Cyber Risk Corporate Insurance

Information security risk prevention and support services are provided through an IT support platform that allows you to contact specialized technicians by phone or through the online platform for assistance in the following situations:

• Remote security support and configuration for systems to detect and remove malware, temporary files, cookies, and services that may slow down systems or put data at risk. This applies to covered devices such as desktop computers, laptops, tablets, and work mobile phones;
• Cloud backup setup: remote configuration of secure cloud backup, storage, or information-sharing systems;
• Security scans to identify potential risks;
• Vulnerability analysis and resolution: remote analysis of public IP vulnerabilities and internet-connected devices to identify security weaknesses;
• Website vulnerability analysis: remote security assessment of your website via the IT support platform, including a report with the findings;
• Anti-ransomware protection: access to an anti-ransomware application available through the prevention services platform, with remote installation support from a technician if needed;
• Security guidelines and prevention manuals with best-practice recommendations.
• Account recovery support in cases of hacked accounts, password theft, or identity theft;
• Digital monitoring: access to a tool that analyzes and classifies information about your company available online and sends alerts if company data is exposed on the Deep Web.

Unauthorized third-party intrusion into your IT systems causing damage.

• Remote technical support to identify the incident and the affected records;
• Investigation and expert assessment costs;
• On-site assistance when required;
• Malware repair and recovery costs, including the removal of viruses, trojans, infected computer networks, mobile devices, and internet-connected equipment compromised by malicious software, including botnets and other types of malware;
• Data recovery costs for deleted or damaged data and electronic media, such as hard drives, mobile devices, and servers;
• Unlocking and recovery services following cyber extortion attacks where malicious software restricts access to infected systems and demands a ransom to restore access (ransomware);
• Recovery services following denial-of-service attacks;
• Online reputation recovery costs following third-party claims, including the preparation of an online reputation report, content modification or removal, and search engine de-indexing of specific links, supported by monitoring and analysis of online information related to your company;
• Services required to recover and restore operating systems and commonly used applications, excluding specialized systems and applications such as SAP and CRM;
• Payment of costs required to notify individuals whose personal data was inadequately protected;
• Payment of costs related to publishing notices in the media when required due to failure to protect third-party data;
• Payment of technical assistance costs for data monitoring or identity theft protection when required by law.

1. Failure to protect personal data by not taking adequate measures to comply with data protection laws:
• Payment of damages to third parties for civil liability;
• Technical assistance to identify the incident and affected records;
• Investigation, expert assessment, and crisis management costs;
• Payment of legal defense costs for third-party claims due to unauthorized exposure of their data;
• Support in obtaining information and guidance on notifying the cyber incident to the National Data Protection Commission (CNPD);
• Defense and management costs for potential CNPD investigations and sanctions;
• Defense costs in case of proceedings or complaints to the CNPD for failure to protect personal data.


2. Civil liability to third parties for transmitting viruses or malware, or for electronic fraud (phishing) through corporate channels causing damage to third-party IT systems;
• Investigation and expert assessment costs;
• Legal defense costs in response to third-party claims;
• Payment of damages in case of civil liability judgment;
• Resolution of circumstances causing your liability to third parties.
  


3. Publication of content on corporate channels that infringes the rights to honor, personal or family privacy, or the image of a third party;
• Legal defense costs for third-party claims related to infringement of honor, privacy, or image;
• Payment of damages in case of civil liability judgment.

By paying an additional premium subject to agreement in the Particular Conditions, the company can be covered for loss of profits if its operations are completely halted due to a covered cyber incident.

The Cyber Risk Insurance for Companies cannot be taken out by companies operating in the following CAE / business activities:

• Technology / IT;
• Public administration;
• Financial institutions;
• Internet service providers;
• Copy shops;
• Call centers.