Cyber insurance is a special insurance policy that covers your business’ losses and liability for intrusions into your business’s computers, computer networks, software, payment processing, and other information technology (cyber events). Cyber events that may be covered by cyber insurance include data breaches, malware, ransomware, viruses, spyware, wire transfer fraud, phishing, denial-of-service (DoS) attacks, Trojans, adware, botnets, man-in-the-middle attacks, credit card web skimming, and others.

In addition to breaching a business’s own valuable information and processes, a data breach may target a business’s sensitive customer information, such as credit card numbers, account numbers, telephone numbers, mailing addresses, passwords, driver’s license numbers, Social Security numbers, health records, and other personally identifiable information (PII).

In Pennsylvania, as in many other states, cyber insurance is designed to mitigate the risks associated with electronic business operations by providing coverage for various types of cyber events. These policies typically cover financial losses that a business may suffer as a result of cyber incidents such as data breaches, malware, ransomware, and other cyber threats. They also often cover the costs associated with legal claims, customer notifications, credit monitoring services, and repairing damaged systems. Pennsylvania does not have specific statutes that regulate cyber insurance policies; instead, these policies are governed by general insurance law principles and overseen by the Pennsylvania Insurance Department. Businesses seeking cyber insurance in Pennsylvania should work with an attorney to understand the scope of coverage, exclusions, and compliance with any applicable federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA) for health records, or the Gramm-Leach-Bliley Act (GLBA) for financial information.