Cyber and Technology
All IT Consultants or Vendors will be required to maintain Cyber and Technology Products & Services Liability insurance with limits of not less than $5,000,000 for each wrongful act, that provides coverage for:
- Liability for network security failures or privacy breaches, including loss or unauthorized access, use or disclosure of University Data, whether by Contractor or any of its subcontractor or cloud service provider used by Contractor.
- Costs associated with a privacy breach, including notification of affected individuals, customer support, forensics, crises management/public relations consulting, legal services of a privacy attorney, credit monitoring and identity fraud resolution services for affected individuals.
- Expenses related to regulatory compliance, government investigations, fines, fees/assessment and penalties.
- Liability for technological products and services.
- Payment Card Industry (PCI) fines, fees, penalties, and assessments.
- Cyber extortion payment and response costs.
- First and Third-Party Business Interruption Loss resulting from a network security and system failure.
- Costs of restoring, updating, or replacing data.
- Liability losses connected to network security, privacy, and media liability; and
- Other necessary and customary overages.
Certificates of Insurance and Additional Insured Endorsements reflecting applicable limits, sub-limits, self-insured retention, or deductibles will be provided to Cornell upon request. Cornell University will be named as an Additional Insured and will be provided with a waiver of subrogation by endorsement to the required Cyber Liability policy. All insurance carrier(s) must carry an A.M. Best rating of at least A-, Class VIII.