Cyber Insurance
Summary of Benefits

This Insurance Summary of Benefits is provided to inform you, as a member or customer of Aura Sub, LLC (“Aura”) who has paid the required premium for this insurance, are insured under a Tokio Marine Insurance Master Policy issued to Aura (“Aura Master Policy”) and described herein.

Various provisions in the Aura Master Policy restrict coverage. Read the entire Aura Master Policy carefully to determine rights, duties and what is and is not covered. This Summary of Benefits does not state all the terms, conditions, exclusions and definitions within the Aura Master Policy. Your benefits will be subject to all the terms, conditions, exclusions and definitions of the Aura Master Policy. A complete copy of the Aura Master Policy will be available upon request. If the Aura Master Policy is terminated, your benefits under the Aura Master Policy will cease effective that date. It is the obligation of Aura to inform you of any termination of the Aura Master Policy.  To obtain a complete copy of the Aura Master Policy as issued to Aura, please contact Aura at 1-866-237-5240.

Annual Limits of Insurance

‍

Aggregate Annual Limits of Insurance: $50,000

Insuring Agreements

a.  Data Recovery Coverage

1. Subject to the applicable Deductible and Limit of Insurance, the Company shall pay Digital Assets Loss and Special Expenses that an Insured incurs because of damage, alteration, corruption, distortion, theft, misuse or destruction of Digital Assets resulting from a System Failure, provided always that: (a) the Insured first discovers the System Failure during the Coverage Period; (b) the System Failure is reported to the Company in writing pursuant to this Policy; and (c) the Insured provides clear evidence that the Digital Assets Loss and Special Expenses directly result from a System Failure.
2. The Company shall pay Digital Assets Loss and Special Expenses for up to twelve (12) months following the Insured’s discovery of the System Failure, unless specified otherwise by endorsement to this Policy.
   

b.  Cyber Extortion Coverage

1. Subject to the applicable Deductible and Limit of Insurance, the Company shall pay Cyber Extortion Expenses and Cyber Extortion Monies that an Insured incurs as a direct result of a Cyber Extortion Threat, provided always that: (a) the Insured first discovers the Cyber Extortion Threat during the Coverage Period; and (b) the Cyber Extortion Threat is reported to the Company in writing pursuant to this Policy.
2. The Company shall not be obligated to pay Cyber Extortion Expenses or Cyber Extortion Monies for which the Company has not given Approval. The Insured must make every reasonable effort to notify local law enforcement authorities and the Federal Bureau of Investigation or equivalent foreign agency before surrendering any Cyber Extortion Monies in response to a Cyber Extortion Threat.

c.  Cyber Crime Coverage

Subject to the applicable Deductible and Limit of Insurance, the Company shall pay Cyber Extortion Expenses and Cyber Extortion Monies that an Insured incurs as a direct result of a Cyber Extortion Threat, provided always that: (a) the Insured first discovers the Cyber Extortion Threat during the Coverage Period; and (b) the Cyber Extortion Threat is reported to the Company in writing pursuant to this Policy.

d.  Cryptocurrency Crime Coverage

Subject to the applicable Deductible and Limit of Insurance, the Company shall pay for the loss of Cryptocurrency that an Insured sustains because of a Cryptocurrency Crime Event, provided always that: (a) the Insured first discovers the Cryptocurrency Crime Event during the Coverage Period; (b) the Cryptocurrency Crime Event is reported to the Company in writing pursuant to this Policy; and (c) the Insured provides written confirmation to the Company that the Insured’s Cryptocurrency Exchange has refused to reverse or prevent a payment transaction or to indemnify or reimburse the Insured for the loss of Cryptocurrency.

e.  Cyber Bullying Coverage

Subject to the applicable Deductible and Limit of Insurance, the Company shall pay Cyber Bullying Expenses that an Insured incurs because of a Cyber Bullying Incident, provided always that: (a) the Insured first discovers the Cyber Bullying Incident during the Coverage Period; and (b) the Cyber Bullying Incident is reported to the Company in writing pursuant to of this Policy.

Definitions

As used in this Policy:

1. “Account Manager” means any person or organization authorized by an Insured to request the transfer, payment or delivery of Money or Securities from a Covered Bank Account.
2. “Act of Cyber Terrorism” means the premeditated use of disruptive activities, or the threat to use disruptive activities, against a Computer System, including any associated network and Data stored thereon, with the intention to cause harm, to further social, ideological, religious, political, or similar objectives, or to intimidate any person in furtherance of such objectives; provided that such activities are not committed by, or at the express direction of, a sovereign state or a government simultaneously engaged in War or a Cyber Operation carried out as part of any War. 
3. “Application Program” means any computer software program that performs a particular function or task within the Computer Operating System for the end-user, including, but not limited to, database programs, web browsers, enterprise software, word processors, graphics software and media players.  
4. “Approval” means the advance written agreement or consent by the Company, which will not be unreasonably withheld.
5. “Bodily Injury” means physical injury, sickness, disease or death sustained by any person and, where resulting from such physical injury only, mental anguish, mental injury, shock, humiliation or emotional distress.
6. “Business” means any employment, trade, occupation, profession or enterprise intended to realize a benefit or financial gain, whether engaged in on a full-time, part-time, occasional or temporary basis.
7. “Claim” means:
   1. with respect to Data Recovery Coverage only, written notice from an Insured or an Insured’s representatives to the Company of a System Failure.
   2. with respect to Cyber Extortion Coverage only, written notice from an Insured or an Insured’s representatives to the Company of a Cyber Extortion Threat.
   3. with respect to Cyber Crime Coverage only, written notice from an Insured or an Insured’s representatives to the Company of Financial Fraud.
   4. with respect to Cryptocurrency Crime Coverage only, written notice from an Insured or an Insured’s representatives to the Company of a Cryptocurrency Crime Event.
   5. with respect to Cyber Bullying Coverage only, written notice from an Insured or an Insured’s representatives to the Company of a Cyber Bullying Incident.
      
      A Claim under this Policy will be deemed to have been first made when the Company first receives written notice of such Claim.

8. “Cloud Provider” means any Third Party that provides computing resources to an Insured under a written contract with the Insured to provide such services, which are delivered as a service over a network or the internet (commonly known as “cloud computing”), including email services, Software as a Service, Platform as a Service and Infrastructure as a Service.
9. “Computer Operating System” means Computer System software that manages or administers computer hardware, software resources, or provides common services to run an Application Program. Computer Operating System does not include an Application Program. 
10. “Computer System” means an interconnected electronic, wireless, web or similar system, including all computer hardware and software, used to process and store Data or information in an analogue, digital, electronic or wireless format, including, but not limited to, computer programs, Data, operating systems, firmware, servers, media libraries, associated input and output devices, mobile devices, devices that are connected to and controlled by the internet (also known as “smart devices”), networking equipment, websites, extranets, off-line storage facilities (to the extent they hold Data) and electronic backup equipment.
11. “Coverage Period”, with respect to each Named Insured, means the period beginning on the effective date of the Named Insured’s coverage under this Policy, as set forth in such Named Insured’s Evidence of Coverage, and ending on the earlier of:
    1. the natural expiration of the Named Insured’s coverage under this Policy, as set forth in such Named Insured's Evidence of Coverage;
    2. the effective date of cancellation or termination of this Policy, or
    3. the effective date of cancellation or termination of the Named Insured’s coverage under this Policy.
       No Coverage Period shall begin before the effective date of the Master Policy Period. 

12. “Covered Bank Account” means a personal account at a financial or banking institution, including any personal trust or investment account, which is maintained by an Insured in the Insured’s name, or in the name of a legal entity established by an Insured or on an Insured’s behalf to manage the Insured’s personal assets, from which the Insured or an Account Manager may request the transfer, payment or delivery of Money or Securities. Covered Bank Account does not include any Business account or any Cryptocurrency account.
13. “Cryptocurrency” means a medium of exchange that: 
    1. is digital and decentralized;
    2. uses blockchain to manage and record transactions; and
    3. is stored by a Cryptocurrency Exchange. 
       
       Cryptocurrency includes, but is not limited to, Bitcoin and Ethereum. Cryptocurrency does not include Money or Securities.

14. “Cryptocurrency Crime Event” means an Insured’s loss of Cryptocurrency which is fraudulently taken from an Insured as a direct result of a Hacking Attack.
15. “Cryptocurrency Exchange” means an online Business domiciled in the United States of America that provides a virtual platform to buy, sell, trade and store Cryptocurrency.
16. “Cyber Bullying” means a series of two or more willful and repeated or continuing acts of harassment or intimidation, including embarrassment, humiliation, defamation of character, slander, invasion of privacy or threats of violence, committed by using a computer, telephone, mobile device or another electronic device. “Cyber Bullying” methods include, but are not limited to, the use of texting, instant messaging, chat rooms, messages, photos, and other content posted on social networking sites to harass and intimidate.
17. “Cyber Bullying Expenses” means:
    1. reasonable and customary charges for the service of a Therapist;
    2. reasonable and necessary childcare or caregiver expenses;
    3. reasonable and necessary expenses to temporarily locate;
    4. if the victim of a Cyber Bullying Incident is a Minor, reasonable temporary private tutoring expenses, unreimbursed tuition or increase in tuition to relocate the Minor to another school; and
    5. reasonable and necessary fees and costs to retain a digital forensic analyst or professional cyber security consultant.
       
       Cyber Bullying Expenses must be incurred by an Insured within twelve (12) months after the Cyber Bullying Incident is discovered.

18. “Cyber Bullying Incident” means Cyber Bullying directed at an Insured which causes mental anguish or mental injury, as diagnosed by a Therapist.
19. “Cyber Extortion Expenses” means reasonable and necessary costs and expenses, other than Cyber Extortion Monies, that an Insured incurs with Approval as a direct result of a Cyber Extortion Threat, including the cost to retain or hire a Third Party specializing in IT security to determine the validity and severity of a Cyber Extortion Threat.
20. “Cyber Extortion Monies” means Money, Cryptocurrency, or Other Property that an Insured pays with Approval to any person or group reasonably believed to be responsible for a Cyber Extortion Threat, to prevent or terminate such Cyber Extortion Threat.
21. “Cyber Extortion Threat” means a credible threat or series of related credible threats, including a demand for Cyber Extortion Monies, which is directed at an Insured to: 
    1. steal, alter, release, reveal, divulge, disseminate, destroy, publicly disclose or misuse Private Information taken from an Insured through unauthorized access to, or unauthorized use of, an Insured Computer System; 
    2. infect an Insured Computer System with malicious code or ransomware; 
    3. corrupt, damage or destroy an Insured Computer System; 
    4. restrict or hinder access to an Insured Computer System, including the threat of a Denial of Service Attack; or
    5. steal, alter, release, reveal, divulge, disseminate, destroy, publicly disclose or misuse an Insured’s confidential or proprietary information or Personally Identifiable Information.
       
       A series of continuing, related or repeated Cyber Extortion Threats, or multiple Cyber Extortion Threats resulting from the same attack, event or incident, will be considered a single Cyber Extortion Threat and will be considered to have occurred at the time the first of such Cyber Extortion Threats occurred.

22. "Cyber Operation” means the use of a Computer System by, at the direction, or under the control of a sovereign state to disrupt, deny, degrade, manipulate or destroy information in a Computer System of or in another sovereign state.
23. “Data” means any machine-readable information, including, but not limited to, ready-for-use programs, applications, account information, customer information, health and medical information or other electronic information, irrespective of the way it is used and rendered. 
24. “Denial of Service Attack” means an event caused by unauthorized or unexpected interference or a malicious attack, which is intended by the perpetrator to overwhelm the capacity of a Computer System by sending an excessive volume of Data to such Computer System to prevent access to such Computer System. 
25. “Digital Assets” means Data and computer programs that exist in an Insured Computer System. Digital Assets does not include computer hardware.
26. “Digital Assets Loss” means reasonable and necessary expenses and costs that an Insured incurs to replace, recreate or restore Digital Assets to the same state and with the same contents immediately before the Digital Assets were damaged, destroyed, altered, misused or stolen, including research costs incurred in recreating Digital Assets and expenses for materials and machine time. Digital Assets Loss will be determined in accordance with this Policy. 
27. "Essential Service” means any service that is essential for the proper operation and maintenance of vital functions of a sovereign state, including, but not limited to, financial services (including services related to financial institutions and associated financial market infrastructure), health services, utility services, emergency services, and/or services that are essential for the proper operation of the food, energy and/or transportation sector.
28. “Evidence of Coverage” means the Tokio Marine Select Insurance Master Policy Certificate of Insurance that a Named Insured holds, which evidences such Named Insured’s coverage under this Policy.
29. “Family Member” means any of the following persons residing with a Named Insured:
    1. the spouse or registered domestic partner of a Named Insured;
    2. any Minor;
    3. a student enrolled in school full time, as defined by the school, who was a member of a Named Insured’s household before moving out to attend school, provided the student is under the age of twenty-four (24) and related to the Named Insured by blood, marriage or adoption; and
    4. other persons related to a Named Insured by blood, marriage or adoption.

27. “Financial Fraud” means:
    1. an intentional, unauthorized and fraudulent written, electronic or telephonic instruction transmitted to a financial institution, directing such institution to debit, transfer, withdraw or disburse Money or Securities from a Covered Bank Account, which instruction purports to have been transmitted by an Insured or Account Manager, but was in fact fraudulently transmitted by a Third Party without the Insured’s knowledge or consent; 
    2. a Phishing Attack directed at an Insured or Account Manager which fraudulently induces the Insured or Account Manager to transfer, pay or deliver Money or Securities from a Covered Bank Account; or
    3. the theft of Money or Securities from a Covered Bank Account or an Insured’s personal credit cards as a result of a Hacking Attack.

28. “Financial Fraud Loss” means a direct loss of Money or Securities that an Insured sustains because of Financial Fraud. Financial Fraud Loss does not include any amounts reimbursed to an Insured by any financial or banking institution, loss from the theft of Money or Securities from a Business account maintained by an Insured or Account Manager, or loss from the theft of Cryptocurrency.
29. “First Party Insured Event” means:
    1. with respect to Data Recovery Coverage only, a System Failure;
    2. with respect to Cyber Extortion Coverage only, a Cyber Extortion Threat; 
    3. with respect to Cyber Crime Coverage only, a Financial Fraud; 
    4. with respect to Cryptocurrency Crime Coverage only, a Cryptocurrency Crime Event; and
    5. with respect to Cyber Bullying Coverage only, a Cyber Bullying Incident.

30. “Hacking Attack” means any of the following directed at or enacted upon an Insured Computer System: 
    1. unauthorized access to, or unauthorized use of, an Insured Computer System, including any such unauthorized access or unauthorized use resulting from the theft of a password from an Insured Computer System or from an Insured; 
    2. a Denial of Service Attack against an Insured Computer System; 
    3. infection of an Insured Computer System by malicious code, or the transmission of malicious code from an Insured Computer System; or
    4. an Act of Cyber Terrorism.

31. "Impacted State” means a sovereign state where a Cyber Operation has had a major detrimental impact on: 
    
    1. the functioning of that sovereign state due to disruption of the availability, integrity or delivery of an Essential Service in that sovereign state; and/or
    2. the security or defense of that sovereign state.
32. “Insured” means: 
    1. any Named Insured; and
    2. any Family Member.
       
       Insured does not include the Policyholder; no coverage is afforded under this Policy to the Policyholder.

33. “Insured Computer System” means:
    1. a Computer System that is owned and operated by an Insured, or that is leased to and operated by an Insured; and
    2. in addition to paragraph (a) above, with respect to Cyber Extortion Coverage only, Insured Computer System also includes a Computer System operated by an Outsourced IT Service Provider, which is used to provide services to an Insured, or for processing, maintaining, hosting or storing Data for an Insured, pursuant to a written contract with such Insured to provide such services.

34. “Master Policy Period” means the period from the effective date to the expiration date of this Policy, as set forth in Item 4 of the Declarations, or any earlier termination or cancellation date.
35. “Minor” means any person under twenty-one (21) years of age who is residing with a Named Insured and is related to the Named Insured by blood, marriage, adoption or legal guardianship.
36. “Money” means a medium of exchange in current use and authorized or adopted by a domestic or foreign government, including, but not limited to, currency, coins, bank notes, bullion, travelers’ checks, registered checks and Money orders held for sale to the public. Money does not include Cryptocurrency or Securities.
37. “Named Insured” means the natural person who:
    
    1. a member or customer of the Policyholder; 
    2. is named on the Evidence of Coverage for this Policy; and
    3. has paid the required premium for this insurance.
38. “Operating System Event” means a single act of exploitation of, or a series of related, repeated or continuing acts of exploitation of, software vulnerabilities in a Computer Operating System, including, but not limited to ransomware, wiper malware, computer worms, and computer viruses, the impact of which is of sufficient intensity, scale or effect to cause a major detrimental impact on the functioning of a sovereign state due to disruption of the availability, delivery, or integrity of an any Essential Service in that sovereign state; provided, however, a major detrimental impact on the functioning of a sovereign state shall not result from an attack, or a related series of attacks, solely impacting the Insured. For purposes of this definition, the determination of whether an event constitutes a major detrimental impact on the functioning of a sovereign state will rely upon any available evidence such as information from governments, news media, qualified IT forensics firms, computer experts and claims reported to the Company.
39. “Other Property” means any tangible property, other than Money or Securities, which has intrinsic value. 
40. “Outsourced IT Service Provider” means a Third Party that provides information technology services to an Insured, including but not limited to, hosting, security management, co-location and Data storage, under a written contract with such Insured to provide such services. “Outsourced IT Service Provider” includes any Cloud Provider.
41. “Personally Identifiable Information” means information that can be used to determine, distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual, including, but not limited to, financial account numbers, security codes, personal identification numbers (PINs), credit and debit card numbers, medical or healthcare information, social security numbers, driver’s license numbers, addresses, passwords, and any other non-public information.
42. “Phishing Attack” means the use by a Third Party of fraudulent and intentionally misleading telephone calls, emails, texts, instant messages or other electronic communications or malicious websites to impersonate a legitimate or trustworthy contact, organization or person to solicit Private Information, Money or Securities.
43. “Policyholder” means the entity specified as such in Item 1 of the Declarations.
44. “Privacy Breach” means any of the following:
    1. the unauthorized collection, disclosure, use, access, destruction or modification of Private Information;
    2. the theft of Private Information, including the theft of Private Information stored on an Insured’s unsecured Data storage or mobile device, such as a smartphone, tablet or laptop;
    3. the surrender of Private Information in a Phishing Attack;
    4. an infringement or violation of any rights to privacy; or
    5. breach of a person’s right of publicity, false light or intrusion upon a person’s seclusion.

45. “Private Information” means proprietary or confidential information owned by a Third Party that is in the care, custody or control of an Insured, or is used by an Insured with the consent of such Third Party, and Personally Identifiable Information.
46. “Private Key” means a string of letters and/or numbers that are used to access and manage Cryptocurrency and/or secure and verify Cryptocurrency transactions.
47. “Programming Error” means an error which occurs during the development or encoding of a computer program, software or application and which would, when in operation, result in a malfunction or incorrect operation of a Computer System.
48. “Property Damage” means physical injury to, or impairment, destruction or corruption of, any tangible property, including the loss of use thereof. Data is not considered tangible property. 
49. “Related Claims” means:
    1. two or more Claims involving any one Insured, which have as a common nexus any fact, circumstance, situation, event or cause, or a series of causally connected facts, circumstances, situations, events or causes; 
    2. two or more Claims involving any one Insured, which arise from the same or continuing First Party Insured Event; or
    3. a single Claim involving, multiple Insureds who are insured under one Evidence of Coverage.

50. “Securities” means negotiable or non-negotiable instruments or contracts representing Money or Other Property. Securities does not include Money or Cryptocurrency.
51. “Security Breach” means any of the following, whether a specifically targeted attack or a generally distributed attack: 
    1. a Hacking Attack; or
    2. the theft or loss of an Insured’s unsecured Data storage or mobile device, including any smartphone, tablet or laptop containing Private Information. 

52. “Special Expenses” means reasonable and necessary costs and expenses that an Insured incurs to: 
    1. prevent, preserve, minimize, or mitigate any further damage to Digital Assets, including the reasonable and necessary fees and expenses of specialists, outside consultants or forensic experts; 
    2. preserve critical evidence of any criminal or malicious wrongdoing; or
    3. purchase replacement licenses for computer programs because the copy protection system or access control software was damaged or destroyed by a System Failure. 

53. “System Failure” means an unplanned outage, interruption, failure, suspension or degradation of service of an Insured Computer System, including, but not limited to, any such outage, interruption, failure, suspension or degradation of service caused directly by a Hacking Attack, administrative error or Programming Error. 
54. “Therapist” means a qualified psychologist or other mental health professional who is licensed or certified under the laws of the jurisdiction in which mental health treatment is given to an Insured as a victim of a Cyber Bullying Incident.
55. “Third Party” means any entity, company, organization or person who does not qualify as an Insured under this Policy. However, Third Party does not include the Policyholder.

30. “Unauthorized Trading” means trading, which at the time of the trade, exceeds permitted financial limits or is outside of permitted product lines. 
31. “War” means any war, invasion, acts of foreign enemies, hostilities (whether war is declared or not), civil war, rebellion, revolution, insurrection, civil commotion assuming the proportions of or amounting to an uprising, military or usurped power, or confiscation, nationalization, requisition or destruction of or damage to property by or under the order of any government or public or local authority, or any action taken by a government authority to hinder, control, prevent, suppress or defend against any of the aforementioned actions.

Exclusions

Exclusions as to the Entire Policy

This Policy does not apply to any Claim:

A. based upon, arising from or in any way involving any of the following committed by an Insured, whether acting alone or in collusion with other persons: ‍

1. any willful, intentional, deliberate, malicious, fraudulent, dishonest or criminal act or omission; 
2. any intentional violation of law; or 
3. the gaining of any profit or advantage to which an Insured is not legally entitled. 

B. based upon, arising from or in any way involving an Insured’s activities as a stockholder, owner, manager, agent, partner, officer, director or employee of any Business or organization, corporation or company. 

C. for Bodily Injury or Property Damage. 

D. based upon, arising from or in any way involving any of the following, regardless of any other cause or event that contributes concurrently or in any sequence to the Claim: 

1. electrical or mechanical failures or interruption, including electrical disturbance, spike, brownout or blackout; or 
2. any regional, countrywide or global outage, failure, disruption or reduction in supply of any utility service or infrastructure, including electricity, gas, water, telephone, cable, internet, satellite or telecommunications, or any failure, outage, disruption, degradation or termination of any critical part of such service or infrastructure.

E. based upon, arising from or in any way involving the violation of any economic or trade sanctions by the United States government, including, but not limited to, sanctions administered and enforced by the United States Treasury Department’s Office of Foreign Assets Control (OFAC). 

F. based upon, arising from or in any way involving:

1. any actual, alleged or threatened presence of pollutants or contamination of any kind, including, but not limited to, asbestos, smoke, vapor, soot, fumes, acids, alkalis, chemicals and waste (“waste” includes materials to be recycled, reconditioned or reclaimed), whether or not such presence results from an Insured’s activities or the activities of others, or such presence or contamination happened suddenly or gradually, accidentally or intentionally, or expectedly or unexpectedly; or
2. any directive or request to test for, monitor, clean up, remove, contain, treat, detoxify or neutralize pollutants, or in any way respond to or assess the effects of pollutants or contamination of any kind.

G. based upon, arising from or in any way involving income loss caused by or resulting from Unauthorized Trading.

H. based upon, arising from or in any way involving: 

1. the actual or alleged purchase or sale of Securities;
2. the actual or alleged loss of value of any Securities;
3. the offer of, or solicitation of an offer, to purchase or sell Securities; or
4. the violation of any Securities law including, but not limited to, the provisions of the Securities Act of 1933, the Securities Exchange Act of 1934 or the Sarbanes-Oxley Act of 2002, or any regulation promulgated under the foregoing statutes, or any similar federal, state, local or foreign law, including “Blue Sky” laws, whether such law is statutory, regulatory or common law.

I. based upon, arising from or in any way involving the actual or alleged government enforcement of any federal, state, local or foreign regulation, including, but not limited to, regulations promulgated by the United States Federal Trade Commission, the Federal Communications Commission or the Securities and Exchange Commission. 

J. based upon, arising from or in any way involving: 

1. any employer-employee relations, policies, practices, acts or omissions; 
2. any actual or alleged refusal to employ any person; or
3. any misconduct with respect to employees. 

K. based upon, arising from or in any way involving any actual or alleged harassment or discrimination including, but not limited to, discrimination based on age, color, race, gender, creed, national origin, marital status, sexual preferences, disability or pregnancy.

L. based upon, arising from or in any way involving: 

1. the violation of any pension, healthcare, welfare, profit sharing, mutual, or investment plan, fund or trust; or
2. the violation of any provision of the Employee Retirement Income Security Act of 1974 and its amendments, or the Pension Protection Act of 2006 and its amendments, or any regulation, ruling, or order issued pursuant to the foregoing statutes.

M. for any loss, damage, cost or expense:

13. directly or indirectly caused by, resulting from or in connection with any War; 
14. resulting from a Cyber Operation carried out as part of any War; or
15. resulting from a Cyber Operation that causes a sovereign state to become an Impacted State.

However, this Exclusion does not apply to an Act of Cyber Terrorism.  Paragraph (3) also does not apply to the direct or indirect effect of a Cyber Operation on an Insured Computer System that is not physically located in an Impacted State but is affected by a Cyber Operation. 

N. based upon, arising from or in any way involving any actual or alleged infringement of any patent.

O. based upon, arising from or in any way involving the misappropriation, theft, copying, display or publication of any trade secret. 

P. based upon, arising from or in any way involving the confiscation, commandeering, requisition or destruction of, or damage to, computer hardware by order of a government de jure or de facto, or by any public authority for whatever reason. 

Q. for any loss or expense arising from illness, substance abuse or death.

R. for any loss of Cryptocurrency that an Insured sustains as a result of:

1. an outage, interruption, failure, suspension or degradation of service of a Computer System owned, controlled, leased or operated by any Cryptocurrency Exchange;
2. the theft of Cryptocurrency or Private Keys in a network attack against a Computer System owned, controlled, leased or operated by any Cryptocurrency Exchange, including a Denial of Service Attack, Act of Cyber Terrorism or infection of such Computer System by virus or malicious code; or
3. the insolvency or bankruptcy of any Cryptocurrency Exchange.

S. based upon, arising from or in any way involving the theft, misappropriation or misuse of information belonging to, or in the care, custody or control of the Policyholder or any of its subsidiaries, partners or affiliates.

T. based upon, arising from or in any way involving a failure or breach of the security intended to protect any Computer System that is owned or operated by, or under the control of, the Policyholder or any of its subsidiaries, partners or affiliates, including, but not limited to, that which is caused by unauthorized access, unauthorized use, infection by malicious code or Denial of Service Attack.

U. based upon, arising from or in any way involving any outage, interruption, failure, suspension or degradation of service of any Computer System that is owned or operated by, or under the control of, the Policyholder or any of its subsidiaries, partners or affiliates. 

V. based upon, arising from or in any way involving any Security Breach or Privacy Breach caused by or resulting from, in whole or in part, the introduction of malicious code or other vulnerabilities into an Insured Computer System by way of insertion of malicious code into any software which is developed, sold or distributed by the Policyholder or any of its subsidiaries, partners or affiliates.

W. for any liability to any Third Party for whatever reason, including contractual penalties, damages or legal costs and expenses of any type.

X. for sanctions, fines or penalties imposed by law.

Y. based upon, arising from or in any way involving fire, smoke, explosion, lightning, wind, water, flood, earthquake, volcanic eruption, tidal wave, landslide, hail, force majeure or any other physical event, however caused. 

Z. based upon, arising from or in any way involving an Operating System Event.

Exclusions as to Data Recovery Coverage

In addition to the Exclusions as to the Entire Policy, the Company will not be liable under Data Recovery Coverage for:

A. the cost of restoring, updating or replacing Digital Assets to a level beyond that which existed prior to the System Failure. 

B. physical damage to, or the costs to repair or replace, any computer hardware or Data center. 

C. the economic or market value of Digital Assets.

D. the costs or expenses incurred to identify, patch or remediate software Programming Errors or Computer System vulnerabilities.

E. the cost to upgrade, improve, repair, redesign, reconfigure or maintain an Insured Computer System to a level of functionality beyond that which existed prior to the System Failure. 

F. the cost of restoring, replacing or repairing any electronic media.

Exclusions as to Cyber Crime Coverage and Cryptocurrency

In addition to the Exclusions as to the Entire Policy, the Company will not be liable under Cyber Crime Coverage and Cryptocurrency Crime Coverage for:

A. any Claim based upon, arising from or in any way involving any actual or alleged unauthorized acquisition, access, use or disclosure of Private Information that is held or transmitted in any form. However, this Exclusion does not apply to Financial Fraud which directly results from the use of Private Information. 

B. amounts that have been wholly or partially reversed or reimbursed by a credit card company or financial institution bank or Cryptocurrency Exchange.

C. loss of Other Property arising out of, resulting from or in any way involving the fraudulent or purportedly fraudulent use of a credit or debit card. 

D. any Claim based upon, arising from or in any way involving the use of a credit, debit or bank card or card number, password, personal identification number (PIN) or other security code, or an account number associated with a bank account, credit account, brokerage account, investment account or Cryptocurrency account: 

1. by any person or organization, whether acting alone or in collusion with others, who has ever been authorized by an Insured to use such card, card number, password, PIN, security code, or account number; however, this Exclusion does not apply to Financial Fraud Loss resulting from authorization obtained through deception of an Insured in a Phishing Attack;
2. if an Insured has not complied with all terms and conditions under which such card, card number or account number was issued; or 
3. in connection with the operation of any Business.

E. any Claim based upon, arising from or in any way involving the giving or surrendering of Money, Cryptocurrency, Securities or Other Property in any exchange for or purchase of goods or services:

1. that are not yet delivered, whether fraudulent or not; 
2. that fail to conform to advertised quality or performance; or
3. that fail to conform to the quality or performance expected from the standpoint of the Insured. 

F. any Claim based upon, arising from, or in any way involving an Insured’s indirect costs, such as lost time, lost wages, damaged reputation or potential income, including interest and dividends, not being realized; or any time value or potential investment gain on the amount of Money, Securities or Cryptocurrency fraudulently taken from an Insured; however, this Exclusion does not apply to an Insured’s lost wages directly resulting from Cyberbullying Incident. 

G. any Claim based upon, arising from, or in any way involving the theft or loss of Cryptocurrency or a Private Key that is held on any hardware, physical device, or other physical medium. 

Notification

Notice Provisions as to All Insuring Agreements

With respect to all Insuring Agreements of this Policy, an Insured must provide written notice to the Company, through the persons named in the Evidence of Coverage, of any Claim as soon as practicable during the Coverage Period, but no later than sixty (60) days after expiration of the Coverage Period. 

Policy Conditions

1. Assistance and Cooperation

1. As a condition precedent to coverage under this Policy, every Insured shall cooperate with the Company and its representatives and, upon the Company’s request, shall submit to examination by a representative of the Company, under oath if required; attend hearings, depositions and trials; assist in effecting settlement; cooperate in the securing and giving of evidence, obtaining the attendance of witnesses, and in the conduct of suits; and shall give a written statement(s) to the Company’s representatives for the purpose of investigation and/or defense, all without charge to the Company. Every Insured shall further cooperate with the Company to do whatever is necessary to secure and effect any rights of indemnity, contribution or apportionment that any Insured may have. No Insured shall take any action which in any way increases the Company’s exposure under this Policy.
2. Every Insured must execute or cause to be executed all papers and render all assistance as reasonably requested by the Company, which may require an Insured to provide copies of a Third Party’s system security and event logs.
3. No Insured will admit liability, make any payment, assume any obligation, incur any expense, enter into any settlement, stipulate to any judgment or award or dispose of any Claim without Approval. However, the prompt public admission of a Privacy Breach or Security Breach potentially impacting the Private Information of Third Parties will not be considered an admission of liability requiring Approval.

2. Subrogation

1. If any payment is made under this Policy, the Company shall be subrogated to the extent of such payment to all rights of recovery thereof, and the Insured shall execute all documents required and do everything that may be necessary to secure such rights, including the execution of such documents necessary to enable the Company to effectively bring suit in the name of any Insured, and shall provide all other assistance and cooperation which the Company may reasonably require. The Insured shall do nothing after a Claim is made to prejudice the Company’s subrogation rights. 
2. Any recoveries shall be applied first to subrogation expenses, second to Damages, Defense Costs or any other amounts incurred by the Company, and lastly to the Deductible. Any additional amounts recovered will be paid to the Insured. 

3. Other Insurance

This Policy is excess over any other valid and collectible insurance (including the amount of any deductibles and/or retentions) available to any Insured, including any insurance under which there is a duty to defend and regardless of whether such other policy or policies are stated to be primary, contributory, excess, contingent or otherwise, unless such insurance is written specifically as excess insurance of this Policy by reference in such other policy to the Policy number set forth in the Declarations of this Policy.

        4. Dispute Resolution

1. Mediation

If any dispute arises between any Insured and the Company involving this Policy or a Claim hereunder, the Named Insured and the Company agree that such dispute will be referred to a qualified mediator in a good faith effort to negotiate a resolution of the dispute prior to the initiation of any arbitration or other proceedings. The party invoking the agreement to mediate will provide written notice to the other party setting forth its request to mediate and a brief statement regarding the issue to be mediated. The Named Insured is authorized and directed to accept the Notice of Mediation on behalf of any Insured.

2. Arbitration

As a condition precedent to any right of action hereunder, in the event that a good faith effort to mediate pursuant to paragraph (1) above does not resolve a dispute between any Insured and the Company involving this Policy or a Claim, the Named Insured and the Company agree that such dispute will be determined by final and binding arbitration before a single arbitrator. If the parties cannot mutually select the arbitrator, the parties will refer the selection of the arbitrator to the American Arbitration Association.

‍

Currency, Payments and Cryptocurrency Reimbursement

All premium and losses under this Policy shall be payable in United States dollars. Adjustment of the value of Cryptocurrency shall be calculated as of the time the Cryptocurrency Crime Event occurred, up to the applicable Limit of Insurance.