Hunton Insurance Recovery Blog

A New Mexico Court of Appeals decision illustrates that when a policy term is undefined and ambiguous, the term must be interpreted liberally and in favor of coverage. In Kane v. Syndicate 2623-623 Lloyd’s of London, 2025 WL 1733046 (N.M. Ct. App. June 16, 2025), the court affirmed summary judgment for a policyholder and held that a cyber liability policy afforded coverage for the policyholder’s loss that resulted from a post-breach fraudulent funds transfer because the preposition “for” was broad enough to afford coverage for a third party claim resulting from a security breach.

The recent Illinois federal court decision McDonald’s Corporation, et al., v. Homeland Insurance Company Of New York illustrates the perils that policyholders may face if they fail to understand the contours of key defined terms in their insurance policies. In McDonald’s, the court agreed that an insurer who sold a general liability policy did not have a duty to defend its insured against claims alleging fear and emotional distress because that harm did not meet the definition of bodily injury in the insurance policy.

The recent California federal court decision Scottsdale Ins. Co. v. Beachcomber Mgmt. Crystal Cove, LLC, et al. illustrates the perils that corporate policyholders may face in obtaining the full benefit of the bargain when they procure new D&O insurance after making a claim under a prior policy.  2025 WL 257599, at *13 (C.D. Cal. Jan. 21, 2025).  In Scottsdale, the court agreed that an insurer who sold a D&O policy could deny coverage for a lawsuit filed against two corporate executives during its policy period because that lawsuit involved some of the same allegations of wrongdoing as did a claim the policyholder previously submitted to a former D&O insurer.  The new policy contained a very broadly worded “prior notice exclusion” that barred coverage for all claims “in any way involving” any wrongful conduct, facts, circumstances, or situations as to which notice had been given to a prior D&O insurer.  

Recent high-profile cases involving Chief Information Security Officers (CISOs) have spotlighted the need for robust directors and officers (D&O) liability insurance tailored to cybersecurity executives. The SEC charges against the former SolarWinds CISO—which were not dismissed in the highly-anticipated decision truncating the SEC’s case against the company—and the 2022 criminal conviction of Uber’s former CISO underscore the growing personal liability risks faced by security leaders.