Policy Wording and Guidance

Policy wording Data recovery costs that the insured organization incurs as a direct result of a security breach that the insured first discovers during the policy period . Policy guidance Data Recovery Costs includes certain costs incurred to restore software or electronic data impacted by a covered cyber event.

• Costs to work with a third party to restore information from backup data.
• Costs to hire temporary labor to run decryption keys or reimage certain impacted devices.
• Overtime costs paid to IT employees to restore from backups.
• Expenses for an external consultant to determine whether electronic information can be restored or replaced.

Examples of costs that do not fall under this definition include:

• Amounts associated with the value of lost data that is not restored.
• Costs to purchase additional hardware.
• Costs to restore data that belongs to a 3rd party or is not part of your Computer System.
• Expenses incurred to restore information that is not “Data.”
• Amounts paid as ransom (see Cyber Extortion loss section of policy for more information).
• Amounts paid to upgrade or enhance any systems, including migration to a Cloud environment.

Computer Hardware Replacement Cost

• Extra expense means reasonable and necessary expenses incurred by the insured organization during the period of restoration to minimize, reduce or avoid income loss , over and above those expenses the insured organization would have incurred had no security breach, system failure, dependent security breach or dependent system failure occurred; and includes reasonable and necessary expenses incurred by the insured organization to replace computers or any associated devices or equipment operated by, and either owned by or leased to, the insured organization that are unable to function as intended due to corruption or destruction of software or firmware directly resulting from a security breach , provided however that the maximum sublimit applicable to extra expense incurred to replace such devices or equipment is determined by individual policy agreement.

Part 2. of the bodily injury or property damage exclusion is deleted in its entirety and replaced with the following:

• physical injury to or destruction of any tangible property, including the loss of use thereof; but this will not apply to the loss of use of computers or any associated devices or equipment operated by, and either owned by or leased to, the insured organization that are unable to function as intended due to corruption or destruction of software or firmware directly resulting from a security breach . Electronic data shall not be considered tangible property;

All other terms and conditions of this policy remain unchanged.

Key definitions and guidance

Data Recovery Costs

Data recovery costs means the reasonable and necessary costs incurred by the insured organization to regain access to, replace, or restore data , or if data cannot reasonably be accessed, replaced, or restored, then the reasonable and necessary costs incurred by the insured organization to reach this determination. Data recovery costs will not include: (i) the monetary value of profits, royalties, or lost market share related to data , including but not limited to trade secrets or other proprietary information or any other amount pertaining to the value of data ; (ii) legal costs or legal expenses; (iii) loss arising out of any liability to any third party; or (iv) cyber extortion loss .

Extra Expense

Policy wording Extra expense means reasonable and necessary expenses incurred by the insured organization during the period of restoration to minimize, reduce or avoid income loss , over and above those expenses the insured organization would have incurred had no security breach, system failure, dependent security breach or dependent system failure occurred. Policy guidance Extra expense includes certain amounts incurred to minimize, reduce or avoid income loss , provided that such amounts are over and above those expenses the insured organization would have incurred had no covered cyber event occurred, provided that those amounts are actually sustained during the period of restoration as a result of the actual interruption of the insured organization’s business operations caused by a covered cyber event.

• Overtime (beyond normal overtime) paid to employees who work additional shifts to maintain business operations for a company.
• Incident travel expenses or mileage paid for employees working on responding to the incident to maintain business operations.
• Meals purchased for employees or contractors directly involved in responding to the covered cyber event.
• Costs for an outside consultant to create temporary work-arounds while other recovery efforts are ongoing.
• Premium costs for expedited shipping made necessary from outage.
• Costs of substitute products or services necessary to meet customer demand.

Examples of amounts that are not extra expenses include:

• Amounts paid for hardware (except to the extent the policy expressly provides coverage for hardware and only on the terms specified by the policy).
• Ordinary payroll expenses (although such expenses might be covered within income loss).
• Amounts paid to remediate network security.
• Prepaid or extended services.
• Service credits.
• Costs or expenses caused by an event, but which were not incurred to minimize, reduce, or avoid Income Loss.