Personal Lines

Cyber Insurance Policy

AL WATHBA NATIONAL INSURANCE CO,
PO B O X 4 5 1 5 4, A B U D H A B I, U. A. E. T E L: + 9 7 1 2 41 8 5 30 0, F AX: + 9 7 1 2 6 7 7 6 6 2 8,

 

e-mail: alwathba@awnic.com.

 

Operation of cover

 

Any insured event concerning 1st party losses must be first discovered by you during the policy period and reported to us during the policy period and up to 72 hours after the termination of the policy period.

 

Any third party claim must first be made against you during the policy period and reported to us during the policy period and up to 72 hours after the termination of the policy period.

 

Any insured events arising from the same original cause will be deemed to be one insured event, covered at the time of the first insured event of the series, including application of deductible and limit of liability at that time. This applies to insured events discovered during the policy period and reported to us during the policy period and up to 72 hours after the termination of the policy period.

What is covered

 

Subject to the applicable limit of liability, deductible, conditions and exclusions:

1.     Theft of Funds

We will indemnify you for any direct and pure financial loss sustained by you

a.     as a result of a theft of funds due to an unauthorized access to your bank account, payment card or mobile wallets by a third party, and

b.     as a consequence of you being a victim of

phishing email or email spoofing, provided that:

i.        you report to the issuing bank or the mobile wallet company within 72 hours after discovery of the theft of funds,

ii.        you provide evidence that the issuing bank or the mobile wallet company is not reimbursing you for the theft of funds, and

iii.       you lodge a police report detailing the theft of funds within 72 hours upon discovery by you.

 

c.     We will indemnify you any reasonable and necessary costs incurred by you for prosecution of a criminal case against the third party for committing the theft of funds or the phishing email or email spoofing against you.

 

2.     Identity Theft

a.     We will indemnify you for any direct and pure financial losses resulting from an identity theft, provided that:

i.        you have reported to us and the local police within 72 hours after discovery of the identity theft.

b.     We will indemnify you for the reasonable and necessary costs incurred by you for credit monitoring services and identity monitoring.

c.     We will indemnify you for any reasonable and necessary costs incurred by you for prosecution of a criminal case against a third party for committing identity theft against you.

d.     We will pay to or on behalf of you, all reasonable fees, costs and expenses of psychological assistance and treatment resulting from an identity theft.

 

3.     Data Restoration / Malware Decontamination

We reimburse you for any reasonable and necessary costs incurred by the involvement of an IT expert after a cyber incident to restore your data or to decontaminate or clean your personal device from malware, to the closest possible condition in which they were immediately before the cyber incident.

 

4.     Cyber Bullying, Cyber Stalking and Loss of Reputation

a.     We will indemnify you for any reasonable and necessary costs incurred by you for civil proceedings against a third party for committing cyber bullying or cyber stalking against you.

b.     In case of an evident and significant loss of reputation caused by cyber bullying or cyber stalking, we will indemnify you for any reasonable and necessary costs and expenses for an expert to manage and restore your reputation.

c.     We will indemnify you for all reasonable fees, costs and expenses of psychological assistance and treatment resulting from cyber bullying or cyber stalking.

 

5.     Online Shopping

We will reimburse you for your direct and pure financial loss due to transactions on the internet via payment card or mobile wallet that you have been dishonestly induced to enter by a third party by electronic means to make a purchase of goods or services which are not delivered or rendered; provided that:

i.        you can show that you have made reasonable attempts to seek a recovery or refund from the third party and/or seller of the goods and services to indemnify you for your financial loss; and

ii.        the fraud event is reported by you to your card issuer, payment service provider or bank or other relevant entity within 48 hours of discovery by you; and

iii.        your card issuer, payment service provider or bank or other relevant entity refuses in writing to reimburse you for transactions made by you as a result of the fraud.

 

What is not covered

 

We will not cover any claim by you under this policy

arising directly or indirectly from the following:

 

1.     insured events or circumstances that could reasonably lead to an insured event which are known by you prior to the inception of this policy.

 

2.     any action or omission of you or any misbehaviour of you which is intentional, malicious, dishonest, deliberate or reckless.

3.     any action or omission in your capacity as employee or self-employed person as well as any professional or business activity.

4.     any type of war (whether declared or not), use of force or hostile act.

5.     loss of or damage to tangible property and any consequential losses resulting therefrom, including the loss of use of tangible property.

6.     investment or trading losses including without limitation any inability to sell, transfer or otherwise dispose of securities.

7.     bodily injury, psychological harm, trauma, illness or death. This exclusion shall not apply to anxiety or mental stress as set forth in Section 2 – Identity Theft and Section 4 – Cyber Bullying, Cyber Stalking and Loss of Reputation.

8.     misappropriation, theft, infringement or disclosure of any intellectual property (such as patents, trademarks, copyrights).

9.     third party claims made by one insured against another insured.

10.  contractual liability which exceeds legal liability which would otherwise arise.

11.  any costs of betterment of your personal device beyond the state existing prior to the insured event, unless unavoidable.

12.  Any type of cryptocurrencies (e.g. Bitcoin, Ethereum, Ripple, IOTA).

13.  Gambling.

 

How to make a claim

 

1.     Reporting. You must report as soon as is reasonably practicable to us or to the incident response provider any actual insured event. which may give rise to payment under this policy.

 

2.    Assistance and Cooperation. You shall:

a. cooperate with us or the incident response provider including preserving any hardware, software and data,

b. provide all documents and information and render all assistance as reasonably requested by us or the incident response provider, and

c. assist in the conduct of suits, in making settlements, and in enforcing any right of contribution or indemnity against any person or organization that may be liable to you because of acts, errors, or omissions covered under this policy.

3.    Claims against you. You must not, without our prior written consent, admit liability for, pay, settle or prejudice any third party claim. You must assist us in investigating, defending and settling the third party claim, and assist any lawyer or other expert we appoint on your behalf to defend the third party claim. You must pay the deductible to any third party we require to comply with any settlement. If we have directly indemnified any third party, you must immediately reimburse us for the amount of the applicable deductible.

General conditions

 

1.    Our liability. We will not be liable for the deductible applicable to each and every insured event or third party claim. Our liability will be in excess of any deductible and subject to the limit of liability for each and every insured event or third party claim as stated in the schedule.

2.     Representation and Warranty. In issuing this policy we have relied upon your statements, representations and information as being true and accurate. If your statements, representations or information contain misrepresentations which were made with the actual intent to deceive and which materially affect our acceptance of the risk or the hazard assumed, we shall not be liable for a loss or claim based upon, arising from, or in consequence of, any such misrepresentation.

3.     We are only obliged to indemnify you in accordance with this policy if you:

a.     are a permanent UAE resident, and

b.     make sure your personal devices are used and maintained as recommended by the manufacturer or supplier, and

c.     prevent and mitigate loss or damages covered under this policy by:

i.        Providing, maintaining and updating the operational system of your personal devices within 30 days after a security patch was adviced to be installed,

ii.        Deployment of appropriate system, device and data security measures. Usage of appropriate passwords, and

iii.         Maintaining and updating at appropriate intervals backups of your data, at least every 45 days.

4.    Payment under more than one section. Any cover affecting more than one section of cover will be subject to the highest applicable deductible.

5.    Subrogation. If any payment is made under this policy, we will be subrogated to the extent of such payment up to all your rights of recovery from any third party. You must do all that is necessary to secure and must not prejudice such rights. Any monies recovered will be applied first to any costs and expenses made to obtain the recovery, second to any payments made by us, and third to any other payments made by you.

6.     Other Insurance. If there is other insurance for the same insured event this policy will apply in excess of this other policy and will not contribute with this other insurance.

7.    Termination. If the named insured and/or we agree to terminate this policy, we will not repay a proportion of the premium for the remaining policy period.

8.     Premium payment. The named insured must pay the premium to us within 15 days of the start of the policy period otherwise we may cancel this policy by giving the named insured 7 days’ written notice. If the policy is cancelled by us pursuant to this clause the named insured must pay a proportion of the premium for the period from the start of the policy period until expiry of the notice period, unless you have reported any claim before the expiry of the notice period in which case the full premium shall be due and payable.

9.    Notices. Notices must be in writing and sent by e- mail, registered post or hand to the addresses stated in the schedule or any other agreed addresses. You may give notice by telephone but must send a written notice as soon as practical afterwards.

10. Assignment. You must not assign any legal rights or interests in this policy without our prior written consent.

11. Variations. We reserve the right to alter the policy if a change in legislation or taxation or any judicial decision so requires. We will give you one month’s written notice of any such alteration unless a shorter notice is necessary to comply with any of these requirements. If you do not wish to continue your cover following an alteration you may cancel this policy by notifying us in writing at the address shown on your schedule.

12. Laws or regulations. If any provision of this policy conflicts with the laws or regulations of any jurisdiction in which this policy applies, this policy must be amended by the named insured and us to comply with such laws or regulations.

13. Severability. Any unenforceable provision of this policy will not affect any other provisions and, if practicable, will be replaced with an enforceable provision with the same or similar intent as that unenforceable provision.

14. Third party rights. No third party who is not a party to this policy shall have any right to enforce any part of this policy.

15. Law and jurisdiction. This policy will be governed by the laws as stated in the schedule. The courts as stated in the schedule will have exclusive jurisdiction for any dispute.

16. Definitions. A definition in this policy to the singular shall include the plural and vice versa.

 

Definitions

 

Aggregate limit of liability – the amount stated in the schedule which shall be the maximum amount payable by us under this policy whether in respect of first party cover or third party claims or payment of any expenses including any payment made by us to the incident response provider.

 

Bank account – an account with a bank or other financial institution licensed to operate in the United Arab Emirates in accordance with the provisions of the Central Bank Law.

 

Cyberbullying – any acts of:

a)    harassment (including foster personal interaction repeatedly despite a clear indication of disinterest)

b)    intimidation,

c)     defamation of character,

d)    illegitimate invasion of privacy (including monitoring the use of the internet, email or any other form of electronic communication); or

e)    threats of violence,

committed against you over the internet.

 

Cyber incident – any malicious act or malware

occurring on your personal devices

 

Cyber stalking – means the repeated use of electronic communications to harass or frighten someone.

 

Data – any digital information, irrespective of the way it is used, stored or displayed (such as text, figures, images, video, recordings or software).

 

Deductible – each deductible as stated in the schedule, being the amount which you must incur before this policy responds.

 

Email spoofing – any forgery or wrongful manipulation of an email so that the receiver of such a message is misled to believe that the email is real and therefore trusts the faked origin of the message.

 

Expert – any person or legal entity appointed by or in consultation with us and/or the incident response provider (such as an IT, lawyer or public relations consultant).

 

Hardware – the physical components of any personal devices used to store, record, transmit, process, read, amend or control data.

 

Identity theft – the theft of personal data over the internet, which has resulted or could reasonably result in the wrongful use of such personal data.

 

Incident response provider – the legal entity stated in the schedule.

 

Insured – means: the named insured as set forth in the schedule

 

Insured event – any theft of funds, cyber incident affecting your personal devices, identity theft, cyberbullying, cyber stalking, financial loss due to online shopping and third party claim.

 

Legal costs – any costs, expenses and/or fees for experts, investigations, court appearances, surveys, examination and/or procedures that are necessary for your civil, administrative and/or criminal proceedings. This does not include your general expenses (such as salaries and overheads).

Limits of liability – as stated in the schedule, including any sub-limit and aggregate limit of liability.

 

Loss of reputation – any adverse effect on your reputation due to a publication on the internet by a third party.

 

Malicious act – any unauthorised or illegal act of a third party intending to cause harm to or to gain access to, or disclose data from personal devices through the use of any personal device, computer system or computer network including the internet.

 

Malware – any unauthorised or illegal software or code (such as viruses, spyware, computer worms, trojan horses, rootkits, ransomware, keyloggers, dialers and rogue security software) designed to cause harm to or to gain access to or disrupt personal devices or computer networks.

 

Mobile wallet – means any online account in which you deposit or earn money which is denominated in a specific currency that can be spent in a (online) store.

 

Payment card – a credit, debit or pre-paid card issued by a bank or other financial institution licensed to operate in the United Arab Emirates in accordance with the provisions of the Central Bank Law.

 

Personal data – any information relating to a data subject who can be identified, directly or indirectly, in relation to other information (such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person) as defined by applicable data protection laws.

 

Personal devices – any devices (computers, laptops, tablets, mobile phones, etc.) used for the purpose of creating, accessing, processing, protecting, monitoring, storing, retrieving, displaying or transmitting data. The term personal devices shall not encompass any smart home devices.

 

Phishing email – the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity via email.

Policy – the schedule and policy.

 

Policy period – the duration of this policy as stated in the schedule.

 

Premium – the amount payable by you as stated in the

schedule.

 

Psychological assistance and treatment – the involvement of an accredited psychiatrist, psychologist or counsellor chosen by you at your own discretion with the prior written consent of us, not to be unreasonable withheld or delayed, to treat you for stress, anxiety or such similar medical conditions.

 

Smart home devices – any devices or IoT components used by you in your hosehold in order to operate or control smart home enabled devices such as cameras, air conditioning, lighting, alarming systems or fire protection systems.

 

Software – any digital standard, customised or individual developed program, or application held or run by a personal device that comprises a set of instructions that are capable, when incorporated in a machine readable medium, of causing a machine with information processing capabilities to indicate, perform or achieve a particular function, task or result.

 

Theft of funds – any unauthorized electronic transfer of money, assets or any other funds.

 

Third party – any person or legal entity other than the

insured as stated in the schedule.

 

Third party claim – any written demand or assertion for compensation or damages by a third party against you.

 

We, us and our – the insurer or their agent as stated in the schedule.

 

You and your – the insured.

 

Your personal devices – any personal devices owned, leased or licensed, and directly controlled by you.