Commercial insurance · Singapore

Cyber Liability Insurance

Covers first- and third-party losses from cyber incidents — ransomware, data breach, business interruption, PDPC fines, regulatory investigation costs. See cyberinsurance.com.sg for full clause-level comparison.

Get cyber liability quotes

Why Singapore businesses buy cyber cover

Cyber liability is not mandated by Singapore statute. The drivers of demand are regulatory, contractual and operational:

  • PDPA exposure — the Personal Data Protection Act 2012, as amended in 2020, allows the PDPC to impose a financial penalty of up to S$1 million or 10% of annual Singapore turnover, whichever is higher, for serious breaches.
  • MAS Notice 644 / TRM Guidelines — technology risk management expectations for financial institutions include cyber-incident response capability and (increasingly) insurance against cyber risk.
  • Enterprise vendor terms — multinational and government customers routinely require their Singapore vendors to hold cyber cover with minimum limits, named incident-response panel access and PDPA breach-notification cover.
  • Ransomware reality — Singapore SMEs continue to be targeted; the incident-response cost alone often exceeds S$100,000 before any ransom is paid.

First-party cover — the insured's own losses

Typical first-party sections of a Singapore cyber policy:

  • Incident response — 24x7 hotline, forensic investigation, legal counsel, public-relations and notification management. Most insurers pre-appoint a panel of vendors.
  • Data restoration — the cost of restoring or recreating data from backups, or where backups have been encrypted, the cost of rebuilding from primary sources.
  • Business interruption — loss of net profit and continuing fixed expenses while systems are down following a covered event, subject to a waiting period (often 6 to 12 hours).
  • Cyber extortion — the cost of professional ransom negotiation, and the ransom payment itself where lawful and approved by the insurer.
  • Reputation harm — PR-firm engagement to manage media and customer communications.
  • System repair — engineering costs to remediate the compromised environment.

Third-party cover — liability to others

Typical third-party sections:

  • Privacy liability — liability to data subjects whose personal data has been compromised.
  • Network security liability — liability to third parties whose systems are damaged by malware propagating from the insured's network.
  • Regulatory investigation costs — legal and consulting costs of responding to a PDPC or sectoral regulator investigation. Note that the underlying financial penalty may or may not be insurable.
  • Media liability — defamation, IP infringement and unauthorised use of content arising from the insured's digital media.
  • PCI fines and assessments — payment-card-industry assessments following a card-data breach, subject to specific extension.

Common exclusions

  • Known prior incidents — events the insured was aware of before inception.
  • Bodily injury and tangible property damage (covered by public liability).
  • Patent infringement (often excluded; some wordings extend to copyright and trademark).
  • Acts of war and state-sponsored attacks — the post-NotPetya market has tightened the cyber-war exclusion.
  • Liability assumed under contract beyond what the insured would have anyway.
  • Failure to maintain stated security controls (MFA, patching, EDR) — some wordings condition cover on baseline controls being in place.

Choosing the limit

For Singapore SMEs, typical limits range from S$1m to S$5m. Larger Singapore-headquartered groups buy S$10m to S$25m or more. Drivers:

  • Volume of personal data held — per-record breach cost runs from low hundreds of dollars to over a thousand depending on data type.
  • Revenue dependent on continuous system uptime (e-commerce, SaaS, payment processing).
  • PDPA exposure under the 10%-of-Singapore-turnover penalty calculation.
  • Customer contract requirements for minimum limits.
  • Whether ransomware payments are part of the realistic loss scenario.

Deeper coverage on CyberInsurance.com.sg

For side-by-side clause-level comparison of the policy wordings of major Singapore cyber insurers — AIG, Chubb, Zurich, MSIG, Sompo, Liberty, QBE, Tokio Marine, Allianz and Beazley — including semantic clause search across all ingested wordings, see our sister site CyberInsurance.com.sg. That site goes deeper than this single page can — coverage diff tables, exclusion comparison, ransomware-payment treatment by insurer, and an anonymous MCP endpoint for programmatic queries.

Verified policy facts

Facts extracted verbatim from each insurer's policy document. We show the source URL, SHA-256 fingerprint of the PDF we read, and the document type (policy wording / proposal form / brochure). Where a fact is left blank in the source — for example, schedule-level limits in a master wording — we mark it “blank in source” rather than infer.

AIG Singapore logo

AIG Singapore

AIG Asia Pacific Insurance Pte. Ltd.

Policy wording✓ Verified via cyberinsurance.com.sg
Exclusions (33)
  • Betterment: costs of updating, upgrading, enhancing or replacing a Company Computer System to a level beyond that which existed prior to the occurrence of an Insured Event; costs of removing software program errors or vulnerabilities.
  • Bodily Injury and Property Damage: physical injury, mental illness, sickness, disease or death; loss, damage or destruction of tangible property (subject to carve-outs where Bricking Recovery Expenses Cover is Purchased).
  • Government Entity or Public Authority: seizure, confiscation or nationalisation of a Company Computer System by order of any government entity or public authority.
  • Infrastructure: electrical or mechanical failure of infrastructure not under the control of a Company, including any electrical power interruption, surge, brownout or blackout, failure of telephone lines, data transmission lines, or other telecommunications or networking infrastructure (subject to carve-out for Loss caused solely by a Security Failure or Breach of Confidential Information).
  • Internal/Staff Costs: costs of payroll, fees, benefits, overheads or internal charges of any kind incurred by a Company.
  • Patent/Trade Secret: infringement of patents; loss of rights to secure registration of patents; misappropriation of trade secrets by or for the benefit of a Company.
  • War and Terrorism: war (whether war is declared or not), terrorism (except Cyber Terrorism), invasion, use of military force, civil war, popular or military rising, rebellion or revolution, or any action taken to hinder or defend against any of these events.
  • Business Conditions (Network Interruption): loss of earnings, or costs or expenses, attributable to unfavourable business conditions.
  • Liability (Network Interruption): written demand, civil, administrative or arbitral proceedings made by any Third Parties seeking any legal remedy; penalties paid to Third Parties.
  • Trading Losses (Network Interruption): trading losses, liabilities or changes in trading account value.
  • Anti-Trust (Security and Privacy Liability): any actual or alleged antitrust violation, restraint of trade, unfair competition or unfair or deceptive business practices, including violation of any consumer protection law (subject to carve-out for Regulatory Investigation directly in connection with a Security Failure or Breach of Confidential Information).
  • Assumed Liability, Guarantee, Warranty (Security and Privacy Liability): any guarantee, warranty, contractual term or liability assumed or accepted by an Insured under any contract or agreement except to the extent such liability would have attached in the absence of such contract (subject to carve-outs for contractual obligations to prevent Security Failure or Breach of Confidential Information, written confidentiality agreements, and PCI DSS obligations).
  • Employment Practices Liability (Security and Privacy Liability): any of a Company's employment practices including wrongful dismissal, discharge or termination, discrimination, harassment, retaliation or other employment-related claim (subject to carve-outs for Breach of Confidential Information in connection with employment or failure to disclose a Security Failure or Breach of Confidential Information).
  • Insured v Insured (Security and Privacy Liability): any Claim brought by or on behalf of an Insured against another Insured (subject to carve-out for actual or alleged unauthorised access to or unauthorised disclosure of Personal Information of any Employee, director, principal, partner or officer).
  • Securities Claims (Security and Privacy Liability): actual or alleged violation of any law relating to ownership, purchase, sale or offer of securities; violation of the Securities Act of 1933, the Securities Exchange Act of 1934 or any similar law (subject to carve-out for Damages or Defence Costs solely alleging failure to notify a Regulator of a Breach of Confidential Information).
  • Anti-terrorism legislation (Cyber Extortion): Loss to the extent that provision of such payment would expose the Insurer, its parent company or its ultimate controlling entity to any applicable anti-terrorism legislation or regulation under United Nations resolutions, and laws or regulations of the European Union, or the United States of America or the United Kingdom or any equivalent law or regulation in any jurisdiction.
  • Anti-Trust (Digital Media Content Liability): any actual or alleged antitrust violation, restraint of trade, unfair competition or unfair or deceptive business practices, including violation of any consumer protection law.
  • Assumed Liability, Guarantee, Warranty (Digital Media Content Liability): any guarantee or express warranty made by an Insured; any contractual liability or other obligation assumed or accepted by an Insured.
  • Employment Practices Liability (Digital Media Content Liability): any of a Company's employment practices including wrongful dismissal, discharge or termination, discrimination, harassment, retaliation or other employment-related claim.
  • Financial Data (Digital Media Content Liability): misleading, deceptive or fraudulent financial data; errors made in any financial data that the Company publicises.
  • Goods, Products or Services (Digital Media Content Liability): false advertising or misrepresentation in advertising; failure of goods, products or services to conform with advertised quality or performance; infringement of trademark by goods, products or services displayed in Digital Media.
  • Government/Regulatory Action (Digital Media Content Liability): government, regulatory, licensing or commission action or investigation; Claims brought by or on behalf of music licensing organisations, the Federal Trade Commission, Department of Health and Human Services, Federal Communications Commission, or any other government agency or office.
  • Infrastructure (Digital Media Content Liability): mechanical failure; electrical failure; telecommunications failure.
  • Insured v Insured (Digital Media Content Liability): any Claim brought by or on behalf of an Insured against another Insured except a Claim by an Insured which directly results from another Claim by a Third Party first made during the Policy Period.
  • Intentional Infringement of Intellectual Property (Digital Media Content Liability): any intentional infringement of Intellectual Property.
  • Internal Messaging Services (Digital Media Content Liability): any publication or broadcast of Digital Media posted or transmitted on any of the Company's internal instant message system, intranet, messaging boards, or chat rooms.
  • Over-Redemption (Digital Media Content Liability): any price discounts, prizes, awards or other consideration given in excess of the total contracted or expected amount.
  • Ownership Rights (Digital Media Content Liability): Claims brought by or on behalf of any independent contractor, third-party distributor, licensee, sub-licensee, joint venture, venture partner, any employee of the foregoing, or any employee or agent of the Company arising out of disputes over ownership or exercise of rights in Digital Media or services supplied.
  • Patent/Trade Secret (Digital Media Content Liability): infringement of patents; loss of rights to secure registration of patents; misappropriation of trade secrets.
  • Royalties and other monies (Digital Media Content Liability): accounting or recovery of profits, royalties, fees or other monies claimed to be due; licensing fees or royalties ordered, directed or agreed to be paid for continued use of intellectual property.
  • Securities Claims (Digital Media Content Liability): actual or alleged violation of any law relating to securities; violation of the Securities Act of 1933, the Securities Exchange Act of 1934 or similar law; violation of the Racketeer Influenced and Corrupt Organisation Act.
  • Trade Debts (Digital Media Content Liability): trading debt incurred by an Insured; guarantee given by an Insured for a debt.
  • Trading Losses/Monetary Value (Digital Media Content Liability): trading losses or trading liabilities, monetary value of any electronic fund transfers or transfers by or on behalf of an Insured.
Chubb Singapore logo

Chubb Singapore

Chubb Insurance Singapore Limited

Policy wording✓ Verified via cyberinsurance.com.sg
Exclusions (28)
  • 4.1 Prior Knowledge: alleging, based upon, arising out of or attributable to a Wrongful Act actually or allegedly committed prior to the beginning of the Policy Period if, on or before the earlier of the effective date of this Policy or the effective date of any Policy issued by us of which this Policy is a continuous renewal or a replacement, any member of the Control Group of the Insured knew or reasonably could have foreseen that the Wrongful Act did or could lead to any Loss.
  • 4.2 Pending or Prior Proceedings: alleging, based upon, arising out of, or attributable to any prior or pending litigation, Privacy and Network Security Claim, Media Claim, demand, arbitration, administrative or regulatory proceeding or investigation filed or commenced against you, and of which you had notice, on or before the earlier of the effective date of this Policy or the effective date of any policy issued by us of which this Policy is a continuous renewal or a replacement, or alleging or derived from the same or substantially the same fact, circumstance or situation underlying or alleged therein; or any Wrongful Act, fact, circumstance or situation that has been the subject of any notice given under any other policy before the effective date of this Policy; or any other Wrongful Act whenever occurring which, together with a Wrongful Act that has been the subject of such notice, would constitute a Single Claim.
  • 4.3 Conduct: directly or indirectly caused by, arising out of or in any way connected with your conduct, or of any person for whose conduct you are legally responsible, that involves: (A) committing or permitting any knowing or wilful breach of duty, or violation, of any laws; or (B) committing or permitting any criminal, deliberately fraudulent or deliberately dishonest act or omission; or (C) any actual or attempted gain of personal profit, secret profit or advantage by you to which you were not entitled. This exclusion only applies where such conduct has been established to have occurred by final adjudication (after the exhaustion of any appeals), or written admission.
  • 4.4 Intentional Wrongful Collection or Use: alleging, based upon, arising out of, attributable to, directly or indirectly resulting from, in consequence of, or in any way involving the unauthorised, surreptitious, or wrongful use or collection of Personal Data by you or the failure to provide adequate notice that Personal Data is being collected or used. However, this exclusion shall not apply to your unintentional violation of any Privacy Regulation, including but not limited to the unintentional wrongful use or collection of Personal Data.
  • 4.5 Discrimination or Employment Practices: alleging, based upon, arising out of or attributable to any discrimination of any kind; humiliation, harassment or misconduct based upon, arising out of or related to any such discrimination; Wrongful Employment Practices.
  • 4.6 Insured v. Insured: brought or maintained by you, or on your behalf, or any other natural person or entity for whom or which you are legally liable, arising out of a Privacy and Network Security Claim or Media Claim.
  • 4.7 Contract: for breach of any express, implied, actual or constructive contract, warranty, guarantee, or promise, including liquidated damages provisions or any liability assumed by you.
  • 4.8 Fees: Solely with respect to coverage under Insuring Agreements 1.5 and 1.6, alleging, based upon, arising out of or attributable to any fees, expenses, or costs paid to or charged by you.
  • 4.9 Bodily Injury and Property Damage: alleging, based upon, arising out of or attributable to any Bodily Injury or Property Damage.
  • 4.10 Infrastructure Outage: alleging, based upon, arising out of or attributable to any electrical or mechanical failure or interruption, electrical disturbance, surge, spike, brownout, blackout, or outages to electricity, gas, water, telecommunications or other infrastructure. However, this exclusion shall not apply to failures, interruptions, disturbances or outages of telephone, cable or telecommunications systems, networks or infrastructure, under an Insured's operational control, which is a result of a failure of Computer Malicious Act, Unauthorised Use or Access, or a failure of Network Security.
  • 4.11 Force Majeure: alleging, based upon, arising out of or attributable to fire, smoke, explosion, lightning, wind, flood, earthquake, volcanic eruption, tidal wave, landslide, hail, act of God or any other physical event, however caused.
  • 4.12 War: alleging, based upon, arising out of or attributable to war, invasion, acts of foreign enemies, terrorism, hostilities or warlike operations (whether war is declared or not), strike, lock-out, riot, civil war, rebellion, revolution, insurrection, civil commotion assuming the proportions of or amounting to an uprising, military or usurped power. However, this exclusion shall not apply to an Act of Cyber-Terrorism which results in a Claim.
  • 4.13 Pollution: alleging, based upon, arising out of or attributable to the actual, alleged or threatened discharge, release, escape, seepage, migration, or disposal of Pollutants, or any direction, formal mandate or request that any Insured test for, monitor, clean up, remove, contain, treat, detoxify or neutralise Pollutants, or any voluntary decision to do so.
  • 4.14 Wear and Tear and Governmental Authority Intervention: Solely with respect to coverage under Insuring Agreements 1.1, 1.2 and 1.3: (A) alleging, based upon, arising out of, or attributable to the ordinary wear and tear or gradual deterioration of a Covered Computer System or Data, including any data processing media. (B) for any action of a public or governmental authority, including the seizure, confiscation or destruction of a Covered Computer Systems or Data.
  • 4.15 Patent and Trade Secret: alleging, based upon, arising out of or attributable to any claim, dispute or issues with the validity, invalidity, infringement, violation or misappropriation of any patent or Trade Secret by or on behalf of you.
  • 4.16 Intellectual Property: alleging, based upon, arising out of or attributable to any infringement, violation or misappropriation by you of any copyright, service mark, trade name, trademark or other intellectual property of any third party. However, this exclusion shall not apply to a Privacy and Network Security Wrongful Act or Media Wrongful Act expressly covered under Insuring Agreements 1.5 or 1.6.
  • 4.17 Advertising or Misrepresentation: Solely with respect to coverage under Insuring Agreement 1.6, alleging, arising out of, or attributable to the actual goods, Products or services described, illustrated or displayed in Media Content.
  • 4.18 Products: alleging, based upon, arising out of or attributable to any Products.
  • 4.19 Trading: alleging, based upon, arising out of or attributable to any financial loss due to the inability to trade, invest, divest, buy or sell any financial security or financial asset of any kind; fluctuations in any value of assets; financial value in any of your accounts held at a financial institution; or inability to earn interest or appreciation on any asset.
  • 4.20 Cyber Crime: Solely with respect to coverage under Insuring Agreement Extension 2.3 Cyber Crime, we will not pay for Direct Financial Loss consisting of or which is due to: (A) any acts by employees or independent contractors of the Insured, including any Claims caused by collusion with an employee or independent contractor; (B) any acts by your directors, executive officers or executive managers, including any Claims caused by collusion with a director, executive officer or executive manager; (C) any government seizures of your Money or Securities; (D) any fluctuation in value in any Monies or Securities; (E) indirect or consequential loss, including but not limited to income or profit; or (F) recall costs or expenses.
  • 5.23 Trade and Economic Sanctions: We shall not be deemed to provide cover and we shall not be liable to pay any Loss or provide any benefit hereunder to the extent that the provision of such cover, payment of such Loss or provision of such benefit would expose us, or our parent or ultimate holding company, to any sanction, prohibition or restriction implemented pursuant to resolutions of the United Nations or the trade and economic sanctions, laws or regulations of the Republic of Singapore, the European Union, United Kingdom, Commonwealth of Australia or the United States of America.
  • Data and System Recovery Costs do not include: (a) costs or expenses incurred to identify or remediate software vulnerabilities; (b) costs to replace any hardware or physical property; (c) costs incurred to research and develop Data, including Trade Secrets; (d) the economic or market value of Data, including Trade Secrets; (e) any other consequential loss or damage; (f) Incident Response Expenses; or (g) costs to update, upgrade, replace, maintain, or improve any Data or Computer System beyond what is provided in 3.20, D, i.
  • Incident Response Expenses shall not include: (a) costs or expenses incurred to update or otherwise improve privacy or network security controls, policies or procedures to a level beyond that which existed prior to the Cyber Incident or Business Interruption Incident or to be compliant with Privacy Regulations, except to the extent Betterment Costs are applicable; (b) taxes, fines, penalties, injunctions, or sanctions; (c) Damages; (d) any other Expenses, except for Incident Response Expenses; (e) your wages, salaries, internal operating costs or expenses, or fees; or (f) costs to respond to, commence or defend third party litigation related to the Cyber Incident or Business Interruption Incident.
  • Payment Card Loss shall not include: (A) subsequent fines or monetary assessments for continued noncompliance with the Payment Card Industry Data Security Standard beyond a period of three months from the date of the initial fine or monetary assessment; or (B) costs or expenses incurred to update or otherwise improve privacy or network security controls, policies or procedures.
  • Consumer Redress Fund shall not include any sums paid which constitute taxes, fines, penalties, injunctions or sanctions.
  • Regulatory Proceeding does not include any action, proceeding or suit, or the portion of any action, proceeding or suit, that is based on or related to a criminal violation of Privacy Regulations.
  • Cyber Extortion Event shall not include any threats or connected series of threats made against you expressing intent to perform or cause any of the above if made, approved or directed by a member of the Control Group.
  • Programming Error does not include integration, installation, upgrade or patching of any software, hardware or firmware on a Covered Computer System unless you can evidence that the Programming Error arises from an Accepted Program.
Etiqa Insurance Singapore logo

Etiqa Insurance Singapore

Etiqa Insurance Pte. Ltd.

Pending✓ Verified via cyberinsurance.com.sg
Exclusions (26)
  • any actual or alleged breach of any competition or antitrust laws, restraint of trade, false, deceptive or unfair trade practices.
  • any actual or alleged bodily injury, sickness, emotional distress, mental anguish or death of any person howsoever caused.
  • any liability assumed or accepted by the insured under the terms and conditions or warranties of any contract or agreement. However, this Exclusion shall not apply to the extent that such liability would have existed in the absence of such contract or agreement.
  • any claim made, occurring, pending within, or to enforce a judgment obtained in the United States of America, Canada or any of their territories or possessions.
  • any personal liability incurred by a director, officer, partner or trustee of the company whilst acting in that capacity or managing the company's business.
  • any (a) criminal, deliberate, fraudulent, dishonest, unlawful or malicious act or omission committed or condoned by any insured; (b) willful violation of any duty, obligation, law or regulation committed or condoned by any insured; (c) willful violation of the company's privacy policy committed by or condoned by any insured; or (d) actual or attempted gain of profit, remuneration, advantage by an insured to which such insured was not legally entitled to.
  • the incomplete disclosure of the company's fees or any disputes involving the company's fees or charges.
  • any employment practices or discrimination against or harassment of any person on any basis, including but not limited to: race, creed, color, religion, ethnic background, national origin, age, handicap, disability, gender, marital status, sexual orientation or pregnancy. However, this Exclusion shall not apply not apply to any claim by an employee for a privacy breach relating to the unauthorized disclosure of such employee's personal information.
  • any action, requirement or restriction of a public or governmental authority, including the seizure, confiscation, nationalization, expropriation, destruction or loss of use of the company's computer systems or digital assets and any delay caused by the requirements and restrictions imposed by such authority. However, this Exclusion shall not apply to: (a) cyber attacks committed by any such authority against the company's computer systems or digital assets; or (b) the shutdown the company's computer system which is ordered by a civil authority in response to a cyber attack.
  • any insured, or any other person or entity, including a service provider's bankruptcy, liquidation or insolvency.
  • any mechanical or electrical failure, or outage in, or disruption of power, utilities services, satellites, internet or telecommunications services not under the company's direct operational control.
  • any loss of goodwill and reputational harm.
  • (a) any loss, transfer or theft of monies, securities or tangible property of others in the care, custody or control of the insured; or (b) any trading losses, trading liabilities or personal debt of the insured.
  • fire, smoke, explosion, lightning, wind, flood, earthquake, volcanic eruption, storm, subsidence, tidal wave, landslide, hail, subterranean fire or act of god or any other physical event, however caused.
  • (a) loss or destruction of or damage to any property whatsoever or any loss or expense whatsoever resulting or arising therefrom or any consequential loss; or (b) legal liability of whatsoever nature directly or indirectly caused by or contributed to by or arising from: (i) ionising radiations or contamination by radioactivity from any nuclear fuel or from any nuclear waste from the combustion of nuclear fuel; or (ii) the radioactive, toxic, explosive or other hazardous properties of any explosive nuclear assembly or nuclear component thereof.
  • any actual or alleged infringement, violation or misappropriation of any patent or trade secret. However, this Exclusion shall not apply to the extent any claim alleges an inadvertent disclosure of a trade secret that constitutes a privacy breach.
  • (a) the actual, alleged or threatened discharge, disposal, migration, dispersal, release or escape of pollutants, or (b) any direction, order or request to test for, monitor, remediate, clean up, remove, contain, treat, detoxify, or neutralize pollutants, or to pay for or contribute to the costs of undertaking such actions.
  • (a) any fact, circumstance, act, error, omission, threat, event or breach committed or existing prior to the inception date of this Policy, that on or before the inception date the insured was aware of or could reasonably have foreseen such fact, circumstance, act, error, omission, threat, event or breach may be the basis of any loss under the Insuring Clauses, wrongful act or cyber event, regardless of whether the insured had disclosed in the proposal or notified under another insurance or not; or (b) any claim made, threatened or intimated against any insured prior to the inception date of this Policy; or (c) any litigation or other proceedings commenced against any insured or any order, decree or judgement entered against any insured prior to the inception date of this Policy, or alleging or arising out of or in any way involving any of the same or substantially the same facts, circumstances or situations underlying or alleged in such prior litigation, proceeding, order, decree or judgement.
  • any actual or alleged damage to, destruction of, impairment or loss of use of any tangible property including hardware or any replacement or repair of any tangible property including hardware.
  • any claim brought by, on behalf of or at the behest of any insured or any related entity. However, this Exclusion does not apply to any claim brought by an insured person in his or her capacity as: (a) as the company's customer or client; or (b) an employee for a privacy breach relating to the unauthorized access, disclosure, use of or loss of such employee's personal information.
  • (a) any act, error, omission, incident or event committed or occurred prior to the retroactive date stated in the Policy Schedule; or (b) any related or continuing acts, errors, omissions, incidents or events where the first such act, error, omission, incident or event was committed or occurred prior to the retroactive date stated in the Policy Schedule.
  • any cost and expenses incurred to identify, patch or remediate software program errors or vulnerabilities except following a covered loss.
  • any actual or alleged: (a) illegal, unauthorized or wrongful collection, acquisition or retention of personal information or client information by any means, including the use of cookies or malware; or (b) failure to provide adequate notice of the collection or use of personal information or client information. However, this Exclusion shall not apply: (i) if such collection is done by an employee of the company without the knowledge or consent of any of the company's directors and officers; or (ii) if such collection is done by a third party without the knowledge of the company.
  • (a) any distribution of unsolicited emails, text messages, facsimiles, direct mail or other communications to multiple actual or prospective customers, including actual or alleged violation of any anti-spam statute; or (b) any wire tapping, audio or video recordings or unlawful telephone marketing by the insured or any other third party on the insured's behalf. However, this Exclusion does not apply if such unsolicited electronic dissemination of faxes, electronic mail or other communications to multiple actual or prospective customers by the insured or any other third party was caused by a malware or hacker.
  • war, invasion, acts of foreign enemies, terrorism, hostilities or warlike operations (whether war be declared or not), civil war, strike, riot, lock-out rebellion, revolution, insurrection, civil commotion assuming the proportion of or amounting to an uprising, military or usurped power; Terrorism is not deemed to include cyber terrorism.
  • any ordinary wear and tear, drop in performance, progressive or gradual deterioration of the company's computer systems or digital assets.
QBE Singapore logo

QBE Singapore

QBE Insurance (Singapore) Pte Ltd

Pending✓ Verified via cyberinsurance.com.sg
Exclusions (40)
  • any claim, liability, loss or defence costs brought or maintained by or on behalf of: (a) any insured or any parent of the insured or any subsidiary; or (b) any firm, partnership or entity in which the insured or any director or partner of the insured has a financial or executive interest; or (c) any person who, at the time of the act, error or omission giving rise to the claim, is a family member unless such a person is acting without any prior or indirect solicitation or co-operation of any insured
  • any claim, liability, loss or defence costs directly or indirectly arising out of any contractual or assumed liability, guarantee or warranty unless the insured would in any event be legally liable in the absence of such contractual or other assumed liability, guarantee or warranty
  • any costs in repairing, replacing or restoring information and communication assets to a level beyond that which existed prior to any claim or loss; or the insured's own costs of performing, rectifying, repairing, replacing, restoring or improving any work undertaken by the insured
  • any claim, liability, loss or defence costs directly or indirectly arising out of any defamatory statement that was made deliberately or recklessly by the insured, not including amendments made to matter by a hacker
  • any claim, liability, loss or defence costs arising out of the dishonest, fraudulent, criminal or reckless acts of any principal, partner or past or present director, officer, trustee of the insured or member of the insured's senior management team
  • the amount of the deductible stated in the schedule
  • any claim, liability, loss or defence costs made against or by the insured prior to the period of insurance; or any claim, liability, loss or defence costs directly or indirectly arising out of, or in any way involving any fact or circumstance of which written notice has been given under any previous policy or of which the insured first became aware prior to the period of insurance and which the insured knew or ought reasonably to have known had the potential to give rise to a claim or loss
  • any claim, liability, loss or defence costs arising directly or indirectly out of any regulated activities as defined under any applicable financial services legislation in any jurisdiction or any insurance mediation activities which are authorised and regulated by any financial or prudential authority in any jurisdiction
  • any fines, penalties, liquidated damages or contractual penalties other than those that are covered under Insured section – 'Regulatory Defence and Penalty costs cover'; or any punitive, multiple or exemplary damages where such have been identified separately within any award of any court or tribunal
  • any claim, liability, loss or defence costs arising directly or indirectly out of the use or provision of any gaming, gambling or lotteries except when such services are included in business services
  • any claim, liability, loss or defence costs arising directly or indirectly out of confiscation, commandeering, requisition, destruction of or damage to information and communication assets including personally identifiable information by order of a government or public authority
  • any claim, liability, loss or defence costs arising directly or indirectly out of inaccurate, inadequate or incomplete description of the price of goods, products or services but this clause does not exclude amendments made to matter by a hacker
  • any claim, liability, loss or defence costs arising out of or relating directly or indirectly to an insolvency event
  • any claim, liability, loss or defence costs arising directly or indirectly out of the insured's own costs of performing, rectifying or improving any work undertaken by the insured
  • any claim, liability, loss or defence costs arising directly or indirectly out of or relating to any failure of the insured to adhere to legal advice with regard to clearances or dissemination of matter or the collection, use, disclosure, handling, management, storage, retention or control of personally identifiable information
  • any claim, liability, loss or defence costs arising out of the insured's breach of any taxation, violation of any law governing criminal liability, unconscionable conduct, competition, restraint of trade or antitrust legislation or regulation
  • any claim, liability, loss or defence costs arising from the liability to any employee, former employee or prospective employee in respect of any obligation owed to the employee, former employee or prospective employee by the insured as an employer
  • any claim, liability, loss or defence costs arising directly or indirectly from any non-payment or under payment of royalties or any other payments due under a license
  • liability in excess of the limit of indemnity or any applicable sub-limit of indemnity, whichever is the lower, as stated in the schedule
  • any claim for loss of goodwill and reputational harm, other than those claims covered under insured section – Public Relations Costs Cover
  • any claim, liability, loss or defence costs caused by or arising from any personal liability incurred by a director or officer of the insured when: (a) acting in that capacity or managing the insured's business; or (b) in breach of their fiduciary duty, other than when performing business services for a client; or (c) making or issuing any statement, representation or information concerning the insured and the business services contained in any accounts, reports or financial statements
  • any claim, liability, loss or defence costs arising directly or indirectly from physical cause or natural peril, including but not limited to fire, wind, water, flood, subsidence, or earthquake, that results in the physical damage to property including to information and communication assets
  • any claim, liability, loss or defence costs, in respect of any proceedings (including arbitration or regulatory proceedings), judgment, award, payment, defence costs or settlement delivered, made or incurred within countries which operate under the laws of North America (unless jurisdiction is stated to be worldwide in the schedule)
  • any claim, liability, loss or defence costs arising directly or indirectly from or attributable to: (a) ionising radiations or contamination by radioactivity from any nuclear fuel or from any nuclear waste from the combustion of nuclear fuel; or (b) the radioactive, toxic, explosive or other hazardous properties of any explosive nuclear assembly or nuclear component thereof
  • any claim, liability, loss or defence costs where the insured is entitled to indemnity under any other policy except in respect of any excess beyond the amount which would have been payable under such policy had this policy not been effected
  • any claim, liability, loss or defence costs arising directly or indirectly out of the infringement of any patent
  • any claim, liability, loss or defence costs directly or indirectly arising out of, or in any way involving: (a) personal injury unless arising directly from any claim seeking compensatory damages for mental anguish or distress where such damages arise from claims covered under insured section – 'Cyber, data security and multimedia cover'; or (b) property damage except for cover provided by 3.1 Information and Communication Asset Rectification Costs Cover or 1.3.5 Loss of or damage to documents extension
  • any claim, liability, loss or defence costs: (a) for personal injury, sickness, disease, death or property damage directly or indirectly caused by seepage, pollution or contamination; or (b) for removing nullifying or cleaning-up seeping, polluting or contaminating substances; or (c) directly or indirectly arising out of resulting from or in consequence of or in any way involving asbestos or any materials containing asbestos in whatever form or quantity; or (d) directly or indirectly arising out of electromagnetic fields, electromagnetic radiation or electromagnetism
  • any claim, liability, loss or defence costs directly or indirectly arising out of, or in any way involving goods or products (being tangible property or merchandise) sold, supplied, repaired, recalled, altered, treated, manufactured, installed or maintained by the insured or on behalf of the insured
  • any claim, liability, loss or defence costs arising directly or indirectly out of breach of any obligation owed by the insured regarding any statement or representation (express or implied) contained in the insured's report and accounts, reports or financial statements, or concerning the insured's financial viability
  • any claim, liability, loss or defence costs arising from any act committed, or alleged to have been committed prior to the retroactive date
  • any claim, liability, loss or defence costs arising out of, based upon or attributable to the return, restitution or offset of fees, expenses or costs either by service level credits or by any other means
  • QBE shall not provide cover nor be liable to pay any claim, liability, loss or defence costs or provide any other benefit to the extent that the provision of any such cover, payment of any such claim or provision of any such benefit would expose QBE or any member of QBE group to any sanction, prohibition or restriction under the United Nations resolutions or the trade or economic sanctions, laws or regulations of any country
  • any claim, liability, loss or defence costs arising from or alleged to have been caused by or sustained from an act committed outside the territorial limit and/or from any claim first brought in a court outside the jurisdiction
  • any claim, liability, loss or defence costs arising directly or indirectly from: (a) the insured's lost profit, mark-up or liability for VAT, GST or its equivalent other than those claims covered under Insured section - Cyber business interruption cover; or (b) the insured's trading loss or trading liability including those arising from the loss of any client, account or business other than those claims covered under Insured section - Cyber business interruption cover; or (c) any monetary value of electronic fund transfers or transactions by or on behalf of the insured
  • any claim, liability, loss or defence costs directly or indirectly arising under an uninsured insured section of this policy
  • any claim, liability, loss or defence costs arising directly or indirectly out of the insured's knowing use of software in violation of software protection laws
  • any claim, liability, loss or defence costs arising directly or indirectly out of the failure of an internet, telecommunications or electricity provider or other utility provider except when such services are included in business services
  • any claim, liability, loss or defence costs arising directly or indirectly out of wear and tear of information and communication assets
  • any claim, liability, loss or defence costs of whatsoever nature directly or indirectly caused by, resulting from or in connection with war or terrorism regardless of any other cause or event contributing concurrently or in any other sequence to the claim
Sompo Singapore logo

Sompo Singapore

Sompo Insurance Singapore Pte. Ltd.

Pending✓ Verified via cyberinsurance.com.sg
Exclusions (22)
  • Social Networking Sites/Portals
  • Adult Networking Sites/Portals
  • Adult Entertainment Providers or Sites
  • Online Trading
  • E-commerce Platforms including any service that has payment and/or financial transactions functions
  • Data Aggregators
  • Online Gambling Operators
  • Digital Currency Exchanges
  • Credit or Debit Card Processors
  • Financial institution or companies governed by Banking or Financial Institution Act or related Acts
  • Legal Services/ Solicitors/ Lawyers
  • Healthcare Services/ Medical Services/ Clinic/ Dental/ Hospitals
  • Insurance Brokers
  • Recruitment Agent/ Executive Search Services
  • Companies with consolidated total annual revenue more than S$20,000,000
  • Companies with overseas operations
  • Companies with more than 2 subsidiaries or subsidiaries with revenue exceeding the Named Insured or different business nature from the Named Insured
  • Businesses whose network is connected to a parent's or any main franchise's network
  • Applicants who have sustained any single loss or losses, including any fines, of a type that would be covered by a cyber/data protection insurance policy
  • Applicants who have knowledge of any act, omission, fact, event or circumstance that may give rise to a loss under this proposed insurance offer
  • 2.3 Network Improvement — Not Applicable (both Standard and Premier Plans)
  • 2.5 Network Failure — Not Applicable (both Standard and Premier Plans)