Common use of Cyber Liability (Network Security Clause in Contracts

Cyber Liability (Network Security. Privacy Liability) shall be a limit of not less than Five Million Dollars ($5,000,000) per claim subject to policy terms, conditions, and limitations. The network security/privacy liability coverage exposures shall include, but not be limited to: Coverage for unauthorized access, denial of service attacks, computer viruses, Trojan horses, worms, transmission of any other type of malicious or damaging code, and failure of security; Hostile action or threat of hostile action with the intent to affect, alter, copy, corrupt, destroy, disrupt, damage, or provide unauthorized access/unauthorized use of a computer system, including exposing or publicizing confidential electronic data or causing electronic data to be inaccessible; Dishonest, fraudulent, malicious, or criminal use of a computer system by a person, whether identified or not, and whether acting alone or in collusion with other persons, to affect, alter, copy, corrupt, delete, disrupt, or destroy a computer system or obtain financial benefit for any party or to steal or take electronic data; Denial of service for which the Contractor is responsible that results in the degradation of or loss of access to internet or network activities or normal use of a computer system; Loss of service for which the Contractor is responsible that results in the inability of a third party, which is authorized to do so, to gain access to a computer system and conduct normal internet or network activities; Failure to prevent access to a computer system or computer system resources by an unauthorized person or an authorized person in an unauthorized manner; Breach of privacy and the failure to protect and disclosure of personally identifiable information, and health information no matter how such loss occurs; Violation of privacy regulations, as defined by the insurance policy, in connection with the protection of information; Coverage shall not exclude the Authority’s notification and crisis management costs, identity theft monitoring and regulatory defense; Disclosure of any third party’s proprietary information including liability for interruption of Authority or any third party’s business including claims for loss of use. Continuous coverage shall be maintained, or an extended reporting period will be exercised for a period of not less than three years from termination or expiration of this Contract. The retroactive date shall precede the effective date of this Contract. The Metropolitan Washington Airports Authority shall be included as an Additional Insured for Vicarious Liability as in respects to the Contractor’s actions on behalf of the Authority. The policy shall not contain an exclusion of coverage in the event an “Additional Insured” brings an action against the “Named Insured”. In the event the policy contains an “Insured v. Insured” exclusion, the Contractor shall ensure the “Insured v. Insured” exclusion is amended to allow an “Additional Insured” to bring an action against the “Named Insured”.

Cyber Liability (Network Security. Privacy Liability) shall be a limit of not less than Five Million Dollars ($5,000,000) per claim subject to policy terms, conditions, and limitations. The network security/privacy liability coverage exposures shall include, but not be limited to: Coverage for unauthorized access, denial of service attacks, computer viruses, Trojan horses, worms, transmission of any other type of malicious or damaging code, and failure of security; Hostile action or threat of hostile action with the intent to affect, alter, copy, corrupt, destroy, disrupt, damage, or provide unauthorized access/unauthorized use of a computer system, including exposing or publicizing confidential electronic data or causing electronic data to be inaccessible; Dishonest, fraudulent, malicious, or criminal use of a computer system by a person, whether identified or not, and whether acting alone or in collusion with other persons, to affect, alter, copy, corrupt, delete, disrupt, or destroy a computer system or obtain financial benefit for any party or to steal or take electronic data; Denial of service for which the Contractor is responsible that results in the degradation of or loss of access to internet or network activities or normal use of a computer system; Loss of service for which the Contractor is responsible that results in the inability of a third party, which is authorized to do so, to gain access to a computer system and conduct normal internet or network activities; Failure to prevent access to a computer system or computer system resources by an unauthorized person or an authorized person in an unauthorized manner; Breach of privacy and the failure to protect and disclosure of personally identifiable information, and health information no matter how such loss occurs; Violation of privacy regulations, as defined by the insurance policy, in connection with the protection of information; Coverage shall not exclude the Authority’s notification and crisis management costs, identity theft monitoring and regulatory defense; Disclosure of any third party’s proprietary information including liability for interruption of Authority or any third party’s business including claims for loss of use. Continuous coverage shall be maintained, or an extended reporting period will be exercised for a period of not less than three years from termination or expiration of this Contract. The retroactive date shall precede the effective date of this Contract. The Metropolitan Washington Airports Authority shall be included as an Additional Insured for Vicarious Liability as in respects to the Contractor’s actions on behalf of the Authority. The policy shall not contain an exclusion of coverage in the event an “Additional Insured” brings an action against the “Named Insured”. In the event the policy contains an “Insured v. Insured” exclusion, the Contractor shall ensure the “Insured v. Insured” exclusion is amended to allow an “Additional Insured” to bring an action against the “Named Insured”.