Pro+ Cyber insurance coverage will be available to new customers starting July 1, 2025, and to existing customers beginning January 1, 2026.

NETGUARD® SELECT INSURANCE DECLARATIONS

Limits of Insurance: The Limits of Insurance shown in A. and B. below apply separately to each Named Insured.

NetGuard® Select Insurance Master Policy

THE INSURING AGREEMENTS OF THIS POLICY PROVIDE FIRST PARTY COVERAGE ON AN EVENT DISCOVERED AND REPORTED BASIS. NO EXTENDED REPORTING PERIOD IS AVAILABLE FOR THIS COVERAGE. PLEASE REVIEW THIS POLICY CAREFULLY WITH YOUR INSURANCE BROKER OR ADVISOR.In consideration of the payment of the premium, in reliance upon all statements made and information furnished by the Policyholder to the Company, and subject to all terms, conditions, limitations and exclusions of this Policy, the Company agrees with the Policyholder as follows:TheCompany shall mean the insurance carrier set forth in the Declarations of this Policy.

I. INSURING AGREEMENTS

(A) Data Recovery Coverage

1. Subject to the Limit of Insurance, the Company shall pay Digital Assets Loss and Special Expenses that an Insured incurs because of damage, alteration, corruption, distortion, theft, misuse or destruction of Digital Assets resulting from a System Failure, provided always that: (a) the Insured first discovers the System Failure during the Coverage Period; (b) the System Failure is reported to the Company in writing pursuant to Section X. of this Policy; and (c) the Insured provides clear evidence that the Digital Assets Loss and Special Expenses directly result from a System Failure.

2. The Company shall pay Digital Assets Loss and Special Expenses for up to twelve (12) months following the Insured’s discovery of the System Failure, unless specified otherwise by endorsement to this Policy.

(B) Cyber Extortion Coverage

1. Subject to the Limit of Insurance, the Companyshall pay Cyber Extortion Monies that an Insured incurs as a direct result of a Cyber Extortion Threat, provided always that: (a) the Insured first discovers the Cyber Extortion Threat during the Coverage Period; and (b) the Cyber Extortion Threat is reported to the Company in writing pursuant to Section X. of this Policy.

2. The Company shall not be obligated to pay Cyber Extortion Monies for which the Company has not given Approval. The Insured must make every reasonable effort to notify local law enforcement authorities and the Federal Bureau of Investigation or equivalent foreign agency before surrendering any Cyber Extortion Monies in response to a Cyber Extortion Threat.

(C) Cyber Crime and Cryptocurrency Coverage

Subject to the Limit of Insurance, the Company shall pay Financial Fraud Loss that an Insured sustains because of Financial Fraud, provided always that: (a) the Insured first discovers the Financial Fraud during the Coverage Period; (b) the Financial Fraud is reported to the Company in writing pursuant to Section X. of this Policy; and (c) the Insured provides written confirmation to the Company thatthe Insured’s bankor credit card company has refused to reverse or prevent a payment transaction or to indemnify or reimburse the Insured for the Financial Fraud Loss.

II. CHOICE OF COUNSEL AND INVESTIGATION OF CLAIMS

(A) Choice of Counsel

1. The Company may consider an Insured’s choice of counsel respect to any First Party Insured Event, but the final decision on selection of counsel rests with the Company. No Insured shall appoint counsel without Approval.

2. The Company will have no obligation to pay legal expenses incurred by an Insured before the notice of Claim is received by the Company or incurred without Approval.

(B) Investigation

The Company has the right to make any investigation it deems necessary including, without limitation, any investigation with respect to the statements made and information furnished by the Policyholder in connection with the underwriting of this Policy, or coverage for any Claim.

III. LIMITS OF INSURANCE

The Limits of Insurance shown on the Declarations of this Policy apply separately to each Named Insured, subject to the Master Policy Annual Aggregate Limit and the provisions set forth below. All other persons qualifying as Insureds under this Policy shall share in the Limits of Insurance of the Named Insured.

(A) Limits Per Insuring Agreement

The Limits Per Insuring Agreement shown on a Named Insured’s Evidence of Coverage are the maximum the Company shall pay on behalf of such Named Insured under each Insuring Agreement of this Policy for each Claim, and in the aggregate for all Claims,first made during the Coverage Period, regardless of the number of Claims or claimants. If any Limit Per Insuring Agreement is exhausted, the Company’s obligations under that Insuring Agreement shall cease.

(B) Annual Aggregate Limit Per Named Insured

The Annual Aggregate Limit shown on a Named Insured’s Evidence of Coverage is the maximum the Company shall pay on behalf of such Named Insured under this Policy for all Claims first made during the Coverage Period, regardless of the number of Insuring Agreements that apply. If a Named Insured’s Annual Aggregate Limitis exhausted, the Company’s obligations under this Policy with respect to such Named Insured shall cease.

(C) Master Policy Annual Aggregate Limit

The Master Policy Annual Aggregate Limit shown in Item 6.C. of the Declarations of this Policy is the maximum the Company shall pay under this Policy for all Insureds combined, regardless of the number of Claims, Insureds or Insuring Agreements. All payments made under this Policy will reduce, and may completely exhaust, such Master Policy Annual Aggregate Limit. If the Master Policy Annual Aggregate Limit is exhausted by payment of covered amounts, all individual Limits of Insurance and Aggregate Limits will be deemed to be exhausted; there will be no further separate individual limit available to any Named Insured; and the Company’s obligations under this Policy with respect to all Insureds shall cease.

(D) Related Claims

1. All RelatedClaims will be treated as follows:

   1. Related Claims will be considered to be a single Claim, regardless of the number of Insureds or applicable Insuring Agreements;

   2. RelatedClaims will be considered to have been first made on the date the earliest of the Related Claims is first made and will be considered to be first reported to the Company on the date the earliest of all such Related Claims is reported to the Company; and

   3. Related Claims will be subject to the applicable Limit of Insurance of the Policy in effect when the earliest of the RelatedClaims is first made.

2. If multiple Insuring Agreements of this Policy apply to any Claim, the Company’s total maximum Limit of Insurance under this Policy for such Claim shall be the applicable Annual Aggregate Limit. However, the Company will never pay more under any one Insuring Agreement than the applicable Limit Per Insuring Agreement shown on a Named Insured’s Evidence of Coverage. The Company has the sole discretion to allocate amounts paid, if any, against the appropriate Limit of Insurance.

IV. DEDUCTIBLE

The Policyholder Annual Aggregate Deductible as shown on Item 6.D. of the Declarations is the amount the Policyholder is required to pay each Master Policy Period, on behalf of all Named Insureds, for all Claims and all amounts to which this Policy applies. The Limits of Insurance shall not be reduced by the amount of the Policyholder Annual Aggregate Deductible. The Policyholder’s payment of the Deductible is a condition precedent to payment by the Company of any amounts under this Policy, and the Company shall only be liable for amounts that exceed the Policyholder Annual Aggregate Deductible, up to the applicable Limit of Insurance. The Policyholder must make direct payments within its Deductible to the appropriate parties designated by the Company.

V. TERRITORIAL LIMITS

This Policy applies to First Party Insured Events taking place anywhere in the world. However, any provision in this Policy pertaining to coverage for First Party Insured Events taking place anywhere outside the United States of America, or its territories or possessions, shall apply only where legally permissible.

VI. DEFINITIONS

As used in this Policy:

1. “Account Manager” means any person or organization authorized by an Insured to request (a) the transfer, payment or delivery of Money or Securities from a Covered Bank Account or (b) the transfer, payment or delivery of cryptocurrency from an Insured’s cryptocurrency wallet.

2. “Act of Cyber Terrorism” means the premeditated use of disruptive activities, or the threat to use disruptive activities, against a Computer System, including any associated network and Data stored thereon, with the intention to cause harm, to further social, ideological, religious, political, or similar objectives, or to intimidate any person in furtherance of such objectives; provided that such activities are not committed by, or at the express direction of, a sovereign state or a government simultaneously engaged in War or a Cyber Operation carried out as part of any War.

3. “Application Program” means any computer software program that performs a particular function or task within the Computer Operating System for the end-user, including, but not limited to, database programs, web browsers, enterprise software, word processors, graphics software and media players.

4. “Approval” means the advance written agreement or consent by the Company, which will not be unreasonably withheld.

5. “Bodily Injury” means physical injury, sickness, disease or death sustained by any person and, where resulting from such physical injury only, mental anguish, mental injury, shock, humiliation or emotional distress.

6. “Business” means any employment, trade, occupation, profession or enterprise intended to realize a benefit or financial gain, whether engaged in on a full-time, part-time, occasional or temporary basis.

7. “Claim” means:

   1. with respect to Data Recovery Coverage only, written notice from an Insured or an Insured’s representatives to the Company of a System Failure.

   2. with respect to Cyber Extortion Coverage only, written notice from an Insured or an Insured’s representatives to the Company of a Cyber Extortion Threat.

   3. with respect to Cyber Crime and Cryptocurrency Coverage only, written notice from an Insured or an Insured’s representatives to the Company of Financial Fraud. A Claim under any Insuring Agreement of this Policy will be deemed to have been first made when the Company first receives written notice of such Claim.

8. “Cloud Provider” means any Third Party that provides computing resources to an Insured under a written contract with the Insured to provide such services, which are delivered as a service over a network or the internet (commonly known as “cloud computing”), including email services, Software as a Service, Platform as a Service and Infrastructure as a Service.

9. “Computer Operating System” means Computer System software that manages or administers computer hardware, software resources, or provides common services to run an Application Program. Computer Operating System does not include an Application Program.

10. “Computer System” means an interconnected electronic, wireless, web or similar system, including all computer hardware and software, used to process and store Data or information in an analogue, digital, electronic or wireless format, including, but not limited to, computer programs, Data, operating systems, firmware, servers, media libraries, associated input and output devices, mobile devices, devices that are connected to and controlled by the internet (also known as “smart devices”), networking equipment, websites, extranets, off-line storage facilities (to the extent they hold Data) and electronic backup equipment.

11. “Coverage Period”, with respect to each Named Insured, means the period beginning on the effective date of the Named Insured’s coverage under this Policy, as set forth in such Named Insured’s Evidence of Coverage, and ending on the earlier of:

    1. the natural expiration of the Named Insured’s coverage under this Policy, as set forth in such Named Insured's Evidence of Coverage;

    2. the effective date of cancellation or termination of this Policy, or

    3. the effective date of cancellation or termination of the Named Insured’s coverage under this Policy. No Coverage Period shall begin before the effective date of the Master Policy Period.

12. “Covered Bank Account” means a personal account at a financial or banking institution, including any personal trust or investment account, which is maintained by an Insured in the Insured’s name, or in the name of a legal entity established by an Insured or on an Insured’s behalf to manage the Insured’s personal assets, from which the Insured or an Account Manager may request the transfer, payment or delivery of Money or Securities. Covered Bank Account does not include any Business account.

13. “Cyber Extortion Monies” means Money, digital currency of any kind, including bitcoin, or Other Property that an Insured pays with Approval to any person or group reasonably believed to be responsible for a Cyber Extortion Threat, to prevent or terminate such Cyber Extortion Threat.

14. “Cyber Extortion Threat” means a credible threat or series of related credible threats, including a demand for Cyber Extortion Monies, which is directed at an Insured to:

    1. steal, alter, release, reveal, divulge, disseminate, destroy, publicly disclose or misuse Private Information taken from an Insured through unauthorized access to, or unauthorized use of, an Insured Computer System;

    2. infect an Insured Computer System with malicious code or ransomware;

    3. corrupt, damage or destroy an Insured Computer System;

    4. restrict or hinder access to an Insured Computer System, including the threat of a Denial of Service Attack;

    5. perpetrate or carry out a Phishing Attack; or

    6. steal, alter, release, reveal, divulge, disseminate, destroy, publicly disclose or misuse an Insured’s confidential or proprietary information or Personally Identifiable Information. A series of continuing, related or repeated Cyber Extortion Threats, or multiple Cyber Extortion Threats resulting from the same attack, event or incident, will be considered a single Cyber Extortion Threat and will be considered to have occurred at the time the first of such Cyber Extortion Threats occurred.

15. "Cyber Operation” means the use of a Computer System by, at the direction, or under the control of a sovereign state to disrupt, deny, degrade, manipulate or destroy information in a Computer System of or in another sovereign state.

16. “Data” means any machine-readable information, including, but not limited to, ready-for-use programs, applications, account information, customer information, health and medical information or other electronic information, irrespective of the way it is used and rendered.

17. “Denial of Service Attack” means an event caused by unauthorized or unexpected interference or a malicious attack, which is intended by the perpetrator to overwhelm the capacity of a Computer System by sending an excessive volume of Data to such Computer System to prevent access to such Computer System.

18. “Digital Assets” means Data and computer programs that exist in an Insured Computer System. Digital Assets does not includecomputer hardware.

19. “Digital Assets Loss” means reasonable and necessary expenses and costs that an Insured incurs to replace, recreate or restore Digital Assets to the same state and with the same contents immediately before the Digital Assets were damaged, destroyed, altered, misused or stolen, including research costs incurred in recreating Digital Assets and expenses for materials and machine time. Digital Assets Loss will be determined in accordance with Section XI. of this Policy.

20. "Essential Service” means any service that is essential for the proper operation and maintenance of vital functions of a sovereign state, including, but not limited to, financial services (including services related to financial institutions and associated financial market infrastructure), health services, utility services, emergency services, and/or services that are essential for the proper operation of the food, energy and/or transportation sector.

21. “Evidence of Coverage” means the NetGuard® Select Insurance Master Policy Certificate of Insurance that a Named Insured holds, which evidences such Named Insured’s coverage under this Policy.

22. “Family Member” means any of the following persons, provided that the Named Insured has identified them to the Policyholder (either during open enrollment if coverage is obtained through employee benefits or in the Family section of the Policyholder’s portal):

    1. the legal or common law spouse of the Named Insured;

    2. dependent children or other dependent family members who reside with the Named Insured;

    3. dependent children, or other dependent family members who do not reside with the Named Insured but who are supported financially by the Named Insured; and

    4. persons who are aged 65 and above and:

       1. are the parents or grandparents of the Named Insured or the Named Insured’s spouse or domestic partner; and

       2. rely on the Named Insured to receive identity protection services through the Policyholder All persons identified in (a) through (d) above must be individually registered with the Policyholder to qualify as a Family Member under this Policy.(24)

23. “Financial Fraud” means:

    1. an intentional, unauthorized and fraudulent written, electronic or telephonic instruction transmitted to a financial institution, directing such institution to debit, transfer, withdraw or disburse Money or Securities from a Covered Bank Account, which instruction purports to have been transmitted by an Insured or Account Manager, but was in fact fraudulently transmitted by a Third Party without the Insured’s knowledge or consent;

    2. a Phishing Attack directed at an Insured or Account Manager which fraudulently induces the Insured or Account Manager to transfer, pay or deliver Money or Securities from a Covered Bank Account;

    3. a Phishing Attack directed at an Insured or Account Manager which fraudulently induces the Insured or Account Manager to transfer, pay or deliver cryptocurrency from an Insured’s cryptocurrency wallet;

    4. the theft of Money or Securities from a Covered Bank Account or an Insured’s personal credit cards as a result of a Hacking Attack; or

    5. the theft of cryptocurrency from an Insured’s cryptocurrency wallet as a result of a Hacking Attack.

24. “Financial Fraud Loss” means a direct loss of Money, Securities or cryptocurrency that an Insured sustains because of Financial Fraud. “Financial Fraud Loss” does not include any amounts reimbursed to an Insured by any financial or banking institution, or the theft of Money or Securities from a Business account maintained by an Insured or Account Manager.

25. “First Party Insured Event” means:

    1. with respect to Data Recovery Coverage only, a System Failure;

    2. with respect to Cyber Extortion Coverage only, a Cyber Extortion Threat; and

    3. with respect to Cyber Crime and Cryptocurrency Coverage only, a Financial Fraud.

26. “Hacking Attack” means any of the following directed at or enacted upon an Insured Computer System:

    1. unauthorized access to, or unauthorized use of, an Insured Computer System, including any such unauthorized access or unauthorized use resulting from the theft of a password from an Insured Computer System or from an Insured;

    2. a Denial of Service Attack against an Insured Computer System;

    3. infection of an Insured Computer System by malicious code, or the transmission of malicious code from an Insured Computer System; or

    4. an Act of Cyber Terrorism.

27. "Impacted State” means a sovereign state where a Cyber Operation has had a major detrimental impact on:

    1. the functioning of that sovereign state due to disruption of the availability, integrity or delivery of an Essential Service in that sovereign state; and/or

    2. the security or defense of that sovereign state.

28. “Insured” means:

    1. any Named Insured; and

    2. any Family Member. Insured does not include the Policyholder; no coverage is afforded under this Policy to the Policyholder.

29. “Insured Computer System” means a Computer System that is owned and operated by an Insured, or that is leased to and operated by an Insured.

30. “Master Policy Period” means the period from the effective date to the expiration date of this Policy, as set forth in item 4 of the Declarations, or any earlier termination or cancellation date.

31. “Money” means a medium of exchange in current use and authorized or adopted by a domestic or foreign government, including, but not limited to, currency, coins, bank notes, bullion, travelers’ checks, registered checks and Money orders held for sale to the public.

32. “Named Insured” means the natural person who is a customer in good standing with Allstate Identity Protection and is named on an Evidence of Coverage for this Policy.

33. “Operating System Event” means a single act of exploitation of, or a series of related, repeated or continuing acts of exploitation of, software vulnerabilities in a Computer Operating System, including, but not limited to ransomware, wiper malware, computer worms, and computer viruses, the impact of which is of sufficient intensity, scale or effect to cause a major detrimental impact on the functioning of a sovereign statedue to disruption of the availability, delivery, or integrity of an any Essential Service in that sovereign state; provided, however, a major detrimental impact on the functioning of a sovereign state shall not result from an attack, or a related series of attacks, solely impacting the Insured. For purposes of this definition, the determination of whether an event constitutes a major detrimental impact on the functioning of a sovereign state will rely upon any available evidence such as information from governments, news media, qualified IT forensics firms, computer experts and claims reported to the Company

34. “Other Property” means any tangible property, other than Money or Securities, which has intrinsic value.

35. “Outsourced IT Service Provider” means a Third Party that provides information technology services to an Insured, including but not limited to, hosting, security management, co-location and Data storage, under a written contract with such Insured to provide such services. Outsourced IT Service Provider includes any Cloud Provider.

36. “Personally Identifiable Information” means information that can be used to determine, distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual, including, but not limited to, financial account numbers, security codes, personal identification numbers (PINs), credit and debit card numbers, medical or healthcareinformation, social security numbers, driver’s license numbers, addresses, passwords, and any other non-public information.

37. “Phishing Attack” means the use by a Third Party of fraudulent and intentionally misleading telephone calls, emails, texts, instant messages or other electronic communications or malicious websites to impersonatea legitimate or trustworthy contact, organization or person to solicit Private Information, Money or cryptocurrency.

38. “Policyholder” means the entity specified as such in Item 1 of the Declarations.

39. “Privacy Breach” means any of the following:

    1. the unauthorized collection, disclosure, use, access, destruction or modification of Private Information;

    2. the theft of Private Information, including the theft of Private Information stored on an Insured’s unsecured Data storage or mobile device, such as a smartphone, tablet or laptop;

    3. the surrender of Private Information in a Phishing Attack;

    4. an infringement or violation of any rights to privacy; or

    5. breach of a person’s right of publicity, false light or intrusion upon a person’s seclusion. A series of continuing, related or repeated Privacy Breaches, or multiple Privacy Breaches resulting from the same attack, event or incident, will be considered a single Privacy Breach and will be considered to have occurred at the time the first of such Privacy Breaches occurred.

40. “Private Information” means proprietary or confidential information owned by a Third Party that is in the care, custody or control of an Insured, or is used by an Insured with the consent of such Third Party, and Personally Identifiable Information.

41. “Programming Error” means an error which occurs during the development or encoding of a computer program, software or application and which would, when in operation, result in a malfunction or incorrect operation of a Computer System.

42. “Property Damage” means physical injury to, or impairment, destruction or corruption of, any tangible property, including the loss of use thereof. Data is not considered tangible property.

43. “Related Claims” means:

    1. two or more Claims involving any one Insured which have as a common nexus any fact, circumstance, situation, event or cause, or a series of causally connected facts, circumstances, situations, events or causes;

    2. two or more Claims involving any one Insured which arise from the same or continuing First Party Insured Event; or

    3. a single Claim involving multiple Insureds who are insured under one Evidence of Coverage.

44. “Securities” means negotiable or non-negotiable instruments or contracts representing Money or Other Property. Securities does not include Money.

45. “Security Breach” means any of the following, whether a specifically targeted attack or a generally distributed attack:

    1. a Hacking Attack; or

    2. the theft or loss of an Insured’s unsecured Data storage or mobile device, including any smartphone, tablet or laptop containing Private Information. A series of continuing, related or repeated Security Breaches, or multiple Security Breaches resulting from a continuing attack, event, incident or failure of computer security, will be considered a single Security Breach and will be considered to have occurred at the time the first of such Security Breaches occurred.

46. “Special Expenses” means reasonable and necessary costs and expenses that an Insured incurs to:

    1. prevent, preserve, minimize, or mitigate any further damage to Digital Assets, including the reasonable and necessary fees and expenses of specialists, outside consultants or forensic experts;

    2. preserve critical evidence of any criminal or malicious wrongdoing; or

    3. purchase replacement licenses for computer programs because the copy protection system or access control software was damaged or destroyed by a System Failure.

47. “System Failure” means an unplanned outage, interruption, failure, suspension or degradation of service of an Insured Computer System, including, but not limited to, any such outage, interruption, failure, suspension or degradation of service caused directly by a Hacking Attack, administrative error or Programming Error.

48. “Third Party” means any entity, company, organization or person who does not qualify as an Insured under this Policy. However, Third Party does not include the Policyholder.

49. “Unauthorized Trading” means trading, which at the time of the trade, exceeds permitted financial limits or is outside of permitted product lines.

50. “War” means any war, invasion, acts of foreign enemies, hostilities (whether war is declared or not), civil war, rebellion, revolution, insurrection, civil commotion assuming the proportions of or amounting to an uprising, military or usurped power, or confiscation, nationalization, requisition or destruction of or damage to property by or under the order of any government or public or local authority, or any action taken by a government authority to hinder, control, prevent, suppress or defend against any of the aforementioned actions.

VII. EXCLUSIONS AS TO THE ENTIRE POLICY

This Policy does not apply to any Claim:

1. based upon, arising from or in any way involving any of the following committed by an Insured, whether acting alone or in collusion with other persons:

   1. any willful, intentional, deliberate, malicious, fraudulent, dishonest or criminal act or omission;

   2. any intentional violation of law; or

   3. the gaining of any profit or advantage to which an Insured is not legally entitled.

2. based upon, arising from or in any way involving an Insured’s activities as a stockholder, owner, manager, agent, partner, officer, director or employee of any Business or organization, corporation or company.

3. for Bodily Injury or Property Damage.

4. based upon, arising from or in any way involving any of the following, regardless of any other cause or event that contributes concurrently or in any sequence to the Claim:

   1. electrical or mechanical failures or interruption, including electrical disturbance, spike, brownout or blackout; or

   2. any regional, countrywide or global outage, failure, disruption or reduction in supply of any utility service or infrastructure, including electricity, gas, water, telephone, cable, internet, satellite or telecommunications, or any failure, outage, disruption, degradation or termination of any critical part of such service or infrastructure.

5. based upon, arising from or in any way involving the violation of any economic or trade sanctions by the United States government, including, but not limited to, sanctions administered and enforced by the United States Treasury Department’s Office of Foreign Assets Control (OFAC). However, this Exclusion does not apply to a Security Breach originating from any country where the United States of America has imposed economic or trade sanctions.

6. based upon, arising from or in any way involving any breach of any express, implied, actual or constructive contract, warranty, guarantee or promise. However, this Exclusion does not apply to any liability or obligation an Insured would have had in the absence of such contract, warranty, guarantee or promise.

7. based upon, arising from or in any way involving any liability assumed by any Insured under a contract or agreement. However, this Exclusion does not apply to any liability an Insured would have had in the absence of such contract or agreement.

8. based upon, arising from or in any way involving:

   1. any actual, alleged or threatened presence of pollutants or contamination of any kind, including, but not limited to, asbestos, smoke, vapor, soot, fumes, acids, alkalis, chemicals and waste (“waste” includes materials to be recycled, reconditioned or reclaimed), whether or not such presence results from an Insured’s activities or the activities of others, or such presence or contamination happened suddenly or gradually, accidentally or intentionally, or expectedly or unexpectedly; or

   2. any directive or request to test for, monitor, clean up, remove, contain, treat, detoxify or neutralize pollutants, or in any way respond to or assess the effects of pollutants or contamination of any kind.

9. based upon, arising from or in any way involving income loss caused by or resulting from Unauthorized Trading.

10. based upon, arising from or in any way involving:

    1. the actual or alleged purchase or sale of Securities;

    2. the actual or alleged loss of value of any Securities;

    3. the offer of, or solicitation of an offer, to purchase or sell Securities; or

    4. the violation of any Securities law including, but not limited to, the provisions of the Securities Act of 1933, the Securities Exchange Act of 1934 or the Sarbanes-Oxley Act of 2002, or any regulation promulgated under the foregoing statutes, or any similar federal, state, local or foreign law, including “Blue Sky” laws, whether such law is statutory, regulatory or common law.

11. based upon, arising from or in any way involving the actual or alleged government enforcement of any federal, state, local or foreign regulation, including, but not limited to, regulations promulgated by the United States Federal Trade Commission, the Federal Communications Commission or the Securities and Exchange Commission.

12. based upon, arising from or in any way involving:

    1. any employer-employeerelations, policies, practices, acts or omissions;

    2. any actual or alleged refusal to employ any person; or

    3. any misconduct with respect to employees.

13. based upon, arising from or in any way involving any actual or alleged harassment or discrimination including, but not limited to, discrimination based on age, color, race, gender, creed, national origin, marital status, sexual preferences, disability or pregnancy.

14. based upon, arising from or in any way involving:

    1. the violation of any pension, healthcare, welfare, profit sharing, mutual, or investment plan, fund or trust; or

    2. the violation of any provision of the Employee Retirement Income Security Act of 1974 and its amendments, or the Pension Protection Act of 2006 and its amendments, or any regulation, ruling, or order issued pursuant to the foregoing statutes.

15. for any loss, damage, cost or expense:

    1. directly or indirectly caused by, resulting from or in connection with any War;

    2. resulting from a Cyber Operation carried out as part of any War; or

    3. resulting from a Cyber Operation that causes a sovereign state to become an Impacted State. However, this Exclusion does not apply to an Act of Cyber Terrorism. Exclusion (O)(3) also does not apply to the direct or indirect effect of a Cyber Operation on an Insured Computer System that is not physically located in an Impacted State but is affected by a Cyber Operation.

16. based upon, arising from or in any way involving any actual or alleged infringement of any patent.

17. based upon, arising from or in any way involving the misappropriation, theft, copying, display or publication of any trade secret.

18. based upon, arising from or in any way involving the confiscation, commandeering, requisition or destruction of, or damage to, computer hardware by order of a government de jure or de facto, or by any public authority for whatever reason.

19. for any loss or expense arising from illness, substance abuse or death.

20. for any loss of cryptocurrency that an Insured sustains as a result of:

    1. an outage, interruption, failure, suspension or degradation of service of a Computer System owned, controlled, leased or operated by any cryptocurrency wallet provider or cryptocurrency exchange;

    2. the theft of cryptocurrency in a network attack against a Computer System owned, controlled, leased or operated by any cryptocurrency wallet provider or cryptocurrency exchange, including a Denial of Service Attack, Act of Cyber Terrorism or infection of such Computer System by malicious code; or

    3. the insolvency or bankruptcy of any cryptocurrency wallet provider or cryptocurrency exchange.

21. based upon, arising from or in any way involving the theft, misappropriation or misuse of information belonging to, or in the care, custody or control of Allstate Insurance Company or any of its subsidiaries, partners or affiliates (“Allstate”).

22. for the failure or breach of the security intended to protect any Computer System that is owned or operated by, or under the control of, Allstate, including, but not limited to, that which is caused by unauthorized access, unauthorized use, infection by malicious code or Denial of Service Attack.

23. for any outage, interruption, failure, suspension or degradation of service of any Computer System that is owned or operated by, or under the control of, Allstate.

24. based upon, arising from or in any way involving any Security Breach or Privacy Breach caused by or resulting from, in whole or in part, the introduction of malicious code or other vulnerabilities into an Insured Computer System by way of insertion of malicious code into any software which is developed, sold or distributed by Allstate.

25. for sanctions, fines or penalties imposed by law.

26. based upon, arising from or in any way involving fire, smoke, explosion, lightning, wind, water, flood, earthquake, volcanic eruption, tidal wave, landslide, hail, force majeure or any other physical event, however caused.

27. based upon, arising from or in any way involving an Operating System Event.

28. for any liability to any Third Party for whatever reason, including contractual penalties, damages or legal costs and expenses of any type.

VIII. EXCLUSIONS AS TO DATA RECOVERY COVERAGE

In addition to the Exclusions under Section VII., the Company will not be liable under Data Recovery Coverage for:

1. the cost of restoring, updating or replacing Digital Assets to a level beyond that which existed prior to the System Failure.

2. physical damage to, or the costs to repair or replace, any computer hardware or Data center.

3. the economic or market value of Digital Assets.

4. the costs or expenses incurred to identify, patch or remediate software Programming Errors or Computer System vulnerabilities.

5. the cost to upgrade, improve, repair, redesign, reconfigure or maintain an Insured Computer System to a level of functionality beyond that which existed prior to the System Failure.

6. the cost of restoring, replacing or repairing any electronic media.

IX. EXCLUSIONS AS TO CYBER CRIME AND CRYPTOCURRENCY COVERAGE

In addition to the Exclusions under Section VII., the Company will not be liable under Cyber Crime and Cryptocurrency Coverage for:

1. any Claim based upon, arising from or in any way involving any actual or alleged unauthorized acquisition, access, use or disclosure of Private Information that is held or transmitted in any form. However, this Exclusion does not apply to Financial Fraud which directly results from the use of Private Information.

2. amounts that have been wholly or partially reversed by a credit card company or financial institution.

3. loss of Other Property arising out of, resulting from or in any way involving the fraudulent or purportedly fraudulent use of a credit or debit card.

4. any Claim based upon, arising from or in any way involving any fraudulent instruction, if the sender, or any person or organization acting in collusion with the sender, ever had authorized access to an Insured’s password, PIN or other security code. However, this Exclusion does not apply to Financial Fraud Loss resulting from a Phishing Attack directed at an Insured or Account Manager which fraudulently induces the Insured or Account Manager to (1) transfer, pay or deliver Money or Securities from a Covered Bank Account or (2) transfer, pay or deliver cryptocurrency from an Insured’s cryptocurrency wallet.

5. any Claim based upon, arising from or in any way involving the giving or surrendering of Money, Securities or Other Property in any exchange for or purchase of goods or services:

   1. that are not yet delivered, whether fraudulent or not;

   2. that fail to conform to advertised quality or performance; or

   3. that fail to conform to the quality or performance expected from the standpoint of the Insured.

6. any Claim based upon, arising from, or in any way involving potential income, including interest and dividends, not realized by any Insured.

X. NOTIFICATION

With respect to all Insuring Agreements of this Policy, an Insured must provide written notice to the Company, through the persons named in the Evidence of Coverage, of any Claim as soon as practicable during the Coverage Period, but no later than sixty (60) days after expiration of the Coverage Period.

XI. DATA RECOVERY LOSS DETERMINATION

Digital Assets Loss under Data Recovery Coverage will be determined as follows:

1. If the impacted Digital Asset was purchased from a Third Party, the Company will pay only the lesser of the original purchase price of the Digital Asset or the reasonable and necessary Digital Assets Loss.

2. If it is determined that the Digital Assets cannot be replaced, restored or recreated, the Company will only reimburse the actual and necessary Digital Assets Loss incurred up to such determination.

XII. POLICY CONDITIONS

(A) Assistance and Cooperation

1. As a condition precedent to coverage under this Policy, every Insured shall cooperate with the Company and its representatives and, upon the Company’s request, shall submit to examination by a representative of the Company, under oath if required; attend hearings, depositions and trials; assist in effecting settlement; cooperate in the securing and giving of evidence, obtaining the attendance of witnesses, and in the conduct of suits; and shall give a written statement(s) to the Company’s representatives for the purpose of investigation and/or defense, all without charge to the Company. Every Insured shall further cooperate with the Company to do whatever is necessary to secure and effect any rights of indemnity, contribution or apportionment that any Insured may have. No Insured shall take any action which in any way increases the Company’s exposure under this Policy.

2. Every Insured must execute or cause to be executed all papers and render all assistance as reasonably requested by the Company, which may require an Insured to provide copies of a Third Party’s system security and event logs.

3. No Insured will admit liability, make any payment, assume any obligation, incur any expense, enter into any settlement, stipulate to any judgment or award or dispose of any Claim without Approval. However, the prompt public admission of a Privacy Breach or Security Breach potentially impacting the Private Information of Third Parties will not be considered an admission of liability requiring Approval.

(B) Subrogation

1. If any payment is made under this Policy, the Company shall be subrogated to the extent of such payment to all rights of recovery thereof, and the Insured shall execute all documents required and do everything that may be necessary to secure such rights, including the execution of such documents necessary to enable the Company to effectively bring suit in the name of any Insured, and shall provide all other assistance and cooperation which the Company may reasonably require. The Insured shall do nothing after a Claim is made to prejudice the Company’s subrogation rights.

2. Any recoveries shall be applied first to subrogation expenses, second to any other amounts incurred by the Company, and lastly to the Deductible. Any additional amounts recovered will be paid tothe Insured.

(C) Other Insurance

This Policy is excess over any other valid and collectible insurance (including the amount of any deductibles and/or retentions) available to any Insured, including any insurance under which there is a duty to defend and regardless of whether such other policy or policies are stated to be primary, contributory, excess, contingent or otherwise, unless such insurance is written specifically as excess insurance of this Policy by reference in such other policy to the Policy number set forth in the Declarations of this Policy.

(D) Cancellation

1. The Policyholder may not cancel this Policy; however, a Named Insured may cancel its own coverage under this Policy by giving the Company advance, written notice stating when thereafter cancellation shall take effect. If a Named Insured cancels its own coverage under this Policy, the annual premium will be deemed fully earned, and the Company will not be liable to return any premium paid.

2. The Company may only cancel a Named Insured’s coverage under this Policy for non-payment of premium by mailing to the Named Insured written notice stating when, not less than ten (10) days thereafter, such cancellation shall be effective.

3. If the provisions of (D)(2) above are in conflict with any governing law or regulation, then such provisions shall be deemed amended to comply with the requirements of any such law or regulation, including any minimum cancellation notice period permitted thereunder.

4. In the event of cancellation of a Named Insured’s coverage under this Policy, no Extended Reporting Period Coverage will be available to the Named Insured.

(E) Non-Renewal

1. If the Company elects to non-renew this Policy, it will mail a written notice to the Policyholder stating the reason for non-renewal at least sixty (60) days before the Expiration Date of this Policy.

2. If this Policy is not renewed by the Company or the Policyholder, the Policyholder is responsible for notifying all Insureds of the effective date of nonrenewal. Non-renewal of this Policy shall be binding on all Insureds whether or not any such Insureds are notified by the Policyholder of the non-renewal.

3. If the Company elects to non-renew a Named Insured’s coverage under this Policy, it will mail a written notice to such Named Insured stating the reason for non-renewal at least sixty (60) days before theExpiration Dateof the applicable Coverage Period.

4. If any of the provisions of (E)(1) through E(3) above are in conflict with any governing law or regulation, then such provisions shall be deemed amended to comply with the requirements of any such law or regulation, including any minimum non-renewal notice period permitted thereunder.

5. In the event of non-renewal of this Policy or any Named Insured’s coverage under this Policy, no Extended Reporting Period Coverage will be available to any Named Insured.

(F) Action Against the Company

No action shall lie against the Company unless, as a condition precedent thereto, there has been full compliance with all of the terms of this Policy, nor until the amount of an Insured's obligation to pay with respect to a Claim has been finally determined either by judgment against an Insured after actual trial or by written agreement of an Insured, the claimant and the Company. Any individual or organization or the legal representative thereof who has secured such judgment or written agreement shall thereafter be entitled to recover under this Policy to the extent of the insurance afforded by this Policy. No individual or organization shall have any right under this Policy to join the Company as a party to any action against any Insured to determine an Insured's liability, nor shall the Company be impleaded by any Insured or their legal representative.(G) Dispute Resolution

1. Mediation If any dispute arises between any Insured and the Company involving this Policy or a Claim hereunder, the Named Insured and the Company agree that such dispute will be referred to a qualified mediator in a good faith effort to negotiate a resolution of the dispute prior to the initiation of any arbitration or other proceedings. The party invoking the agreement to mediate will provide written notice to the other party setting forth its request to mediate and a brief statement regarding the issue to be mediated. The Named Insured is authorized and directed to accept the Notice of Mediation on behalf of any Insured.

2. Arbitration As a condition precedent to any right of action hereunder, in the event that a good faith effort to mediate pursuant to Section XII.(G)(1) above does not resolve a dispute between any Insured and the Company involving this Policy or a Claim, the Named Insured and the Company agree that such dispute will be determined by final and binding arbitration before a single arbitrator. If the parties cannot mutually select the arbitrator, the parties will refer the selection of the arbitrator to the American Arbitration Association.

(H) Service of Suit

This condition applies in jurisdictions where the Company is not an admitted insurer.

It is hereby understood and agreed that in the event of the Company’s failure to pay the amount claimed to be due hereunder, the Company, at the request of an Insured, will submit to the jurisdiction of a court of competent jurisdiction within the United States and will comply with all requirements necessary to give such court jurisdiction, and all matters regarding service of suit shall be determined in accordance with the law and practice of such court. Nothing in herein constitutes or should constitute a waiver of the Company’s rights to commence an action in any court of competent jurisdiction in the United States; to remove an action to a United States District Court; to seek a transfer of a case to another court as permitted by the laws of the United States or any state in the United States; or to appeal any judgment or ruling.

It is further understood and agreed that, pursuant to any statute of any state, territory or district of the United States which makes provision therefor, the Company hereby designates the Superintendent, Commissioner or Director of Insurance or other officer specified for that purpose in the statute, or his or her successor(s) in office, as its true and lawful attorney upon whom may be served any lawful process in any action, suit or proceeding instituted by or on behalf of any Insured or any beneficiary hereunder arising out of this Policy, and hereby designates the President of the Houston Casualty Company in care of the General Counsel, at 13403 Northwest Freeway, Houston, TX, 77040, as the person to whom said officer is authorized to mail such process or true copy thereof.

It is further understood and agreed that service of process in such suit may be made upon NATIONAL REGISTERED AGENTS, INC., 2875 Michelle Drive, Suite 100, Irvine, CA 92606, and that in any suit instituted against the Company upon this Policy, the Company will abide by the final decision of such court, or of any appellate court in the event of an appeal.

(I) Assignment

No assignment of interest under this Policy shall bind the Company unless its prior written consent is endorsed hereon.

(J) Forfeiture

Any action or failure to act by a Named Insured with the intent to defraud the Company, will render such Named Insured’s Evidence of Coverage null and void, and all of such Named Insured’s coverage hereunder will be forfeited.

(K) Bankruptcy or Insolvency

Bankruptcy or insolvency of any Insured shall not relieve the Company of its obligations nor deprive the Company of its rights or defenses under this Policy.

(L) Office of Foreign Assets Control

Payment under this Policy shall only be made in full compliance with all United States of America economic or trade sanctions, laws or regulations, including, but not limited to, sanctions, laws and regulations administered and enforced by the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”).

(M) Headings

The titles of paragraphs or sections of this Policy or any endorsements are intended solely for convenience and reference and are not considered in any way to limit or expand the provisions to which they relate and are not part of the Policy. Whenever the singular form of a word is used herein, the same will include the plural when required by context.

(N) Policy Conformance

Any terms of this Policy that conflict with any local or state law, regulation or ordinance of the state that applies, will be thereby amended to the extent necessary in order to conform to such local or state law, regulation or ordinance.

(O) Policyholder’s Rights and Duties

The Policyholder, on behalf of all Insureds, shall be:

1. authorized to make changes in the terms of this Policy, with the Company’s consent;

2. authorized to agree to and receive any endorsements issued to form a part of this Policy;

3. responsible for payment of all premiums;

4. the payee for any return premium; and

5. responsible for notifying all Insureds if this Policy is canceled or non-renewed.

XIII. CURRENCY AND PAYMENTS

All premium and losses under this Policy shall be payable in United States dollars.

XIV. ENTIRE AGREEMENT

By acceptance of this Policy, the Policyholder agrees that this Policy embodies all agreements between the Policyholder and the Companyrelating to this Policy. Notice to any agent, or knowledge possessed by any agent, or by any other person, will not affect a waiver or a change in any part of this Policy or estop the Companyfrom asserting any right under the terms of this Policy; nor will the terms of this Policy be waived or changed, except by endorsement issued to form a part of this Policy and signed by the Company.

HOUSTON CASUALTY COMPANY

Houston, Texas

NETGUARD® SELECT MASTER POLICY ENDORSEMENT

NUCLEAR INCIDENT EXCLUSION

In consideration of the premium charged, it is understood and agreed that Section VII. EXCLUSIONS AS TO THE ENTIRE POLICY of this Policy is amended by the addition of the following Exclusion:

This Policy does not apply to any Claim based upon, arising from or in any way involving any injury, sickness, disease, death or destruction, including all forms of radioactive contamination of property:

1. with respect to which any Insured is also insured under a nuclear energy liability policy issued by the Nuclear Energy Liability Insurance Association, Mutual Atomic Energy Liability Underwriters or Nuclear Insurance Association of Canada, or would be an insured under any such policy but for exhaustion of its limit of liability;

2. resulting from the Hazardous Properties of Nuclear Material and with respect to which:

   1. any person or organization is required to maintain financial protection pursuant to the Atomic Energy Act of 1954, as amended, or any regulations promulgated thereunder;

   2. any Insured is, or had this policy not been issued would be, entitled to indemnity from the United States of America, or any agency thereof, under any agreement entered into by the United States of America, or any agency thereof, with any person or organization; or

3. resulting from the Hazardous Properties of Nuclear Material, if:

   1. the Nuclear Material is at any Nuclear Facility owned by, or operated by or on behalf of, an Insured or has been discharged or dispersed therefrom;

   2. the Nuclear Material is contained in Spent Fuel or Waste at any time possessed, handled, used, processed, stored, transported or disposed of by or on behalf of an Insured; or

   3. the injury, sickness, disease, death or destruction arises out of the furnishing by an Insured of services, materials, parts or equipment in connection with the planning, construction maintenance, operation or use of any Nuclear Facility; provided, however, if such facility is located within the United States of America, its territories or possessions or Canada, this Exclusion (c)(3) applies only to injury to or destruction of property at such Nuclear Facility.

As used in this Endorsement:

1. “Hazardous Properties” means radioactive, toxic or explosive properties.

2. “Nuclear Facility” means:

   1. any Nuclear Reactor;

   2. any equipment or device designed or used for separating the isotopes of uranium or plutonium, processing or utilizing Spent Fuel, or handling, processing or packaging Waste;

   3. any equipment or device used for the processing, fabricating or alloying of Special Nuclear Material if at any time the total amount of such material in the custody of an Insured at the premises where such equipment or device is located consists of or contains more than twenty-five (25) grams of plutonium or uranium 233, or any combination thereof, or more than 250 grams of uranium 235;

   4. any structure, basin, excavation, premises or place prepared or used for the storage or disposal of Waste, and

   5. the site on which any of (a) through (d) above is located, all operations conducted on such site and all premises used for such operations.

3. “Nuclear Material” means Source Material, Special Nuclear Material or Byproduct Material.

4. “Nuclear Reactor” means any apparatus designed or used to sustain nuclear fission in a self-supporting chain reaction or to contain a critical mass of fissionable material.

5. “Spent Fuel” means any fuel element or fuel component, solid or liquid that has been used or exposed to radiation in a Nuclear Reactor.

6. “Waste” means any waste material containing Byproduct Material and resulting from the operation by any person or organization of any Nuclear Reactor or any equipment or device designed or used for separating the isotopes of uranium or plutonium, processing or utilizing Spent Fuel, or handling, processing or packaging Waste.

7. “Source Material”, “Special Nuclear Material” and “Byproduct Material” have the meanings given them in the Atomic Energy Act 1954, or in any law amendatory thereof.

All other terms and conditions of this Policy remain unchanged.

NETGUARD® SELECT MASTER POLICY ENDORSEMENT

POLICYHOLDER DISCLOSURE NOTICE OF TERRORISM INSURANCE COVERAGE

Coverage for acts of terrorism is already included in your policy (including any quotation for insurance) to which this notice applies. You are hereby notified that under the Terrorism Risk Insurance Act, as amended in 2015, the definition of act of terrorism has changed. As defined in Section 102(1) of the Act: The term “act of terrorism” means any act that is certified by the Secretary of the Treasury – in consultation with the Secretary of Homeland Security, and the Attorney General of the United States – to be an act of terrorism; to be a violent act or an act that is dangerous to human life, property or infrastructure; to have resulted in damage within the United States, or outside the United States in the case of certain air carriers or vessels or the premises of a United States mission; and to have been committed by an individual or individuals as part of an effort to coerce the civilian population of the United States or to influence the policy or affect the conduct of the United States Government by coercion.

Under your coverage, any losses resulting from certified acts of terrorism may be partially reimbursed by the United States Government under a formula established by the Terrorism Risk

Insurance Act, as amended. HOWEVER, YOUR POLICY MAY CONTAIN OTHER EXCLUSIONS WHICH MIGHT AFFECT YOUR COVERAGE, INCLUDING BUT NOT LIMITED TO, AN EXCLUSION FOR NUCLEAR EVENTS. PLEASE READ IT CAREFULLY. Under the formula, the United States Government generally reimburses 85% through 2015; 84% beginning on January 1, 2016; 83% beginning on January 1, 2017; 82% beginning on January 1, 2018; 81% beginning on January 1, 2019 and 80% beginning on January 1, 2020 of covered terrorism losses exceeding the statutorily established deductible paid by the insurance company providing the coverage. The Terrorism Risk Insurance Act, as amended, contains a USD100 billion cap that limits U.S. Government reimbursement as well as insurers’ liability for losses resulting from certified acts of terrorism when the amount of such losses exceeds USD100 billion in any one calendar year. If the aggregate insured losses for all insurers exceed USD100 billion, your coverage may be reduced.

The portion of your annual premium that is attributable to coverage for certified acts of terrorism as defined in the Terrorism Risk Insurance Act, as amended in 2015, is 1%. This amount does not include any charges for the portion of loss covered by the Federal Government under the Act.

I ACKNOWLEDGE THAT I HAVE BEEN NOTIFIED THAT UNDER THE TERRORISM RISK INSURANCE ACT, AS AMENDED IN 2015, ANY LOSSES CAUSED BY CERTIFIED ACTS OF TERRORISM UNDER MY POLICY MAY BE PARTIALLY REIMBURSED BY THE UNITED STATES GOVERNMENT AND ARE SUBJECT TO A USD100 BILLION CAP THAT MAY REDUCE MY COVERAGE, AND I HAVE BEEN NOTIFIED OF THE PORTION OF MY PREMIUM ATTRIBUTABLE TO SUCH COVERAGE.

INSURANCE CARRIER: Houston Casualty Company