risk manager, general counsel, senior officer or director first becomes aware of such Claim, You must forward to Us through persons named in Item 7 of the Declarations every demand, notice, summons or other process You or Your representative receive. 2. If during the policy period, Your risk manager, general counsel or any of Your senior officers or directors first becomes aware of any act, error or omission that might reasonably give rise to a Claim, You must give written notice to Us through persons named in Item 7 of the Declarations as soon as practicable during the policy period of: a. The specific details of the act, error or omission that might reasonably give rise to a Claim; b. The possible Damages which may result or has resulted from the act, error or omission; c. The facts by which You first became aware of the act, error, or omission; and d. Any computer system security and event logs which provide evidence of the act, error or omission. Any subsequent Claim made against You arising out of such act, error or omission which is the subject of the written notice will be deemed to have been made at the time written notice complying with the above requirements was first given to Us. 3. A Claim shall be considered to be reported to Us when notice is first given to Us through persons named in Item 7 of the Declarations or when notice of a wrongful act which might reasonably give rise to a Claim is first provided in compliance with IX.A.2 above.. 4. If You report any Claim or request any payment under this Policy knowing such Claim or request to be false or fraudulent, as regards amounts or otherwise, this Policy shall become null and void and all coverage hereunder shall be forfeited. 5. Whenever coverage under this Policy would be lost because of non-compliance of Section IX.A.1. relating to the giving of notice of Claim to Us with respect to which any other of You shall be in default solely because of the failure to give such notice or concealment of such failure by one or more You responsible for the loss or damage otherwise insured hereunder, then We agree that such insurance as would otherwise be afforded under this Policy shall cover and be paid with respect to those of You who did not personally commit or personally participate in committing or personally acquiesce in such failure to give notice, provided that those of You entitled to the benefit of this provision under Section IX.A.1. have complied with such condition promptly after obtaining knowledge of the failure of any others of You to comply therewith, and any such Claim was reported during the policy period or extended reporting period, if applicable. However, such insurance as afforded by this provision shall not cover a Claim against Your Organization if a current principal, partner, director, or officer failed to give notice as required by Section IX.A.1. for a Claim against Your Organization arising from acts, errors, or omissions that were known to a current principal, partner, director, or officer. B. Assistance and cooperation You shall cooperate with Us in all investigations. You shall execute or cause to be executed all papers and render all assistance as requested by Us. Part of this assistance may require You to provide soft copies of their system security and event logs. Upon Our request, You shall assist in making settlements, in the conduct of suits and in enforcing any right of contribution or indemnity against any person or organization who may be liable to You because of acts, errors, or omissions with respect to which insurance is afforded under this Policy; and You shall attend hearings and trials and assist in securing and giving evidence and obtaining the attendance of witnesses. You shall not admit liability, make any payment, assume any obligation, incur any expense, enter into any settlement, stipulate to any judgment or award or dispose of any Claim without Our written consent, unless otherwise provided under Section II. 4. As soon as practicable after You give Us notice of any Claim, circumstance, or Security Breach, You must also give Us copies of reports, photographs, investigations, pleadings and all other papers in connection therewith, including allowing Us to question You under oath at such times as may be reasonably required regarding Your Organization's books, records, and any other matters relating to such Security Breach or Claim. 5. In the event of a Security Breach, You must take all reasonable steps to protect computer systems and personally identifiable, non-public information from further access, disclosure, loss or damage. C. Subrogation In the event of any payment under this Policy, You agree to give Us the right to any subrogation and recovery to the extent of Our payments. You agree to execute all papers required and will do everything that is reasonably necessary to secure these rights to enable Us to bring suit in Your name. You agree to fully cooperate in Our prosecution of that suit. You agree not to take any action that could impair Our right of subrogation without Our written consent whether or not You have incurred any un-reimbursed loss. Any recoveries shall be applied first to subrogation expenses, second to Damages and Claim Expenses paid by Us, and third to the Retention. Any additional amounts recovered shall be paid to You. D. Other insurance This insurance shall apply in excess of any other valid and collectible insurance available to You, including any retention or deductible portion thereof, unless such other insurance is written only as specific excess insurance over the Limit of Liability of this Policy. E. Action against Us No action shall lie against Us or Our representatives unless, as a condition precedent thereto: (1) there shall have been full compliance with all terms of this insurance; and (2) until the amount of Your obligation to pay shall have been finally determined either by judgment or award against You after trial, regulatory proceeding, arbitration or by written agreement between You, the claimant, and Us. Any person or organization or the legal representative thereof who has secured such judgment, award, or written agreement shall thereafter be entitled to make a Claim under this Policy to the extent of the insurance afforded by this Policy. No person or organization shall have the right under this Policy to join Us as a party to an action or other proceeding against You to determine Your liability, nor shall We be impleaded by You or Your legal representative. Your bankruptcy or insolvency shall not relieve Us of Our obligations hereunder. F. Entire agreement By acceptance of the policy, You agree that this Policy embodies all agreements between You and Us relating to this insurance. Notice to any agent or knowledge possessed by any agent or by any other person shall not effect a waiver or a change in any part of this Policy or stop Us from asserting any right under the terms of this Policy; nor shall the terms of this Policy be waived or changed, except by endorsement issued to form a part of this Policy signed by Us. G. New subsidiaries/changes in named assured or Your Organization 1. During the policy period, if You acquire another corporation whose annual revenues are more than fifteen percent (15%) of Your Organization's annual revenues as set forth in its most recent audited financial statements there shall be no coverage under this Policy for acts, errors, or omissions committed or allegedly committed by the newly acquired subsidiary unless You give Us written notice of the acquisition containing full details thereof, and We have agreed to add coverage for the newly acquired subsidiary upon such terms, conditions, and limitations of coverage and such additional premium as We, in Our sole discretion, may require. 2. During the policy period, if the Named Assured consolidates or merges with or is acquired by another entity, or sells substantially all of its assets to another entity, or a receiver, conservator, trustee, liquidator, or rehabilitator, or any similar official is appointed for or with respect to the Named Assured, then all coverage under this Policy shall continue to the expiration of the policy period but only for losses, acts, errors, or omissions that occurred prior to the date of such consolidation, merger or appointment. 3. Should a corporation cease to be a subsidiary after the inception date of this policy, coverage with respect to such corporation shall continue as if it was still a subsidiary until the expiration date of this policy, but only with respect to a Claim that arises out of any act, error, or omission committed such corporation prior to the date that it ceased to be a subsidiary. 4. All notices and premium payments made under this paragraph shall be directed to Us through the entity named in Item 8 of the Declarations. H. Assignment Your interest under this Policy may not be assigned to any other person or organization, whether by operation of law or otherwise, without Our written consent. If You shall die or be adjudged incompetent, such insurance shall cover Your legal representative as You as would be covered under this Policy. I. Cancellation 1. This Policy may be cancelled by You, by surrender thereof to Us or by mailing to Us through the entity named in Item 8 of the Declarations, written notice stating when the cancellation shall be effective. 2. This Policy may be cancelled by Us by mailing to You at the address shown in the Declarations written notice stating when, not less than sixty (60) days thereafter, such cancellation shall be effective. However, if We cancel this Policy because You have failed to pay a premium when due, this Policy may be cancelled by Us by mailing a written notice of cancellation to You at the address shown in the Declarations stating when, not less than ten (10) days thereafter, such cancellation shall be effective. Mailing of notice shall be sufficient proof of notice. The time of surrender or the effective date and hour of cancellation stated in the notice shall become the end of the policy period. Delivery (where permitted by law) of such written notice either by You or by Us shall be equivalent of mailing. 3. If You cancel this Policy, the earned premium shall be computed in accordance with the Lloyd's short rate table and procedure, provided that the premium shall be deemed fully earned if any Claim has been notified to Us under this Policy. In that event, We agree that the Policy will not be cancelled midterm solely on the basis of any valid Claim notified to Us. 4. If We cancel this Policy prior to any Claim or Security Breach being reported under this Policy, the earned premium shall be computed pro rata. The premium shall be deemed fully earned if any Claim or Security Breach under this Policy is reported to Us on or before the date of cancellation. 5. Premium adjustment may be made either at the time cancellation is effected or as soon as practicable after cancellation becomes effective, but payment or tender of unearned premium is not a condition of cancellation. Words and titles of paragraphs The titles of paragraphs, section, provisions, or endorsements of or to this Policy are intended solely for convenience and reference, and are not deemed in any way to limit or expand the provisions to which they relate and are not part of the Policy. Whenever the singular form of a word is used herein, the same shall include the plural when required by context. K. Named assured authorization The Named Assured first specified in Item 1. of the Declarations has the right and duty to act on Your behalf for: 1. The giving and receiving of notice of cancellation; 2. The payment of premiums, including additional premiums; 3. The receiving of any return premiums; 4. The acceptance of any endorsements added after the effective date of coverage; 5. The payment of any deductibles; 6. The receiving of any loss payments; and 7. Otherwise corresponding with Us. L. Warranty by You By acceptance of this Policy, You agree that the statements contained in the application, any application for coverage of which this Policy is a renewal, and any supplemental materials submitted therewith, are Your agreements and representations, that they shall be deemed material to the risk assumed by Us, and that this Policy is issued in reliance upon the truth thereof. The misrepresentation or non -disclosure of any matter by You or Your agent in the application, any application for coverage of which this Policy is a renewal, or any supplemental materials submitted therewith will render the Policy null and void and relieve Us from all liability under the Policy. The application and any application for coverage of which this Policy is a renewal, and any supplemental materials submitted therewith, are deemed incorporated into and made a part of this Policy. M. Service of suit clause (U.S.A.) 1. It is agreed that in the event of Our failure to pay any amount claimed to be due under this Policy, at Your request We will submit to the jurisdiction of a court of competent jurisdiction within the United States. Nothing in this clause constitutes or should be understood to constitute a waiver of Our rights to commence an action in any court of competent jurisdiction in the United States, to remove an action to a United States District Court, or seek a transfer of a case to another court as permitted by the laws of the United States or any state in the United States. It is further agreed that service of process in such suit may be made upon Our representative, designated in Item 9 of the Declarations, and that in any suit instituted against any one of Us upon this contract; We will abide by the final decision of such court or of any appellate court, in the event of an appeal. 2. Our representative designated in Item 9 of the Declarations is authorized and directed to accept service of process on Our behalf in any such suit and/or upon Your request to give a written undertaking to You that they will enter a general appearance upon Our behalf in the event such a suit shall be instituted. 3. Pursuant to any statute of any state, territory, or district of the United States which makes provision therefore, We hereby designate the Superintendent, Commissioner, or Director of Insurance or other officer specified for that purpose in the statute, or his successor in office, as Our true and lawful attorney upon whom may be served any lawful process in any action, suit, or proceeding instituted by or on behalf of You or any beneficiary hereunder arising out of this Policy, and hereby designate Our representative listed in Item 9 of the Declarations as the person to whom the said officer is authorized to mail such process or a true copy thereof. N. Choice of law Any disputes involving this Policy shall be resolved applying the law designated in Item 10. of the Declarations ADDENDUM In consideration of the payment of the premium and reliance upon the statements made by You in the Application and subject to the Limit of Liability, exclusions, conditions and other terms of this Policy, it is agreed as follows: I. COVERAGES A. Business Income Loss We shall pay the Business Income Loss that Your Organization sustains during a Period of Restoration resulting directly from a Network Disruption that commences during the Policy Period, but only if the duration of such Period of Restoration exceeds the waiting period set forth in Item 7 of the Declarations and such Network Disruption results solely and directly from a Security Compromise that commenced on or after the Retroactive Date. B. Dependent Business Income Loss We shall pay the Business Income Loss that Your Organization sustains during a Period of Restoration resulting directly from a Network Disruption sustained by a Dependent Business that commences during the Policy Period, but only if the duration of such Period of Restoration exceeds the waiting period set forth in Item 7 of the Declarations and such Network Disruption results solely and directly from a Security Compromise that would have been covered if such Dependent Business had been part of Your Organization and commenced on or after the Retroactive Date. C. Digital Asset Restoration Costs We shall reimburse Your Organization for the Restoration Costs that Your Organization incurs because of the alteration, destruction, damage or loss of Digital Assets that commences during the Policy Period resulting solely and directly from a Security Compromise, but only if such Security Compromise commenced on or after the Retroactive Date. D. Cyber-extortion Threat We shall reimburse Your Organization for the Cyber-extortion expenses and Cyber-extortion payments that Your Organizations actually pays directly resulting from a Cyber-extortion threat that Your Organization first receives and reports to Us during the Policy Period. II. TERRITORY This Policy applies to Losses anywhere in the world. III. EXCLUSIONS The coverage under this Policy does not apply to any Loss arising out of; or resulting, directly or indirectly, from: A. Any costs of updating, upgrading or remediation of Your Computer Systems or Your Digital Assets; provided, however, this exclusion shall not apply to Restoration Costs otherwise covered under Coverage C.; B. Any criminal, dishonest, fraudulent or intentional act committed by You or on Your behalf; provided, however, if the criminal, dishonest, fraudulent or intentional act is committed by any employee who is not aprincipal, partner, officer, director, trustee or manager and without the knowledge or direction of any of Your principals, partners, officers, directors, trustees or managers, then this exclusion will not apply to Your Organization; C. Any failure of: 1. Telephone lines; 2. Data transmission lines or wireless communications connection; or 3. Other telecommunications equipment, facilities or electronic infrastructure, including equipment, facilities or infrastructure that supports the operation of computer networks, including the internet, which are used to transmit or receive voice or data communications and which are not under Your direct operational control or, if applicable, not under the direct operational control of Your Service Provider; D. The failure, malfunction, or inadequacy of any satellite; any electrical or mechanical failure and/or interruption, including but not limited to electrical disturbance, spike, brownout or blackout; or any outage to gas, water, telephone, cable, telecommunications or other infrastructure, unless such infrastructure is under Your operational control; E. Fire, smoke, explosion, lightning, wind, water, flood, earthquake, volcanic eruption, tidal wave, landslide, hail, an act of God or any other physical event, however caused; F. Any seizure, confiscation, nationalization, or destruction of, or damage to or loss of use of any digital asset or Your Computer Systems by order of any governmental authority; G. Any act or circumstance occurring prior to the inception date of this Policy, if on or before such date, You knew or reasonably could have foreseen that the act or circumstance could lead to a Loss; provided, however, the knowledge of employees, other than officers, shall not be used to determine the applicability of this exclusion; H. Any of the following: 1. Any presence of pollutants or contamination of any kind; 2. Any actual, alleged or threatened discharge, dispersal, release, or escape of pollutants or contamination of any kind; 3. Any direction or request to test for, monitor, clean up, remove, contain, treat, detoxify, or neutralize pollutants or in any way respond to or assess the effects of pollutants or contamination of any kind; 4. Manufacturing, mining, use, sale, installation, removal, distribution of or exposure to asbestos, materials, or products containing asbestos, asbestos fibers or dust; 5. Ionizing radiation or contamination by radioactivity from any nuclear fuel or any nuclear waste from the combustion of nuclear fuel; 6. Actual, potential or alleged presence of mold, mildew or fungi of any kind; 7. The radioactive, toxic, or explosive or other hazardous properties of any explosive nuclear assembly or nuclear component thereof; or 8. The existence, emission or discharge of any electromagnetic field, electromagnetic radiation or electromagnetism that actually or allegedly affects the health, safety or condition- of any person or the environment or that affects the value, marketability, condition or use of any property; Any act of terrorism; strike or similar labor action, war, invasion, act of foreign enemy, hostilities or warlike operations (whether declared or not), civil war, mutiny, civil commotion assuming the proportions of or amounting to a popular rising, military rising, insurrection, rebellion, revolution, military or usurped power, or any action taken to hinder or defend against these actions; including all amounts of whatsoever nature directly or indirectly caused by, resulting from or in connection with any action taken in controlling, preventing, suppressing, or in any way relating to the above; J. Ordinary wear and tear, gradual deterioration of or failure to maintain Digital Assets or Computer Systems on which Digital Assets are processed or stored, whether owned by You or others; K. The physical loss of, damage to or destruction of tangible property, including the loss of use thereof; provided, however, "tangible property" does not include Digital Assets, but does include all computer hardware; L. Any Loss notified to a previous policy or any pending Loss or any litigation, demand, arbitration, administrative or regulatory proceeding or investigation commenced prior to the inception date of this Policy, or any other policy of which this Policy is a renewal, replacement or succeeds in time; M. Any Loss arising from any Malicious Code that was not directly and specifically targeted at Your Computer Systems. N. Any form of third party liability or other legal liability, including but not limited to, any lawsuits, claims or demands by any third party, employee, officer, director or partner;. IV. DEFINITIONS A. Act of terrorism means: 1. any act certified an act of terrorism pursuant to the federal Terrorism Risk Insurance Act of 2002 or otherwise declared an act of terrorism by any government; 2. any act committed by any person or group of persons designated by any government as a terrorist or terrorist group or any act committed by any person or group of persons acting on behalf of or in connection with any organization designated by any government as a terrorist organization; or 3. the use of force or violence and/or the threat thereof by any person or group of persons, whether acting alone or on behalf of or in connection with any organization or government, committed for political, religious, ideological, or similar purposes, including the intention to influence any government and/or put the public, or any section of the public, in fear. B.. Application means all applications, including any attachments thereto, and all other information and materials submitted by You or on Your behalf to Us in connection with the underwriting of this Policy. All such applications, attachments, information and materials are deemed attached to and incorporated into this Policy. C. Business Income Loss means: 1. Earnings Loss; and/or 2. Expenses Loss. Business Income Loss does not include: (1) any contractual penalties; (2) any costs or expenses incurred to update, upgrade, replace, restore or otherwise improve any Computer System to a level beyond that which existed prior to a Network Disruption; (3) any costs or expenses incurred to identify, remove or remediate computer program errors or vulnerabilities, or costs to update, upgrade, replace, restore, maintain or otherwise improve any Computer System; or (4) any legal costs or expenses or loss arising out liability to any third party; (5) any loss incurred as a result of unfavorable business conditions; or (6) any other consequential loss or damage. D. Computer Systems means electronic, wireless, web or similar systems (including all hardware and software) used to process data or information in an analog, digital, electronic or wireless format including computer programs, electronic data, operating systems, and components thereof, including but not limited to, laptops, personal digital assistants, media storage and peripheral devices, media libraries, associated input and output devices, networking equipment, and electronic backup equipment. Your Computer System means a Computer System, over which You have direct operational control or that is under the direct operational control of a Service Provider, used to process, maintain or store Your Digital Assets. E. Cyber-extortion threat means a credible threat or connected series of threats made by someone other than a director, trustee or partner of Your Organization: 1. to introduce Malicious Code into Your Computer System; 2. to interrupt Your Computer System or interrupt access to Your Computer System, such as through a denial of service attack; 3. to corrupt, damage or destroy Your Computer System; or 4. to disseminate, divulge, or improperly utilize any personal or confidential corporate information residing on Your Computer Systems taken as a result of a Network Disruption. F. Cyber-extortion payment means any sum paid to or at the direction of any third party that You reasonably believe to be responsible for a Cyber-extortion threat; provided that: 1. You obtain Our written consent prior to making such Cyber-extortion payment; 2. You make such Cyber-extortion payment to terminate the Cyber-extortion Threat; and 3. the Cyber-extortion payment does not exceed the amount We reasonably believe would have been incurred had such Cyber-extortion payment not been made. G. Cyber-extortion expenses means the reasonable and necessary expenses You incur with Our approval in evaluating and responding to a Cyber-extortion threat. However, Cyber-extortion expenses do not include Your overhead expenses or any salaries, wages, fees, or benefits of Your employees. H. Dependent Business means any third party, other than a Service Provider, on whom You depend for products and/or services required to conduct Your business. I. Denial of Service Attack means inability of a third party to gain access to Your Computer Systems through the Internet due to unauthorized attacks or deliberate overloading of bandwith connections and/or web servers by means of the sending of substantial quantities of repeat or irrelevant communication or data with the intent of blocking access to the Computer System by third parties J . Digital Assets means any electronic data, including personally identifiable, non-public information, or computer software over which You have direct control or for which such control has been contractually assigned by Your Organization to a Service Provider. Digital Assets do not include computer hardware of any kind. K. Earnings Loss means the difference between the revenue that Your Organization would have earned, based on reasonable projections and the variable costs that would have been incurred, but which Your Organization would have saved as a result of not earning that revenue. L. Employee means any individual in Your Organization's service, including any part-time, seasonal, or temporary employee, who is compensated by salary, wages, fees or commissions and who You have the right to direct and control, but excluding any partner or director of Your Organization. M. Expenses Loss means the additional expenses Your Organization incurred to minimize the suspension of business and to continue operations during the Period of Restoration that are over and above the cost that Your Organization reasonably and necessarily would have incurred to conduct Your business had no Network Disruption occurred. These additional expenses do not include any Restoration Costs or any actual, reasonable and necessary expenses You incur in response to a Network Disruption in order to prevent, minimize or mitigate any further damage to Your Digital Assets, minimize the duration of a Network Disruption or preserve critical evidence of any wrongdoing. N. Loss(es) means: 1. Business Income Loss; 2. Restoration Costs; and 3. Cyber-extortion payments and Cyber-extortion expenses. All Losses arising from the same or related underlying facts, circumstances, situations, transactions or events or related Security Compromises shall be deemed a single Loss. O. Malicious Code means any unauthorized and corrupting or harmful computer code, including but not limited to computer viruses, spyware, Trojan horses, worms, logic bombs, and mutations of any of the preceding. P. Network Disruption means any of the following events: 1. A detectable failure, interruption or degradation of the operation of Your Computer System; or 2. The denial, restriction or hindrance of access to or use of Your Computer System or Your Digital Assets by any party who is otherwise authorized to have access. More than one such event that results from the same or related underlying facts, circumstances, situations, transactions or Security Compromises shall be considered a single Network Disruption which commences on the date of the earliest of such events. Q. Period of Restoration means the time period from the commencement of a Network Disruption to the earlier of: 1. the date that Your Computer System is, or with reasonable diligence could have been, restored to the condition and functionality that existed immediately prior to the Network Disruption; or 2. sixty (60) consecutive days after the termination of the Network Disruption. R. Policy Period means the period of time from the effective date to the expiration date specified in Item 2 of the Declarations, or any earlier cancellation date. S. Restoration Costs means the actual, reasonable and necessary costs You incur to replace, restore, or re-create Your Digital Assets to the level or condition at which they existed prior to sustaining any Loss. If such Digital Assets cannot be replaced, restored or recreated, then Restoration Costs will be limited to the actual, reasonable and necessary costs You incur to reach this determination. Restoration Costs do not include: 1. any costs You incur to replace, restore or recreate any of Your Digital Assets that were not subject to regular network back-up procedures at the time of the Loss; 2. any costs or expenses incurred to update, upgrade, replace, restore or otherwise improve Your Digital Assets to a level beyond that which existed prior to sustaining any Loss; 3. any costs or expenses incurred to identify, remove or remediate computer program errors or vulnerabilities, or costs to update, upgrade, replace, restore, maintain or otherwise improve any Computer System; or 4. the economic or market value of any Digital Assets, including trade secrets. T. Retroactive Date means the date specified in Item 5 of the Declarations. U. Security Compromise means: 1. The unauthorized access or use of Your Computer System or Your Digital Assets; 2. The unauthorized transmission of computer code into Your Computer System that causes loss or damage to Your Digital Assets; or 3. A Denial of Service Attack on Your Computer System that causes loss or damage to Your Digital Assets. V. Service Provider means any third party that is responsible for the processing, maintenance, protection or storage of Your Digital Assets pursuant to a written contract directly with Your Organization. A Service Provider does not include any provider of telecommunications services, including internet access, to You. W. Subsidiary means any corporation where more than 50% of the outstanding securities representing the present right to vote for the election of such corporation's directors are owned by the Named Assured, directly or indirectly, if such corporation: 1. was so owned on the inception date of this Policy; 2. becomes so owned after the inception date of this Policy, provided the revenues of such corporation do not exceed 15% of Your Organization's annual revenues as set forth in its most recent audited financial statement; or 3. becomes so owned after the inception date of this Policy, provided that if the revenues of such corporation exceed 15% of Your Organization's annual revenues as set forth in its most recent audited financial statement, the provisions of Section VII.L. must be fulfilled. X. We, Us or Our means the underwriters providing this insurance. Y. You or Your or Yours means: 1. the entity named in Item 1 of the Declarations ("Named Assured' and its subsidiaries (together "Your Organization'; 2. Any present or future director, officer, or trustee of Your Organization, but only with respect to the performance of his or her duties as such on behalf of Your Organization; 3. Any present or future employee, including any temporary, part-time or leased employee, of Your Organization but only with respect to work done while acting within the scope of his or her employment and related to the conduct of Your Organization's business; 4. In the event that the Named Assured is a partnership, limited liability partnership, or limited liability company, then any general or managing partner, principal, or owner thereof, but only while acting within the scope of his or her duties as such; 5. Any person who previously qualified as You under 2., 3., or 4. above prior to the termination of the required relationship with Your Organization, but only with respect to the performance of his or her duties as such on behalf of Your Organization; 6. The estate, heirs, executors, administrators, assigns and legal representatives of any of You in the event of Your death, incapacity, insolvency or bankruptcy, but only to the extent that You would otherwise be provided coverage under this insurance; and 7. Any agent or independent contractor, including any distributor, licensee or sub -licensee, but only while acting on Your behalf, at Your direction, and under Your control. V. LIMITS OF LIABILITY A. The amount indicated in Item 3.A. of the Declarations (herein the "policy aggregate limit'l is the most We will pay in the aggregate under this Policy, under all Coverages combined, for all Losses regardless of the number of You, the number of Losses or the number of persons or entities who are affected by such Losses, or the number of Coverages triggered. B. When purchased as indicated in Item 3.6. of the Declarations: 1. the amount indicated as the Sub -Limit of Liability applicable to Coverage A. is the most We will pay for all Business Income Loss from each Security Compromise and all Security Compromises in the aggregate; 2. the amount indicated as the Sub -Limit of Liability applicable to Coverage B. is the most We will pay for all Dependent Business Income Loss from each Security Compromise and all Security Compromises in the aggregate; 3. the amount indicated as the Sub -Limit of Liability applicable to Coverage C. is the most We will pay for all Restoration Costs from each Security Compromise and all Security Compromises in the aggregate; and 4. the amount indicated as the Sub -Limit of Liability applicable to Coverage D. is the most We will pay for all Cyber-extortion payments and Cyber-extortion expenses from each Cyber-extortion threat and all Cyber-extortion threats in the aggregate; and such Sub -Limits of Liability being referred to herein as the "Sublimity of liability", each of which is part of, and not in addition to the, policy aggregate limit. C. Regarding Coverage A., the Earnings Loss Hourly Limit (Valued) stated in Item 3.C. of the Declarations is the amount we will pay for Earnings Loss per hour during the Period of Restoration. The Earnings Loss Hourly Limit (Valued) is part of, and not in addition to, the Coverage A. Sublimit of liability as stated in Item 3.6. of the Declarations. If You determine that the actual Earnings Loss exceeds the Earnings Loss Hourly Limit (Valued) during the Period of Restoration, You have the option to prove the actual amount of Your Earnings Loss. If You opt to prove the actual amount of Your Earnings Loss, the actual Earnings Loss shall be proven, at Your expense, and calculated on an hourly basis based upon Your actual loss of gross margin during the Period of Restoration. In determining the amount of gross margin covered hereunder for the purpose of ascertaining the amount of Earnings Loss sustained under Coverage A., due consideration shall be given to the experience of Your business during the Period of Restoration, and to the probable business You could have performed had no Network Disruption occurred. Earnings Loss shall be reduced to the extent You are able to, or should have been able to with the exercise of due diligence and dispatch, in whole or in part, end, reduce or limit the Period of Restoration, or conduct Your business by means other than through the use of Your Computer System or the affected portion thereof. VI. DEDUCTIBLES A. We will only pay Loss in excess of any applicable deductible amount set forth in Item 4. of the Declarations. B. With respect to Coverage A., the applicable deductible amount set forth in Item 4. of the Declarations applies once the Period of Restoration resulting from a Network Disruption has exceeded the Waiting Period in hours set forth in Item 7. of the Declarations; then the Business Income Loss applicable to the deductible amount set forth in Item 4. of the Declarations shall be computed as of the commencement of such Network Disruption. C. With respect to Coverage B., the applicable deductible amount set forth in Item 4. of the Declarations applies once the Period of Restoration resulting from a Network Disruption has exceeded the Waiting Period in hours set forth in Item 7. of the Declarations; then the Dependent Business Income Loss applicable to the deductible amount set forth in Item 4. of the Declarations shall be computed as of the commencement of such Network Disruption. D. At our sole and absolute discretion, we may pay all or part of the applicable deductible, in which case You agree to repay us immediately after we notify You of the payment. The applicable deductible shall first be applied to any Loss covered by this policy that is paid by us, or by You with our prior written consent. E. The applicable deductibles as outlined in Item 4. of the Declarations apply separately to each single Loss. VII. POLICY CONDITIONS A. Named Assured Authorization The Named Assured first specified in Item 1. of the Declarations has the right and duty to act on Your behalf for: 1. The giving and receiving of notice of cancellation; 2. The payment of premiums, including additional premiums; 3. The receiving of any return premiums; 4. The acceptance of any endorsements added after the effective date of coverage; 5. The payment of any deductibles; 6. The receiving of any Loss payments; and 7. Otherwise corresponding with us. B. Warranty by You By acceptance of this Policy, You agree that the statements contained in the Application, any Application for coverage of which this Policy is a renewal, and any supplemental materials submitted therewith, are Your agreements and representations, that they shall be deemed material to the risk assumed by Us, and that this Policy is issued in reliance upon the truth thereof. The misrepresentation or non -disclosure of any matter by You or Your agent in the Application, any Application for coverage of which this Policy is a renewal, or any supplemental materials submitted therewith, will render the Policy null and void and relieve Us from all liability under the Policy. The Application and any Application for coverage of which this Policy is a renewal, and any supplemental materials submitted therewith, are deemed incorporated into and made a part of this Policy. C. Inspections and Surveys We may choose to perform inspections or surveys of Your operations, conduct interviews and review documents as part of our underwriting, our decision whether to provide continued or modified coverage, or our processing of any Loss. If we make recommendations as a result of these inspections, You should not assume that every possible recommendation has been made or that Your implementation of a recommendation will prevent a Loss. We do not indicate by making an inspection or by providing You with a report that You are complying with or violating any laws, regulations, codes or standards. D. Changes in Operations You agree to notify us of any significant changes to Your operations and activities. If these changes in operations or activities result in a substantial change to Your exposure, then we have the right to modify the coverage provided or make adjustments to the premium or rates charged for any coverage provided hereunder. E. Standard of Security You agree to protect and maintain Your Computer System and Your Digital Assets to the level or standard at which they existed at the time of, and were represented to Us in the Application and confirmed by Us during any subsequent inspections or assessments made as a condition of the agreement by Us to provide such coverage. F. Bankruptcy Bankruptcy or insolvency of any of you shall not relieve us of our obligations under this Policy. G. Assignment Your interest under this Policy may not be assigned to any other person or organization, whether by operation of law or otherwise, without our written consent. H. Words and Titles of Paragraphs The titles of paragraphs, section, provisions, or endorsements of or to this policy are intended solely for convenience and reference, and are not deemed in any way to limit or expand the provisions to which they relate and are not part of the policy. Whenever the singular form of a word is used herein, the same shall include the plural when required by context. I. Other Insurance This insurance shall apply in excess of any other valid and collectible insurance available to You, including any retention or deductible portion thereof, unless such other insurance is written only as specific excess insurance over the policy aggregate limit as stated in Item 3.A of the Declarations. J. Waiver In the event we do not insist on strict compliance with any of the terms, provisions or conditions of coverage under this Policy, or if we do not exercise our rights or privileges thereto, our actions shall neither operate nor be construed as a waiver of our right to enforce any term, provision, or condition of coverage. K. Cancellation 1. This Policy may be cancelled by You, by surrender thereof to Us or by mailing to Us through the entity named in Item 8 of the Declarations, written notice stating when the cancellation shall be effective. This Policy may be cancelled by Us by mailing to You at the address shown in the Declarations written notice stating when not less than thirty (30) days thereafter, such cancellation shall be effective. However, if We cancel this Policy because You have failed to pay a premium when due, this Policy may be cancelled by Us by mailing a written notice of cancellation to You at the address shown in the Declarations stating when not less than ten (10) days thereafter, such cancellation shall be effective. Mailing of notice shall be sufficient proof of notice. The time of surrender or the effective date and hour of cancellation stated in the notice shall become the end of the Policy Period. Delivery (where permitted by law) of such written notice either by You or by Us shall be the equivalent of mailing. 3. If You cancel this Policy, fifteen percent (15%) of the premium shall be deemed earned upon inception of this Policy, and we shall retain the remaining earned premium computed on a customary short rate basis. 4. If We cancel this Policy, we shall retain the earned premium on a pro rata basis. 5. Premium adjustment may be made either at the time cancellation is effected or as soon as practicable after cancellation becomes effective, but payment or tender of unearned premium is not a condition of cancellation. L. New Subsidiaries/Changes in Named Assured or Your Organization During the policy period, if You acquire another corporation whose annual revenues are more than fifteen percent (15%) of Your Organization's annual revenues as set forth in its most recent audited financial statements, then for a period of ninety (90) days after the effective date of the acquisition, the newly acquired subsidiary will be included within the definition of Your Organization but only for any Security Compromise involving such subsidiary that commenced or any Cyber-extortion threat involving such subsidiary received after the effective date of the acquisition. Upon expiration of the ninety (90) day period, there shall be no coverage under this Policy for any Security Compromise or Cyber-extortion threat involving the newly acquired subsidiary unless You give Us written notice of the acquisition containing full details thereof, and We have agreed to add coverage for the newly acquired subsidiary upon such terms, conditions, and limitations of coverage and such additional premium as We, in Our sole discretion, may require. During the policy period, if the Named Assured consolidates or merges with or is acquired by another entity, or sells substantially all of its assets to another entity, or a receiver, conservator, trustee, liquidator, or rehabilitator, or any similar official is appointed for or with respect to the Named Assured, then all coverage under this Policy shall continue to the expiration of the Policy Period but only for any Security Compromise that commenced, or any Cyber-extortion threat received, prior to the date of such consolidation, merger or appointment. 3. Should a corporation cease to be a subsidiary after the inception date of this Policy, coverage with respect to such corporation shall continue as if it was still a subsidiary until the expiration date of this Policy, but only with respect to any Security Compromise involving such corporation that commenced, or any Cyber- extortion threat involving such corporation received, prior to the date that it ceased to be a subsidiary. 4. All notices and premium payments made under this paragraph shall be directed to Us through the entity named in Item 8 of the Declarations. VIII. LOSS CONDITIONS A. Notice of Loss If during the Policy Period You become aware of a Loss, then You agree to promptly notify us in writing of such a Loss (a "Loss Notification"). All Loss Notifications shall be sent to persons named in Item 8. of the Declarations. If the initial Loss Notification is sent by e-mail, then a copy shall also be sent by regular mail. We shall have no obligation to pay any Losses incurred by You, nor shall any applicable deductible amounts set forth in Item 4. of the Declarations be eroded by any Losses incurred by You before a Loss Notification is received by the persons named in Item 8. of the Declarations. B. Notice of Circumstance If during the Policy Period You become aware of a circumstance from which a Loss is reasonably anticipated, 10 and If You promptly notify us In writing (a "Notice of Circumstance's of the following: 1. the identity of each of you involved in the circumstance; 2. a detailed description of the circumstance; 3. the Loss which resulted or may result from the circumstance; 4. the manner by which You first became aware of the circumstance then any Loss reported by You arising out of such circumstance shall be deemed for the purpose of this Policy to have been made or reported on the date which the Notice of Circumstance was mailed to us. Any Notice of Circumstance shall be sent to Our Representative at the address shown in Item 8. of the Declarations. If the initial Notice of Circumstance is sent by e-mail, then a copy shall also be sent by regular mail. We shall have no obligation to pay Losses incurred by You, nor shall any applicable deductible amounts set forth in Item 4. of the Declarations be eroded by any Losses incurred by You before a Notice of Circumstance is received by the persons named in Item 8. of the Declarations. C. Duties in the Event of a Loss You must see that the following are done if You send us a Loss Notification: 1. At our request, notify the police, FBI, CERT or other applicable law enforcement authority, central reporting or investigative organization that we may designate, if it appears that a law may have been broken; 2. Immediately take all reasonable steps and measures necessary to limit or mitigate the Loss; 3. Send us copies of every demand, notice, summons, or any other applicable information You receive; 4. If requested, permit us to question You under oath at such times and places as may be reasonably required about matters relating to this insurance, including Your books and records; 5. Send us a sworn statement of Loss containing the information we request to resolve, settle or otherwise handle the Loss. We will provide You with the necessary forms; 6. Cooperate with us and counsel we may appoint in the investigation of any Loss covered by this Policy; 7. Assist us and counsel we may appoint in the investigation or settlement of Losses; 8. Assist us in protecting and enforcing any right of subrogation, contribution or indemnity against any person, organization or other entity that may be liable to You, including attending depositions, hearings and trials; and 9. Otherwise assist in securing and giving documentation and evidence, and obtaining the attendance of witnesses. D. Legal Action 1. Prerequisites to Legal Action. We and You agree that in the event of a dispute regarding a Loss under this Policy, no lawsuit will be filed against the other party unless: a. You have fully complied with all the terms and conditions of this Section D.; and b. Twenty (20) business days have elapsed from the decision on the mini -trial pursuant to Section E. below. 2. Jurisdiction We and You agree to submit to the jurisdiction of a Court of competent jurisdiction within the United States. However, this does not waive Your or our right to remove a lawsuit to a United States District Court, or to seek a transfer of a case to another Court as permitted by the laws of the United States or of any State in the United States. 3. Choice of Law Any disputes involving this Policy shall be resolved applying the law designated in Item 9. of the Declarations. 11 M. Service of Suit Clause (U.S.A.) It is agreed that in the event of our failure to pay any amount claimed to be due under this Policy, at Your request we will submit to the jurisdiction of a court of competent jurisdiction within the United States. Nothing in this clause constitutes or should be understood to constitute a waiver of our rights to commence an action in any court of competent jurisdiction in the United States, to remove an action to a United States District Court, or seek a transfer of a case to another court as permitted by the laws of the United States or any state in the United States. It is further agreed that service of process in such suit may be made upon our representative, designated in Item 8 of the Declarations, and that in any suit instituted against any one of us upon this contract; we will abide by the final decision of such court or of any appellate court, in the event of an appeal. Our representative designated in Item 8 of the Declarations is authorized and directed to accept service of process on our behalf in any such suit and/or upon your request to give a written undertaking to You that they will enter a general appearance upon our behalf in the event such a suit shall be instituted. Pursuant to any statute of any state, territory, or district of the United States which makes provision therefore, we hereby designate the Superintendent, Commissioner, or Director of Insurance or other officer specified for that purpose in the statute, or his successor in office, as our true and lawful attorney upon whom may be served any lawful process in any action, suit, or proceeding instituted by or on behalf of You or any beneficiary hereunder arising out of this Policy, and hereby designate our representative listed in Item 8 of the Declarations as the person to whom the said officer is authorized to mail such process or a true copy thereof. E. Dispute Resolution We and You agree to attempt in good faith to resolve any dispute arising out of or relating to this Policy promptly by negotiation in accordance with the following schedule: 1. If the dispute has not been resolved by negotiation within thirty (30) days of the disputing parry's notice, either party may demand that the dispute be submitted for non -binding resolution by mini -trial. 2. The parties shall have ten (10) business days to agree on a mini -trial neutral. 3. If the parties are unable to agree on a mini -trial neutral, no more than three (3) business days after the expiration of the ten (10) day period set forth in subpart 2. above, each party shall submit to the other party the name of a single proposed mini -trial neutral who is available and able to comply with the requirements set forth herein. 4. If the parties are unable to agree after such disclosure, the mini -trial neutral will be determined as follows: Your proposed mini -trial neutral will be selected if the first digit to the left of the decimal point of the Dow Jones Industrial Average's closing number two (2) business days after the expiration of the period set forth in 3. above is an even number. Our proposed mini -trial neutral will be selected if that digit is an odd number. 5. The parties must submit confidential briefs no longer than twenty-five (25) double-spaced pages, along with no more than five exhibits, to the mini -trial neutral within twenty (20) business days of the selection of the neutral. 6. The meeting with the mini -trial neutral must take place within fourteen (14) business days of the submission of the briefs set forth in 5. above. 7. The mini -trial neutral shall submit a written decision to the parties within ten (10) business days of the meeting set forth in 6. above. No person or organization will have any right under this policy to join us as a party to any action against You to determine Your liability. F. Subrogation 12 In the event of any payment under this Policy, You agree to give us the right to any subrogation and recovery to the extent of our payments. You agree to execute all papers required and will do everything that is reasonably necessary to secure these rights to enable us to bring suit in Your name. You agree to fully cooperate in our prosecution of that suit. You agree not to take any action that could impair our right of subrogation without our written consent, whether or not You have incurred any un-reimbursed Loss. 13