Cyber Insurance (Claims-made Basis)
 SPECIFIC CONDITIONS
1. Reporting and notice
You will notify Hollard as soon as practicable, but within 31 (thirty one) days, upon You becoming aware of any Claim or circumstance which could reasonably give rise to a Claim. For any Cyber Extortion Threat made, You will immediately notify Hollard.
2. Corporate acquisitions, mergers, amalgamations and takeovers
This Section does not cover any Company or other legal entity acquired during the period of insurance unless notified to and endorsed by Hollard.
3. Territory, jurisdiction and governing law
This Section applies to Claims resulting from acts alleged or committed anywhere in the world and shall be construed in accordance with the laws of the Republic of South Africa.
4. Service level agreements
Hollard has entered into service level agreements with service providers for the provision of services covered under the Section Insuring Agreements. The terms of the service level agreements are applicable to You as if You had signed these and are available from Hollard on request.
5. Minimum security requirements
It is a condition precedent to liability that in addition to its data and information security procedures as disclosed You undertake to comply fully with the Company’s minimum IT security requirements as specified hereunder on commencement of and throughout the duration of this Section:
5.1 Firewalls implemented to restrict access to digitally stored Sensitive Information.
5.2 Anti-virus and/or anti-malware software implemented on all desktops, laptops and Sensitive Systems (where applicable and in accordance with best practice recommendations) and kept up to date per the software providers’ recommendations.
5.3 Security related patches and updates applied on Sensitive Systems within 3 (three) months of release by the provider.
5.4 Password controls implemented on Sensitive Systems. These controls must include:
5.4.1 password length of at least 8 (eight) characters;
5.4.2 user account passwords changed at least every 120 (one hundred and twenty) days;
5.4.3 passwords configured which are not common dictionary words and cannot within reason be deemed widely used or easily guessable;
5.4.4 user accounts configured to lockout as a result of at most 20 (twenty) failed authentication attempts;
5.4.5 all default installation and administration accounts secured via changing the password and where possible disabling, deleting or renaming the account.
5.5 Administrative and remote access interfaces are not accessible via the open internet. Where such interfaces are required these are accessible exclusively over secured channels such as Virtual Private Network (VPN) connections.
5.6 Controls implemented to restrict wireless network access to Sensitive Systems and Sensitive Information to authorised users. Controls to include:
5.6.1 enabling encryption of wireless network traffic;
5.6.2 changing default access passwords to complex passwords comprising lowercase letters, uppercase letters, numbers, and symbols;
5.6.3 implementing authentication to access the wireless network.
5.7 Controls implemented to restrict physical access to offices, server rooms/sensitive processing facilities and if applicable remote locations including disaster recovery sites to authorised users.
5.8 The system and/or activity logs for all Sensitive Systems stored for a minimum period of 6 (six) months.
 Sectional Title Insurance Policy Wording – Version 4 2023 Page | 89