Attached to and forming part of

Policy No.4056/0000000000

CYBER LIABILITY POLICY- SCHEDULE

Policy No: Issued at:

Item 1 Policyholder :
Item 2 Address:
Item 3 Professional Services
Item 4 Policy Period: From:
To:
Item 5 Extended Reporting XX Days at Nil additional premium
Period:

Item 6 Limit of Liability: (in INR)

(for all Claims in the aggregate during the
Policy Period)
Item 7 Sub-Limit of Liability: (in INR)

a) Credit Monitoring Costs

b) Crisis Management
Costs
c) Civil Fines and
Penalties
d) Cyber Extortion Costs
e) Data Restoration Costs
f) Forensic Costs
g) Privacy Notification
Costs
Item 8 Business Interruption a) Sub-limit INR
Loss b) Waiting XX hours
Period
Item 9 Retention: For Insuring Clause INR
1.1
For Insuring Clause INR

IRDA Registration No. 115

Cyber Liability Insurance (Misc 139) Page 1 of 22
 Attached to and forming part of
Policy No.4056/0000000000

1.2
Item 10 New Subsidiary XX%
Acquisition %
Item 11 Prior Acts Exclusion For Insuring Clause 1.1
Date: For Insuring Clause 1.2

Item 12 Prior and Pending For Insuring Clause 1.1

Litigation Date: For Insuring Clause 1.2
Item 13 Premium: Net Premium – INR
Service Tax @14% INR
Swachh Bharat Cess @ 0.5% INR
Krishi Kalyan Cess @ 0.5% INR
Total Premium - INR
Item 14 Territorial Scope and For Insuring Clause
Jurisdiction: 1.1
For Insuring Clause
1.2
but excluding countries on which sanction of
US, UK, EU, UN or any other sanction is
applicable
Item 15 Insurer contact details:

a) Toll-freenumber:1800-2666

b) Postal Address:
ICICI Lombard General Insurance Company Limited
ICICI Lombard House,
414, Veer Savarkar Marg,
Near SiddhiVinayakTemple,
Prabhadevi, Mumbai 400025

c) E-mail:[email protected]

IRDA Registration No. 115

Cyber Liability Insurance (Misc 139) Page 2 of 22
 Attached to and forming part of
Policy No.4056/0000000000

Item 16 Endorsements Applicable at

Inception:

Item 17 Intermediary details Broker code -

Broker name –

IRDA Registration No. 115

Cyber Liability Insurance (Misc 139) Page 3 of 22
 Attached to and forming part of
Policy No.4056/0000000000

Cyber Liability Insurance

Policy Wording

Scope of Cover
In consideration of the receipt of premium, and in reliance of the statements made
and the information contained in the proposal form (which are a part of and form the
basis of this Policy) and subject to the terms and conditions of this Policy, the Insurer
and the Policyholder agree as follows.

1 Insuring Clauses:

The following insurance covers are solely for Claims which are first made against the
Insured, by a Third Party, during the Policy Period (or the Extended Reporting Period,
if applicable) and reported to the Insurer as required under this Policy

1.1 Security & The Insurer will pay the Loss arising out of a Security Breach
Privacy and/or Privacy Breach by the Insured that results in:
Liability (a) theft, loss, or Unauthorized Disclosure of Personal
Information;
(b) alteration, corruption, destruction, deletion, or damage
to Data stored in Computer System;
(c) denial of access to the authorised Third Party to the
Data stored in Computer System.

1.2 Multimedia The Insurer will pay the Loss arising out of Multimedia
Liability Activities of the Insured that results in:
(a) defamation including but not limited to libel, slander,
trade libel, infliction of emotional distress, outrage,
outrageous conduct or other tort related to
disparagement or harm to the reputation or character
of any person or organization;
(b) violation of the rights of privacy or publicity of an
individual, including false light and public disclosure of
private facts, commercial mis-appropriation of name,
persona, voice or likeness;
(c) infringement of copyright, domain name, title, or
slogan, trademark, service mark, service name, or
trade name
(d) plagiarism, misappropriation or theft of ideas or
IRDA Registration No. 115
Cyber Liability Insurance (Misc 139) Page 4 of 22
 Attached to and forming part of
Policy No.4056/0000000000

information under implied contract;

(e) domain name infringement or improper deep linking or

framing

2 Extensions:
2.1 Extended If this Policy is not:
Reporting (a) renewed by the Insurer or the Policyholder; nor
Period (b) replaced by the Insurer, nor
(c) cancelled by the Insurer for a breach of the terms of
this Policy by an Insured,

then the Policyholder shall have the right to an Extended

Reporting Period.
2.2 New (a) The definition of Company is extended to automatically
Subsidiary include any entity which becomes a Subsidiary during
the Policy Period if such entity:

(i) has annual revenues below the percentage as

mentioned at Item 10 of the Schedule of the
total consolidated revenue of the Policyholder;
(ii) undertakes same Professional Services as
undertaken by the Company and covered under
this Policy;
(b) If the entity is excluded from coverage on account of (i)
to (ii) above, then to extend coverage, the Company
must:
(i) provide the Insurer with additional information
as the Insurer may reasonably require;
(ii) accept any notified alteration in the terms of this
Policy; and
(iii) pay any additional premium specified by the
Insurer, before the end of the specified period.

2.3 First Party The definition of Loss is extended to include:

Costs
(a) Credit Monitoring Costs;

(b) Crisis Management Costs;

(c) Civil Fines and Penalties

(d) Cyber Extortion Costs;

IRDA Registration No. 115

Cyber Liability Insurance (Misc 139) Page 5 of 22
 Attached to and forming part of
Policy No.4056/0000000000

(e) Data Restoration Costs;

(f) Forensic Costs;

(g) Privacy Notification Costs.

The sub-limits for each cover above is as specified in Item 7 of

the schedule

2.4 Business The Insurer will pay the Business Interruption Loss, incurred
Interruption Loss by the Company, upto the limit mentioned in Item 8a of the
Schedule.

3 Exclusions:

A) Exclusions applicable to all Insuring Clauses

Insurer shall not be liable for Loss, based upon, arising out of, attributable to or in
any manner involving:

3.1 Anti –trust any actual or alleged unfair competition, antitrust

violations, deceptive trade practices, or restraint of
trade or antitrust statute, legislation, or regulation.
However this exclusion shall not apply to Insuring
Clause 1.2

3.2 Bodily Injury/ any Bodily Injury or Property Damage, except that this
Property Damage exclusion shall not apply to wrongful infliction of
emotional distress or mental anguish arising out of
actual or alleged Multimedia Activities, Privacy Breach,
Security Breach as covered under Insuring Clauses 1.1
and 1.2

3.3 Insolvency administration or receivership of the Insured

3.4 Employers Liability a) Any bodily injury, sickness, disease, death or
emotional distress or disturbance, to any
employee of the Company;

b) Responsibilities, obligations or duties imposed

on the Insured by laws pertaining to pension,
healthcare, welfare, profit sharing, mutual or
investment plans, funds or trusts.
3.5 Contractual Liability any assumption of liability under a contract or
agreement. Provided however that this exclusion will

IRDA Registration No. 115

Cyber Liability Insurance (Misc 139) Page 6 of 22
 Attached to and forming part of
Policy No.4056/0000000000

not apply:

(i) with respect to the coverage provided by

Insuring Clause 1.1a & 1.2 e; or

(ii) to the extent the Insured would have

been liable for such Loss in the absence
of such contract or agreement;

3.6 Prior Acts any act, error, omission, Privacy Breach or Security
Breach that occurred prior to the Prior Acts exclusion
date specified at Item 11 of the Schedule

3.7 Criminal, Dishonest

any act, error or omission which a court, tribunal,
and Fraudulent Acts
arbitrator or Regulatory body finds, or which an
Insured admits, to be a criminal, dishonest or
fraudulent act.
The Insurer will continue to pay on behalf of an
Insured, Defence Costs under this Policy until a
dishonest, criminal or fraudulent act, error or omission
is found by a court, tribunal, arbitrator or Regulator to
have been committed by an Insured. Following such
finding the Insurer shall be entitled to repayment of
any amount paid to the Insured under this Policy.
3.8 Intellectual Property any actual or alleged: infringement, misuse or abuse of
patent, trade name, trademark and trade secret.

3.9 Unlawful gathering (a) Actual or alleged unlawful gathering of

of Private Data or Personal information; or
Information (b) any unsolicited communication;
while conducting business by the Insured.
3.10 Infrastructure any mechanical, electrical, telecommunications or
satellite failure unless under the Insured’s operational
control.
3.11 Mislabelling any actual or alleged inaccurate, inadequate, or
incomplete description of the price of goods, products,
or services provided by the Insured
3.12 Prior and Pending any pending or prior civil, administrative or regulatory
Litigation proceeding, investigation as on the prior and pending
litigation date specified at Item 12 of the Schedule, or
alleging or derived from the same or essentially the
same facts or circumstances as alleged in such
pending or prior litigation.
3.13 Licensing Fees
any actual or alleged obligation to make licensing fee
or royalty payments, including but not limited to the
amount or timeliness of such payments
IRDA Registration No. 115
Cyber Liability Insurance (Misc 139) Page 7 of 22
 Attached to and forming part of
Policy No.4056/0000000000

3.14 Pollution any actual, alleged or likely discharge, emission,

release, treatment or removal of Pollutants; or any
regulation, order, direction or request to test, monitor,
clean up, remove, contain, treat, detoxify or neutralize
Pollutants.
3.15 Trading Losses any trading loss or trading debt incurred by Insured
3.16 War/ Terrorism any war, invasion, acts of foreign enemies, terrorism
riots, rebellion.

B) Exclusions applicable to Extension 2.4 only

The Insurer shall not be liable for Business Interruption Loss arising out of, based
upon or attributable to:
3.17 Government Entity Any seizure, confiscation or destruction of a Computer
or Public Authority System by order of any government entity or public
authority.
3.18 Other Exclusions (i) any network or systems interruption
caused by loss of communications with
a Third Party computer system,
resulting in the inability of the Company
to communicate with those systems;
(ii) legal costs or legal expenses of any
type;
(iii) updating, upgrading, enhancing or
replacing any Computer System to a
level beyond that which existed prior to
sustaining Network Loss;
(iv) unfavorable business conditions; or
(v) the removal of software program errors
or vulnerabilities.

IRDA Registration No. 115

Cyber Liability Insurance (Misc 139) Page 8 of 22
 Attached to and forming part of
Policy No.4056/0000000000

C) Exclusions applicable to Extension 2.3(d) only

3.19 Government
This Extension shall not cover any Cyber Extortion Costs
Entity or Public
arising out of, based upon or attributable to any Cyber
Authority
Extortion Threat made by any government entity or public
authority or an Insured

4 Definitions:

4.1 Bodily Injury means

/Property a. bodily injury- sickness, disease, death or
Damage emotional distress or disturbance;
b. damage to, destruction, impairment or loss of
use of any tangible property.

4.2 Breach means the laws and regulations for data protection and
Notice Law privacy in any country that requires notice to be given for an
actual or potential breach of laws and regulation relating to
Personal Information.

4.3 Business
Interruptionmeans the reduction in net profit that but for a Material
Loss Interruption, the Company would have earned (and which is
attributable to a loss of revenue) in the period from the
expiration of the Waiting Period until service is restored (but in
any event no later than 120 days after the commencement of
the Material Interruption) before payment of income taxes and
after accounting for savings and reasonable mitigation.
4.4 Claim means
(a) Any written demand for monetary or non-monetary
relief; or

(b) Any civil, administrative or regulatory proceeding;

4.5 Company means the Policyholder and/ or any Subsidiary

4.6 Computer means computer hardware, software, firmware, its related

System components operated by the Company or Consultant in the
provision of Professional Services
4.7 Consultant means any natural person or entity who has a written contract
with the Company to perform Professional Services.
4.8 Control means the natural persons holding the following positions in
Group the Company – President, members of the Board of Directors,
Chief Executive Officer, Chief Operating Officer, and Chief
Financial Officer; General Counsel, Chief Information Officer;
IRDA Registration No. 115
Cyber Liability Insurance (Misc 139) Page 9 of 22
 Attached to and forming part of
Policy No.4056/0000000000

Chief Security Officer; Chief Privacy Officer and any individual

in a substantially similar position as those referenced above,
or with substantially similar responsibilities as those
referenced above, irrespective of the exact title of such natural
person

4.9 Costs means

a) Credit Monitoring Costs; and/or

b) Crisis Management Costs; and/or

c) Cyber Extortion Costs; and/or

d) Data Restoration Costs; and/or

e) Defense Costs; and/or

f) Forensic Costs; and/or

g) Privacy Notification Costs.

4.10 Credit means reasonable fees, costs and expenses incurred, with the
Monitoring prior written consent of the Insurer, in respect of credit
Costs monitoring services for 12 months to affected individuals
following a Privacy Breach.
4.11 Crisis means reasonable fees, costs and expenses paid or incurred,
Management with the prior written consent of the Insurer, in respect of a
Costs public relations consultant to avert or mitigate material
damage to the Company’s reputation or goodwill arising from
a Crisis Management Event.

4.12 Crisis means the actual or threatened public communication or

Management reporting in any media which arises directly out of a Privacy
Event Breach or Security Breach.

4.13 Cyber means reasonable fees, costs and expenses paid, with the
Extortion prior written consent of the Insurer, to security consultants
Costs retained by the Company and cash, marketable goods or
services paid by the Company to prevent or end a Cyber
Extortion Threat
4.14 Cyber means a credible threat or series of related threats directed at
Extortion the Insured to corrupt, damage, destruction, or introduce a
Threat Malicious Code, or a denial of service attack to Computer
System
4.15 Damages means
(a) Any monetary compensation the Insured is legally

IRDA Registration No. 115

Cyber Liability Insurance (Misc 139) Page 10 of 22
 Attached to and forming part of
Policy No.4056/0000000000

obligated to pay pursuant to an award or judgment

entered against the Insured;or
(b) Settlements negotiated by Insured and consented to by
the Insurer
The term Damages shall not include or mean:
(i) future profits, restitution, disgorgement of unjust
enrichment or profits by an Insured, or the costs
of complying with orders granting injunctive or
equitable relief;

(ii) return or offset of fees

(iii) exemplary, aggravated, multiple or punitive
damages , taxes or loss of tax benefits,
sanctions ;
(iv) fines, penalties except as covered under
Insuring Clause 1.1 up to the sub-limit specified
at Item 7c of the Schedule.
(v) punitive or exemplary damages, unless
insurable by law under the law under which this
Policy is construed;
(vi) discounts, coupons, prizes, awards or other
incentives offered to the Company’s customers
or clients;
(vii) liquidated damages to the extent that such
damages exceed the amount for which the
Insured would have been liable in the absence of
such liquidated damages agreement
(viii) matters deemed uninsurable under law.
4.16 Data means any software or electronic data that exists in Computer
System and that is subject to regular back up procedures,
including computer programs, applications, account
information, customer information, private or personal
information, marketing information, financial information and
any other information.
4.17 Data means reasonable fess, costs and expenses incurred, with the
Restoration prior written consent of the Insurer, to:
Costs (a) determine whether Data held by the Company
on behalf of a Third Party can or cannot be
restored, recollected, or recreated; and/ or

(b) recreate or recollect Data held by the Company

on behalf of a Third Party

following a Security Breach

4.18 Defence means reasonable fees, costs and expenses incurred with the
Costs
IRDA Registration No. 115
Cyber Liability Insurance (Misc 139) Page 11 of 22
 Attached to and forming part of
Policy No.4056/0000000000

prior written consent of the Insurer (including court fees,

premiums for any surety, appeal bond, attachment bond,
personal bond or similar bond for any civil proceeding)
resulting solely and exclusively from the investigation,
adjustment, defence or appeal of a Claim against any Insured,

Defence Costs does not include any salary, overhead, or other

charges incurred by the Company for any time spent in
cooperating in the defence and investigation of any Claim or
circumstance which might lead to a Claim notified under this
Policy

4.19 Extended means he period, mentioned in Item 5 of the Schedule,

Reporting
following expiry of Policy Period, during which written notice
Period
of any Claim/Circumstance first made against the Insured
during the Policy Period may be given to the Insurer.
4.20 Forensic means reasonable fees, costs and expenses incurred by the
Costs Insured with the prior written consent of the Insurer to hire a
computer security expert to determine the existence and
cause of the Security Breach or Privacy Breach;

4.21 Insured means

(a) Company
(b) Any natural person who was, is, or becomes during the
Policy Period director, officer, partner, principal,
employee of any Company
Insured shall also include spouse , estate, heirs, executors or
legal representatives of the parties mentioned in (b) above in
the event of their death, incapacity, insolvency or bankruptcy,
but only to the extent (b) would have been covered

4.22 Insurer means ICICI Lombard General Insurance Company Ltd.

4.23 Limit of means the amount specified in Item 6 of the Schedule
Liability
4.24 Loss means any:

(a) Damages

(b) Defence Costs

Loss also includes Business Interruption Loss.

Loss does not mean any salaries, wages, personal expenses,

IRDA Registration No. 115

Cyber Liability Insurance (Misc 139) Page 12 of 22
 Attached to and forming part of
Policy No.4056/0000000000

benefits or overhead expenses of any Insured

4.25 Malicious means any software used to erase, corrupt or damage data or
Code network system or gain access to Computer Systems or
harmful software code, including but not limited to computer
viruses, Trojan horses, keystroke loggers, spyware, adware,
worms and logic bombs.
4.26 Material means any interruption in, or suspension of, the service
Interruption provided by the Computer System directly caused by a
Security Breach.
4.27 Multimedia means the publication or broadcast of any digital media
Activities content, other than computer software or the actual goods,
products or services described, illustrated or displayed.

4.28 Personal means any private information concerning a natural person

Information which is in the care, custody and control of the Company.
Provided however, Personal Information does not include
publicly available information that is lawfully made available to
the general public from any source including government
records.
4.29 Policyholder means the entity specified at Item 1 of the Schedule.
4.30 Policy Period means the period of time specified at Item 4 of the Schedule.
4.31 Pollutants means waste matter and energy that contaminates the
environment (water, air, soil, etc.) with noxious substances.
4.32 Privacy means
Breach a) an accidental or negligent disclosure of Personal
Information; or
b) Breach of any federal, state or foreign statute or regulation
requiring the Insured to protect the confidentiality and/or
security of Personal Information.

4.33 Privacy means reasonable fees, costs and expenses incurred by the
Notification Insured, with the prior written consent of the Insurer, towards
Costs their legal obligation to comply with a Breach Notice Law to
provide notification to individuals who are required to be
notified.

4.34 Professional means the services as specified in Item 3 of the Schedule.

Services
4.35 Retention means the applicable retention for each Insuring Agreement
as specified in at Item 9 of the Schedule.

4.36 Security means a failure of or intrusion of the Computer System to

Breach prevent

a) Unauthorized access to or Unauthorized use ;

b) prevent transmission of Malicious Code to Data
IRDA Registration No. 115
Cyber Liability Insurance (Misc 139) Page 13 of 22
 Attached to and forming part of
Policy No.4056/0000000000

irrespective of whether it is a specifically targeted attack or a

generally distributed attack.

Security Breach includes any such failure or intrusion resulting

from the theft of a password or network access code from
Company’s premises, Computer System, or director or officer,
or employee of a Company by non-electronic means in direct
violation of a Company’s specific written security policies or
procedures.
4.37 Subsidiary means any entity in which on or before the commencement of
this Policy the Policyholder either directly or indirectly through
one or more other entities:
(a) controls the composition of the board of directors; or
(b) holds more than half of the issued share capital; or
(c) controls more than half of the voting power.

For the purpose of this Policy Subsidiary shall also include any
incorporated entity or partnership, but only to the extent of the
Company’s financial interest in that entity.
For any Subsidiary or Insured thereof, cover under this Policy
shall only apply while such entity is a subsidiary of the
Policyholder
4.38 Third Party means any entity or natural person; except the following
(a) any Insured; or
(b) any entity which the Company manages or operates
(c) Any entity or natural person having more than 15%
stake in the Company
(d) Consultant

4.39 Unauthorized means disclosure that is not authorized by the Insured and is
Disclosure without knowledge or consent of the Control Group.

4.40 Waiting means the number of hours set forth in Item 8b of the
Period Schedule that must elapse once a Material Interruption has
begun before a Business Interruption Loss can begin to be
incurred.

5 Limit of Liability and Retentions:

The Insurer’s maximum aggregate liability under the Policy during the Policy Period
(or Extended Reporting Period, if applicable) is limited to the Limit of Liability, unless
expressly specified to the contrary in the Policy. The sub-limit for any cover or
Extension is a part of and not in addition to the Limit of Liability.

IRDA Registration No. 115

Cyber Liability Insurance (Misc 139) Page 14 of 22
 Attached to and forming part of
Policy No.4056/0000000000

The Insurer will only pay for any amount of Loss which is in excess of Retention. The
Company will be liable for the Retention which will remain uninsured. A single
Retention shall apply to all Loss arising out of, based upon or attributable to
continuous, repeated or related Claim/Loss.

6 General Conditions:

6.1 Claim (a) The Insured shall give written notice to the Insurer of:
Reporting
(i) any circumstances that may reasonably be
expected to give rise to a Claim;
(ii) any Claim made against the Insured,
during the Policy Period (or Extended Reporting Period if
applicable).

(b) Written notice shall be given to the Insurer at the address

specified in the Schedule as soon as reasonably
practicable and shall include (but is not limited to):

(i) the reasons for anticipating a Claim (or

circumstances);
(ii) the Insurer’s Claim form duly completed;
(iii) All other information or documentation relevant to
the Claim/circumstance.

(c) The Insured shall give written notice to the Insurer with
respect to Privacy Breach , Security Breach, Crisis
management Event , Cyber Extortion Threat , and share
the following details

(i) the nature and circumstances of the facts relating

to an alleged, supposed or potential breach;
alleged, supposed or potential breach;
(ii) date, time and place of the alleged, supposed or
potential breach;
(iii) the identity of the potential claimants and all other
potentially involved persons and/or entities;
(iv) estimate of possible loss;
(v) the potential media or regulatory consequences.
6.2 Claim Series All Claims and/or circumstance or series of Claims and/ or
circumstances based upon, arising out of, or in any manner
involving the same act, error, omission, Security Breach, Privacy
Breach whether or not committed by more than one Insured,
shall be deemed to be one Claim for the purposes of this Policy,
and such Claim shall be deemed to be first made on the date the
IRDA Registration No. 115
Cyber Liability Insurance (Misc 139) Page 15 of 22
 Attached to and forming part of
Policy No.4056/0000000000

earliest of such Claims/circumstance is first made against an

Insured. It is agreed and understood that notwithstanding the
provisions of this clause, each such Claim/circumstance shall be
notified to the Insurer in accordance with Clause 6.1 and shall
specify in writing the reasons for which the Claims/circumstances
arise from the same act, error, omission, Security Breach and/or
Privacy Breach.
6.3 Defence, The Insurer shall be entitled to fully participate in the defence and
Settlement at the negotiation stage of any settlement that is reasonably likely
and Co- to involve or appears to involve the Insurer. However, the right
operation and duty to defend and contest a Claim shall lie solely with the
Insured.

As a condition precedent to liability under the Policy, the Insured

at its own costs hall provide the Insurer with all documents,
information, assistance and cooperation that the Insurer may
request and require towards investigation, defence, settlement
or appeal of a Claim or circumstance. Each Insured shall also
take reasonable steps to mitigate the Loss.

6.4 Consent The Insured shall not admit or assume any liability, enter into any
settlement agreement, make any settlement offer, stipulate to
any judgment, or incur any costs without the prior written
consent of the Insurer. Only those settlements, stipulated
judgments and costs which have been consented to by the
Insurer and arising from Claims defended in accordance with this
Policy shall be recoverable as Loss under the terms of this Policy.
However, the Insurer's consent shall not be unreasonably
withheld.

If any Insured settles any Claim including any anticipated or

related Claim without the prior written consent of the Insurer ,
then this Policy shall not cover that Claim including any
anticipated or related Claim.

If the Insured refuses to consent to a settlement or compromise

recommended by the Insurer and elects to contest or continue to
contest a Claim, the Insurer’s liability shall not exceed the amount
for which the Insurer could have settled such Claim plus costs
incurred as of the date such settlement was proposed in writing
by the Insurer.

6.5 Allocation If a Claim involves both covered and uncovered matters or

persons or entities under this Policy, then the Insured and the
Insurer shall use reasonable efforts to determine a just and
equitable allocation of Loss covered under this Policy, taking into
account the legal and financial exposures, and in the event of a
settlement, also based on the relative benefit to the parties from
IRDA Registration No. 115
Cyber Liability Insurance (Misc 139) Page 16 of 22
 Attached to and forming part of
Policy No.4056/0000000000

settlement of such covered and uncovered matters.

In the event that the Insurer and the Insured cannot agree within
fifteen (15) days as to the amount of costs to be advanced under
the Policy, then the Insurer shall advance Defence Costs which
the Insurer believes to be covered under this Policy until a
different amount shall be agreed upon or determined pursuant
to the provisions of this Policy and applicable law.

6.6 Payment of The Insurer will pay all covered Costs in excess of the Retention ,
Costs covered by this Policy promptly after sufficiently detailed
invoices for those costs are received by the Insurer.

In the event that the Insurer advances any costs and it is finally
established that the Insurer has no liability for all or any portion
of these costs hereunder, the Insured, shall repay to the Insurer,
all monies advanced and so determined to be reimbursable.

The Crisis Management Costs can only be incurred from the date
of notification to the Insurer in accordance with clause 6.1 to the
date falling 185 days after such notification.

With the exception of Credit Monitoring Costs, Insurer will pay

only those Costs which are incurred and reported to the Insurer
during the Policy Period (or Extended Reporting Period)

6.7 Other If other valid insurance with any other Insurer is already available
Insurance to the Insured covering a Loss also covered by this Policy, this
Policy shall apply in excess of such other insurance and shall not
contribute with such other insurance.

6.8 Subrogation The Insured shall do everything necessary for the purpose of
enforcing any rights, remedies, obtaining relief or indemnity
from other parties to which the Insurer is become entitled upon
the Insurer paying for any Loss under this Policy, whether before
or after indemnification.

The Insured shall not do or cause to be done anything that may

prejudice the Insurer’s right of subrogation.

Subrogation against employees (including directors, officers,

partners or principals) of the Company shall be limited to cases
where such employees have been found guilty of an intentional,
fraudulent or criminal act by any court or government entity

The Insured agrees that any recoveries made shall first be

applied in making good any sums paid out by or on behalf of the
Insurer for a Loss and the costs of recovery.
IRDA Registration No. 115
Cyber Liability Insurance (Misc 139) Page 17 of 22
 Attached to and forming part of
Policy No.4056/0000000000

6.9 Maintenance The Insured will take all reasonable steps to maintain data and
of Security information security procedures to no lesser standard than
disclosed in the proposal form.

6.10 Bankruptcy The bankruptcy, winding-up, receivership or insolvency of any

Company shall not relieve the Insurer of its obligations nor
deprive any Insured of their rights under this Policy.

6.11 Authorisation The Policyholder is authorised to act as representative on behalf

of all the other Insureds with respect to all matters relating to or
affecting this Policy
6.12 Governing This Policy and all disputes and differences arising thereunder
Law shall be interpreted under, governed by and construed in all
respects in accordance with the laws of India.

6.13 Assignment Assignment of interest under this Policy shall not bind the Insurer
unless its consent is specifically provided for.

6.14 Observance The due observance and fulfillment of the terms, conditions and
of Terms and endorsements of this Policy in so far as they relate to anything to
Conditions be done or complied with by the Insured, shall be a condition
precedent to any liability on the Insurer’s part to make any
payment under this Policy.

6.15 No Any of the circumstances in relation to these conditions coming

Constructive to the knowledge of any of the Insurer’s official shall not be the
Notice notice to or be held to bind or prejudicially affect the Insurer
notwithstanding subsequent acceptance of any additional
premium.

6.16 Cancellation The Policyholder may cancel the Policy by giving 15 days notice
in writing to the Insurer and the Insurer shall refund premium for
the unexpired Policy Period at the short period scales specified
below. The Insurer may cancel the Policy on grounds of mis-
representation, fraud, non-disclosure of material facts or non-co-
operation of the insured by giving 30 days notice in writing to
the Insured and the Insurer shall refund a pro-rata premium for
the unexpired Policy Period. The Insured will not get any
cancellation refund in case there is a Loss /circumstance
reported under the Policy.

Days insurance in Percent of the annual premium

force retained by Insurer
1 to 90 35%
91-180 65%
181-270 80%

IRDA Registration No. 115

Cyber Liability Insurance (Misc 139) Page 18 of 22
 Attached to and forming part of
Policy No.4056/0000000000

Above 270 100%

6.17 Arbitration If any dispute or difference shall arise as to the quantum to be
Clause paid under this Policy (liability being otherwise admitted) such
difference shall independently of all other questions be referred
to the decision of a sole arbitrator to be appointed in writing by
the parties thereto or if they cannot agree upon a single
arbitrator within 30 days of any party invoking arbitration, the
same shall be referred to a panel of three arbitrators, comprising
of two arbitrators, one to be appointed by each of the parties to
the dispute/difference and the third arbitrator to be appointed by
such two arbitrators and arbitration shall be conducted under
and in accordance with the provisions of the Indian Arbitration
and Conciliation Act, 1996.

It is clearly agreed and understood that no dispute or difference

shall be referable to arbitration as herein before provided, if the
Insurer has disputed or not accepted liability under or in respect
of this Policy.

It is hereby expressly stipulated and declared that it shall be a

condition precedent to any right of action or suit upon this Policy
that the award by such arbitrator/arbitrators of the amount of the
Loss or damage shall be first obtained.

6.18 Title & The titles and headings used in this Policy, including any
Headings Endorsements, are for the purposes of reference only and shall
not otherwise affect the meaning of this Policy. Singular includes
the plural, and vice versa. Words in bold typeface(except
headings) have special meaning and are defined In Section 4.
6.19 Grievance In case the Insured is aggrieved in any way, the Insured should
Redressal call the Insurers at toll free number: 1800 2666 or email the
Insurer at [email protected].

If the Insured is not satisfied with the resolution, then the Insured
may successively write to the manager- service quality, corporate
manager- service quality, national manager- operations & finally
director-services and business development at the following
address:

Grievance Redressal Officer

ICICI Lombard General Insurance Company Limited
ICICI Lombard House
414, Veer Savarkar Marg
Near Siddhi Vinayak Temple,
Prabhadevi, Mumbai 400 025

In case the Insured’s complaint is not fully addressed by the

Insurer, Insurer may use the Integrated Greivance Management
IRDA Registration No. 115
Cyber Liability Insurance (Misc 139) Page 19 of 22
 Attached to and forming part of
Policy No.4056/0000000000

System (IGMS) for escalating the complaint to IRDAI. Through

IGMS, Insured can register the complaint online and track its
status. For registration please visit IRDAI website
www.irdaindia.org. If the issue still remains unresolved, the
Insured may, subject to vested jurisdiction, approach Insurance
Ombudsman for the redressal of the grievance.

The details of Insurance Ombudsman are available below:-

Office of the Insurance Office of the Insurance

Ombudsman,
2nd Floor, Ambica House,
Ashram Rd,
AHMEDABAD-380 014.
Tel.:- 079-27545441/27546840
Fax : 079-27546142
Email:
Ombudsman,
2nd Floor, Janak Vihar
Complex, 6, Malviya Nagar,
BHOPAL-462 003.
Tel.:- 0755-2769201/9202
Fax : 0755-2769203
Email:

[email protected] [email protected]

.in
Office of the Insurance
Ombudsman,
62, Forest Park,
BHUBANESHWAR-751 009.
Tel.:- 0674-2596455/2596003
Fax : 0674-2596429
Email:
.in
Office of the Insurance
Ombudsman,
SCO No.101-103,2nd Floor,
Batra Building, Sector 17-D,
CHANDIGARH-160 017.
Tel.:- 0172-
2706468/2772101 Fax :

[email protected] 0172-2708274
o.in Email:
bimalokpal.chandigarh@gbi
c.co.in
Office of the Insurance Office of the Insurance
Ombudsman, Ombudsman,
Fathima Akhtar Court, 4th Floor, 2/2 A, Universal Insurance
453 (old 312), Bldg.,Asaf Ali Road,
Anna Salai, Teynampet, NEW DELHI-110 002.
CHENNAI-600 018. Tel.:- 011-
Tel.:- 044-24333668 /24335284 23234057/23232037 Fax :
Fax : 044-24333664 011-23230858
Email: Email:
[email protected] [email protected]
n
Office of the Insurance Office of the Insurance
Ombudsman, Ombudsman,
“Jeevan Nivesh”, 5th Floor, S.S. 6-2-46, 1st Floor, Moin
Road, Court, A.C. Guards,
GUWAHATI-781 001 . Lakdi-Ka-Pool,
Tel.:- 0361-2132204/5 Fax : HYDERABAD-500 004.
0361-2732937 Tel : 040-
IRDA Registration No. 115
Cyber Liability Insurance (Misc 139) Page 20 of 22
 Attached to and forming part of
Policy No.4056/0000000000

Email: 65504123/23312122 Fax:

[email protected] 040-23376599
Email:
bimalokpal.hyderabad@gbi
c.co.in
Office of the Insurance Office of the Insurance
Ombudsman, Ombudsman,
2nd Floor, CC 27/2603, Pulinat Hindustan Building.
Bldg., M.G. Road, Annexe, 4th Floor,
ERNAKULAM-682 015. C.R.Avenue,
Tel : 0484-2358759/2359338 KOLKATA - 700072
Fax : 0484-2359336 Tel No: 033-
Email: 22124339/22124346 Fax:
[email protected] 22124341
n Email:
[email protected]
.in
Office of the Insurance Office of the Insurance
Ombudsman, Ombudsman,
Jeevan Bhawan, Phase-2, 3rd Floor, Jeevan Seva
6th Floor, Nawal Kishore Annexe,S.V. Road,
Road,Hazaratganj, Santacruz(W),
LUCKNOW-226 001. MUMBAI-400 054.
Tel : 0522 -2231331/2231330 Tel : 022-
Fax : 0522-2231310 26106960/26106552 Fax :
Email: 022-26106052
[email protected] Email:
[email protected]
o.in
Office of the Insurance Office of the Insurance
Ombudsman, Ombudsman,
Ground Floor, Jeevan Nidhi II, 3rd Floor, Jeevan Darshan,
Bhawani Singh Road, N.C. Kelkar Road,
JAIPUR – 302005. Narayanpet
Tel: 0141-2740363 PUNE – 411030.
Email: Tel: 020-32341320
[email protected] Email:
[email protected]
n
Office of the Insurance Office of the Insurance
Ombudsman, Ombudsman,
24th Main Road, Jeevan Soudha 4th Floor, Bhagwan Sahai
Bldg., Palace,
JP Nagar, 1st Phase, Ground Main Road, Naya Bans,
Floor Sector-15,
BENGALURU – 560025. NOIDA – 201301.
Tel No: 080-26652049/26652048 Tel: 0120-2514250/51/53
Email: Email:
IRDA Registration No. 115
Cyber Liability Insurance (Misc 139) Page 21 of 22
 Attached to and forming part of
Policy No.4056/0000000000

[email protected] [email protected]
n n
Office of the Insurance
Ombudsman,
1st Floor, Kalpana Arcade
Building,
Bazar Samiti Road, Bahadurpur,
PATNA – 800006
Tel No: 0612-2680952
Email id :
[email protected].

The updated details of Insurance Ombudsman are available on

IRDA website: www.irdaindia.org, on the website of General
Insurance Council: www.generalinsurancecouncil.org.in,
Insurer’s website www.icicilombard.com or can be obtained
from any of Insurer’s offices.

6.20 Maintenance The Insured will take all reasonable steps to maintain data and
of Security information security procedures to no lesser standard than
disclosed in the proposal form.

The Insured will ensure that back-up systems and processes are
maintained to no lesser standard than disclosed in the proposal
form and that the ability to restore such data is regularly tested
(at least every six (6) months).
6.21 Sanctions The Insurer shall not be deemed to provide cover under this
Clause Policy or be liable to pay any claim under the Policy to the extent
that the provision of such cover or payment of such claim would
expose the Insurer to any sanction, prohibition or restriction
under United Nations resolutions or the trade or economic
sanctions, laws or regulations of the European Union, United
Kingdom or United States of America.

IRDA Registration No. 115

Cyber Liability Insurance (Misc 139) Page 22 of 22