Cyber insurance is a special insurance policy that covers your business’ losses and liability for intrusions into your business’s computers, computer networks, software, payment processing, and other information technology (cyber events). Cyber events that may be covered by cyber insurance include data breaches, malware, ransomware, viruses, spyware, wire transfer fraud, phishing, denial-of-service (DoS) attacks, Trojans, adware, botnets, man-in-the-middle attacks, credit card web skimming, and others.

In addition to breaching a business’s own valuable information and processes, a data breach may target a business’s sensitive customer information, such as credit card numbers, account numbers, telephone numbers, mailing addresses, passwords, driver’s license numbers, Social Security numbers, health records, and other personally identifiable information (PII).

In Arkansas, as in many other states, businesses can purchase cyber insurance to protect against losses and liabilities resulting from cyber events. Cyber insurance policies are designed to cover a range of incidents, including data breaches, malware, ransomware, and other forms of cyberattacks that compromise a business's or its customers' sensitive information. The specific coverage details and the extent of protection will vary depending on the policy. Arkansas businesses that handle personal information are also subject to the Arkansas Personal Information Protection Act (APIPA), which requires them to implement and maintain reasonable security procedures to protect personal information and to notify affected individuals in the event of a data breach. Cyber insurance can help businesses meet their financial obligations under this law by covering costs associated with a breach, such as notification expenses, credit monitoring services, and legal fees. It is advisable for businesses to consult with an attorney to understand the scope of coverage offered by cyber insurance policies and to ensure compliance with relevant state and federal regulations.