The URL can be used to link to this page

2022/23 Cyber Liability Program - Great American - Primary PolicyGreat American Fidelity Insurance Company , A L Need to file a Cyberclaim? We make the process easy arid stress free, At Great American, we understand that filing a clairn can be upsetting and stressfLll. That's why we want you to be able to report your claim as quickly as possible. Before reporting your claim, please have ready: Your policy number Complete and accurate information regarding the claim_ Email our claims team yber Iaim gaig. iom Call our claims canter 77- 09- 009 Once you have reported your claim, it will be acknowledged and investigated by your claims professional. Thank you for choosing Great American Insurance Group! &W un[ w mowm x &op. W E. f aum 51„ Umun k ON 4wv. ruam we u[[tle+ mftn N 6m mencm Son incurnnce Cwnpx.9 " Great kWK:An Fideftry keww"Caroift.iudti4dz4d WVOr# n iY% 34M#*4K FW DM[Amcri 1n rinKefiF" page bp an6 M rmb marks Gmal Aff"Ran' and Greei i41llEfkBn Nedenee Crd[p' alb ns¢ole€etl eenice rtcnin N GreM Anwf"n hewance C&va[[y.4D 2D19 Gw Amencan Insurance [rjnperry.Al I d� ryap�q. {7 jl � REAT iEI I AN, INSURANCE GROUP GAIG.com CybeF Risk CX * 07/19/2022 * 648977 Great American Fidelity Insurance Company CYP E859556-00 MLL- Great American eRiskHub° Portal When a cyber event occurs, time is of the essence. Having a plan in place with access to the third -party resources you need can help you efficiently and cost- effectively respond and recover. Respond and recover quickly with eRiskHub As a Great American policyholder, you have access to the eRiskHub® portal, powered by NetDiligence®. eRiskHub provides tools and resources to help you: • Understand your exposures • Establish a response plan • Minimize the effects of a breach on your organization How do I use eRiskHub? Registration is simple - go to eriskhub.com/greatamerican and enter 186488 in the Access Code field. You'll create your own username and password. Once registered, you can access tools that will help you assess risk, prepare for and/ or modify your response plan, and familiarize yourself with the service. What if I want to speak to a lawyer? Your policy includes Incident Consultation Coverage from a third -party law firm for actual or suspected privacy and network security incidents. There is no deducible or additional out of pocket expense to use this consultation and the coverage is in addition to your policy's limits of insurance. Not every suspected incident means you need to notify us. This consultation will help you decide what next steps are necessary Including whether or not you need to notify us. The Incident Consultation Hotline can be found at eriskhub.com/greatamerican. Great American Insurance Group, 301 E. Fourth St., Cincinnati, OH 45202. Great American does not endorse the companies or services listed on eRiskHub.com and NetDiligence Inc. is solely responsible for all eRiskHub.com content. Unless otherwise indicated or approved, payment for services provided by these companies is your responsibility. Coverage description is summarized. Reter to the actual policy for a full description of applicable terms, conditions, limits and exclusions. Policies are underwritten by Great American Fidelity Insurance Company and Great American Spirit Insurance Company, authorized insurers in all 50 states and DC. The Great American Insurance Group eagle logo and the word marks Great American® and Great American Insurance Group® are registered service marks of Great American Insurance Company. © 2018 Great American Insurance Company. All rights reserved. 0002-CBR (1/19) eriskhub. corn/greatamerican Tools and Breach Coaches are available 24 hours a day, seven days a week. GREATAMERICAN INSURANCE GROUP GAIG.com CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company �X Transform your company's cyber security When it comes to cyber risk, you want to do what you can to improve your It's that simple, security posture. Now, SecurityScorecard can help you do just that. It's included with the purchase of a Great American Risk e-Business Cyber Loss & Liability For more information, Insurance Policys". contact your insurance agent. What it does SecurityScorecard is a non -intrusive search on the internet for signals like open ports, malware infections and out-of-date software. This generates a score and identifies risk and opportunities for improvement. How companies are scored Your score is a benchmark that shows your security diligence compared to similar -sized companies within the same industry. It's determined by the number and severity of live issues. The more issues you resolve, the more your company's score improves. Ready to see your scorecard? Great American Insurance Group provides SecurityScorecards for all Risk e-Business policyholders. Here are some suggested steps to get started: GREATAMERICAN INSURANCE GROUP Security rating information is provided by Security Scorecard which is solely responsible for the content of the information. The information provided is intended only to assist policyholders in the management of potential loss producing conditions. Great American Insurance Company does not warrant that all potential hazards or conditions have been evaluated or can be controlled and makes no warranty of any kind regarding the accuracy of the information. It is not intended as an offer to write insurance for such conditions or exposures. The liability of Great American Insurance Company and its affiliated insurers is limited to the terms, limits and conditions of the insurance Policies underwritten by any of them. Policies are underwritten by Great American Insurance Company, Great American Alliance Insurance Company and Great American Spirit Insurance Company, authorized insurers in all 50 states and D,C. © 2020 Great American Insurance Group, 301 E. Fourth St., Cincinnati, OH 45202. All rights reserved. 001 9-CBR-1 (020) CX * 07/19/2022 * 648977 Great American Fidelity Insurance Company CYP E859556-00 CALIFORNIA SURPLUS LINES NOTIFICATION IMPORTANT NOTICE: 1. THE INSURANCE POLICY THAT YOU HAVE PURCHASED IS BEING ISSUED BY AN INSURER THAT IS NOT LICENSED BY THE STATE OF CALIFORNIA. THESE COMPANIES ARE CALLED "NONADMITTED" OR "SURPLUS LINE" INSURERS. 2. THE INSURER IS NOT SUBJECT TO THE FINANCIAL SOLVENCY REGULATION AND ENFORCEMENT THAT APPLY TO CALIFORNIA LICENSED INSURERS. 3. THE INSURER DOES NOT PARTICIPATE IN ANY OF THE INSURANCE GUARANTEE FUNDS CREATED BY CALIFORNIA LAW. THEREFORE, THESE FUNDS WILL NOT PAY YOUR CLAIMS OR PROTECT YOUR ASSETS IF THE INSURER BECOMES INSOLVENT AND IS UNABLE TO MAKE PAYMENTS AS PROMISED. 4. THE INSURER SHOULD BE LICENSED EITHER AS A FOREIGN INSURER IN ANOTHER STATE IN THE UNITED STATES OR AS A NON -UNITED STATES (ALIEN) INSURER. YOU SHOULD ASK QUESTIONS OF YOUR INSURANCE AGENT, BROKER, OR "SURPLUS LINE" BROKER OR CONTACT THE CALIFORNIA DEPARTMENT OF INSURANCE AT THE FOLLOWING TOLL -FREE TELEPHONE NUMBER: 1-800-927-4357. ASK WHETHER OR NOT THE INSURER IS LICENSED AS A FOREIGN OR NON -UNITED STATES (ALIEN) INSURER AND FOR ADDITIONAL INFORMATION ABOUT THE INSURER. YOU MAY ALSO VISIT THE NAIC'S INTERNET WEB SITE AT WWW.NAIC.ORG. THE NAIC—THE NATIONAL ASSOCIATION OF INSURANCE COMMISSIONERS —IS THE REGULATORY SUPPORT ORGANIZATION CREATED AND GOVERNED BY THE CHIEF INSURANCE REGULATORS IN THE UNITED STATES. 5. FOREIGN INSURERS SHOULD BE LICENSED BY A STATE IN THE UNITED STATES AND YOU MAY CONTACT THAT STATE'S DEPARTMENT OF INSURANCE TO OBTAIN MORE INFORMATION ABOUT THAT INSURER. YOU CAN FIND A LINK TO EACH STATE FROM THIS NAIC INTERNET WEBSITE: HTTPS://NAIC.ORG/STATE WEB MAP.HTM. 6. FOR NON -UNITED STATES (ALIEN) INSURERS, THE INSURER SHOULD BE LICENSED BY A COUNTRY OUTSIDE OF THE UNITED STATES AND SHOULD BE ON THE NAIC'S INTERNATIONAL INSURERS DEPARTMENT (IID) LISTING OF APPROVED NONADMITTED NON -UNITED STATES INSURERS. ASK YOUR AGENT, BROKER, OR "SURPLUS LINE" BROKER TO OBTAIN MORE INFORMATION ABOUT THAT INSURER. 7. CALIFORNIA MAINTAINS A LIST OF APPROVED SURPLUS LINE INSURERS. ASK YOUR AGENT OR BROKER IF THE INSURER IS ON THAT LIST, OR VIEW THAT LIST AT THE INTERNET WEB SITE OF THE CALIFORNIA DEPARTMENT OF INSURANCE: WWW.INSURANCE.CA.GOV/01-CONSUMERS/120-COMPANY/07- LASLI/LASLI.CFM. IF YOU, AS THE APPLICANT, REQUIRED THAT THE INSURANCE POLICY YOU HAVE PURCHASED BE BOUND IMMEDIATELY, EITHER BECAUSE EXISTING COVERAGE WAS GOING TO LAPSE WITHIN TWO BUSINESS DAYS OR BECAUSE YOU WERE REQUIRED TO HAVE COVERAGE WITHIN TWO BUSINESS DAYS AND YOU DID NOT RECEIVE THIS DISCLOSURE FORM AND A REQUEST FOR YOUR SIGNATURE UNTIL AFTER COVERAGE BECAME EFFECTIVE, YOU HAVE THE RIGHT TO CANCEL THIS POLICY WITHIN FIVE DAYS OF RECEIVING THIS DISCLOSURE. IF YOU CANCEL COVERAGE, THE PREMIUM WILL BE PRORATED AND ANY BROKER'S FEE CHARGED FOR THIS INSURANCE WILL BE RETURNED TO YOU. CASN-1132 (Ed. 05/20) CX * 07/19/2022 * 648977 Great American Fidelity Insurance Company CYP E859556-00 GREAT AMERICAN INSURANCE GROUP° PRIVACY NOTICE AND NOTICE OF INSURANCE INFORMATION PRACTICES Great American Insurance Company Great American Alliance Insurance Company Great American Assurance Company Great American Casualty Insurance Company Great American Contemporary Insurance Company Great American E & S Insurance Company Great American Fidelity Insurance Company Great American Insurance Company of New York Great American Lloyd's Insurance Company Great American Protection Insurance Company Great American Security Insurance Company Great American Spirit Insurance Company American Empire Surplus Lines Insurance Company American Empire Insurance Company American Empire Underwriters, Inc. Crop Managers Insurance Agency, Inc. Dempsey & Siders Agency, Inc. Eden Park Insurance Brokers, Inc. Farmers Crop Insurance Alliance, Inc. GAI Warranty Company GAI Warranty Company of Florida Great American Insurance Agency, Inc. Great American Lloyd's, Inc. Great American Professional Risk Insurance Services High Seas Insurance Agencies Premier Lease & Loan Services Insurance Agency, Inc. Premier Lease & Loan Services of Canada, Inc. Strategic Comp, L.L.C. Strategic Comp Services, L.L.C. SDM-526 (Ed. 10/13) (Page 1 of 3) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company The members of Great American Insurance Group ("Great American," including those companies listed in this Notice) respect your right to privacy. We want you to know about our procedures for protecting your privacy and your rights and responsibilities regarding nonpublic personal information (referred to as "data" in this notice) we receive about you. We want you to understand how we gather data about you and how we protect it. The terms of this Notice apply to those individuals who inquire about or obtain insurance from Great American primarily for personal, family or household purposes. We will provide our customers with a copy of the most recent notice of our privacy policy at least annually and more often if we make any changes affecting their rights under our privacy policy. This Notice applies to current and former customers of Great American. Great American does not share your data except as allowed by law. As a result, you do not need to take any action under this Notice. If we change our practices in the future, we will advise you. If applicable, we will allow you to 'opt -out" of certain sharing. 1. What kind of data is collected about you? We get most of our data about you directly from you, such as your name, address, social security number, income level and certain other financial data. We collect data that you provide during the insurance application process and by other contact with you by mail and over the phone. In some cases we may need additional data or may need to verify data you have given us. In those cases, we may obtain data from outside sources at our own expense. For instance, we may collect data from consumer reporting agencies such as credit worthiness and history or employment history. If you send a written request to the address below, we will inform you of the name and address of any agency we have used to prepare a report on you so that you can contact the agency. Once you become our customer, we may collect data related to our experiences and transactions with you. This could include data such as insurance policy coverage, premiums and payment history, and any claims you make under your insurance policy. For example, we will retain data collected by a claims representative and police or fire reports. We may also collect data about you from our affiliates regarding their transactions and experiences with you (such as your payment or claims history). We do not currently share other credit -related data, except as allowed or required by law. Finally, we may collect data when you visit our website or when you email us. We do not sell this or any other data about you to anyone. 2. What do we do with data about you? Data about you will be kept in our records. We may disclose data to issue and service policies and settle claims. Generally, we will not disclose data about you to any outside group without your prior authorization. However, we may, as allowed by law, share data that we collect as set forth below. We may disclose data to your insurance agent. We may disclose data to persons who represent you, including your attorney or trustee. We may disclose data to adjusters, appraisers, auditors, investigators and attorneys. We may disclose data to those who need the data to perform a business, professional or insurance function for us. We may disclose data to other insurance companies, agents or consumer reporting agencies, in connection with any insurance application, policy or claim involving you. SDM-526 (Ed. 10/13) (Page 2 of 3) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company We may disclose data to medical providers to inform you of a medical condition of which you may not be aware and for claims payment purposes. We may disclose data to others that conduct research, provided that no individual data may be identified in any research study report. We may disclose data, other than health data, to others that perform marketing services on our behalf. We may disclose data to our affiliated companies to market products to you and for other purposes. The law does not allow you to restrict this sharing. We may disclose data to a court, state insurance department or other government agency pursuant to a summons, court order, search warrant, subpoena, or as otherwise required by law or regulation. We will only disclose your health data in the following ways: as allowed or required by law; with your written consent; to underwrite or administer your policy, claim or account; or in a manner as previously disclosed to you by us when we collect your health data. When we disclose your data to third parties for certain purposes described above, we will require them to use your data only for its intended purpose. 3. Who has access to your data? The only people who have access to your data are those who need it to provide or support the provision of products or services to you. We use a system of passwords and other appropriate physical, electronic and procedural safeguards to protect against unauthorized access to your data. We have educated our employees about this Notice and the importance of customer privacy. 4. How can you review recorded data about you? You have the right to access and inspect most of the data that we collect about you. To access your data please send a written request to the address below stating that you would like to access your data. Either you or your personal representative must sign this request and provide a copy of your driver's license or other valid photo identification. You also have the right to request that we correct any data that you believe is incorrect. To amend your data, please send us a written request, at the address below, stating what data you believe needs correcting. Once again, either you or your personal representative must sign this request. If you submit a request to amend your data, we will investigate. If we agree, we will correct our records. Even if we do not correct the data, you have the right to file with us a written statement of dispute, which we will include, in any future disclosure of the data. If you have any questions about our privacy policy, please write to us at: GREAT AMERICAN INSURANCE COMPANY 301 E 4th Street Cincinnati, Ohio 45202-4201 Attn: Compliance Office - Privacy SDM-526 (Ed. 10/13) (Page 3 of 3) CX * 07/19/2022 * 648977 Great American Fidelity Insurance Company CYP E859556-00 IMPORTANT INFORMATION TO POLICYHOLDERS CALIFORNIA TO OBTAIN INFORMATION OR TO MAKE A COMPLAINT In the event you need to contact someone about this Policy for any reason please contact your agent. If you have additional questions, you may contact the insurance company issuing this Policy at the following address and telephone number: Great American Insurance Group Administrative Offices 301 East 4th Street Cincinnati, OH 45202 Or you may call the toll -free telephone number for information or to make a complaint at: 1 - 800 - 972 — 3008 If you have a problem with your insurance company, its agent or representative that has not been resolved to your satisfaction, please call or write to the Department of Insurance. California Department of Insurance Consumer Services Division 300 South Spring Street, South Tower Los Angeles, California 90013 1 - 800 - 927 - 4357 213 - 897 - 8921 (if calling from within the Los Angeles area) 1 - 800 - 482 - 4833 (TDD Number) Written correspondence is preferable so that a record of your inquiry can be maintained. When contacting your agent, company or the Bureau of Insurance, have your Policy Number available. ATTACH THIS NOTICE TO YOUR POLICY This notice is for information only and does not become a part or condition of the attached document. SDM-705 (Ed. 11/08) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company IL 72 68 (Ed. 09/09) In Witness Clause In Witness Whereof, we have caused this Policy to be executed and attested, and, if required by state law, this Policy shall not be valid unless countersigned by our authorized representative. - - -I- � �--- -j k rt --- PRESIDENT �i� SECRETARY © Great American Insurance Co., 2009 IL 72 68 (Ed. 09/09) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company IL 73 24 (Ed. 08/12) THIS ENDORSEMENT CHANGES YOUR POLICY. PLEASE READ IT CAREFULLY. ECONOMIC AND TRADE SANCTIONS CLAUSE This insurance does not apply to the extent that trade or economic sanctions or other laws or regulations prohibit us from providing insurance. IL 73 24 (Ed. 08/12) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company IL 88 02 (Ed. 11/85) GENERAL ENDORSEMENT Schuedule of Participating Members Item 1. Named Insured on IL8805 (Ed. 11/85), Declarations for Risk e-Business Cyber Loss and Liability Insurance Policy is amended to include the CALIFORNIA JOINT POWERS INSURANCE AUTHORITY AND ITS PARTICIPATING MEMBERS. SCHEDULE OF PARTICIPATING MEMBERS: Agoura Hills and Calabasas Community Center Area E Disaster Management Big Bear City Community Services District Big Bear Fire Authority Black Gold Cooperative Library System California Joint Powers Insurance Authority City of Agoura Hills City of Alhambra City of Aliso Viejo City of Arroyo Grande City of Artesia City of Atascadero City of Azusa City of Bell Gardens City of Bellflower City of Big Bear Lake City of Bishop City of Bradbury City of Brawley IL 88 02 (Ed. 11/85) Page 1 of 10 CX * 07/19/2022 * 648977 Great American Fidelity Insurance Company CYP E859556-00 City of Buellton City of Calabasas City of Camarillo City of Carpinteria City of Cerritos City of Chino Hills City of Claremont City of Commerce City of Dana Point City of Diamond Bar City of Duarte City of El Centro City of Fillmore City of Goleta City of Grand Terrace City of Grover Beach City of Guadalupe City of Hawaiian Gardens City of Hemet City of Hidden Hills City of Imperial City of Indian Wells City of Indio City of Irwindale City of La Canada Flintridge City of La Habra Heights City of La Mirada City of La Palma IL 88 02 (Ed. 11/85) Page 2 of 10 CX * 07/19/2022 * 648977 Great American Fidelity Insurance Company CYP E859556-00 City of La Puente City of La Quinta City of La Verne City of Laguna Niguel City of Laguna Woods City of Lake Elsinore City of Lake Forest City of Lakewood City of Lawndale City of Lemon Grove City of Loma Linda City of Lomita City of Malibu City of Mission Viejo City of Monrovia City of Moorpark City of Morro Bay City of Needles City of Norwalk City of Ojai City of Pacific Grove City of Palm Desert City of Palos Verdes Estates City of Paramount City of Paso Robles City of Pismo Beach City of Port Hueneme City of Poway IL 88 02 (Ed. 11/85) Page 3 of 10 CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company City of Rancho Palos Verdes City of Rolling Hills City of Rolling Hills Estates City of Rosemead City of San Clemente City of San Dimas City of San Gabriel City of San Juan Capistrano City of San Luis Obispo City of San Marcos City of San Marino City of Santa Clarita City of Santa Fe Springs City of Santa Paula City of Seal Beach City of Seaside City of Signal Hill City of Solvang City of South El Monte City of Stanton City of Temple City City of Villa Park City of Vista City of Walnut City of West Covina City of West Hollywood City of Westlake Village Coachella Valley Association of Governments IL 88 02 (Ed. 11/85) Page 4 of 10 CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company Coachella Valley Conservation Commission Coastal Animal Services Authority Desert Recreation District Eastern Sierra Transportation Authority Gateway Cities Council of Governments LA I M PACT LA-RICS Midpeninsula Regional Open Space District Monterey Peninsula Regional Park District Mountain Area Regional Transit Authority Orange County Council of Governments Palos Verdes Peninsula Transit Authority Pomona Valley Transportation Authority Rossmoor Community Services District Seaside County Sanitation District Southeast Area Animal Control Authority Southern California Association of Governments Town of Apple Valley Town of Mammoth Lakes Ventura Port District West Cities Police Communications Center IL 88 02 (Ed. 11/85) Page 5 of 10 CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company GENERALENDORSEMENT DECLARATIONS FOR RISK E-BUSINESS CYBER LOSS & LIABILITY INSURANCE POLICY FOR RISK E-BUSINESS CYBER LOSS AND LIABILITY INSURANCE POLICY Insurance is afforded by the company indicated below: (Each a capital stock corporation) Great American Fidelity Insurance Company Policy Number: CYP E859556-00 Policy Form Number: CY4000 -------------------------------------- --------------------------------------------------- ----------------------------------- T------------------------------'--------------------------------------- i -- Item 1. Named Insured: I --- California Joint Powers Insurance Authority --1------------------------ A- -------------------------- ------------------------------------------------------------ r-------------- -------------------7--------- 4 � Mailing Address: � 8081 Moody St ! La Palma, CA I ! ! 90623 -----------------------1------ ------------------------------- --------------� r--------- i------------------------------ ---------- T------------------ i-------------4 Item 2. Policy Period: 12:01AM on 07/01/2022 Expiration 7/01/2023 -- Date: Date: r---------------------}-----------------------------------------y 1 (Month, (Month, Day, Day, Year) Year) r---- --1-------------1---------- ------L------------------------ (Both dates at 12:01 a.m. Standard Time at the address as stated in Item 1.) r------------------------------------------------------------------------------------------------------� L--------------------------------------------------------------------------------------------------------i Item 3. Limit(s) of Insurance for each Policy Period_ ---------------------------------------------------------------4 r--------------------------------- T--------------------------------------------------------------------- i L a _ __ Member L----------------°-- ' --- p------------------------------� � 1 000 000 ____ for all Expense Per _ �____ , -------- --------------- ------------------------------ (b) $1,000,000 for all Liability Expense Per Member --------- ------------------------ t------------------------------:--------------------------------------� (c) $1,000,000 Per Member Aggregate Limit of Insurance (d) $5,000,000 Insurance Pool Policy Aggregate Limit of Insurance ~ Item 4. Deductible: $250,000 Each PrivacyIncident, Network Security Incident, or Media Incident -i y ent EXCEPT for the City of Azusa Deductible: $500,000 Each Privacy Incident, Network Security Incident, or Media Incident for the City of Azusa IL 88 02 (Ed. 11/85) Page 6 of 10 CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company Item 5. Waiting Period: 24 hours applicable to Business Interruption Loss Item 6. Premium: Taxes/Surcharges: --------------------- Installment Charge: Item 7. Endorsements Attached: _ Date Added* or 1 Date Form and Edition i ST Deleted Form Description ---------- ---- ------------------- ----------------- ---------------- r IL7268 _ I___ 09/09 _ ____CA _____ IN WITNESS CLAUSE _ IL7324 _i 07/21 _t CA -� -- i ECONOMIC AND TRADE SANCTIONS 1 1 CLAUSE ----------------- ---- ------- ------------------------- SDM526 10/13 i CA i i GREAT AMERICAN INSURANCE GROUP PRIVACY NOTICE AND NOTICE OF INSURANCE INFORMATION PRACTICES -------FORM --- 0002- � 01/19 - CA � � ERISK HUB INFORMATION ---- FOR--- --------- CBR POLICYHOLDERS L---------------- --------------}------------ --------------- ------------------------------------------- 0002- 01/19 CA ERISK HUB INFORMATION CBR-1 -------------------------1------}--------------------------- ------------------- --------' ------ 0009- i 01/9 i CA i i CYBER RISK DIVISION - CLAIMS CBR ' --- 001-----------------------}---------------------------+----------------------- � ; 0019- I 04/20 � CA � 1 CLIENT FLIER CBR-1 ------i--------------}--------------------------- ------------------------------ ----------- CY1005 01/19 CA CALIFORNIA CHANGES CANCELLATION AND NONRENEWAL -------------------------------- SDM705 10/13 CA IMPORTANT INFORMATION TO ' POLICYHOLDERS CALIFORNIA TO OBTAIN INFORMATION TO MAKE A COMPLAINT ------------4--------------r----------- r----------------F------------- ----- CY4000 I 01/19 I CA I RISK E-BUSINESS CYBER LOSS & LIABILITY INSURANCE POLICY IL 88 02 (Ed. 11/85) Page 7 of 10 CX * 07/19/2022 * 648977 Great American Fidelity Insurance Company CYP E859556-00 ------------------------------------------------------------------------------------ ----- IL8802 11/85 CA DECLARATIONS FOR RISK E- BUSINESS CYBER LOSS & LIABILITY ____ _______________ i ____INSURANCE POLICY ir---------------- ----- CY2006 ? 01/19 i CA i DELETION OF COVERAGE FOR CYBER CRIME LOSS -------------- --------------------- --- -- -- -------------- - - CY7001 01/19 CA TERRORISM COVERAGE ENDORSEMENT CAP ON LOSS FROM CERTIFIED ACTS ir-------- --- ------ ------T------------r---------------+---- CY7002 01/1-9 CA DISCLOSURE PURSUANT TO -------------------------------------- -- TERRORISM RISK INSURANCE ACT---- CASN- 05/20 CA CALIFORNIA SURPLUS LINES D2 NOTIFICATION ir-------------------------------}--------------------------- ----------------------------------- ---- CY0002 01/19 CA SERVICE OF PROCESS ' ENDORSEMENT r---------------------- •---}------------ --------------- -------------------- CY3005 01/19 CA LOSS OF INCOME DUE TO NEGATIVE ______'_ ' _ ' _ ' _ PUBLICITY - $1,000,000 ' L---------- ------------------------------------ -------------------------------------- IL8802 i 11/85 i CA i i GENERAL ENDORSEMENT - CALIFORNIA JOINT POWERS INSURANCE AUTHROITY CYBER ____ ENDORSEMENT --------------------t------------h------------------------------------- ---- IL8802 ; 11/85 CA GENERAL ENDORSEMENT - CALIFORNIA JOINT POWERS INSURANCE AUTHORITY — LIST OF CURRENT MEMBERS r------}---------------------------- -- ---- CY0006 01/19 CA AMENDMENT TO SECTION II SUPPLEMENTAL COVERAGES --------------r --------------- ------------------------ ------ CY8003 02/22 CA RANSOMWARE EVENT COVERAGE - $1,000,000 ----------------------------------------------------- Item 8. All Notice to Insurer pursuant to Section V.C. of this Policy shall be emailed to: CyberClaim@gaig.com OR mailed to: _ ____ Corporate Claims ATTN: Cyber Risk Division 301 E. Fourth St., 19th Floor ' Cincinnati OH 45202 ' L-----------'--------------------------------------------------------� �--- Lna==nnna_ �na==nnna==nnna==nnna==nnna==nnna==nnna==nnna==nnna==nnna==nnna==nnna==nnna==nnna==nnna=_ �------� IL 88 02 (Ed. 11/85) Page 8 of 10 CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company r--------- ----;------i Item 9. All Incident Consultation pursuant to Section ILA Hotline Help shall be directed to the following hotline: I r---------- ----� I I1 __________ _-____� 1 877_209_2009 Ir---------------------------------------------- ------------------------------------------------------ i I I I I I I I I 1 These Declarations along with the completed and signed Application and Policy Form shall constitute the entire contract between the Insureds and the Insurer. -_____-____ THIS IS A CLAIMS MADE POLICY. PLEASE READ IT CAREFULLY. ---------------------------------------------------------------------------------------------------- IL 88 02 (Ed. 11/85) Page 9 of 10 CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company GENERALENDORSEMENT CALIFORNIA JOINT POWERS INSURANCE AUTHROITY CYBER ENDORSEMENT THIS ENDORSEMENT MODIFIES INSURANCE PROVIDED UNDER THE FOLLOWING: SECTION V. TERMS AND CONDITIONS (A. LIMIT OF LIABILITY AND DEDUCTIBLE) ARE DELETED AND REPLACED BY THE FOLLOWING: A. INSURANCE POOL AGGREGATE LIMIT OF INSURANCE The Insurance Pool Aggregate Limit of Liability and the Member Aggregate Limit of Liability as indicated in Item A of the Declarations is the maximum the Insurer is obligated to pay for all Loss Expense covered by this policy. The Insurance Pool Aggregate limit of Liability and the Member Aggregate Limit of Liability as indicated in Item B of the Declarations is the maximum the Insurer is obligated to pay for all Liability Expense covered by this policy. The Insurance Pool Aggregate Policy Limit and the Member Aggregate Policy Limit as indicated in Item C of the Declarations is the maximum the Insurer is obligated to pay under the policy for all Loss Expense and Liability Expense combined. The Insurer's obligation to pay any Loss Expense or Liability Expense is in excess of the applicable retention as indicated in Item 4. SECTION III. DEFINITIONS IS DELETED AND REPLACED BY THE FOLLOWING: Z . "NAMED INSURED" MEANS CALIFORNIA JOINT POWERS INSURANCE AUTHROITY AND ANY PARTICIPATING MEMBERS AS AGREED UPON BY THE INSURER. IL 88 02 (Ed. 11/85) Page 10 of 10 CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company CY 4000 (Ed. 01/19) RISK &BUSINESS CYBER LOSS & LIABILITY INSURANCE POLICY WITH RESPECT TO INSURING AGREEMENT B. THIS POLICY PROVIDES CLAIMS MADE COVERAGE. DEFENSE EXPENSES ARE PAYABLE WITHIN, AND NOT IN ADDITION TO, THE LIMIT OF INSURANCE. PAYMENT OF DEFENSE EXPENSES UNDER THIS POLICY WILL REDUCE THE LIMIT OF INSURANCE. PLEASE READ THE ENTIRE POLICY CAREFULLY. In consideration of the payment of premium and in reliance upon all statements made and information furnished to the Insurer, including the statements made in the Application, and subject to all terms, conditions and limitations in this Policy, the Insured and Insurer agree as follows: SECTION I. INSURING AGREEMENTS A. LOSS EXPENSE COVERAGE The Insurer will pay on behalf of the Insured, all Loss Expense directly resulting from a Privacy Incident, Network Security Incident or Cyber Crime Incident first discovered by the Insured during the Policy Period. B. LIABILITY EXPENSE COVERAGE The Insurer will pay on behalf of the Insured, all Liability Expense for a Claim first made and reported to the Insurer during the Policy Period or Extended Reporting Period (if applicable) directly resulting from a Privacy Incident, Network Security Incident or Media Incident first discovered by the Insured during the Policy Period. SECTION II. SUPPLEMENTAL COVERAGE A. HOTLINE HELP The Insurer will pay, on behalf of the Insured, for Incident Consultation directly resulting from an actual or suspected Privacy Incident or Network Security Incident first discovered by the Insured during the Policy Period. Such Incident Consultation will be provided by a law firm designated by the Insurer, subject to a policy aggregate limit of $10,000, which is in addition to the policy aggregate limit as indicated in Item 3(c) of the Declarations, and will not be subject to a deductible. B. HARDWARE RESTORATION The Insurer will reimburse the Insured for the reasonable and necessary costs, subject to the Insurer's prior consent, to replace, remediate or improve the Insured's computing hardware. Such costs must be incurred as a direct result of a Network Security Incident. Such costs are also subject to a policy aggregate limit of $10,000, which is in addition to the policy aggregate limit as indicated in Item 3(c) of the Declarations, and will not be subject to a deductible. C. C-SUITE PROTECTION In the event a Privacy Incident results in identity theft of the Named Insured's owner, partner, principal or any of the aforementioned individuals' spouses or domestic partners, then the Insurer will pay for Identity Monitoring Services. Identity Monitoring Services will be provided by the Insurer's vendor, subject to a policy aggregate limit of $5,000, which is in addition to the policy aggregate limit as indicated in Item 3(c) of the Declarations, and not be subject to a deductible. SECTION III. DEFINITIONS A. Application means the application accepted for the issuance of this Policy by the Insurer, including any and all materials and information submitted to the Insurer in connection with such application. CY 4000 (Ed. 01/19) (Page 1 of 10) CX * 07/19/2022 * 648977 Great American Fidelity Insurance Company CYP E859556-00 B. Business Impersonation means the fraudulent communications (including but not limited to communications transmitted by website, email or phone call) from a third party designed to impersonate the Insured Organization or an individual Insured, with the goal of deceiving any individual, or any vendor or supplier of the Insured Organization, into sharing credentials or Protected Information with such third party. C. Business Impersonation Costs means the costs to inform potentially impacted individuals, vendors or suppliers of a Business Impersonation. D. Business Interruption Loss means Income Loss and Extra Expense incurred by the Insured Organization during the Period of Recovery which exceeds the Waiting Period, resulting from the actual and measurable interruption or suspension of the Computer System as a result of a Network Security Incident. E. Claim means any: (1) written demand for money or non -monetary relief, written demand for arbitration or written request to toll or waive a statute of limitations received by the Insured; (2) civil proceeding in a court of law or equity, including any appeal therefrom, which is commenced by the filing of a complaint, motion for judgment or similar pleading, against the Insured; (3) administrative or regulatory investigation, inquiry, proceeding, prosecution or governmental actions against the Insured solely as respects to a Privacy Incident; or (4) written notice received by the Insured for PCI Costs from a third party, with whom the Insured Organization has entered into a Payment Card Services Agreement, as a result of actual or alleged non-compliance with the PCI DSS. F. Computer System means computer hardware, software, firmware and associated input and output devices (including wireless and mobile devices), data storage devices, networking equipment and backup facilities that are leased, owned or operated by the Insured Organization. G. Contingent Business Interruption Loss means Income Loss and Extra Expense incurred by the Insured Organization during the Period of Recovery which exceeds the Waiting Period, resulting from the actual and measurable interruption or suspension of a Third Party Network as a result of a Network Security Incident. Contingent Business Interruption Loss is subject to a policy aggregate limit as indicated in Item 3(a.1.) of the Declarations. H. Crisis Management means public relations or crisis communication services for the purpose of protecting or restoring the reputation of, or mitigating financial harm to, an Insured. I. Cyber Crime Incident means: (1) Telecommunications Hack or (2) Social Engineering Attack. J. Cyber Crime Loss means: (1) charges incurred by the Insured from its telecommunications provider, directly resulting from a Telecommunications Hack; and (2) loss of funds directly resulting from a Social Engineering Attack. Cyber Crime Loss does not include any amounts reimbursed or reversed by a financial institution and is subject to a policy aggregate limit as indicated in item 3 (a.2.) of the Declarations. K. Data Restoration means replacement, restoration, recreation or recovery of the Insured's data which are compromised as a direct result of a Network Security Incident. If such data is unable to be replaced, restored, recreated or recovered, then Data Restoration is limited to the costs to make this determination. L. Defense Expenses means reasonable and necessary legal fees and legal expenses incurred in the investigation and defense of a Claim. M. Extortion Costs means: (1) expenses to investigate the cause of an Extortion Threat and to discover if any Privacy Incident has occurred; and (2) payment amounts, including the actual costs to execute such payment amount (whether in digital currency or traditional currency) in response to an Extortion Threat. N. Extortion Threat means a credible threat to cause a Privacy Incident or Network Security Incident. CY 4000 (Ed. 01/19) (Page 2 of 10) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company O. Extra Expense means the costs incurred by the Insured in excess of its normal operating expenses to reduce or avoid Income Loss. Extra Expense does not include: (1) Data Restoration; (2) System Restoration; (3) the costs to replace, remediate or improve the Computer System other than the coverage provided in SECTION II. SUPPLEMENTAL COVERAGE B.; (4) costs to identify or remove software program errors, or to establish, implement or improve network or data security practices, policies or procedures; (5) costs or expenses that exceed the amount of Income Loss that is thereby reduced or avoided; and (6) consequential damages or penalties of any nature, however denominated, arising by contract. P. Forensics means investigation and analysis of the Computer System to determine the cause and scope of a Privacy Incident or Network Security Incident. Forensics does not include Incident Response. Q. Identity Monitoring Services means credit monitoring, identity monitoring or identity restoration services for a period of up to two years (or more if required by law) for individuals whose Protected Information was or may have been impacted as a direct result of a Privacy Incident. R. Incident Consultation means necessary and reasonable costs charged by a law firm designated by the Insurer to provide immediate consultative services following the Insured's discovery of an actual or suspected Privacy Incident or Network Security Incident. Incident Consultation does not include Incident Response. S. Incident Response means the costs and expenses charged by the law firm designated by the Insurer to coordinate the investigation and response efforts following Privacy Incident or Network Security Incident. T. Income Loss means the Insured Organization's net profit before income taxes that the Insured Organization would have earned, or the net loss before income taxes the Insured Organization is unable to avoid, during the Period of Recovery. U. Insured means the Insured Organization as well as any past, present orfuture: director, officer board member, trustee, owner, partner, principal, manager, and employee (including full time, part time, temporary, leased, seasonal and volunteer) but only for acts performed within the scope of their duties on behalf of the Insured Organization. V. Insured Organization means Named Insured and any Subsidiary. W. Insurer means the entity issuing this Policy listed on the Declarations. X. Interrelated Incident means any Privacy Incidents, Network Security Incidents, Cyber Crime Incidents or Media Incidents that have as a common nexus any: (1) fact, circumstance, situation, event, transaction or cause; or (2) series of causally connected facts, circumstances, situations, events, transactions or causes. Y. Liability Expense means: (1) Defense Expenses; (2) monetary damages the Insured becomes legally obligated to pay including pre -judgment interest, post judgment interests, judgments or settlements; (3) punitive, exemplary, or multiplied damages but only to the extent such damages are insurable under the applicable law most favorable to the insurability of such damages; (4) Regulatory Costs; and (5) PCI Costs. Liability Expense does not include: (1) Loss Expense; (2) taxes, the return or repayment of fees, deposits, commissions, royalties, future profits or charges for goods or services; (3) the costs incurred in the recall, re -performance or correction of services, content, goods or activities; costs to comply with injunctive or other non -monetary relief, including specific performance or any agreement to provide such relief; (4) liquidated damages pursuant to a contract, to the extent such amount exceeds the amount for which the Insured Organization would have been liable in the absence of such contract; or (5) matters which are uninsurable pursuant to the applicable law to which this Policy is construed. Z. Loss Expense means the following necessary and reasonable costs charged by third party service providers with the Insurer's consent and which consent will not be unreasonably withheld: Forensics, Notification, Identity Monitoring Services, Incident Response, Data Restoration, System Restoration, Extortion Costs, Business Impersonation Costs, and Crisis Management. Loss Expense also means reimbursement of Business Interruption Loss, Contingent Business Interruption Loss and Cyber Crime Loss. Loss Expense does not include Incident Consultation or Liability Expense. CY 4000 (Ed. 01/19) (Page 3 of 10) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company AA. Media Incident means any actual or alleged: (1) Defamation, slander, libel, or product disparagement alleged by a person or organization that claims to have been defamed, slandered or libeled, or by a person or organization that claims that his, her or its products have been disparaged; (2) Appropriation of name or likeness or publicity that places a person in a false light; or public disclosure of private facts; (3) Infringement of title, slogan, trademark, trade name, trade dress, service mark or service name; (4) Copyright infringement, plagiarism, or misappropriation of information or ideas; or (5) Improper deep linking or framing; directly resulting from publication of content on the Insured Organization's website, in its printed material, or posted by or on behalf of the Insured on any social media site. BB. Named Insured means the legal entity stated in Item 1 of the Declarations. CC. Network Security Incident means the Insured's actual or alleged failure to prevent: (1) unauthorized access to or use of the Computer System or Third Party Network; (2) a denial of service attack upon or directed at the Computer System or Third Party Network; or (3) malicious code or computer virus created or transmitted by or introduced into the Computer System or Third Party Network. DD. Notification means sending notice and providing call center services for individuals whose Protected Information was or may have been impacted as a direct result of a Privacy Incident. EE. Payment Card Services Agreement means a written agreement between the Insured Organization and a financial institution, a payment card company or payment card processor which enables the Insured Organization to accept credit, debit, prepaid or other payment cards as payment for goods or services provided by the Insured Organization. FF. PCI Costs means amounts the Insured Organization is legally obligated to pay under a Payment Card Services Agreement including: (1) monetary assessments; (2) fines; (3) penalties; (4) chargebacks; (5) reimbursements; (6) fraud recoveries; (7) forensic investigation; and (8) costs or expenses incurred in connection with a PCI DSS compliance audit. PCI Costs will not include any amount levied against the Insured for non-compliance with PCI DSS that continues after the Insured has notice of such non-compliance. GG.PCI DSS means the Payment Card Industry Data Security Standards now in effect or as amended. HH.Privacy Incident means any actual or alleged failure by: (1) the Insured; (2) a third party for whom the Insured is legally responsible; or (3) a service provider under written contract with the Insured to process, store or maintain Protected Information on behalf of the Insured to prevent unauthorized access, unauthorized use, theft or misappropriation of Protected Information. Privacy Incident also means the violation of the Insured Organization's privacy policy unintentionally committed by the Insured. CY 4000 (Ed. 01/19) (Page 4 of 10) CX * 07/19/2022 * 648977 Great American Fidelity Insurance Company CYP E859556-00 II. Period of Recovery begins at the time of interruption or suspension of the Computer System and ends when the Computer System is restored, or in the exercise of due diligence and dispatch could have been restored, to the same functionality and level of service that existed prior to the interruption or suspension. In no event will the Period of Recovery exceed ninety (90) days. JJ. Protected Information means: (1) any non-public personally identifiable information (including but not limited to personal health information), whether in electronic form, paper or otherwise as defined in any federal, state, local or foreign privacy protection law; and (2) any confidential or proprietary information of a third party provided to the Insured and protected under a previously executed confidentiality agreement for which the Insured is legally responsible to maintain in confidence. KK. Policy Period means the period of time from the inception date of this Policy shown in the Declarations to the expiration date shown in the Declarations, or its earlier cancellation or termination date. ILL. Regulatory Costs means: (1) amounts paid to a consumer redress fund; (2) fines; or (3) penalties; imposed by a federal, state or foreign governmental entity in such entity's regulatory or official capacity, due to a Privacy Incident. MM. Social Engineering Attack means the manipulation or deception, by an unauthorized third party, of a director, officer, board member, trustee, owner, partner, principal, manager, or employee of the Insured Organization, who is authorized to request or make payments on behalf of the Insured Organization. The manipulation or deception must be accomplished by the transmission of fraudulent communications by the unauthorized third party, and cause the director, officer, board member, trustee, owner, partner, principal, manager, or employee to transfer, pay or deliver the Insured Organization's money to an unintended third party recipient. NN. System Restoration means the restoration of the Computer System, following a Network Security Incident, to the operational capacity level that existed immediately preceding such Network Security Incident. 00. Subsidiary means any entity while the Named Insured: (1) owns more than 50% of such entity's outstanding voting securities, partnership or membership interests; (2) has the right to elect or appoint a majority of such entity's directors, officers, managers or trustees; or (3) has sole control over such entity's management structure pursuant to a written contract. Subsidiary also means any entity that is acquired by the Insured Organization during the Policy Period and whose record count or annual revenues do not exceed 15% of the Insured Organization. PP. Telecommunications Hack means the infiltration and manipulation by a third party of the Insured's telephone or fax system in connection with its normal business activities QQ. Third Party Network means computer hardware, software and networking equipment owned, leased or operated by an entity or individual, other than an Insured, and who is operating under contract with the Insured Organization to provide business process outsourcing services or information technology services in support of the Insured Organization's business operations. RR. Waiting Period means the number of consecutive hours specified in Item 5. of the Declarations that immediately follows the interruption or suspension of the Computer System or a Third Party Network and will apply to each Period of Recovery. SECTION IV. EXCLUSIONS The Insurer will not make any payment for any Loss Expense or Liability Expense based upon, arising out of, directly or indirectly resulting from, or in the consequence of: A. Any actual or alleged dishonest, fraudulent, criminal, or malicious, act, error or omission or willful violation of any statute or regulation by or with the knowledge of (1) the Owner, (2) President, (3) Chief Executive Officer, (4) Chief Operating Officer, (5) Chief Financial Officer, (6) Chief Information Officer, (7) Chief Technology Officer, (8) Chief Security Officer, (9) Chief Privacy Officer, (10) General Counsel, (11) Partner, (12) Director of Risk Management or any individual in a position functionally equivalent to any of the aforementioned 12 positions of the Insured Organization; provided, CY 4000 (Ed. 01/19) (Page 5 of 10) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company however, that this exclusion will not apply to Defense Expenses until there is an admission, plea of no contest, a final non -appealable adjudication, binding arbitration or judgment in a proceeding establishing such conduct. B. Any actual or alleged remuneration, profit or other advantage to which the Insured is not legally entitled. C. Any actual or alleged physical injury, sickness, pain, suffering, disease or death of any person or physical damage to or destruction of any real or tangible property; however, this exclusion will not apply to coverage provided in Supplemental Coverage B., HARDWARE RESTORATION. D. Any actual or alleged loss, transfer or theft of monies, securities or the value of tangible properties; provided however, this exclusion will not apply to an otherwise covered Cyber Crime Loss. E. Any actual or alleged fire, smoke, explosion, lightning, wind, water, flood, earthquake, volcanic eruption, tidal wave, landslide, hail, act of God or any other physical event. F. Any actual or alleged discharge, dispersal, release or escape of toxic chemicals, liquids or gases, waste materials, pollutants or any other contaminants. G. Any actual or alleged electrical or mechanical failure including utilities or telephone communications services not under the Insured Organization's operational control. H. Any actual or alleged violations of the Employee Retirement Income Security Act of 1974, the Securities Act of 1933, the Securities Exchange Act of 1934, any amendments thereto or any rules or regulations promulgated in connection therewith, or any derivative suit. I. Any actual or alleged infringement or violation of the following intellectual property rights: patent, trade secret, or software copyright. Nor will we make any payment for any Liability Expense based upon, arising out of, directly or indirectly resulting from, or in the consequence of a Claim alleging any Privacy Incident, Network Security Incident or Media Incident that is alleged in a Claim that also alleges infringement or violation of patent, trade secret or software copyright. J. Any actual or alleged reduction in economic or market value of any data. K. Any actual or alleged unsolicited communications, false advertising, deceptive trade practices, restraint of trade, unfair competition or antitrust violations. Nor will we make any payment for any Liability Expense based upon, arising out of, directly or indirectly resulting from, or in consequence of a Claim alleging any Privacy Incident, Network Security Incident or Media Incident that is alleged in a Claim that also alleges any actual or alleged unsolicited communications, false advertising, deceptive trade practices, restraint of trade, unfair competition or antitrust violations. L. Any actual or alleged employment practice violation or a Claim by or on behalf of any Insured; provided, however, that this exclusion will not apply to an otherwise covered Claim arising out of a Privacy Incident. M. Any: (1) Claim, Privacy Incident, Network Security Incident, Cyber Crime Incident, Media Incident, Interrelated Incident, fact, circumstance, transaction or event which has been the subject of any written notice given under any other policy before the inception date of this Policy; (2) prior or pending litigation, regulatory or administrative proceeding or any Claim of which the Insured had knowledge or received notice prior to the inception date of this Policy or, if this Policy is a renewal of another policy issued by the Insurer, the first such insurance policy issued to the Named Insured by the Insurer and continuously renewed until the inception date of this Policy; or (3) any matter that prior to the inception date of this Policy, or if this Policy is a renewal of another policy issued by the Insurer, the first such insurance policy issued to the Named Insured by the Insurer and continuously renewed until the inception date of this Policy, the Insured knew or reasonably should have known could lead to a Claim, Loss Expense or Liability Expense. CY 4000 (Ed. 01/19) (Page 6 of 10) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company SECTION V. GENERAL TERMS AND CONDITIONS A. Limit of Insurance and Deductible The aggregate limit of insurance as indicated in Item 3(a) of the Declarations is the maximum the Insurer is obligated to pay for all Loss Expense covered by this policy. The aggregate limit of insurance as indicated in Item 3(b) of the Declarations is the maximum the Insurer is obligated to pay for all Liability Expense covered by this policy. The aggregate policy limit as indicated in Item 3(c) of the Declarations is the maximum the Insurer is obligated to pay under this policy for all Loss Expense and Liability Expense combined. The Insurer's obligation to pay any Loss Expense or Liability Expense is in excess of the applicable deductible as indicated in Item 4. Limits of insurance pursuant to SECTION II. SUPPLEMENTAL COVERAGE will be provided in addition to the aggregate policy limit. B. Defense and Settlement The Insurer has the right and duty to defend, and the right to select counsel to defend an Insured against any Claim, even if the allegations of the Claim are groundless, false or fraudulent. The Insurer's duty to defend will cease upon of the exhaustion of the Liability Expense aggregate limit of liability as indicated in Item 3(b) of the Declarations. The Insured agrees not to make any payment, participate in any settlement, admit liability, assume obligation or incur any Loss Expense or Liability Expense without the prior written consent of the Insurer, which consent will not be unreasonably withheld. The Insured must provide the Insurer with full assistance and cooperation and must provide all information deemed necessary to investigate any Privacy Incident, Network Security Incident or Media Incident, settle any Claim, or pay any Loss Expense or Liability Expense. C. Notice 1. Notice to Insurer As a condition precedent to coverage under this Policy, the Insured must provide written notice to the Insurer of any Privacy Incident, Network Security Incident or Cyber Crime Incident as soon as possible after the Insured is made aware of such Privacy Incident, Network Security Incident or Cyber Crime Incident but in no event more than ten (10) days after the Privacy Incident, Network Security Incident or Cyber Crime Incident is discovered by the Insured. The Insured will not incur any Loss Expense without the Insurer's consent. As a condition precedent to coverage under this Policy, the Insured must provide written notice to the Insurer of any Claim as soon as possible after the Insured is made aware of such Claim but no later than sixty (60) days after the end of the Policy Period or end the Extended Reporting Period (if applicable). The Insured will not incur any Liability Expense without the Insurer's consent. 2. Notice of Circumstance If, during the Policy Period or Extended Reporting Period (if applicable) any Insured first becomes aware of a Privacy Incident, Network Security Incident or Media Incident which may reasonably give rise to a future Claim under this Policy and gives written notice to the Insurer of: a) the nature of the Privacy Incident, Network Security Incident or Media Incident; b) the parties involved; c) the injury or damages that has or may result therefrom; and d) the circumstances by which the Insured first became aware thereof; then any Claim arising out of an Interrelated incident that involves a Privacy Incident, Network Security Incident or Media Incident that is subsequently made against the Insured will be related back to and be deemed to have been made at the time any Insured gave such written notice of circumstances to the Insurer. CY 4000 (Ed. 01/19) (Page 7 of 10) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company The Insured will provide written notice to the Insurer either to the mailing or email address set forth in Item 8. of the Declarations. Communication or assistance in connection with any Incident Consultation DOES NOT constitute Notice to Insurer or Notice of Circumstance under this Policy. D. Proof of Loss Requests for payment or reimbursement of Loss Expense incurred by the Insured will be accompanied by a proof of loss. Such proof of loss must include, in detail, how the costs were calculated, what assumptions have been made and will include any applicable reports, books of accounts, bills, invoices and other vouchers or proofs of payment made by the Insured in relation to such Loss Expense. Furthermore, the Insured will cooperate with, and provide any additional information reasonably requested by, the Insurer in its investigation of Loss Expense, including but not limited to the exercise of the Insurer's right to investigate and audit the proof of loss and inspect the records of an Insured. Business Interruption Loss or Contingent Business Interruption Loss will be determined by taking full account and due consideration of an Insured's proof of loss in addition to business conditions affecting the Insured Organization's net profit, including net profit gained during the same period in the prior year, had the Network Security Incident not occurred. Under no circumstances will the determination include a potential increase in net profit the Insured may have earned as a result of an increase in the volume of the Insured Organization's business due to potential favorable business conditions. We may examine any Insured under oath, while not in the presence of any other Insured and at such times as may be reasonably required, about any matter relating to this insurance or the Claim, including an Insured's books and records. In the event of an examination, an Insured's answers must be signed. E. Extended Reporting Period 1. Automatic Extended Reporting Period If this Policy is cancelled or non -renewed for any reason other than non-payment of premium, the Named Insured will have an automatic Extended Reporting Period, for a period of sixty (60) days after the end of the Policy Period. 2. Additional Extended Reporting Period If this Policy is cancelled or non -renewed for any reason other than non-payment of premium, provided the Insured does not obtain replacement coverage as of the effective date of such cancellation or non -renewal, the Named Insured will have the right to purchase an Additional Extended Reporting Period within sixty (60) days after the end of the Policy Period. Such Additional Extended Reporting period will be for a period of 12 months after the end of the Automatic Extended Reporting Period and will be subject to an additional premium of 75% of the annualized premium. The Additional Extended Reporting Period is non -cancelable and the additional premium for the Additional Extended Reporting Period will be fully earned at the time of purchase. The Extended Reporting Period does not increase or reinstate any limits of insurance and does not provide coverage for Loss Expense or Liability Expense from any Privacy Incident, Network Security Incident, Cyber Crime Incident or Media Incident which first takes place after the end of the Policy Period. A change in terms, conditions, exclusions or premiums of this Policy will not be considered a non -renewal for purposes of triggering the Named Insured's right to purchase an Additional Extended Reporting Period. F. Cancellation and Non -Renewal This Policy may be canceled by the Named Insured at any time by written notice to the Insurer requesting such cancellation and the effective date. Upon cancellation, the Insurer will retain the customary short -rate portion of the premium, unless otherwise provided by endorsement and as permitted by law. The Policy may be cancelled by the Insurer only if the Named Insured does not pay the premium when due. The Insurer will provide written notice to the Named Insured at the address shown in the Declarations stating when, not less than twenty (20) days thereafter, such CY 4000 (Ed. 01/19) (Page 8 of 10) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company cancellation shall be effective. A copy of such cancellation notice by the Insurer will also be provided to the Named Insured's insurance agent or broker of record. If the Insurer elects not to renew this Policy, the Insurer shall provide written notice thereof to the Named Insured at the address shown in the Declarations no less than sixty (60) days in advance of the expiration date of the Policy Period. A copy of such non -renewal notice by the Insurer shall also be provided to the Named Insured's insurance agent or broker of record. G. Spouses, Domestic Partners, Estates and Legal Representatives Coverage under this Policy will extend to any Claim resulting from any Privacy Incident, Network Security Incident or Media Incident made against the lawful spouse or domestic partner of an Insured as well as the estate, heir or legal representative of an Insured who is deceased or legally incompetent, insolvent or bankrupt; however, no coverage is provided for any act, error or omission of said spouse, domestic partner, estate, heir or legal representative. It is further understood that all terms and conditions of this Policy apply to such Claim made against an Insured's spouse, domestic partner, estate, heir or legal representative. H. Application, Representations and Severability The Insured represents that the particulars and statements contained in the Application are true, complete and accurate. The Insured agrees that this Policy was issued in reliance upon the truth of that representation and such particulars and statements, which are deemed to be incorporated into and constitute part of this Policy, are the basis of this Policy. In the event there is any material misrepresentation, untruth or other omission in connection with any of the statements of facts in the Application then this Policy will be void with respect to: (1) any Insured who knew of such misrepresentation, untruth or omission; and (2) the Insured Organization but only if the Owner, President, Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief Information Officer, Chief Technology Officer, Chief Security Officer, Chief Privacy Officer, General Counsel, Partner, Director of Risk Management, or any individual in a position functionally equivalent to any of those aforementioned positions of the Insured Organization knew of such misrepresentation, untruth or omission. I. Subrogation In the event of any payment under this Policy, and there is the ability to recover against any third party, it is agreed that the Insured tenders its rights of recovery to the Insurer. The Insured also agrees to assist the Insurer in exercising such rights. If prior to the Privacy Incident, Network Incident, Cyber Crime Incident or Media Incident connected with such payment, the Insured has agreed in writing to waive such rights of recovery against a third party, then the Insurer will not pursue its rights of recovery against said third party. J. Other Insurance If any Loss Expense covered by this Policy is also covered by any other valid and collectible policy with an applicable sublimit that is lower than the available limit under this Policy, then this Policy will apply as the primary policy. If any Claim covered by this Policy is also covered by any other valid and collectible policy, then this Policy will only apply to the Liability Expense in excess of the amount of any deductible, retention or limit of insurance under such other policy whether such other policy is stated to be primary, contributory, excess, contingent or otherwise, unless such other policy is written specifically excess of this Policy. K. Territory The coverage provided under this Policy applies worldwide. However, coverage provided under this Policy does not apply to the extent that trade or economic sanctions or other similar laws or regulations prohibit the Insurer from providing coverage. CY 4000 (Ed. 01/19) (Page 9 of 10) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company L. Currency All Loss Expense, Liability Expense, premium, limits of liability, retention and any other amounts under this Policy are expressed and payable in the currency of the United States of America. If any settlement, judgement, Loss Expense, Liability Expense or any other amounts under this Policy are incurred, stated, determined or adjudicated in a currency other than United States dollars then payment shall be made in United States dollars at the rate of exchange published in the Wall Street Journal on the date the Insurer is obligated to pay such amount. M. Material Change If during the Policy Period, the Named Insured merges with or is acquired by another entity or a receiver, conservator, trustee, liquidator or rehabilitator is appointed to take control of, supervise, manage or liquidate the Named Insured, then the premium for the Policy is deemed to be fully earned and the Policy will continue in full effect until the expiration date of the Policy but only as respects a Privacy Incident, Network Security Incident, Cyber Crime Incident or Media Incident that first took place prior to the effective date of such merger, acquisition or appointment. If during the Policy Period, an entity ceases to be a Subsidiary then coverage for such Subsidiary will continue in full effect until the expiration date of the Policy but only with respects to a Privacy Incident, Network Security Incident, Cyber Crime Incident or Media Incident that first took place prior to the date the entity ceased to be a Subsidiary. N. Assignment Assignment of interest under this Policy will not bind the Insurer unless its consent is endorsed hereon. O. Conformity to Law Any terms of this Policy in conflict with the terms of any applicable laws are hereby amended to conform to such laws. P. Legal Action Against the Insurer and Bankruptcy No action may be taken against the Insurer unless, as a condition precedent thereto, there has been full compliance with all the terms of this Policy and the amount of an Insured's obligation to pay has been finally determined either by judgment against an Insured after adjudicatory proceedings, or by written agreement of the Named Insured, the claimant and the Insurer. No legal action can be brought under this Policy against anyone other than by the Named Insured. Bankruptcy or insolvency of any Insured or the estate of any Insured will not relieve the Insurer of its obligations under this Policy. Q. Representative of the Insured By acceptance of this Policy, the Named Insured will be designated to act on behalf of all Insureds for all purposes including the giving and receiving of all notices and correspondence, the cancellation or non -renewal of this Policy, the payment of premiums and the receipt of any return premiums that may be due under this Policy. R. Entire Agreement This Policy (including the Declarations, Application and any information provided therewith) and any written endorsements attached hereto constitute the entire agreement between the parties. The terms, conditions and limitations of this Policy can be waived or changed only by written endorsement. CY 4000 (Ed. 01/19) (Page 10 of 10) CX * 07/19/2022 * 648977 Great American Fidelity Insurance Company CYP E859556-00 CY 0002 (Ed. 01/19) SERVICE OF PROCESS ENDORSEMENT CALIFORNIA Pursuant to any statute of any state or district of the United States of America, which makes provisions therefore, the Insurer hereby designates the Commissioner, Superintendent or Director of Insurance or other officer specified for that purpose in the statute and his or her successors in office and duly authorized deputies in the state where this Policy is issued, as the Insurer's true and lawful attorney for service of legal process in any action, suit or proceeding brought in the state where this Policy is issued by or on behalf of an Insured or beneficiary against the Insurer arising out of the insurance issued under this Policy. Any legal process received by such attorney for service of legal process shall be forwarded to the Insurer to the attention of: Sue Erhart General Counsel and Senior Vice President Great American Insurance Group 301 E. Fourth Street Cincinnati, OH 45202 and CT Corporation System 818 West Seventh Street, 2nd Floor Los Angeles, California 90017 Please note that the address stated above is only to be used in case of suits against the Insurer and by no means amends the provisions of the Policy for notice of Claim which is specified in Section V.0 of the Policy. Please use the address specified in the aforementioned section of the Policy for notice of all Claims. Other than as stated above, nothing herein contained shall be held to vary, alter, waive or extend any of the terms, conditions, provisions, agreements or limitations of the Policy to which this endorsement is attached. CY 0002 (Ed. 01/19) (Page 1 of 1) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company CY 0006 (Ed. 01/19) AMENDMENT TO SECTION II. SUPPLEMENTAL COVERAGES It is understood and agreed that Section II. of the Policy is amended as follows: Deletion of Section II. Supplemental Coverages in its entirety Other than as stated above, nothing herein contained shall be held to vary, alter, waive or extend any of the terms, conditions, provisions, agreements or limitations of the Policy to which this endorsement is attached. CY 0006 (Ed. 01/19) (Page 1 of 1) CX * 07/19/2022 * 648977 Great American Fidelity Insurance Company CYP E859556-00 CY 1005 (Ed. 01/19) CALIFORNIA CHANGES CANCELLATION AND NON -RENEWAL It is understood and agreed that Section V.F Cancellation and Non -Renewal of the Policy is amended by the addition of the following: Additionally, such written notice will state the reason for nonrenewal and will not be mailed more than 120 days, before the expiration or anniversary date. Other than as stated above, nothing herein contained shall be held to vary, alter, waive or extend any of the terms, conditions, provisions, agreements or limitations of the Policy to which this endorsement is attached. CY 1005 (Ed. 01/19) (Page 1 of 1) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company CY 2006 (Ed. 01/19) DELETION OF COVERAGE FOR CYBER CRIME LOSS It is understood and agreed the following changes are made to the policy: 1. Section 1 Insuring Agreement A is deleted and replaced with the following: A. LOSS EXPENSE COVERAGE The Insurer will pay on behalf of the Insured, all Loss Expense directly resulting from a Privacy Incident or Network Security Incident first discovered by the Insured during the Policy Period. 2. Section III. Definitions is amended by the deletion of definitions I and J. 3. Reference to Cyber Crime Loss is deleted from Section III. Definition Z. Loss Expense 4. Section IV. Exclusions D is deleted and replaced with the following: D. Any actual or alleged loss, transfer or theft of monies, securities or the value of tangible properties. 5. All reference to Cyber Crime Incident is deleted from Section V. General Conditions Other than as stated above, nothing herein contained shall be held to vary, alter, waive or extend any of the terms, conditions, provisions, agreements or limitations of the Policy to which this endorsement is attached. CY 2006 (Ed. 01/19) (Page 1 of 1) CX * 07/19/2022 * 648977 Great American Fidelity Insurance Company CYP E859556-00 CY 3005 (Ed. 01/19) LOSS OF INCOME DUE TO NEGATIVE PUBLICITY It is understood and agreed that the following changes are made to the Policy and Declarations respectively: 1. Section III.Z. is amended by the addition of the following: Loss Expense shall also mean Reputational Harm Loss. 2. Section III. is amended by the addition of the following: Reputational Harm Loss shall mean Income Loss due to Negative Publicity. Reputational Harm Loss is subject to a policy aggregate limit as indicated in item 3 below. Negative Publicity means adverse media coverage which follows a Privacy Incident, Network Security Incident, or Cyber Crime Incident. Negative Publicity shall not mean substitute notice. 3. Item 3 of this Policy's Declarations is amended by the addition of the follows: $1,000,000 Sublimit for Reputational Harm Loss which is part of and not in addition to the Limit of Insurance in Item 3a above. Other than as stated above, nothing herein contained shall be held to vary, alter, waive or extend any of the terms, conditions, provisions, agreements or limitations of the Policy to which this endorsement is attached. CY 3005 (Ed. 01/19) (Page 1 of 1) CX * 07/19/2022 * 648977 Great American Fidelity Insurance Company CYP E859556-00 CY 8003 (Ed. 02/22) RANSOMWARE EVENT COVERAGE In consideration of the premium charged, it is hereby understood and agreed that the following changes are made to the Policy: 1. The following changes are made to Section III. DEFINITIONS: a. The definition of Ransomware Event is hereby added as follows: Ransomware Event means a monetary demand made subsequent to a Network Security Incident which, if satisfied, would terminate such Network Security Incident. Ransomware Event shall include Extortion Threat. It is understood and agreed that the monetary demand itself shall satisfy this definition irrespective of whether or not actual payment(s) is/are made or whether or not the Network Security Incident is terminated. b. DEFINITION F. Computer System is hereby deleted and replaced with the following: F. Computer System means: (1) computer hardware owned or leased by the Insured and operating under the technical and administrative control of the Insured; and (2) computer software developed, owned or licensed by the Insured and operating under the technical and administrative control of the Insured; Computer System does not include Third Party Network. c. DEFINITION G. Contingent Business Interruption Loss is deleted and replaced with the following: G. Contingent Business Interruption Loss means Income Loss and Extra Expense incurred by the Insured Organization during the Period of Recovery which exceeds the Waiting Period, resulting from the actual and measurable interruption or suspension of a Third Party Network as a result of: (1) unauthorized access to or use of the Third Party Network (2) a denial of service attack upon or directed at the Third Party Network; or (3) malicious code or computer virus transmitted by or introduced into the Third Party Network. Contingent Business Interruption Loss is subject to a policy aggregate limit as indicated in Item 3(a.1.) of the Declarations. d. DEFINITION M. Extortion Costs is hereby deleted and replaced with the following: M. Extortion Costs means Incident Response and Forensics in response to an Extortion Threat. e. DEFINITION N. Extortion Threat is hereby deleted and replaced with the following: N. Extortion Threat means a credible threat to cause a Privacy Incident. CY 8003 (Ed. 02/22) (Page 1 of 3) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company f. DEFINITION Z. Loss Expense is amended to include the following: Z. Loss Expense shall also mean payment amounts, including the actual costs to execute such payment amount (whether in digital currency or traditional currency) in response to a Ransomware Event. g. DEFINITION CC. Network Security Incident is hereby deleted and replaced with the following: CC. Network Security Incident means: (1) unauthorized access to or use of the Computer System (2) a denial of service attack upon or directed at the Computer System; or (3) malicious code or computer virus transmitted by or introduced into the Computer System. 2. Section V. GENERAL TERMS AND CONDITIONS Item A. Limit of Insurance and Deductible is deleted and replaced with the following: A. Limits of Insurance, Co -Insurance Feature, and Deductible 1. Loss Expense Limit Item 3(a) of this Policy's Declarations is amended by the addition of the following sublimit which is part of and not in addition to the limit indicated in Item 3(a): $1,000,000 for all Loss Expense arising out of a Ransomware Event and any Interrelated Incident. The aggregate limit of insurance as indicated in Item 3(a) of the Declarations is the maximum the Insurer is obligated to pay for all Loss Expense covered by this policy. Payments by the Insured in connection with the Co -Insurance Feature in item 5 below will not reduce the Loss Expense Limit. 2. Liability Expense Limit The aggregate limit of insurance as indicated in Item 3(b) of the Declarations is the maximum the Insurer is obligated to pay for all Liability Expense covered by this policy. 3. Aggregate Limit The aggregate policy limit as indicated in Item 3(c) of the Declarations is the maximum the Insurer is obligated to pay under this policy for all Loss Expense and Liability Expense combined. 4. Limits in Addition to the Aggregate Limit Limits of insurance pursuant to SECTION II. SUPPLEMENTAL COVERAGE will be provided in addition to the aggregate policy limit. 5. Co -Insurance Feature Solely with respect to a Ransomware Event and any Interrelated Incident the Insured and the Insurer shall share all Loss Expense according to the schedule below: Insured's share: 0.00% Insurer's share: 100.00% CY 8003 (Ed. 02/22) (Page 2 of 3) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company 6. Deductible The Insurer's obligation to pay any Loss Expense or Liability Expense is in excess of the applicable deductible as indicated in Item 4. of the Declarations. All other terms and conditions of this Policy remain unchanged. CY 8003 (Ed. 02/22) (Page 3 of 3) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company CY 7001 (Ed. 01/19) TERRORISM COVERAGE ENDORSEMENT CAP ON LOSS FROM CERTIFIED ACTS It is understood and agreed Section V of the Policy is amended to include the following: CAP ON LOSSES FROM CERTIFIED ACTS OF TERRORISM 1. If aggregate insured losses attributable to terrorist acts certified under the federal Terrorism Risk Insurance Act exceed $100 billion in a calendar year and we have met our insurer deductible under the Terrorism Risk Insurance Act, we shall not be liable for the payment of any portion of the amount of such losses that exceeds $100 billion, and in such case insured losses up to that amount are subject to pro rata allocation in accordance with procedures established by the Secretary of the Treasury. "Certified act of terrorism" means an act that is certified by the Secretary of the Treasury, in accordance with the provisions of the federal Terrorism Risk Insurance Act, to be an act of terrorism pursuant to such Act. The criteria contained in the Terrorism Risk Insurance Act for a "certified act of terrorism" include the following: a. The act resulted in insured losses in excess of $5 million in the aggregate, attributable to all types of insurance subject to the Terrorism Risk Insurance Act; and b. The act is a violent act or an act that is dangerous to human life, property or infrastructure and is committed by an individual or individuals as part of an effort to coerce the civilian population of the United States or to influence the policy or affect the conduct of the United States Government by coercion. 2. The terms and limitations of any terrorism exclusion, or the inapplicability or omission of a terrorism exclusion, do not serve to create coverage that is otherwise excluded under this Policy. CY 7001 (Ed. 01/19) (Page 1 of 1) CX * 07/19/2022 * 648977 CYP E859556-00 Great American Fidelity Insurance Company CY 7002 (Ed. 01/19) DISCLOSURE PURSUANT TO TERRORISM RISK INSURANCE ACT THIS ENDORSEMENT IS ATTACHED TO AND MADE PART OF YOUR POLICY IN RESPONSE TO THE DISCLOSURE REQUIREMENTS OF THE TERRORISM RISK INSURANCE ACT. THIS ENDORSEMENT DOES NOT GRANT ANY COVERAGE OR CHANGE THE TERMS AND CONDITIONS OF ANY COVERAGE UNDER THE POLICY. SCHEDULE SCHEDULE — PART I Terrorism Premium (Certified Acts): $0 This premium is the total Certified Acts premium attributable to this Policy Additional information, if any, concerning the terrorism premium: SCHEDULE — PART II Federal share of terrorism losses 80 % Year: 2022 (Refer to Paragraph B. in this endorsement.) Federal share of terrorism losses 80 % Year: 2023 (Refer to Paragraph B. in this endorsement.) Information required to complete this Schedule, if not shown above, will be shown in the Declarations. A. Disclosure Of Premium In accordance with the federal Terrorism Risk Insurance Act, we are required to provide you with a notice disclosing the portion of your premium, if any, attributable to coverage for terrorist acts certified under the Terrorism Risk Insurance Act. The portion of your premium attributable to such coverage is shown in the Schedule of this endorsement or in the Policy Declarations. B. Disclosure Of Federal Participation In Payment Of Terrorism Losses The United States Government, Department of the Treasury, will pay a share of terrorism losses insured under the federal program. The federal share equals a percentage (as shown in Part II of the Schedule of this endorsement or in the policy Declarations) of that portion of the amount of such insured losses that exceeds the applicable insurer retention. However, if aggregate insured losses attributable to terrorist acts certified under the Terrorism Risk Insurance Act exceed $100 billion in a Program Year (January 1 through December 31), the Treasury shall not make any payment for any portion of the amount of such losses that exceeds $100 billion. C. Cap On Insurer Participation In Payment Of Terrorism Losses If aggregate insured losses attributable to terrorist acts certified under the Terrorism Risk Insurance Act exceed $100 billion in a Program Year (January 1 through December 31) and we have met our insurer deductible under the Terrorism Risk Insurance Act, we shall not be liable for the payment of any portion of the amount of such losses that exceeds $100 billion, and in such case insured losses up to that amount are subject to pro rata allocation in accordance with procedures established by the Secretary of the Treasury. CY 7002 (Ed. 01/19) (Page 1 of 1) Need to file al Cyberclaim? We make the process easy and stress free. At Great American, we understand that fiiing a cleirn can be upsetting and stressful That's wh y vve went you to be able to report your claim as quickly as possible. Before reporting your claim. please have ready, Your policy number Complete and accurate information regarding the claim. Email our claims team CyberClaim@gaig.com Call our claims center 877-209-2009 Once you have reported your clairmi it will be acknowledged and investigaGted by your claims professional. Thank you for choosing Great American Insurance Group! arm rJra+•ieerrMrKW"&am.S&E.two sq. dMinna.M1CmQ Pdoceaare UWKMINP4/Weal AMW19 rSPKnthrwrarWOHRRMWDMl A-rerrafldmityif}.CMWq.authulze4Wr'ers,lahSostales arWDC1h4Um[Mreriollfmr3r tU mwLDMh>pPAVhser1WrmLluGrab] kxr�[8n' and Gr�i �4[[Nrlran lrtxvrme OrnrrP' re regFd [:rc4 aanyx +auks aP Craoi AmMa9n layurrree fo[r�rni'. O 2U19 OreM Amenc�n N[rrr»x �°PA^f NI ^� rrxn'aqOavA�9fl1��F�1 GFLEAxAmERIcAN, INSURANCE GROUP GAIGrofn Cybar Risk CY 6001 (Ed. 01/19) THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. POLICY CHANGES This endorsement will not be used to decrease coverages, increase rates or deductibles or alter any terms or conditions of coverage unless at the sole request of the Named Insured. Effective Date of Change: 7/1/2022 Change Endorsement No.: 1 Named Insured: California Joint Powers Insurance Authority The followina item(s): Named Insureds Name Named Insureds Mailing Address Named Insureds Legal Status/Business Policy Number Insurance Company/insurer Effective/Expiration Date Payment Plan Premium Determination Additional Interested Parties Endorsements Limits/Exposures Deductibles Covered Risks Classification/Class Codes Rates Underlying Insurance Insuring Agreements Signature Required are) chanaed as follows POLICY CHANGES ENDORSEMENT DESCRIPTION orm IL8802 (Ed.11/85) General Endorsement, California Joint Powers Insurance Authority is amended as follows: . "NAMED INSURED" MEANS CALIFORNIA JOINT POWERS INSURANCE AUTHORITY AND ANY PARTICIPATING IEMBERS AS AGREED UPON BY THE INSURER. ne above amenaments result in a cnan a in the premium as Toiiows: NO CHANGES ADDITIONAL PREMIUM RETURN PREMIUM X Authorized Representative Name: Title: Signature: Date: CY 6001 (Ed. 01/19) (Page 1 of 1) Authorized Representative Name Title Signature: Date CY 6001 (Ed. 01/19) (Page 2 of 2)