nzi vs AIG — Cyber liability
Cyber liability covers both first-party costs (incident response, forensic, notification, business interruption, ransom) and third-party liability (privacy claims, regulator fines). NZ wordings differ on whether ransomware extortion payments are insurable and how Privacy Commissioner penalties interact with statutory liability.
nzi
—
Not on file — request latest wording from nzi via FCIB.
AIG
AIG Insurance New Zealand Limited
Wording on file: AIG CyberEdge
Effective: 2024-05-27
Tier D (blocked) FCIB panel
Side-by-side fact comparison
Each row is a fact-key from the Cyber liability wording. "Not on file" means either the wording doesn't address that fact, or Phase C structured-facts extraction hasn't been run yet on this insurer's wording.
| Fact | nzi | AIG |
|---|---|---|
| limit of indemnity options | Not on file | Not on file |
| first party costs covered | Not on file | [ "Legal Expenses (fees, costs and expenses of a Response Advisor providing Legal Services)", "IT Expenses (fees, costs and expenses of an IT Specialist providing IT Services)", "Data Recovery Expenses (reasonable and necessary fees, costs and expenses to identify, determine recoverability of, and restore/recreate/repair/recollect lost, damaged, destroyed, encrypted or corrupted Data)", "Reputation Protection Expenses (fees, costs and expenses of a Public Relations Advisor providing Reputation Protection Services)", "Notification Expenses (investigating and collating information, preparing notices and notifying Data Subjects, Third Parties and Regulators, setting up and operating call centres)", "Credit Monitoring and ID Monitoring Expenses (for Data Subjects whose Personal Information is reasonably believed to have been disclosed or transmitted, for up to 2 years from activation)", "Bricking Recovery Expenses (if Bricking Recovery Expenses Cover is Included: reasonable and necessary fees, costs and expenses to replace non-functional components of a Company Computer System)", "First Response Expenses (if First Response Cover is Included: fees, costs and expenses of First Response Advisor, First Response IT Specialist and Public Relations Advisor)", "Network Loss (actual Loss sustained from reduction in business income and Increased Costs of Working during and after a Material Interruption)", "Network Interruption Costs (reasonable and necessary costs and expenses to minimise Network Loss or reduce impact of Material Interruption)", "Loss Preparation Costs (if Loss Preparation Costs Cover is Included: professional fees and expenses of third-party forensic accounting firm)", "Cyber Extortion Loss: payment of cash, monetary instrument, Cryptocurrency (including costs to obtain such Cryptocurrency) or fair market value of property paid to prevent or end an Extortion Threat, and Cyber Extortion Expenses" ] |
| third party costs covered | Not on file | [ "Damages that an Insured is legally liable to pay resulting from a Claim (including punitive or exemplary or multiple damages where lawfully insurable and any monetary amounts required by law or agreed by settlement to deposit into a consumer redress fund)", "Defence Costs in relation to the investigation, response, defence, appeal or settlement of a Claim or Regulatory Investigation", "Data Protection Fines: any lawfully insurable fines or penalties adjudicated by a Regulator for breach of Data Protection Legislation", "Amounts payable in connection with a PCI-DSS Assessment", "Digital Media Content Liability: Damages and Defence Costs arising from Claims for Wrongful Acts in Digital Media Activities" ] |
| ransomware payment handling | Not on file | Covered under Cyber Extortion Coverage. Extortion Threat includes any threat to commit or continue an intentional attack against a Company Computer System (including through the use of ransomware). Loss includes any payment of cash, monetary instrument, Cryptocurrency (including the costs to obtain such Cryptocurrency) or the fair market value of any property which a Company has paid, to prevent continuation of, or end, an Extortion Threat; and Cyber Extortion Expenses. Exclusion applies to extent payment would expose Insurer to applicable anti-terrorism legislation. |
| business interruption inclusion | Not on file | Covered under Network Interruption Coverage Section. The Insurer will pay Network Loss (actual Loss sustained resulting from the reduction in business income and Increased Costs of Working) and Network Interruption Costs incurred as a result of a Material Interruption to a Company Computer System or OSP Computer System caused by a Security Failure, System Failure, Voluntary Shutdown, Regulatory Shutdown, OSP Security Failure or OSP System Failure (each only if that cover is Included), where the duration of the Material Interruption exceeds the applicable Waiting Hours Period specified in the schedule. Network Loss is recoverable during the Insured Event (up to 120 days) and during the 90 days following resolution. |
| privacy commissioner penalty handling | Not on file | Data Protection Fines: Any lawfully insurable fines or penalties which are adjudicated by a Regulator to be payable by a Company for a breach of Data Protection Legislation. Data Protection Fines does not include any other type of civil or criminal fines and penalties. Regulator includes any other government agency or authorised Data protection authority who makes a demand on the Insured in relation to Data Protection Legislation. |
| breach notification costs | Not on file | Notification Expenses: the reasonable and necessary fees, costs and expenses incurred by a Company, with the Insurer's prior written consent, of: (i) investigating and collating information; (ii) preparing notices and notifying Data Subjects, Third Parties and Regulators; and (iii) setting up and operating call centres, with regard to any actual or suspected Breach of Confidential Information. |
| forensic costs covered | Not on file | IT Expenses: reasonable and necessary fees, costs and expenses of an IT Specialist providing IT Services, including substantiating whether an Insured Event has occurred, how it occurred and whether it is still occurring; identifying compromised Data; establishing extent of Confidential Information compromise; containing and resolving an Insured Event. Loss Preparation Costs (if Included): reasonable and necessary professional fees and expenses of a third-party forensic accounting firm to establish, prove, verify or quantify Network Loss or Network Interruption Costs. |
| key exclusions | Not on file | [ "Betterment: costs of updating, upgrading, enhancing or replacing a Company Computer System beyond its prior level, or removing software program errors or vulnerabilities (with carve-outs where Bricking Recovery Expenses Cover is Included)", "Bodily Injury and Property Damage: physical injury, mental illness, sickness, disease, death, or loss/damage/destruction of tangible property (with limited carve-outs)", "Government Entity or Public Authority: seizure, confiscation or nationalisation by order of any government entity or public authority", "Infrastructure: electrical or mechanical failure of infrastructure not under the control of a Company (with carve-out for Loss caused solely by Security Failure or Breach of Confidential Information)", "Internal/Staff Costs: payroll, fees, benefits, overheads or internal charges of any kind incurred by a Company", "Patent/Trade Secret: infringement of patents, loss of rights to secure registration of patents, or misappropriation of trade secrets by or for the benefit of a Company", "War and Terrorism: war (whether declared or not), terrorism (except Cyber Terrorism), invasion, use of military force, civil war, popular or military rising, rebellion or revolution", "Anti-Terrorism Legislation (Cyber Extortion): payments that would expose the Insurer to applicable anti-terrorism legislation or regulation", "Business Conditions (Network Interruption): loss of earnings or costs attributable to unfavourable business conditions", "Trading Losses (Network Interruption): trading losses, liabilities or changes in trading account value", "Liability (Network Interruption): written demands or civil/administrative/arbitral proceedings by Third Parties, or penalties paid to Third Parties", "Anti-Trust (Security and Privacy Liability; Digital Media): actual or alleged antitrust violation, restraint of trade, unfair competition, unfair or deceptive business practices, consumer protection law violations", "Assumed Liability, Guarantee, Warranty (Security and Privacy Liability): liability assumed under contract except to extent it would have attached in absence of contract (with carve-outs)", "Employment Practices Liability (Security and Privacy Liability; Digital Media): employment practices including wrongful dismissal, discrimination, harassment, retaliation", "Securities Claims (Security and Privacy Liability; Digital Media): violations of laws relating to Securities ownership, purchase, sale or offer", "Insured v Insured: Claims brought by or on behalf of an Insured against another Insured (with specific carve-outs per section)", "Prior or Pending proceedings as of the Continuity Date or claims arising from facts that should have been notified under prior policies", "Non-compensatory or multiple Damages (except where expressly covered), liquidated Damages", "Fines or penalties (except Data Protection Fines to the extent covered under Insurance Cover 1.1)", "Costs of complying with injunctive or other non-monetary relief", "Internal/staff costs and overheads of any Insured from Loss definitions" ] |
| territory | Not on file | any country (Data Protection Legislation defined as Privacy Act 2020 and all other equivalent laws and regulations relating to the regulation and enforcement of Data protection or Data privacy in any country; Regulator established pursuant to Data Protection Legislation in any jurisdiction) |
| claims made trigger | Not on file | this policy only covers Claims first made against You during the Policy Period and first notified to the Insurer in writing during the Policy Period. This policy does not provide cover for any Claims made against You during the Policy Period if at any time prior to the commencement of the Policy Period You became aware of facts which might give rise to those Claims being made against You. |
| privacy act handling | Not on file | Data Protection Legislation means the Privacy Act 2020, and any subsequent legislation that alters, repeals or replaces such legislation and all other equivalent laws and regulations relating to the regulation and enforcement of Data protection or Data privacy in any country. Data Protection Fines means any lawfully insurable fines or penalties which are adjudicated by a Regulator to be payable by a Company for a breach of Data Protection Legislation. The Insurer will pay Loss resulting from a Regulatory Investigation first occurring during the Policy Period, including Defence Costs and Data Protection Fines. |
| retroactive date handling | Not on file | Wrongful Act: any actual or alleged act on or after the Retroactive Date and prior to the end of the Policy Period in the course of undertaking Digital Media Activities. |
| insured vs insured exclusion | Not on file | Security and Privacy Liability: Any Claim brought by or on behalf of an Insured against another Insured. This Exclusion shall not apply to an actual or alleged unauthorised access to or unauthorised disclosure of Personal Information of any Employee, director, principal, partner or officer. Digital Media Content Liability: Any Claim brought by or on behalf of an Insured against another Insured except a Claim by an Insured which directly results from another Claim by a Third Party first made during the Policy Period and covered by this Digital Media Content Liability Coverage Section. |
| occurrence basis vs claims made | Not on file | mixed |
| defence costs in or outside limit | Not on file | in_limit |