Wiley Rein explains:
The New Mexico Court of Appeals has held that cyber policy language affording coverage “for” a security breach was ambiguous and must be construed broadly to provide coverage for a breach of contract claim “because of,” “resulting from,” or “on account of” a security breach. Kane ex rel. N.M. Health Connections, Inc. v. Syndicate 2623-623 Lloyd’s of London, 2025 WL 1733046 (N.M. Ct. App. June 16, 2025).
A fraudster gained access to a health insurance company’s computer system and requested payment of legitimate vendor invoices to a fraudulent bank account. The health insurance company wired over $4.4 million to the fraudster. The vendor never received payment for its invoices and alleged breach of contract. The company sought coverage for the vendor’s claim under its cyber insurance policy. The cyber insurer denied coverage on the ground that the vendor’s claim was not “for” a security breach; rather, it was a “garden-variety claim for breach of contract.” The district court disagreed, holding that the phrase “for” a security breach was ambiguous and must be construed to provide coverage for claims “because of” or “resulting from” a security breach, like the vendor’s claim.
Read more at JDSupra.
