Cyber insurance is a special insurance policy that covers your business’ losses and liability for intrusions into your business’s computers, computer networks, software, payment processing, and other information technology (cyber events). Cyber events that may be covered by cyber insurance include data breaches, malware, ransomware, viruses, spyware, wire transfer fraud, phishing, denial-of-service (DoS) attacks, Trojans, adware, botnets, man-in-the-middle attacks, credit card web skimming, and others.

In addition to breaching a business’s own valuable information and processes, a data breach may target a business’s sensitive customer information, such as credit card numbers, account numbers, telephone numbers, mailing addresses, passwords, driver’s license numbers, Social Security numbers, health records, and other personally identifiable information (PII).

In Oregon, cyber insurance policies are designed to mitigate the risks associated with electronic business operations, including data breaches and cyber attacks. While Oregon does not have specific statutes mandating businesses to carry cyber insurance, the state does have laws that require businesses to implement reasonable security measures to protect personal information and to notify affected individuals in case of a data breach. Oregon's Consumer Identity Theft Protection Act (ORS 646A.600 to 646A.628) outlines these obligations. Cyber insurance can help businesses comply with these legal requirements by covering costs related to data breaches, such as notification expenses, credit monitoring services for affected individuals, and legal fees. Additionally, cyber insurance policies may cover losses from various cyber events, including malware, ransomware, and other attacks that compromise a business's or its customers' sensitive information. Businesses in Oregon may consider obtaining cyber insurance as part of their risk management strategy to protect against the financial and legal repercussions of cyber incidents.