Common use of Cyber Liability & Data Storage Clause in Contracts

Cyber Liability & Data Storage. The Airline shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health information; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three (3) years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health informationinformation caused by Company, any of its subcontractors, or cloud service providers used by Company; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; SAMPLE Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health informationinformation caused by Airline, any of its subcontractors, or cloud service providers used by Airline; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; SAMPLE Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health informationinformation caused by Airline, any of its subcontractors, or cloud service providers used by Airline; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three (3) years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health informationinformation caused by Company, any of its subcontractors, or cloud service providers used by Company; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three (3) years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health informationinformation caused by Company, any of its subcontractors, or cloud service providers used by Company; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; SAMPLE Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. SAMPLE The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three (3) years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health informationinformation caused by Company, any of its subcontractors, or cloud service providers used by Company; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and SAMPLE No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term life of this Agreement and such insurance will be maintained for a period of three years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health information, whether caused by Company, any of its subcontractors, or cloud service providers used by Company; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; SAMPLE breach of Network Security or other Privacy personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: breach involving personally identifiable information and Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-non- renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Agreement Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this the Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three (3) years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health informationinformation caused by Company, any of its subcontractors, or cloud service providers used by Company; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; SAMPLE First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three (3) years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health informationinformation caused by Company, any of its subcontractors, or cloud service providers used by Company; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; SAMPLE Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.. SAMPLE

Cyber Liability & Data Storage. The Airline shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health informationinformation caused by Company, any of its subcontractors, or cloud service providers used by Company; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term term of this Agreement and such insurance will be maintained for a period of three years thereafter for services completed during the Term term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health information; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and SAMPLE No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance Insurance, throughout the Term life of this Agreement Contract and such insurance will be maintained for a period of three years thereafter for services Services completed during the Term of this AgreementContract. Such insurance shall cover, at a minimum, the following: • Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health information, whether caused by Company, any of its subcontractors, or cloud service providers used by Company; • Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; • Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; • Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; • Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services Services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; • First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; • Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy Privacy breach involving personally identifiable information and personal health information; and • No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 2,000,000 Annual Aggregate $5,000,000 2,000,000 Event Management Expenses $5,000,000 2,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services Services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the this Contract Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services Services completed during the Term of this AgreementContract. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention., which may not exceed $100,000 per claim. Technology Professional Liability/Errors and Omissions insurance coverage may be included as part of the Cyber Liability insurance coverage required above. However, if the required Cyber Liability insurance and Technology Professional Liability/Errors and Omissions insurance coverages are provided in the same policy, the minimum limits of coverage will be increased to: Each Claim $10,000,000 Annual Aggregate $10,000,000

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term term of this Agreement and such insurance will be maintained for a period of three years thereafter for services completed during the Term term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health information; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date retroactive date prior to the Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term life of this Agreement and such insurance will be maintained for a period of three years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health information, whether caused by Company, any of its subcontractors, or cloud service providers used by Company; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; SAMPLE Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy Privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-non- renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Agreement Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this the Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three (3) years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health informationinformation caused by Company, any of its subcontractors, or cloud service providers used by Company; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; SAMPLE First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health informationinformation caused by Airline, any of its subcontractors, or cloud service providers used by Airline; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 SAMPLE Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three (3) years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health informationinformation caused by Company, any of its subcontractors, or cloud service providers used by Company; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. SAMPLE The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term life of this Agreement Supplemental Contract and such insurance will be maintained for a period of three years thereafter for services Services completed during the Term of this AgreementSupplemental Contract. Such insurance shall cover, at a minimum, the following:  Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health information, whether caused by Company, any of its subcontractors, or cloud service providers used by Company;  Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security;  Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data;  Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media;  Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services Services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin;  First and Third-Party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure;  Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy Privacy breach involving personally identifiable information and personal health information; and  No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services Services provided. If coverage is canceled or non-renewed, renewed and not replaced with another claims-made policy form with a Retroactive Date prior to the Contract Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services Services completed during the Term of this AgreementSupplemental Contract. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention., which may not exceed $100,000 per claim. Technology Professional Liability/Errors and Omissions insurance coverage may be included as part of the Cyber Liability insurance coverage required above. However, if the required Cyber Liability insurance and Technology Professional Liability/Errors and Omissions insurance coverages are provided in the same policy, the minimum limits of coverage will be increased to: Each Claim $10,000,000 Annual Aggregate $10,000,000

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term life of this Agreement and such insurance will be maintained for a period of three years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health information, whether caused by Company, any of its subcontractors, or cloud service providers used by Company; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; E Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; SAMPL First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy Privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-non- renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Agreement Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this the Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.

Cyber Liability & Data Storage. The Airline Company shall purchase and maintain Cyber Liability Insurance throughout the Term of this Agreement and such insurance will be maintained for a period of three (3) years thereafter for services completed during the Term of this Agreement. Such insurance shall cover, at a minimum, the following: Network Security Liability covering liability for failures or breaches of network security and unauthorized access, including hackings and virus transmission or other type of malicious code, and electronic disclosure or use of confidential information, including personally identifiable information and personal health informationinformation caused by Company, any of its subcontractors, or cloud service providers used by Company; Privacy Liability covering liability, PCI fines, expenses, defense costs, and regulatory actions for disclosure of confidential information, including personally identifiable information and personal health information, even if not caused by a failure or breach of network security; SAMPLE Digital Asset Protection, including costs to reconstruct, restore or replace damaged software and data; Media liability, covering liability and defense costs for media wrongful acts such as defamation, disparagement, and copyright/trademark infringement and trade dress in the dissemination of internet content and media; Cyber-Extortion coverage, including negotiation and payment of ransomware demands and other losses from “ransomware” attacks resulting from the services provided by Airline Company to the Authority. Coverage extends to those payments made via traditional currencies, as well as non-traditional crypto-currencies such as Bitcoin; First and Third-party Business Interruption and Dependent Business Interruption Coverage resulting from a security breach and/or system failure; Data Breach Response Coverage, including coverage for notifying affected parties, setting up call center services, provision of credit monitoring services, identity theft protection services, computer forensic expenses, conduct, data reconstruction, legal expenses, and public relations expenses resulting from a breach of Network Security or other privacy breach involving personally identifiable information and personal health information; and No exclusion for Cyber Terrorism coverage. The minimum limits of liability shall be: Each Occurrence $5,000,000 Annual Aggregate $5,000,000 Event Management Expenses $5,000,000 L E Such Cyber Liability coverage must be provided on an Occurrence Form or, if on a Claims Made Form, the retroactive date must be no later than the first date of services provided. If coverage is canceled or non-renewed, and not replaced with another claims-made policy form with a Retroactive Date prior to the Effective Date, the Airline Company must purchase “extended reporting” coverage, which will provide coverage to respond to claims for a minimum of three years after completion of services completed during the Term of this Agreement. The Cyber Liability Insurance coverage may be subject to a deductible or self-insured retention.