Ransomware Payment Handling in NZ Cyber Cover

Part 5 Consequential Loss: Underwriters will indemnify the Insured for Consequential Loss (including loss of Gross Profit and/or Increased Costs and Claims Preparation Costs) suffered during the Indemnity Period resulting from interruption to or interference with the Insured's Business caused by a Covered Event during the Policy Period in respect of which the Underwriters have accepted indemnity. Maximum indemnity is 90% of sum Insured in aggregate; maximum per claim is 40% of sum Insured during any 3 month period; Indemnity Period up to 12 months or such other period as specified in the Schedule.

[
  "direct costs"
]

Covers the insured against financial loss following a business interruption event which is a result of a claim covered under the Public Liability, Statutory Liability or Employers Liability policy.

Covered under Cyber Extortion Coverage. Extortion Threat includes any threat to commit or continue an intentional attack against a Company Computer System (including through the use of ransomware). Loss includes any payment of cash, monetary instrument, Cryptocurrency (including the costs to obtain such Cryptocurrency) or the fair market value of any property which a Company has paid, to prevent continuation of, or end, an Extortion Threat; and Cyber Extortion Expenses. Exclusion applies to extent payment would expose Insurer to applicable anti-terrorism legislation.

[
  "Legal Expenses (fees, costs and expenses of a Response Advisor providing Legal Services)",
  "IT Expenses (fees, costs and expenses of an IT Specialist providing IT Services)",
  "Data Recovery Expenses (reasonable and necessary fees, costs and expenses to identify, determine recoverability of, and restore/recreate/repair/recollect lost, damaged, destroyed, encrypted or corrupted Data)",
  "Reputation Protection Expenses (fees, costs and expenses of a Public Relations Advisor providing Reputation Protection Services)",
  "Notification Expenses (investigating and collating information, preparing notices and notifying Data Subjects, Third Parties and Regulators, setting up and operating call centres)",
  "Credit Monitoring and ID Monitoring Expenses (for Data Subjects whose Personal Information is reasonably believed to have been disclosed or transmitted, for up to 2 years from activation)",
  "Bricking Recovery Expenses (if Bricking Recovery Expenses Cover is Included: reasonable and necessary fees, costs and expenses to replace non-functional components of a Company Computer System)",
  "First Response Expenses (if First Response Cover is Included: fees, costs and expenses of First Response Advisor, First Response IT Specialist and Public Relations Advisor)",
  "Network Loss (actual Loss sustained from reduction in business income and Increased Costs of Working during and after a Material Interruption)",
  "Network Interruption Costs (reasonable and necessary costs and expenses to minimise Network Loss or reduce impact of Material Interruption)",
  "Loss Preparation Costs (if Loss Preparation Costs Cover is Included: professional fees and expenses of third-party forensic accounting firm)",
  "Cyber Extortion Loss: payment of cash, monetary instrument, Cryptocurrency (including costs to obtain such Cryptocurrency) or fair market value of property paid to prevent or end an Extortion Threat, and Cyber Extortion Expenses"
]

Covered under Network Interruption Coverage Section. The Insurer will pay Network Loss (actual Loss sustained resulting from the reduction in business income and Increased Costs of Working) and Network Interruption Costs incurred as a result of a Material Interruption to a Company Computer System or OSP Computer System caused by a Security Failure, System Failure, Voluntary Shutdown, Regulatory Shutdown, OSP Security Failure or OSP System Failure (each only if that cover is Included), where the duration of the Material Interruption exceeds the applicable Waiting Hours Period specified in the schedule. Network Loss is recoverable during the Insured Event (up to 120 days) and during the 90 days following resolution.