Cyber insurance is a special insurance policy that covers your business’ losses and liability for intrusions into your business’s computers, computer networks, software, payment processing, and other information technology (cyber events). Cyber events that may be covered by cyber insurance include data breaches, malware, ransomware, viruses, spyware, wire transfer fraud, phishing, denial-of-service (DoS) attacks, Trojans, adware, botnets, man-in-the-middle attacks, credit card web skimming, and others.

In addition to breaching a business’s own valuable information and processes, a data breach may target a business’s sensitive customer information, such as credit card numbers, account numbers, telephone numbers, mailing addresses, passwords, driver’s license numbers, Social Security numbers, health records, and other personally identifiable information (PII).

In West Virginia, as in other states, businesses can obtain cyber insurance to protect against losses and liabilities resulting from cyber events. Cyber insurance policies typically cover a range of incidents, including data breaches, malware, ransomware, and other forms of cyberattacks that compromise a business's IT infrastructure or lead to the theft or exposure of sensitive data. The coverage can extend to costs associated with responding to a cyber incident, such as legal fees, notification expenses, credit monitoring services for affected individuals, and regulatory fines. Additionally, cyber insurance may cover business interruption losses due to cyber events. It's important for businesses to carefully review policy terms to understand the extent of coverage, exclusions, and any requirements for cybersecurity measures that must be in place to maintain coverage. While there is no specific state statute in West Virginia that mandates cyber insurance, businesses that handle PII are subject to state laws regarding data breach notifications and the protection of personal information, which may influence a business's decision to obtain cyber insurance.