When the industry underprices risk, it eventually must overcorrect. Buyers who benefit from today’s generous terms may find themselves facing far higher costs, shrinking limits, or reduced coverage availability once the market recalibrates. What we’re seeing now isn’t just another soft phase; it’s a structural imbalance that becomes more dangerous the longer it persists.

Too Much Capital Can Be a Liability

The influx of capital into the cyber market has created the illusion of boundless capacity. While ample capital might seem like a positive development, it can actually undermine the very stability buyers depend on.

When insurers are sitting on surplus capital, competitive tension increases. Providers loosen underwriting standards, reduce pricing, and stretch to accommodate risks they haven’t fully assessed and/or are largely outside of the spirit of the policy intent. This is especially precarious in cyber, where actuarial modeling is challenged by limited historical data compared to other mature lines like D&O or property.

Without decades of long-tail loss information, decisions are being propped up by temporary capital, not sustainable economics.

Instead of competing on service quality, claims responsiveness, or holistic risk management, many carriers are turning to tactics that ultimately weaken their own offerings. We’re seeing insurers strip out key exclusions or offer broader limits than their pricing models justify, all to win business. When carriers take on unpriced or underpriced risk, they’re gambling with reserves and policyholder security, undermining the fundamentals of risk transfer and eventually forcing them to draw from capital pools not intended for these exposures.

Coverage Creep: Silent Expansion, Hidden Problems

A notable trend is the expansion of cyber policies into areas traditionally insured elsewhere. As other commercial lines push cyber-related exposures out of their own products, those risks are migrating into cyber forms, often without the accompanying underwriting rigor or pricing adjustments.

Coverage for pollution-related events influenced by cyber triggers, bodily injury scenarios, property impacts, and an array of media liabilities are being absorbed into cyber contracts. While buyers may appreciate the appearance of broader protection, the reality is more complicated. Unchecked coverage creep introduces hidden liabilities that may only surface when a claim reveals that pricing and risk evaluation didn’t match what was actually being insured.

This creates a false sense of certainty for buyers and threatens the insurer’s ability to respond as expected when a complex loss occurs.

Underpriced Risk and Market Strain

When premiums flatten or fall even as exposures grow and cyber threats increase, actuarial logic is being overshadowed by competitive pressure. Underpriced risk inevitably leads to financial strain, and with forecasts pointing to significant growth in cyber insurance demand over the next several years, the industry must preserve the capacity needed to support that expansion. If current pricing and expansion trends continue, capacity will contract and the market will harden quickly.

Choosing Partners for the Long Term

Soft markets always correct. What matters now is how buyers are preparing for that shift.

Too many buyers overlook the distinction between a low premium and a high-value insurance partnership. True value comes from partnering with providers that maintain strong balance sheets, demonstrate consistent claims performance, and understand the complexities of cyber risk. It’s also crucial to work with insurers willing to adjust pricing based on your organization’s actual risk profile, giving you deeper visibility into your exposures and incentivizing continuous improvement. Providers that understand the importance of providing mitigation tools that benefit the insured and the loss ratio show real maturity and partnership in a challenging risk arena.

Insurance isn’t a commodity. It’s the expertise behind the policy, the quality of risk engineering, and the claims response that shows up when your organization is under pressure.

Rates will rise. Terms will narrow. Capacity will tighten. Organizations that prioritize resilience and long-term partnerships over rate optimization today will be better positioned when the market turns.

Meet the Author

Maria Long, Chief Underwriting Officer

Resilience

Maria Long is Chief Underwriting Officer for Resilience where she holds global responsibility for underwriting strategy, policy, and risk assessment. With over 10 years dedicated specifically to cyber insurance in her nearly twenty-year career in the industry, Maria brings a wealth of experience to her role at Resilience. Before joining Resilience, Long held leadership positions in cyber underwriting and risk management for Munich Re Specialty, where she was responsible for building, launching, and leading their cyber risk management program. She also supported strategic initiatives for application across their Cyber and Tech E&O book of business, supporting growth into new industry verticals. Previously, Long spent over eight years at Allied World, where she led and evolved an industry-leading cyber risk management platform to mitigate risk and attract cyber insureds. She holds a master’s degree from Purdue University in communications and leadership.

The Professional Liability Underwriting Society (PLUS) today announced the election of its 2026 Board of Trustees and Executive Committee. The PLUS Board serves on behalf of the Society’s 45,000+ members to advance the mission of PLUS, set the organization’s strategic direction, and champion the growth and development of the professional liability industry. Trustees play an essential role in establishing long-term priorities, electing the Executive Committee, and serving as ambassadors for PLUS programs and initiatives.

Incoming Trustees

PLUS members elected the following individuals to three-year terms on the Board of Trustees:

• Japhet Boutin, Zurich North America
• Brian Braden, Crum & Forster
• Nicole McAuley, Forbes Chochla Leon LLP

Japhet Boutin serves as Senior Vice President and Head of Technical Claims for Zurich North America. She leads Zurich’s Technical Claims Department, overseeing Financial Lines, Surety, Latent & Environmental, and Property Claims. She previously served as Vice President and Director of Financial Lines Claims, guiding a broad portfolio that included D&O, E&O, EPL, fiduciary, cyber, healthcare, and more. With over 25 years of industry experience, Japhet joined Zurich in 2009 after practicing law and holding various claims roles at AIG. She holds a Bachelor of Arts from Barnard College, Columbia University, and a Juris Doctor from Temple University. Japhet is a recognized industry leader, serving as co-chair of the PLUS Conference (2023–2025), a Fellow of the Partnership for New York City, and a board member of The Bridge Transcends.

Brian Braden is Vice President of Business Development and Chief Revenue Officer for the Executive Risk Division of Crum & Forster. With 35 years of experience in executive and professional liability—including E&O, D&O, crime, and cyber—he oversees nationwide distribution strategy and has served in underwriting and brokerage roles at Navigators, Zurich, Transatlantic Reinsurance Company, The Home Insurance Company, and Tri City Insurance Brokers. A longtime PLUS volunteer, Brian has served on the Eastern Chapter Steering Committee, PLUS International Conference committees, and the PLUS Foundation Board of Trustees. He holds a Bachelor of Arts from Indiana University of Pennsylvania and has a long history of volunteer leadership in youth sports, church programming, community outreach, and scouting.

Nicole McAuley is a Partner at Forbes Chochla Leon LLP in Toronto, Canada. Her practice focuses on employment litigation, directors’ and officers’ matters, human rights claims, and professional liability. She has represented a wide range of professionals and corporations in complex litigation and advises clients on employment issues related to hiring, human rights, discipline, and termination. She holds a Bachelor of Arts from McMaster University and earned her law degree from the University of Manitoba.

Re-elected Trustees

PLUS also re-elected the following trustees to a second three-year term:

• David Lewison, Amwins
• Alison Martin, Chubb

2026 Executive Committee

The PLUS Board elected the following individuals to serve on the 2026 Executive Committee:

• President: La’Vonda McLean, Marsh
• President Elect: Alison Martin, Chubb
• Secretary/Treasurer: David Garrigus, HUB International
• Vice President: Brian Braden, Crum & Forster
• Immediate Past President: Jacqueline Waters, Aon

Departing Trustees

PLUS extends its sincere gratitude to the following departing trustees for their dedicated service:

• Jay Karp, Travelers
• Kimberly Melvin, Wiley Rein LLP
• Robert Parisi, Munich RE America Inc.

Their leadership, time, and vision played a meaningful role in furthering PLUS’s mission.

For more information about the duties and roles of the PLUS Board, please view our Board of Trustees.

About PLUS
The Professional Liability Underwriting Society (PLUS) has over 45,000 professional industry members from throughout North America and around the world. It is the only association created exclusively by and for the entire professional liability industry. PLUS is recognized as the primary source of professional liability educational programs and seminars, networking events, educational products and information regarding professional liability. Membership consists of individuals in the professional liability industry representing thousands of companies active in many industry fields. Additional information can be found at PLUSweb.org and on LinkedIn, Facebook, Twitter and Instagram. PLUS’s address is 5353 Wayzata Blvd, Suite 306, Minneapolis MN 55416.

For more information, please visit www.plusweb.org or call 800.845.0778.

I’m sure this insured is wondering, “How could I have gotten this exposure covered?” The simple answer is purchasing that same policy without a retroactive date, or with full prior acts (assuming of course such an option was available). Without a retroactive date the insured could bring claims as they were being made to the carrier irrespective of when the wrongful act occurred.

Anyone who works with Claims Made coverages is well aware of these facts. What intrigued me about this particular story is the stark reminder of how if this same claim was made 50-60 years ago, it most likely WOULD have been covered. The fact that these types of pollution claims were getting covered at all is what prompted the insurance industry to update the policy triggers that we have today.

A Coverage Trigger History Lesson

Before Claims Made, before Occurrence, there were simply “Accident” triggers in the Comprehensive General Liability policy. The CGL policy was itself a 20th century innovation, first formed in 1939 and rolled out on a national basis in 1941.

It was during the 1960s when an avalanche of pollution claims began to pile up. Prior to this, many American manufacturers were, shall we say, a bit ambivalent about their pollution controls. Some firms simply dumped their waste onto sites where pollutants would over time contaminate the local water supply.

Remember that the CGL policies of the early 1960s had an “accident” trigger, which was generally defined as “a distinctive event that takes place by some unexpected happening at a date that can be fixed with reasonable certainty.” The idea was that the claim must be sudden and unexpected. Courts adopting a more narrow definition of an “accident” generally ruled that waste-dumping was not a sudden event and policyholders could not trigger their CGL policies whenever they got sued for their negligent waste-dumping. Over time this narrow reading was less utilized as courts allowed CGL policies to be triggered for pollution claims, reasoning that the unintended consequences of the emitted pollutants—bodily injury—were themselves accidents, and should therefore be covered.

In 1966 the insurance industry shifted to Occurrence-based coverage, the coverage form we still use today for most Casualty products. An “Occurrence” was now defined as:

an accident, including continuous or repeated exposure to conditions, which results in bodily injury or property damage neither expected nor intended from the standpoint of the insured.

One of the goals of this update was to broaden the scope of coverage, making the policy more comprehensive, which of course runs counter to the insurers’ goal of mitigating future pollution claims. However, the carriers thought that by limiting coverage to an occurrence, they would not be picking up pollution claims where the insured was knowingly releasing pollutants into the environment.

The ensuing litigation over pollution claims proved this assumption to be false. The same reasoning that allowed accident-triggered CGL policies to respond to claims continued to pervade the occurrence-triggered CGL policies. The damages from the waste dumping were accidental and unintended. It’s not like these companies were TRYING to hurt their neighbors by negligently dumping their toxic waste into their vicinities. If the insurers wanted the courts to affirm their claim denials, then it was incumbent upon the insurers to demonstrate that the insureds emitted the pollutants to intentionally cause damage.

The “Sudden and Accidental” Era

It wasn’t until 1970 when the following pollution exclusion endorsement was formed, later embodied into the CGL policy form in 1973:

This policy does not apply . . . to bodily injury or property damage arising out of the discharge, dispersal, release, or escape of smoke, vapors, soot, fumes, acids, alkalis, toxic chemicals, liquids or gases, waste material or other irritants, contaminants or pollutants into or upon land, the atmosphere or any watercourse or body of water; but this exclusion shall not apply if such discharge, dispersal, release or escape is sudden and accidental.

The social policy behind this exclusion was articulated clearly by New York Governor Nelson Rockefeller, who in 1971 pushed legislation to prohibit pollution liability insurance entirely. His reasoning was straightforward: a polluting corporation might continue to pollute the environment if it could buy protection from potential liability for only the small cost of an annual insurance premium, whereas it might stop polluting if it had to risk bearing the full penalty for violating the law. The exclusion was designed to punish active industrial polluters.

But even this exclusion did not prevent CGL policies from being triggered to respond to pollution claims. The landmark law review article “Pollution Exclusion Clauses: Problems in Interpretation and Application under the Comprehensive General Liability Policy” by Robert Tyler and Todd Wilcox noted one particularly instructive case where the pollution exclusion did not save the insurer from providing coverage.

In Rangen, Inc. v. McDonald (Idaho, 1980), a custom farmer named Curt Duggan carried a CGL policy from St. Paul Fire & Marine Insurance Company. The policy included a custom farming endorsement that specifically covered “the furnishing or use of any dusts, sprays, fungicides, herbicides, poisons, fertilizers or other substances in connection with any such farming operation.” The policy also included the standard pollution exclusion.

While applying anhydrous ammonia fertilizer, Duggan vented ammonia vapors from his application tank into an irrigation ditch. The ammonia was absorbed by the water and carried downstream to the Snake River, where it killed numerous trout at Paulson Fish Farm. Rangen, Duggan’s client, settled with Paulson and sued for reimbursement. St. Paul sought to deny coverage based on the pollution exclusion.

The court found this argument meritless. St. Paul could not offer a custom farming endorsement which provided coverage for fertilizer application services AND expect the pollution exclusion to preclude coverage when a claim arose from that very activity. The pollution exclusion, the court reasoned, could not be interpreted to defeat the very purpose and object of the insurance.

This was the judicial philosophy of the era: courts were willing to read policies as coherent documents, reconciling exclusions with the coverage grants and endorsements the carrier had sold.

CERCLA Changes Everything

The landscape shifted dramatically in 1980 when President Carter signed the Comprehensive Environmental Response, Compensation and Liability Act (CERCLA), commonly known as Superfund. CERCLA imposed strict liability, joint and several liability, without regard to fault. Suddenly, any party connected to a contaminated site—past or present owners, operators, transporters, even lenders—could be held liable for the entire cost of remediation.

The “sudden and accidental” pollution exclusion proved woefully inadequate against this new liability regime. Carriers faced catastrophic losses as courts continued to find coverage for pollution claims under the “accidental” exception.

The Absolute Exclusion Arrives

The insurance industry’s response was swift. In early 1985, carriers rushed an “absolute pollution exclusion” to market as an endorsement. ISO’s October 25, 1984 Underwriting/Legal Review Committee minutes explicitly stated the goal was to accomplish a “total pollution exclusion.” By 1986, this absolute exclusion was incorporated into the standard CGL form.

The new exclusion barred coverage “based upon, or arising out of…” any pollution-related claims. Gone was the “sudden and accidental” exception. This is the pollution exclusion we see not just in CGL policies, but also in claims-made policies. Further, the absolute exclusion formula (“based upon or arising out of”) is now used to exclude not just pollution claims, but any exposure that carriers are not comfortable with. If you want to clearly and unambiguously carve out a particular exposure, you do so by using absolute exclusion policy language.

The Absolute Exclusion World We Live In

Readers of the Claims Made Bites blog will remember this previous article where I looked at a claim denial for an environmental consultant. To recap: the environmental consultant had a claim arise from conducting a site assessment and failing to find and inform their client about pollutants on a property the client was purchasing. Their claim was denied based on the absolute pollution exclusion, even though the insured had been underwritten as an environmental consultant who presumably would have E&O claims arising from pollution exposures.

What allows carriers to prevail where St. Paul failed in Rangen? Two developments working in tandem:

First, the absolute exclusion language itself—”based upon or arising out of”—is far broader and leaves courts less room for interpretation.

Second, the “eight corners rule” (also known as the “complaint allegation rule”) limits judicial review to the four corners of the policy and the four corners of the complaint. Courts applying this doctrine cannot consider applications, underwriting correspondence, premium calculations, or other extrinsic evidence that might show what the parties actually intended. The eight corners rule was established in 1965—predating the pollution exclusion developments by years—so the procedural mechanism was already entrenched when the absolute exclusion arrived. Carriers received a double benefit: exclusion language stripped of exceptions, interpreted by courts forbidden from examining underwriting intent.

Due to the clear and unambiguous reading of the absolute pollution exclusion under the eight corners framework, carriers can now deny coverage for environmental consultants—professionals whose entire business involves assessing pollutants—with judicial blessing.

Looking Back to Look Forward

It’s remarkable how pollution exposures specifically prompted carriers to adapt and create the policy language we see proliferate in nearly every kind of coverage we handle. The effects of the early 20th-century’s ambivalence towards waste have created large, expensive implications whose ripple effects we feel many decades later.

There’s an irony worth noting: a tool designed to hold industrial polluters accountable—to make manufacturers think twice before dumping waste into rivers and aquifers—now traps environmental consultants who help identify and clean up pollution. The absolute exclusion has drifted far from Governor Rockefeller’s original purpose.

Maybe for this holiday season we can be thankful that companies are at least being more careful about how they manage their waste. We may not see another major revision to the CGL policy in our lifetime, barring of course another onslaught of pollutant claims. But we should remain vigilant about how the tools carriers developed to address one problem can create unintended consequences for entirely different classes of insureds.

Disclaimer: This article is intended for educational purposes only and does not constitute legal or insurance advice. Coverage determinations depend on specific policy language, jurisdiction, and individual circumstances. Readers should consult with qualified legal counsel or insurance professionals regarding specific coverage questions.

Meet the Author

Lucas Roberts

Wholesale Broker, Anzen

Lucas Roberts is a professional lines specialist with experience in both underwriting and wholesale brokerage. He maintains an active LinkedIn presence, regularly sharing insights on professional liability developments. This blog takes a deeper dive into developments that have far-reaching consequences for the professional liability market.

You can see more of Lucas’s Claims Made Bites on his LinkedIn.

Be sure to watch the 2025 highlight video, which captures the genuine excitement and energy of the event!

You can also explore the full photo gallery, showcasing the vibrant atmosphere, education sessions, and celebrations that made this year’s conference truly unforgettable.

Insight-Packed Education | Emerging Risks Front and Center

This year’s program delivered powerful learning opportunities with a forward-looking focus. Across 13 educational sessions, 42 expert speakers, and a mix of CE/CLE and sponsor-led programming, attendees gained fresh perspectives on the evolving challenges reshaping professional liability.

From emerging risks to innovative solutions, each session offered practical tools to help practitioners navigate a rapidly shifting environment, and many attendees earned up to 4 CE/CLE credits along the way.

PLUS Conference attendees can log in to the PLUS Learning Center to access available session recordings and PowerPoint presentations. Whether you missed a session or want to revisit key takeaways, the resources are there to help the learning continue.

Celebrations, Leadership, and Inspiring Keynotes

Honoring Excellence

The conference began Monday afternoon with celebrations of two distinguished honorees:

• Robert Crocitto, ARC Excess & Surplus | Founders Award
• Julianna Ryan, Kaufman Borgeest & Ryan LLP | PLUS1 Award

Coach Nick Saban then took the stage with moderator Sarah Abrams of Baleen Specialty for a compelling conversation about leadership, resilience, and the ever-evolving world of NIL. His memorable insights set a powerful tone for the days ahead.

PLUS Foundation Luncheon

Tuesday’s luncheon was a meaningful opportunity to gather in support of progress and community. We honored:

• Mercedes Colwin, Gordon & Rees LLP | Excellence in Diversity Award

Keynote speaker Sam Rapoport, a transformative leader in the NFL, delivered a moving address on equity, purpose, and leadership that resonated deeply with everyone in the room. Her message challenged us to think bigger and continue advocating for positive change.

That evening, the PLUS Foundation’s LAMP program (hyperlink to Foundation page) celebrated its 10-year anniversary with a special dinner featuring past and current cohorts, as well as many champions who have helped make the program a decade-long success.

Emerging Leaders & Closing Insights

Wednesday morning kicked off with the presentation of the Emerging Leader Awards honoring:

• Alaina Clemmons, Canopius US
• Mike Galati, Berkley Professional Liability
• Tiffany Parker-Bogan, Travelers

Our closing keynote featured Andrew Busch, former (and first-ever) Chief Market Intelligence Officer for the U.S. government. With clarity and wit, he broke down the global trends, technologies, and innovations reshaping markets and risk. His insights left attendees energized, ready to move from chaos to clarity, and embrace the future with confidence.

PLUS Foundation Conference Cause: Honoring Families of Our Nation’s Heroes

Each year, the PLUS Foundation selects a local nonprofit to support, and this year’s cause was especially meaningful. In recognition of Veteran’s Day, attendees were invited to write heartfelt notes of thanks and encouragement for the families served by the Orlando Fisher House, a home that provides comfort to military and veteran families during medical treatment.

Attendees filled handwritten cards with warm messages that will be included in welcome bags for families upon arrival. In addition to these touching gestures, the PLUS community rallied together to raise a $33,071 for the organization.

Save the Date: PLUS Conference 2026 in San Diego

As shared in the highlight reel, the 2026 PLUS Conference is already shaping up to be something extraordinary. Join us November 10–12, 2026, in sunny San Diego, where we’ll not only come together as a community but also honor the United States’ Semiquincentennial with once-in-a-lifetime celebrations including a memorable evening on November 10 aboard the USS Midway.

You won’t want to miss it. See you in San Diego!

If you couldn’t join us last month in Orlando, or were there and simply want to reminisce, check out the live feed blog posts we shared during the event that captured some great moments.

• Impact in Action: PLUS Community Rallies Behind Orlando Fisher House
• Networking, Energy, & Connections That Spark Opportunity
• History in the Making: Celebrating Leaders & Learning from a Legend
• Fuel, Focus, and Future Leaders: PLUS Attendee Breakfast Kicks Off Veterans Day with Purpose
• Sunset Social: When Networking Turns into Unforgettable Connections
• Fueling Leadership, Celebrating Impact: PLUS Foundation Luncheon Inspires the Next Wave of Changemakers
• A Decade of Impact: PLUS Foundation Celebrates 10 Years of LAMP
• Passing the Torch: PLUS Celebrates Leadership, Legacy, and the Year Ahead
• Closing Keynote Spotlight: Forecasting the Future with Andrew Busch

In Kane v. Syndicate 2623-623 Lloyd’s of London, the insured, New Mexico Health Connections, Inc. (“NMHC”), sought coverage under its cyber liability policy for payment of a fraudulent invoice. A bad actor, posing as a vendor of NMHC (OptumRX), emailed a fraudulent invoice to NMHC, which NMHC paid.[2] The bad actor obtained a copy of a legitimate invoice sent by OptumRX when it breached NMHC’s computer system and sent a fraudulent invoice by substituting fraudulent account numbers in place of OptumRX’s account number.[3] NMHC wired approximately $4.4 million from its Wells Fargo bank account to the fraudulent bank account.[4] As a result, NMHC never paid OptumRX amounts due pursuant to the parties’ contract, triggering OptumRX to send NMHC a demand letter for the unpaid amounts.[5]

NMHC tendered the third-party claim from OptumRX to its cyber insurer, Syndicate 2623/623 Lloyd’s of London d/b/a Beazley USA Services, Inc. (“Beazley”).[6] While Beazley agreed that the unauthorized access to NMHC’s computer system constituted a “security breach”, it denied coverage for the unpaid invoice amounts, maintaining that such loss did not trigger the policy’s grant of coverage.[7] The policy provided coverage for loss on account of “any claim first made against an insured during the policy period for … a security breach.”[8]

Even though courts typically parse through policy definitions in insuring agreements, here the Court looked instead to an undefined colloquial word used in the majority of insurance policies – “for”. So what does “for” mean?

Beazley maintained that OptumRX did not assert “a claim against NMHC ‘for a security breach’” because there was no allegation that, “as a result of such a breach, information pertaining to OptumRX was stolen or compromised.”[9] As such, Beazley argued that “for” means “equivalent to” and that “coverage is provided only for a loss directly connected to the security breach.”[10] On the other hand, NMHC argued that the phrase “a claim for a security breach” only required “a causal connection between the loss or damages claimed and the security breach.”[11]

The Court rejected Beazley’s argument and held that the word “for” was ambiguous and that the coverage included “claims of loss ‘because of,’ ‘resulting from,’ or ‘on account of’ a security breach.”[12] The Court reasoned, in part, that purchasers of cyber insurance often have “little knowledge about the breadth and sophistication of the cybersecurity risks they face” and are “unlikely to imagine all of the consequences of the increasingly sophisticated methods of breaching computer security and may view the insurance policy as protecting against all but the most clearly stated exceptions to coverage.”[13]

The Court’s holding raises several potential issues for cyber insurers. First, as the Court acknowledged in a footnote, this is a case of funds transfer fraud. In fact, Beazley paid its $250,000 fraudulent instruction coverage limit, but because Beazley did not argue that this coverage was exclusive, there was no further analysis of this fact. Funds transfer fraud “involves the fraudulent transfer of monies from one financial institution to another by means of electronic banking websites, email communications and/or phone calls.”[14] Often, fund transfer fraud involves a hack or business email compromise.[15] To the extent cyber underwriters intend for such sublimit to be the sole exclusive remedy for all fraudulent fund transfers, claims handlers should reserve their right to maintain such sublimit is the sole exclusive coverage for all cases of funds transfer fraud in their initial coverage correspondence, and ultimately, preserve that argument for any coverage litigation that may ensue.

Second, the Court’s holding did not take into account that a claim for a security breach usually involves the theft of the insured’s client’s or customer’s personally identifiable information (“PII”) in the insured’s care, custody, and control and transmission of malicious code to a third party’s computer system.[16] Here, there is no allegation that the bad actor obtained any of OptumRX’s customer’s PII or that any malicious code infiltrated OptumRX’s computer system. Nor did OptumRX allege that the bad actor hacked, or gained access to, its computer system. Rather, OptumRX alleges that NMHC breached the parties’ contract by failing to remit payment of OptumRX’s invoice. The claim asserted by OptumRX is far removed from the security breach at issue and is an action for breach of contract – not a security breach. The Supreme Court of New Mexico has held that “[r]esort will not be made to a strained construction for the purpose of creating an ambiguity when no ambiguity in fact exists” and that “ambiguity does not exist simply because a controversy exists between the parties, each favoring an interpretation contrary to the other.”[17] Here, however, it appears the Court took an opposite approach finding coverage in favor of an insured.

The Kane decision shows that insurers must continue to expect the unexpected. It is unlikely that of all the words contained in that cyber liability policy, the policy drafter expected or intended “for” to be seen as ambiguous. While it remains to be seen whether other courts will follow Kane and read ambiguity into the word “for” to find coverage for third party claims without a direct relation to the security breach, prudent cyber insurers should stay informed as the case law continues to develop in this area and adapt as necessary.

References:

[1] Cyber Roundup: Claims Report 2025, Cowbell, https://cowbell.insure/wp-content/uploads/pdfs/CB-US-Cyber-Roundup-ClaimsReport2025.pdf.

[2] 2025 N.M. App. LEXIS 38, 4.

[3] Id.

[4] Id.

[5] Id. at 4-5.

[6] Id. at 5.

[7] Id.

[8] Id. at 11. (emphasis added).

[9] Id. at 11-12 (emphasis added).

[10] Id. at 12.

[11] Id.

[12] Id. at 19.

[13] Id. at 18-19. The court also rejected Beazley’s argument that two policy exclusions applied to preclude coverage. Id. at 20-23.

[14] Understanding the Fraud Coverage Within a Cyber Liability Policy: Computer Fraud vs. Funds Transfer Fraud, Lockton Affinity (Mar. 12, 2022), https://locktonaffinityadvisor.com/blog/understanding-the-fraud-coverage-within-a-cyber-liability-policy-computer-fraud-vs-funds-transfer-fraud/.

[15] Id.

[16] Information Security and Privacy Liability Coverage, IRMI, https://www.irmi.com/term/insurance-definitions/information-security-and-privacy-liability-coverage.

[17] Battishill v. Farmers All. Ins. Co., 127 P.3d 1111, 1115 (N.M. 2006).

Meet the Author

Zachary S. Auslander, Product Counsel

Bowhead Specialty Underwriters

Zachary S. Auslander serves as Product Counsel at Bowhead Specialty Underwriters and is located in the Chicago office. He focuses on the following lines of business: Professional Liability, Casualty, and Healthcare Liability. He may be reached at zauslander@bowheadspecialty.com.

This issue dives into how 15 major cyber insurers are actually approaching cyber coverage in the healthcare sector right now, with over 80 pages of tables that show each insurer’s coverage terms, underwriting appetite, sublimits, triggers, exclusions, and emerging AI-related language. You will see how their cyber products differ in terms of data privacy, extortion, social engineering, regulatory penalties, and business interruption. You will also learn about the risk-management services they offer.

The level of granularity isn’t available anywhere else. If you place, underwrite, or manage cyber programs for healthcare clients, this report is the playbook. All specialty lines insurance professionals should read the report today to master the cyber insurance for the healthcare market!

You can read a sample portion of the executive summary in PDF form below and order the full report here.

Cyber Insurance for Healthcare Market Survey (Oct 2025) – PLUS Summary

Meet the Author

Richard Betterley, LIA, is the president of Betterley Risk Consultants (BRC), an independent insurance and alternative risk management consulting firm. BRC, founded in 1932, provides independent advice and counsel on matters important to the commercial property and casualty insurance industry and its customers, alternatives to traditional insurance, and related services throughout the United States. It does not sell insurance or related services. Mr. Betterley is a frequent speaker, author, and expert witness on specialty insurance products and related services. He is a member of the Professional Liability Underwriting Society.

He joined the firm in 1975. Mr. Betterley created The Betterley Report in 1994 to be the objective source of information about specialty insurance products. Now published six times annually, The Betterley Report is known for its in-depth coverage of management liability, cyber risk, privacy, intellectual property, and media insurance products.

EMRs as Evidence in Malpractice Litigation

EMRs serve as primary evidence in medical malpractice litigation. They can establish whether the standard of care was met and be used to assess whether a plaintiff’s alleged injuries are causally related to the treatment at issue. When determining if a practitioner deviated from the standard of care, medical records establish medical chronology, the reasoning behind clinical decisions, and the presence or absence of diagnostic testing. However, even in instances of exemplary medical care, EMRs frequently lack key data, which can undermine a medical provider’s defense and create issues of fact regarding the standard of care and informed consent discussions.

It is crucial to understand that medical outcomes are imperfect. A patient’s medical team can exercise care and expertise beyond any measurable standard, but the end result can still be undesirable. It is in these instances that accurate medical record documentation becomes paramount and often makes a significant difference in litigation outcomes.

Why EMRs Can Fail as Evidence

Beyond the technical limitations of EMR systems, human factors also play a major role. In high-stakes environments such as hospitals, inadvertent gaps can occur in EMRs because the demands of treatment can make it challenging for practitioners to complete accurate contemporaneous documentation. However, even in routine clinical visits, EMRs may fail to capture essential findings where a practitioner observes no change from previous results or determines that clinical findings are within the normal range. In some instances, facilities may use EMR systems, but individual doctors may find it more expeditious to handwrite chart notes. But if the handwritten notes are not incorporated into the EMR, the inconsistency can impact the doctor’s credibility regarding treatment and even give the appearance that later revisions were made to the record.

EMRs may also contain confusing information if notations are carried over from previous visits without explanation, such as when an EMR program “auto-populates” results (i.e., carries over information from prior examinations, even if the diagnostic testing did not occur at every visit). Many EMR systems also feature a copy-and-paste function designed primarily to increase efficiency by saving time on repetitive data entry. This allows for the quick transfer of information between different parts of a patient’s record, such as copying a patient’s history or a previous examination into a new progress note, facilitating efficient documentation. However, this feature can introduce significant documentation problems by preserving outdated or conflicting information across multiple notes or encounters.

Importance of Complete Diagnostic Documentation

Diagnostic testing and results are especially crucial in medical disputes because they provide objective information regarding a patient’s condition. When medical records fail to document the ordering, performance, or results of such tests, the absence of this information may leave defendant providers or facilities particularly vulnerable in litigation. Such omissions can undermine expert testimony, even when the underlying care met accepted standards.

Without accurate notation, a plaintiff can impute several scenarios to “fill in the blanks” in the missing documentation.

Sample Case 1: Plaintiff alleges a failure to diagnose. The defendant doctor performed diagnostic testing but did not record the results because they were within the normal range. Without the actual notation, this could be fatal to the doctor’s case, as the plaintiff could credibly allege that the testing was never performed.

Sample Case 2: Plaintiff alleges that a surgical procedure was contraindicated. The defendant doctor performed diagnostic testing but included only a cursory notation in the handwritten chart and failed to fully document the testing in the EMR. The inconsistent notation may affect the doctor’s credibility and suggest that the surgery should not have occurred.

Resolving Inaccurate Diagnostic Documentation in Litigation

To mitigate risk and exposure in litigation, doctors and facilities should be counseled regarding the accuracy of EMRs as evidentiary material. When recordkeeping is incomplete, certain strategies can reduce exposure. Because diagnostic testing is typically billed directly to the individual or their insurance provider (including Medicaid/Medicare), documentation of the testing may appear in the billing records, even if corresponding notations are absent from the chart. Testimony by a doctor regarding their pattern and practice (for example, whether specific tests are always part of routine workups, or whether normal diagnostic results are not recorded) can also help clarify an issue in the record.

Proactive Risk Management in EMR Documentation

Having standardized protocols for documenting treatment can potentially mitigate legal exposure. Legal counsel can help develop EMR policies and training programs that emphasize litigation defensibility. Regular EMR audits for completeness, accuracy, and regulatory compliance can identify documentation issues early and reduce adverse findings in discovery. Maintaining secure backup systems and clear audit trails/access logs can also preserve data integrity and strengthen defenses against allegations of spoliation or record alteration.

Attorneys should foster proactive collaboration with health care providers. Early attention to documentation standards can prevent disputes, reduce liability exposure, and support a robust defense when claims arise.

Long-Term Strategies for Reducing EMR-Related Risk

While proactive risk management addresses immediate exposure, lasting progress depends on broader structural change. Integrating best practices for EMR utilization early in medical education is gaining momentum. Many medical schools have added EMR training to their students’ agendas. Several Association of American Medical Colleges (AAMC) institutions have taken steps to ensure that students are introduced to environments that incorporate EMRs into the learning experience. Educating future health care professionals on best EMR practices during the early stages of their careers will hopefully result in the reduction of EMR-related liability issues and enhance patient care and safety.

Artificial intelligence (AI) may also offer an effective solution to several challenges related to EMR documentation issues. Proponents believe these emerging technologies can enhance the quality, accuracy, and efficiency of clinical documentation. New AI-driven software can convert physician notes from an EMR into structured data and extract key clinical information. Recent studies highlight the potential for AI to evaluate documentation quality. Algorithms can assess whether notes are consistent with prior entries, free of contradictions, and contain all necessary details. Automated reviews can alert clinicians to possible errors before finalization, while larger-scale analysis can reveal patterns of recurring omissions or inconsistencies across departments. By identifying systemic weaknesses in documentation practices, AI can guide targeted quality improvement initiatives. And while there are major barriers to the widespread adoption of AI in EMR software beyond the obvious legal risks, the major advancements in this field over the past few years imply that, at some point, AI could be a very effective tool in enhancing patient care.

Conclusion

The importance of accurate EMR documentation cannot be overstated. Attorneys advising clients in the health care sector must emphasize that accurate documentation is a critical tool for litigation preparedness and risk management. A well-maintained EMR can mean the difference between a strong defense and significant legal exposure.

Meet the Authors

Elena Zoniadis, Associate

Wilson Elser

Elena Zoniadis focuses her practice on medical malpractice defense and litigation. She
has a demonstrated commitment to client-centered and results-oriented legal
representation and is experienced in resolving legal matters from a nationwide policy level,
as well through litigation and direct client representation.

Elena has spent her entire legal career working in various areas of health law. In addition
to defending the rights of medical providers, her experience includes representing
individuals with disability matters and advocating for mental health rights. Having worked
in the private and public sectors, Elena has engaged in direct representation and matters
concerning national public policy. With a “no stone left unturned” approach to litigation,
she is committed to offering thorough and tireless representation to clients. An adept trial
advocate and skillful litigator, Elena provides careful attention and responsive counsel in
every case she handles.
Before joining her previous firm, Elena was the managing attorney for Disability Rights New Jersey where she oversaw the Institutional Rights Team and the Protection and Advocacy for Individuals for Mental Illness (PAIMI) Advisory Counsel. During her time with the agency, she frequently provided testimony regarding bills pending before the New Jersey State Legislature, lectured on disability matters and advocated for individuals in connection with their individual rights. Elena’s vast experience in health law also includes her previous employment with a Social Security Disability law firm in Portland, Oregon.

Following law school, Elena was actively involved with the Mental Health Law Committee for the New York Bar Association. She also served as an Assistant Deputy Public Advocate in the New Jersey Office of the Public Defender, Division of Mental Health Advocacy. Additionally, Elena performed pro bono work on behalf of the National Crime Victims Law Institute and Lewis & Clark School in Oregon.

Joseph Randazzo, Associate

Wilson Elser

Joseph Randazzo focuses his practice on the defense of medical malpractice claims. His
clients include physicians, health care providers, long-term managed care organizations,
and medical centers. Joseph understands the challenges facing health care professionals
and prides himself on providing meticulous preparation and insightful strategies to resolve
various complex matters.

During law school, Joseph was a paralegal assisting Wilson Elser’s Medical Malpractice
team, where he gained valuable experience in a broad range of medical malpractice
matters.

As we celebrate the value these designations bring to our industry, it’s equally important to recognize the individuals who help advance this mission. One such member is Andrew Kelly, RPLU+, CPLP, ExecPLP, whose dedication personifies the spirit of PLUS and our commitment to professional development. Andrew serves as a committed member of the ExecPLP Committee, a group dedicated to promoting, enhancing, and supporting the educational content that underpins the ExecPLP designation. His involvement reflects a strong dedication to advancing the visibility and value of PLUS designations across the marketplace.

Recently Andrew joined Tony Cañas on the Profiles in Risk podcast where he spoke about the value of PLUS designations and the importance of preparing the next generations of professionals in E&O, D&O, and Cyber Liability. To listen to the episode, click here.

Learn More About PLUS Designations

For professionals inspired by Andrew’s insights, or for anyone seeking to deepen their expertise and demonstrate their commitment to the field, PLUS offers several respected designations. Below is an overview of each designation, along with the link to requirements:

Registered Professional Liability Underwriter (RPLU)

The RPLU designation is the cornerstone of PLUS’s educational pathways. It provides a foundation in professional liability, covering underwriting principles, exposures, policy forms, claims, and industry practices. It is widely recognized as a mark of credibility and commitment within the specialty lines community.

Registered Professional Liability Underwriter+ (RPLU+)

The RPLU+ builds on the RPLU by offering advanced, specialized coursework. This designation is designed for professionals who want to refine their expertise in specific lines of business or functional areas, demonstrating a higher level of mastery beyond the core curriculum.

Cyber Professional Liability Practitioner( CPLP)

The CPLP designation is designed for professionals seeking to expand their applied expertise within the cyber and professional liability space. It strengthens practical understanding of key industry concepts and supports individuals looking to deepen their knowledge in this evolving area. The CPLP emphasizes real-world application and practitioner-level proficiency in a rapidly changing risk environment.

Executive Lines Professional Liability Practitioner (ExecPLP)

Designed for professionals specializing or interested in directors & officers (D&O) and executive lines of professional liability, the ExecPLP designation provides advanced education that deepens expertise in these complex coverage areas while enhancing professional credibility in the marketplace. Earning the ExecPLP offers a strategic career advantage by signaling leadership-level competency and a strong commitment to industry excellence.

PLUS thanks Andrew Kelly for his leadership and dedication to advancing professional lines knowledge. We encourage members and industry professionals to explore these designation pathways and take the next step in their professional development.

Busch guided attendees through a sweeping look at global economic conditions, unpacking the forces shaping markets today and those poised to define the next decade. From accelerating AI disruption to shifting international trade policies, he broke down complex dynamics into digestible, practical insights designed to help leaders prepare for what’s next.

Framing global risks as opportunities for forward-thinking organizations, Busch emphasized the value of anticipatory leadership—the ability to understand change before it arrives and turn uncertainty into strategic advantage. His guidance offered a roadmap for navigating volatility, identifying areas of potential growth, and making confident decisions in a rapidly evolving landscape.

With a blend of expert analysis and real-world application, Busch delivered exactly what attendees needed at the close of the Conference: fresh perspective, actionable direction, and renewed momentum for the year ahead.

As the lights came up and the 2025 PLUS Conference came to its official close, participants left with one resounding takeaway: the future isn’t something to fear—it’s something to be ready for.