Hunton Insurance Recovery Blog

On February 6, 2026, the Federal Trade Commission announced its second report to Congress on its efforts to combat ransomware and other cyber attacks.

If recent years have taught insurance practitioners anything, it is that the most consequential coverage disputes rarely turn on novelty alone. In 2025, courts continued to resolve high‑stakes insurance disputes by returning to first principles—examining when claims are related, how losses and occurrences are defined and aggregated, and how policy language allocates risk across time and conduct. D&O coverage and other core insurance law issues again occupied center stage, while decisions in property, cyber, and liability disputes reinforced a familiar theme: policy interpretation remains the decisive factor in determining whether coverage is available in an increasingly complex claims environment. As the decisions discussed below demonstrate, 2025 confirmed that even as risks evolve, coverage disputes remain grounded in careful, policy‑specific analysis.

On October 15, 2025, the UK Information Commissioner’s Office announced a £14 million fine against Capita plc and Capita Pension Solutions Limited following a significant data breach.

In today’s digital world, data breaches due to vendor failures are becoming increasingly common, often resulting in costly fallout. While insurance can provide a safety net, the interaction between cyber insurance and vendor contracts is crucial for effective recovery and risk management. Vendor contracts should not be treated as mere formalities but as vital frameworks that contain specific, detailed provisions regarding data security obligations to ensure accountability and minimize vulnerabilities.