Cyber insurance is a special insurance policy that covers your business’ losses and liability for intrusions into your business’s computers, computer networks, software, payment processing, and other information technology (cyber events). Cyber events that may be covered by cyber insurance include data breaches, malware, ransomware, viruses, spyware, wire transfer fraud, phishing, denial-of-service (DoS) attacks, Trojans, adware, botnets, man-in-the-middle attacks, credit card web skimming, and others.

In addition to breaching a business’s own valuable information and processes, a data breach may target a business’s sensitive customer information, such as credit card numbers, account numbers, telephone numbers, mailing addresses, passwords, driver’s license numbers, Social Security numbers, health records, and other personally identifiable information (PII).

In Georgia, as in many other states, there is no specific regulation that mandates businesses to obtain cyber insurance. However, given the increasing prevalence of cyber threats, many businesses opt to purchase cyber insurance policies to mitigate the financial risks associated with cyber events. These policies typically cover expenses and liabilities resulting from data breaches, malware, ransomware, and other cyber incidents that compromise a business's or customers' sensitive information. Coverage can include costs for notification, credit monitoring for affected individuals, legal fees, and regulatory fines. It's important for businesses to work with an attorney and an insurance broker to understand the scope of coverage, exclusions, and any compliance requirements with state and federal laws, such as the Georgia Personal Identity Protection Act (GPIPA), which requires businesses to take reasonable measures to protect against unauthorized access to personal information and to provide notification in the event of a data breach.