Cyber insurance is a special insurance policy that covers your business’ losses and liability for intrusions into your business’s computers, computer networks, software, payment processing, and other information technology (cyber events). Cyber events that may be covered by cyber insurance include data breaches, malware, ransomware, viruses, spyware, wire transfer fraud, phishing, denial-of-service (DoS) attacks, Trojans, adware, botnets, man-in-the-middle attacks, credit card web skimming, and others.

In addition to breaching a business’s own valuable information and processes, a data breach may target a business’s sensitive customer information, such as credit card numbers, account numbers, telephone numbers, mailing addresses, passwords, driver’s license numbers, Social Security numbers, health records, and other personally identifiable information (PII).

In Arizona, as in many other states, cyber insurance is designed to mitigate the risks associated with electronic business operations by providing coverage for various types of cyber events. These policies typically cover the financial losses a business may suffer due to incidents like data breaches, malware, ransomware, and other cyber threats, as well as the liability for damages to third parties whose information may have been compromised. Arizona businesses holding sensitive customer information, such as PII, are at risk of cyber attacks that can lead to significant financial and reputational damage. While there is no specific state statute in Arizona that mandates businesses to carry cyber insurance, many choose to purchase it as a risk management tool, especially considering the state's data breach notification law (Arizona Revised Statutes § 18-551), which requires businesses to notify affected individuals in case of a data breach involving personal information. It's important for businesses to work with an attorney to understand the coverage options available and ensure that their cyber insurance policy is tailored to their specific needs and risks.