Recent Landmark Insurance Law Cases in the U.S. (2024–2025 Updates)

Overview

The last two years produced a string of high-impact decisions that reshape how courts treat insurer conduct, the accrual and remedies for bad-faith claims, and the scope of cyber-insurance coverage. Below I summarize the most influential rulings (federal and state) from 2024–2025, explain their practical effects, and highlight what insurers and policyholders should do now.

1) Bad-faith verdicts that stay — Nevada’s Sierra decision (2024)

In 2024 the Nevada Supreme Court affirmed a massive combined jury award (compensatory + punitive) against Sierra Health & Life for denying coverage for proton beam therapy — a decision that reinforces courts’ willingness to sustain large punitive awards where insurers lack a reasonable basis to deny treatment. The opinion underscores that juries can find an insurer knew (or recklessly disregarded) that denial was unreasonable, and punitive damages remain a live risk where evidence shows oppressive or egregious conduct. (Dykema – Homepage)

Practical takeaways: insurers should document a reasonable, contemporaneous basis for coverage decisions (medical reviews, documented reliance on credible expert opinions); policyholders should preserve evidence showing insurer knowledge or reckless indifference when pursuing statutory bad-faith remedies.

2) Causation and recoverability in cyber/business-interruption claims — Southwest Airlines (5th Cir., Jan 2024)

The Fifth Circuit revived Southwest Airlines’ claim under excess cyber coverage after a major systems failure, reversing a district court that treated certain customer-compensation costs as purely discretionary and therefore nonrecoverable. The appeals court held that discretionary business responses (refunds, promo extensions, loyalty credits) are not automatically excluded if they satisfy the policy’s causation standard — i.e., they were incurred “solely as a result of” the system failure under the policy language at issue. The case was remanded to determine whether each category of claimed costs was sufficiently causally connected to the system failure and whether recovery would create a windfall. (Justia)

Practical takeaways: policy language about causation and “solely” or “direct” result matters — insurers drafting cyber/business-interruption forms will be pushing for clearer, specific limitations; policyholders should document the business decisions they made to mitigate loss and how those decisions flowed from the covered event.

3) One word, big consequences — New Mexico appellate ruling on cyber third-party coverage (June 16, 2025)

A New Mexico appellate decision turned on the interpretation of the preposition “for” in a third-party cyber liability provision and concluded that a vendor’s suit over unpaid invoices (following a fraudulent invoice induced by a breach) could be a claim “for” a security breach. Because the court found the phrasing ambiguous, it construed the policy in favor of coverage and rejected insurer arguments that funds-transfer exclusions or narrow readings should bar the claim. This case illustrates how courts may parse policy language — even a single word — to expand or contract coverage and shows that ambiguity will be resolved in favor of policyholders. (Hunton Andrews Kurth)

Practical takeaways: insurers should use precise, consistent terms across first-party and third-party cyber provisions; policyholders and brokers should read policy wording carefully (and press on clarity around “funds transfer,” “fraudulent instruction,” and third-party liability triggers).

4) Evolving treatment of claim-handling accrual and remedies (multi-jurisdictional trends)

Several appellate decisions in 2024–2025 refined when bad-faith causes of action accrue and what remedies are available. For example, federal appellate panels have clarified accrual timing in failure-to-settle contexts and excess-judgment scenarios, while state courts have continued to interpret statutes (or common-law standards) on what constitutes a “reasonable basis” for denial. The practical upshot: timelines for filing bad-faith claims may turn on when an excess judgment becomes final or when the insurer’s conduct crosses a reasonableness threshold — so deadlines and strategic timing matter. (Dykema – Homepage)

Practical takeaways: counsel should analyze accrual carefully in any bad-faith claim, watching for jurisdiction-specific rules and appellate guidance that could affect limitation periods and procedural strategy.

5) Cyber coverage litigation beyond “first-party vs. third-party”

The cyber-insurance space continues to be fertile ground for novel coverage fights: business-interruption, reputational-harm, funds-transfer fraud, and contingent-vendor exposures are all being litigated. Major decisions in 2024 (and follow-on opinions in 2025) reaffirm that courts will look closely at policy language, causation rules, and the interplay of explicit sublimits (e.g., funds-transfer sublimits) versus broader liability or data-breach protections. Decisions analyzing large corporate losses (and subrogation/insurer-vs-cyber-provider actions) signal insurers may increasingly pursue subrogation or deny coverage when third-party control or vendor failures are implicated. (Riker Danzig)

Practical takeaways: buyers of cyber coverage should negotiate explicit carve-ins for funds transfer and dependent-vendor failure exposures, and maintain robust incident response documentation; insurers ought to crawl-space test policy prose to ensure intended limits and exclusions are unambiguous.

What this means for practitioners and policyholders (action list)

1. Audit policy language now. Insurers and buyers should re-read cyber and liability forms to identify ambiguous terms (e.g., “for,” “arising out of,” “resulting from,” “solely”) and decide whether endorsements are needed.
2. Strengthen contemporaneous file notes. A clear contemporaneous record of medical reviews, claim-handling rationales, and forensic incident responses helps prove (or defend against) bad-faith claims.
3. Model litigation strategies to recent holdings. Use Sierra and Southwest-type rulings to frame (or resist) bad-faith and cyber coverage theories — documentation and causation analysis will be central.
4. Consider subrogation and vendor-contract clauses. As carriers increasingly sue cyber vendors, insurers should coordinate subrogation strategies and ensure vendor contracts allocate cyber risk appropriately.
5. Train claims/IT teams together. Cyber incidents are hybrid events: coordinating claims staff with IT and legal teams produces better mitigation, recordkeeping, and coverage positions.

Final note

2024–2025 produced rulings that emphasize two consistent themes: (1) courts will not tolerate conclusory insurer denials absent a documented, reasonable basis, and (2) precise policy drafting is decisive in cyber cases — small words can swing coverage. Practitioners should monitor appellate developments closely and treat insurance language, causation evidence, and contemporaneous records as front-line defenses (or weapons) in both coverage and bad-faith litigation.

Key sources and further reading

• Dykema: Insurance Bad Faith Report (Oct. 2024) — summaries including the Nevada Sierra decision and other 2024 bad-faith rulings. (Dykema – Homepage)
• Fifth Circuit opinion: Southwest Airlines Co. v. Liberty Ins. Underwriters, Inc., No. 22-10942 (Jan. 16, 2024) — reversal/remand on cyber excess coverage. (Justia)
• Hunton Insurance Recovery Blog — analysis of New Mexico appellate decision interpreting cyber policy wording (Kane case, June 16, 2025). (Hunton Andrews Kurth)
• Zelle LLP / Law360 analysis of the New Mexico decision and its likely market effects. (zellelaw.com)
• Riker / Mayer Brown reviews of cyber litigation and notable property/all-risk cyber precedents (context for business-interruption & NotPetya–type disputes). (Riker Danzig)