Cyber insurance is a special insurance policy that covers your business’ losses and liability for intrusions into your business’s computers, computer networks, software, payment processing, and other information technology (cyber events). Cyber events that may be covered by cyber insurance include data breaches, malware, ransomware, viruses, spyware, wire transfer fraud, phishing, denial-of-service (DoS) attacks, Trojans, adware, botnets, man-in-the-middle attacks, credit card web skimming, and others.

In addition to breaching a business’s own valuable information and processes, a data breach may target a business’s sensitive customer information, such as credit card numbers, account numbers, telephone numbers, mailing addresses, passwords, driver’s license numbers, Social Security numbers, health records, and other personally identifiable information (PII).

In Indiana, as in many other states, businesses can purchase cyber insurance to protect against losses and liabilities resulting from cyber events. Cyber insurance policies typically cover a range of incidents, including data breaches, malware, ransomware, and other forms of cyberattacks that compromise a business's information technology systems and sensitive data. The specific coverage details can vary widely among policies and insurers, but they often address costs associated with responding to a cyber incident, such as legal fees, notification expenses, credit monitoring for affected individuals, and regulatory fines. Indiana businesses holding personal information are also subject to the Indiana Data Breach Notification Law, which requires them to notify affected Indiana residents of a data breach involving their personal information. Failure to comply with these notification requirements can result in penalties, making cyber insurance an important risk management tool for businesses to mitigate potential financial and legal consequences of cyber events.