Every year after Labor Day, I take a step back to survey the most important current trends and developments in the world of Directors’ and Officers’ liability and insurance. This year’s review is set out below. As the following discussion shows, this is a particularly interesting time in the world of D&O.
Trump, Tariffs, and Geopolitical Risk
Anyone who reads a newspaper (or searches their Internet news feed) these days is aware that we live at time of heightened geopolitical risk. With two hot wars, in Ukraine and the Middle East, and with a brewing global trade war, companies must perform and operate in a fraught and unpredictable environment. The conditions not only complicate business operations and decision-making, but they may subject companies to litigation risk as well. As discussed below, several recent examples show how geopolitical risks can translate into the risk of D&O claims. There are further geopolitical threats on the horizon, as well.
One of the current sources of geopolitical tension is the trade and tariff policies of the current U.S. Presidential administration. From the very outset of the current Trump Administration’s rollout of comprehensive tariffs, I have been concerned that the tariffs could not only pose significant operational challenges for companies just about everywhere, but could also represent a significant potential source of D&O claims liability.
At a minimum, the Trump administration’s shifting tariff policies present compliance challenges. For example, we know from past experience that the U.S. government has actively used a variety of enforcement tools, including, for example, the False Claims Act (FCA), to enforce tariff compliance. As discussed at length here, among other things, the FCA imposes liability for knowingly avoiding obligations to pay money to the government (known as “reverse false claim liability.”)
The Trump administration recently deployed this approach to pursue an enforcement action based on alleged tariff underpayment. As discussed here, in July 2025, the administration filed a False Claims Act complaint in intervention in an existing qui tam action filed against a South Carolina furniture company. The company allegedly used false documentation to underreport the price of furniture the company imported from China, resulting in tariff underpayment. The new case underscores the fact that as the current Trump administration rolls out and enforces its sweeping tariff program, companies could face significant scrutiny and potential claims risk. As the Sullivan & Cromwell law firm put it in a July 21, 2025, memo commenting on the recent FCA case, the Trump administration appears “poised to aggressively use both civil and criminal enforcement tools to ensure companies’ compliance with tariffs and other trade measures.”
The possibility of one of these kinds of claims based on companies’ alleged tariff underreporting is separate and apart from the risks public companies may face with respect to the public disclosures about the impact of the tariffs on their operations and financial results. As discussed here, companies’ statements about their ability to navigate the current trouble global trade environment, to maintain a functioning supply chain, or to source goods in lower tariff jurisdictions, will all be subject to hindsight scrutiny in future reporting periods, particularly if companies later report disappointing financial results as a result of the tariffs.
At least one tariff-related securities class action lawsuit has already been filed. On August 29, 2025, a plaintiff shareholder filed a securities class action lawsuit in the Eastern District of Michigan against Dow, Inc. The plaintiff claimed that during the class period, the company had said that “well positioned to weather macroeconomic and tariff-related headwinds while maintaining sufficient levels of financial flexibility to support the Company’s lucrative dividend.” The company also reaffirmed its earning guidance, notwithstanding tariff uncertainty, citing its “industry-leading flexibility to navigate global trade dynamics.” However in late July, when the company announced disappointing 2Q25 financial results, the company blamed “the lower-for-longer earnings environment that our industry is facing, amplified by recent trade and tariff uncertainties.” The complaint, which can be found here, alleges that the the company’s statements about its “ability to mitigate macroeconomic and tariff-related headwinds, as well as to maintain the financial flexibility needed to support its lucrative dividend, was overstated.”
Another important context for the possibility of D&O claims arising from geopolitical risk is that international trade and regulatory regimes have become increasingly important for companies and their executives. These regulatory regimes include trade sanctions, anti-money laundering (AML) requirements, and anti-bribery and corruption laws. Violations of these regimes can result in regulatory enforcement actions as well as in related civil litigation.
One example of the ways in which AML regulation, for instance, can translate into securities litigation is the securities class lawsuit filed in January 2025 against the money payment technology firm Block, as discussed here. In the lawsuit, a plaintiff shareholder alleges that the company’s failure to maintain basic AML protocols had created a “haven for criminal and illicit activities,” allegedly contrary to the company’s representations. The underlying allegations in fact relate to a whole host of supposed violations of various cross-border enforcement regimes, including, for example, economic sanctions regimes, as well as AML laws.
Another cross-border issue that has become increasingly tense in recent months has been the movement of people. As tensions have risen, many countries have tightened their visa policies, to try to control migration and other issues relating to cross-border movement. A recently filed securities lawsuit against a company whose money transfer business is directly linked to the cross-border movement of students for education and study shows not only how changing visa policies, for example, can not only affect companies’ operations and financial results but can also translate into securities litigation.
In July 2025, as discussed here, a plaintiff shareholder filed a securities lawsuit against international payments firm Flywire. In recent months, several national governments, including the governments of Canada and Australia, tightened up their foreign student visa programs, reducing the number of foreign students studying in those countries. The declining student population meant fewer users of the company’s payment facilitation services. The plaintiff alleges that the defendants understated the negative impact that permit and visa-related restrictions were having and would have on the company’s financial results. As this case shows, changes to immigration and visa policies as a result of geopolitical tensions can not only pose challenges for at least some companies, but at least potentially can lead to securities litigation.
In short, geopolitical risks present companies with a host of complicated operational and financial challenges. It is already clear that these challenges can translate into corporate and securities litigation. The challenges – and the related litigation threat – could potentially become of much greater significance in the months ahead.
The Rise of AI-Related D&O Claims
The recent emergence of artificial intelligence, including especially generative AI tools, has had a significant impact on society, business, and financial and labor markets. The changes that AI has introduced are in many ways transformative, but in other ways disruptive. One side-effect of AI’s disruptive impact has been the rise of AI-related litigation. The litigation includes not only lawsuits, such as, for example, over intellectual property rights, but also D&O-related litigation, including securities class action lawsuits and SEC enforcement actions.
One source of AI-related enforcement actions has been allegations that a defendant company engaged in so-called “AI washing” – that is, overstated the company’s own AI-capabilities or prospects. Examples of this type of action are the parallel April 2025 enforcement actions (discussed here), in which the U.S. Attorney for the Southern District of New York and the SEC each charged a tech executive with securities fraud in connection with fundraising for his company, Nate Inc., based on misrepresentations about the company’s AI capabilities. The executive, Albert Saniger, allegedly raised over $42 million by misrepresenting to investors that his company’s app used AI technology to complete online shopping purchases, when in fact the purchases were completed manually by contract workers located in the Philippines and elsewhere.
In addition to the AI-related regulatory enforcement actions, there has also been a great deal of AI-related civil litigation, including AI-related securities class action litigation. According to the Stanford Law School Securities Class Action Clearinghouse (here), during the first six months of 2025, 12 AI-related securities class action lawsuits were filed, on top of the 15 filed in 2024.
The AI-related securities suits filed so far have generally fallen into one of three categories. The first category involves lawsuits against companies that are themselves providing AI products or services. An example of this kind of case is the securities lawsuit that was filed in February 2025 against Elastic, which describes itself “the Search AI Company.” Its platform allows customers to “find insights and drive AI and machine learning use cases from large amounts of data.”
The company’s share price declined steeply after it reduced its fiscal year guidance following certain segmentation changes. As an AI-related company, its share price had enjoyed lofty valuations; it was arguably priced for perfection, and so the slight bobble caused its share price to plunge. While these setbacks can hit any company, not just an AI-related company, the consequences for Elastic were more significant because its AI-associated business boosted its share value. Many publicly traded AI-based businesses may face these same conditions.
The second category of AI-related securities litigation involves the same kind of AI-washing allegations that have been the subject of SEC enforcement actions, as discussed above. For example, and as discussed here, in March 2025, a plaintiff shareholder filed a securities class action lawsuit against AppLovin Corporation, a company whose software platform allows advertisers to enhancing marketing and monetization of their content. The complaint alleges that the company misled investors by representing that its growth was due to its adaption of AI technology, when, it was alleged, that the company “used manipulative practices that forced unwanted apps on customers via a ‘backdoor installation scheme’ in order to erroneously inflate installation numbers, and in turn, profit numbers.”
Another example of an AI-washing type securities suit is the action also filed in March 2025 against Skywork Solutions, a company that develops semiconductor solutions for a wide variety of applications. As discussed here, according to the complaint, the company presented itself as well-positioned to profit from AI transformation of many kinds of consumer products, particularly cellular phones. The complaint alleges that the defendants “oversold Skyworks’ position and ability to capitalize on AI in the smartphone upgrade cycle.”
The third type of AI-related securities class action lawsuits involves companies that, rather than allegedly overstating their AI capabilities or prospects, allegedly understated their AI-related risks. An example of this type of lawsuit is the case filed in June 2025 against social media platform and forum-style website Reddit, as discussed here. The company earns most of its revenue from website-based advertising. The gist of the complaint is that, due to Google’s switch to AI-based search summary responses, user click-throughs to the company’s site were declining, resulting in loss of revenue. The complaint alleges that the company misled investors by downplaying the impact on the company’s site traffic and ad revenue from Google’s adoption of AI search results.
The lawsuit against Reddit is noteworthy because it is AI-related but it does not involve AI-washing type allegations. Instead, it involves allegations that the company understated the risks to the company’s revenues from Google’s adoption of AI-based processes.
What makes this case even more interesting is that the AI-related risks to Reddit did not arise from Reddit’s own use or deployment of AI. Instead, the risks here arose from AI adoption and implementation by one of its suppliers. (I use the word “supplier” to refer to Google because that was what Google was effectively doing for Reddit, supplying users.)
This element of corporate risk arising from third-party AI adoption is particularly important to note. AI is transforming a wide variety of industries: healthcare and health services; transportation and logistics; asset management; legal services; education, and a host of other industries. These changes not only involve opportunities, they also involve risk. And it is not just companies’ own adoption of AI that presents risks. AI adoption by customers, competitors, vendors, suppliers, and even regulators could reshape many fundamental characteristics of the way business gets done – as the facts of the Reddit case demonstrate.
Even though to this point most of the AI-related D&O litigation has involved AI-washing type allegations, going forward I think AI-washing cases will become relatively less important, and AI-risk related cases are going to become much more important. I think future AI-related D&O litigation is going to be about allegedly undisclosed or understated AI-related risks, as companies and their competitors, customers, vendors, suppliers, and regulators increasingly adopt AI.
In addition to these identifiable types of AI-related D&O claims, there may be other types of AI-related claims yet to emerge. Among other things, there could be D&O claims associated with boards’ use of AI for creating board minutes, or from companies’ use of AI to compose the MD&A in the periodic SEC reports. There is always the possibility that just as AI is proving to be transformative in general, it could prove to be transformative with respect to D&O claims as well.
The one thing that seems clear at this point is that going forward, AI-related litigation exposure will likely be a significant source of D&O liability risk
What is Next for ESG?
Just a short time ago, companies faced pressure from a number of different constituencies – institutional investors, activist shareholders, government regulators – to establish and maintain their sustainability credentials. Indeed, the pressure was sufficiently great that some companies were even alleged to have engaged in “greenwashing” – that is, to have overstated their sustainability commitments and accomplishments.
The atmosphere for ESG is much different today. Even before the advent of the second Trump administration, an ESG backlash had developed. The current administration is now actively work against many ESG objectives. One issue that falls under the “S” pillar of ESG is Diversity, Equity, and Inclusion (DEI), an area in which the Trump administration has been so active that I have set it apart as a separate topic, discussed in a separate section, below.
From the outset, the current administration made it clear that it was going to be pulling back from many of the ESG-related initiatives of the Biden administration. For example, in March, the SEC disclosed that it was withdrawing its defense of the Climate Change Disclosure guidelines, which were adopted under the prior administration and face a court challenge in the Eighth Circuit. (The appellate litigation is, as discussed here, currently in abeyance, awaiting a judicial response to the SEC’s request for the case to go forward.)
The SEC’s action with respect to the Climate Change Disclosure Guidelines suggest that other governmental authorities’ climate change-related initiatives — such as those of the EU and of the various U.S. states, especially those of California — could increase in importance, as the U.S. federal government changes its policy direction.
However, the EU has recently also indicated its intent to step back some of its initiatives. As discussed in detail here, earlier in March, the European Commission proposed an “Omnibus package” of proposed revisions to streamline a number of EU laws, including the EU’s Corporate Sustainability Reporting Directive (CSRD). The CSRD would have required many companies, including many U.S. companies, to make periodic disclosures concerning climate change-related issues. The Omnibus package, if approved, will adjust and streamline the scope, timeline, and requirements of the CSRD.
With these pullbacks from prior climate change-related disclosure requirements, the California climate change disclosure guidelines potentially are now significantly more important. As discussed here, in September 2023, the California legislature enacted far-reaching climate change disclosure guidelines. According to an April 12, 2025 post on the Harvard Law School Forum on Corporate Governance by The Conference Board (here), the California requirements “are poised to become the de facto standards for corporate climate disclosure in the U.S.” (Significantly, on August 13, 2025, a California federal court rejected the motion for preliminary injunction to halt the enforcement of the California laws, as discussed here.)
The California disclosure requirements clearly represent a different approach to climate change disclosure than the one being taken by the current Trump administration. It is worth noting that California is not the only state to have enacted ESG-related legislation. The Harvard Law School Forum blog post to which I linked above notes that a number of other states have enacted “pro-ESG measures,” including Colorado, Florida, Illinois, Maine, Maryland, New Hampshire, Oregon, and Utah.
On April 8, 2025, the White House issued an Executive Order entitled “Protecting American Energy from State Overreach” targeting these various climate change-related state initiatives.
The Executive Order states, with reference to the state law initiatives, that “These laws and policies weaken our national security and devastate Americans by driving up energy costs” and “undermine Federalism by projecting the regulatory preference of a few States onto all States.” The Executive Order directs the Attorney General to identify all state and local laws on the topic and “expeditiously take all appropriate action to stop the enforcement of State laws” that the AG determines to be “illegal.” Finally, the order directs the AG to recommend any additional Presidential or legislative actions necessary to stop the enforcement of State laws identified in response to the order.
The Executive Order sets in motion a likely chain of events, one result of which could be a federalism showdown between the White House and the state government of California.
It should be noted that the administration’s actions include not just anti-ESG initiatives; the administration has also been working very actively to promote the use of U.S.-originated fossil fuels. At the very outset of the administration, the White House demonstrated its commitment to help the U.S. fossil fuel industry.
For example, on the day of his second inauguration, President Trump signed an Executive Order entitled “Unleashing American Energy.” In February, the White House established an “National Energy Dominance Council,” to promote the growth of domestic energy sources, including fossil fuels. In April, the White House issued an Executive Order entitled “Reinvigorating America’s Beautiful Clean Coal Industry,” which tells you everything you need to know about the Trump administration’s approach to ESG.
One could conclude that the values embodied in the very notion of ESG are in full retreat. Companies could certainly be forgiven if they were to conclude that they can just forget about ESG and move on to other things.
However, the reality is that the actions companies take or fail to take today will be subject to later scrutiny and potentially could be the basis of future lawsuits. Future claimants could well judge boards on the extent to which companies addressed the challenges that climate change now presents. Boards could be judged on the extent to which they prepared their companies by building in operational resiliency, built durable supply chains, and tried to anticipate the ways that the changing climate could impact their companies’ operations and finances.
In other words, in the current political environment, the Trump administration’s position on ESG atmosphere may have altered the legal dynamic, for now. But the long-term issues, which will affect companies far beyond the duration of the current administration, have not changed. Companies and their boards will still have to address climate change, and they will judged according to how they respond to the climate change challenge, regardless of what the current White House is now saying and doing.
The Trump Administration Targets “Illegal DEI”
In the wake of the civil unrest that followed the May 2020 murder of George Floyd, many U.S. organizations adopted policies seeking to advance Diversity, Equity, and Inclusion (DEI). However, even before the beginning of the current Trump administration, a movement against DEI practices and policies was well underway. In addition, the current Trump administration has from the outset made it clear that it will target “illegal DEI.” As discussed below, the Trump administration’s anti-DEI initiatives could present significant potential exposure for companies that have had policies that have or even had policies that are viewed as counter to the administration’s position on DEI.
Among the first acts President Trump undertook following his inauguration was the issuance of two executive orders staking out a strong policy position against “illegal DEI.” On January 20, 2025 – that is, on the day of Trump’s inauguration — the White House issued Executive Order 14151, “Ending Radical and Wasteful Government DEI Programs and Preferencing.” The next day, the White House issued Executive Order 14173, “Ending Illegal Discrimination and Restoring Merit-Based Opportunity.” Collectively, these orders emphasize a shift towards “merit-based hiring practices” and eliminating DEI-related factors in federal hiring, promotions, and contracting. They also mandate federal contractors to certify compliance with anti-discrimination laws and eliminate internal DEI efforts.
In early February, shortly after being sworn in, Attorney General Pam Bondi issued a memorandum entitled “Ending Illegal DEI and DEIA Discrimination and Preferences.” Among other things, the memorandum declared that the DOJ’s Civil Rights Division will “investigate, eliminate, and penalize illegal DEI and DEIA preferences, mandates, policies, programs, and activities in the private sector and in educational institutions that receive federal funds.”
On March 19, 2025, the U.S. Department of Justice (DOJ) and the Equal Employment Opportunity Commission (EEOC) issued a joint statement and released two technical assistance documents focused on educating the public about unlawful discrimination related to diversity, equity, and inclusion (DEI) in the workplace.
The agencies’ joint March 19, 2025, press release can be found here. The EEOC’s accompanying document “What to Do If You Experience Discrimination Related to DEI at Work” can be found here, and the accompanying document entitled “What you Should Know About DEI-Related Discrimination at Work” can be found here.
The documents collectively project the position that DEI initiatives can run afoul of the anti-discrimination laws if an employment action is motivated in relation to a protected characteristic, such as race or gender. The documents cite examples of DEI-related actions that could be counter to the law’s requirements include efforts to “balance” the workforce; limit or classify employees; make hiring or promotion decisions or make access to mentoring or support programs based on protected characteristics.
The most practical concern about the agency’s guidelines is they seem calculated to encourage employees and advocacy group’s to legally challenge corporate DEI programs. The documents’ clear intent to speak directly to employees about their putative rights with respect to employer DEI programs also seems meant to encourage employees to consider taking action against their employers with respect to corporate DEI initiatives.
More recently, on June 11, 2025, Brett Shumate, newly confirmed head of the DOJ’s Civil Division, issued a memo identifying the Civil Division’s top enforcement priorities. with DEI at the very top of the list. The memo states that the Civil Division plans to use “all available resources” to combat illegal DEI practices, specifically bringing suits under the False Claims Act and “aggressively investigating” recipients of federal funds. The Civil Division’s priority of combatting discrimination stands out because the U.S. Department of Justice’s Civil Rights Division, not the Civil Division, traditionally has been responsible for enforcing the civil rights laws.
In advancing these priorities, the memo directs the Civil Division to file suit under the False Claims Act against entities engaged in “illegal DEI” practices. A June 24, 2025, memo from the Freshfields law firm about the Civil Division memo advises companies to “be mindful” of the Attorney General’s February memorandum that directed the Department to consider criminal charges related to DEI.
The law firm’s memo concludes by noting that “In 2025, DEI is not simply an employment law issue.” In light of the June 11 Civil Division memo, along with the earlier memo from the Attorney General, and the White House executive orders, the law firm memo notes that “whether companies have already evaluated their DEI initiatives this year or not, they should consider taking stock now to gauge their potential exposure to FCA whistleblower …or other claims.”
Companies potential DEI-related liability exposure may not be limited just to employee complaints or regulatory enforcement action. The DEI-related exposure may also include the possibility of corporate and securities litigation as well. Indeed, even before the recent change in the DEI landscape, plaintiff firms and political groups had begun filing claims against companies, officers, and directors concerning their DEI-related disclosures.
Perhaps most prominently among these prior lawsuits was the securities class action lawsuit filed in August 2023 by a conservative legal activist group against Target and certain of its executives. Among other things, the plaintiff alleged that Target misleadingly downplayed or failed to warn shareholders about the known risks of customer backlash in response to the company’s Pride Month campaign in June 2023. Significantly, and as discussed in detail here, in December 2024, the court entered an order denying the defendants’ motion to dismiss, finding, among other things, that the company’s risk disclosures “could be materially misleading.”
As discussed in an April 28, 2025, memo from the Winston & Strawn law firm entitled “Securities Litigation Risk in the Evolving DEI Landscape” (here), with respect to the dismissal motion denial in the Target case, “as companies face scrutiny of allegedly ‘illegal’ DEI practices, courts may view the shareholders’ theories advanced in Target to be increasingly plausible.”
In short, the current Trump administration’s policy targeting “illegal DEI” presents companies with a host of potential liability exposures, including the possibility of employment practices claims, regulatory enforcement actions, and DEI-related corporate and securities litigation.
The Move to Incorporate or Reincorporate Outside Delaware
For many years, Delaware was the default choice in the U.S. for companies’ state of incorporation. However, as a result of a sequence of events over the last several months, the choice to incorporate in Delaware may no longer be the “no brainer” that it once was. Recent developments suggest that some companies may choose to incorporate (or reincorporate) elsewhere. The two leading alternative states are Texas and Nevada, in part because of a perception that it is more difficult to hold corporate directors and officers liable under those states’ laws. The possibility that an increasing number of companies could reincorporate in Texas and Nevada could have important implications for corporate litigation and liability.
As early as late 2023, there was already an ongoing debate about whether various decisions of Delaware’s courts were driving companies away from Delaware, and whether companies should consider reincorporating in Nevada and Texas. The debate accelerated in early 2024, when the Delaware Chancery Court voided Elon Musk’s ginormous $55.8 billion pay package. Musk became very vocal in criticizing Delaware and suggesting that companies should reincorporate elsewhere.
In response to the criticism and in order to try to stem the possibility for further departures for Texas and Nevada, the Delaware legislature quickly drafted up and then passed legislation, known as S.B. 21, to try to address many of the critics’ concerns. S.B. 21 enacted a number of changes to the Delaware Corporations Code. Among other things, the bill creates a safe harbor for conflicted controller transactions and narrows the types of material and information that shareholders may inspect through books and records requests. Though the legislature acted quickly to enact S.B. 21, the bill has its critics, and in fact there is a constitutional challenge to the legislation pending before the Delaware Supreme Court.
The Delaware legislature hoped that by enacting the reforms in S.B. 21, they might have stemmed the wave of corporate departures (which have come to be known as “DExits”). The legislatures of Nevada and Texas were not content to simply stand by and see what would happen next. They went to work in their own corporate law laboratories and cooked up some legislative reforms of their own, as discussed here. The Texas legislation introduced a number of reforms, all intended to make the state more attractive to companies. Among other things, the Texas legislation codified the business judgment rule and established a minimum share ownership level for a shareholder to file a derivative suit. The Nevada legislation also introduced corporate reforms, among other things by narrowing the potential liabilities for corporate controllers.
The state of incorporation debate may have reached something of an inflection point in July when the prominent Silicon Valley venture capital firm Andreesen Horowitz announced that it was leaving Delaware to reincorporate in Nevada, and that it was encouraging its portfolio companies to do so as well. (According to sources, Andreesen Horowitz is the largest VC firm in the country.) The firm could have quietly made these changes, but instead chose to be very vocal about the changes, as a way to encourage other companies and corporate decision makers to made the change from Delaware to Nevada. In other words, the country’s largest VC firm is expressly trying to influence the community of start-ups and tech firms, as well as the VC firms active on those communities, to prefer and favor Nevada as the state of incorporation over the traditional favorite state of Delaware.
The VC firm’s action may or may not influence other companies, but it does at least suggest that the debate about state of incorporation is not just a fringe issue involving only a few companies. The VC firm’s statement purports to suggest that the question of the state of incorporation is, and should be, on the table for all companies. It may be, as I suggested above, that Delaware is no longer the default choice for state of incorporation. It may be that increasing numbers of companies will choose to incorporate outside of Delaware, most likely Nevada or Texas — or at least consider doing so.
While it remains to be seen how many companies will in fact choose to incorporate outside Delaware, it does appear at least possible that more companies will choose Texas or Nevada, making those states increasingly important in the world of corporate law. Were this to happen, there could be an impact – a potentially significant impact – on corporate liability exposures. Both Texas and Nevada are trying to attract companies by making it harder to sue companies and harder for claimants to win when they sue. If significant numbers of companies were to incorporate in Nevada and Texas, one of the results could be a diminution in potential corporate liability exposure.
To state it simply, we may be moving toward a new era in corporate law in the U.S., one that could result in less litigation overall and more favorable outcomes for corporate defendants. If more startups and tech firms really do start to favor Nevada or Texas over Delaware as their state of initial incorporation, not only will there be fewer companies in Delaware, but there will be less corporate litigation in Delaware’s courts. The result could be a very different corporate litigation environment. Of course, it will be many years before we know for certain how much things have changed, and in the meantime, I don’t see D&O insurance underwriters changing their practices (or their pricing) in anticipation of the changes. But it could be very interesting to watch all of this unfold.
At the outset of the DExit debate, I thought this whole thing might be just a tempest in a teapot, stirred up by Elon Musk because he was upset that the Delaware courts barred his massive pay package. It does seem now that there might more to this debate than might have originally appeared. The state of incorporation debate could mean we are headed into a very different corporate law environment in the U.S., potentially representing a different corporate liability arena, as well.
Cybersecurity Remains a Critical D&O Liability Issue
Cybersecurity is a perennial D&O liability issue, though other issues may have recently gained more of the headlines. Several developments this year underscore the fact that cybersecurity remains as important as ever.
First, in what was one of the final acts of the SEC under Gary Gensler’s leadership, the SEC filed a settled cybersecurity-related enforcement action against Ashford, an asset manager, as discussed in detail here. The firm acted as an alternative asset manager for two hotel-owning REITS. In September 2023, at a time when the firm as a publicly traded company, the firm first learned that it had experienced a cybersecurity attack and ransomware incident initiated by a foreign threat actor. The intrusion resulted in the exposure of significant amounts of data including hotel guest information.
The SEC alleged that Ashford “knew or should have known that its disclosures concerning the September 2023 Cyber Incident” were “false and misleading.” Specifically, the SEC alleged that the company knew or should have known that the exfiltrated data “contained sensitive personally identifiable information and financial information related to guests.” Without admitting or denying the SEC’s allegations, Ashford agreed to settle the SEC’s charges, consenting to an injunction and an order to pay a civil penalty of $115,231.
At the time it was announced, the Ashford settlement was viewed as representative of the SEC’s approach under Gensler, amid speculation that under the new administration the SEC might take a more lenient approach to the types of issues the SEC raised in the Ashford action.
So far, there has been relatively few cyber related developments at the SEC under the current administration, although in February 2025, the agency did form a “Cyber and Emerging Technology Unit,” focused, among other things, on “combatting cyber-related misconduct,” which in and of itself shows that even if the current SEC will take a different approach to cybersecurity than under the prior administration, the agency is still going to be focused on cybersecurity concerns.
One particular issue that is not yet clear is whether or not the SEC under its current leadership will withdraw or non-enforce the Cybersecurity Disclosure guidelines that were adopted during the Biden administration. Certain aspects of the guidelines have been widely criticized (particularly its time requirements) and the two incumbent Republican SEC commissioners voted against adopting the guidelines. Companies would still of course still be subject to disclosure requirements that were in place prior to the adoption of the guidelines.
Beyond just the SEC, other federal agencies have been pursuing their own cybersecurity-related enforcement actions. For example, and as discussed here, in July 2025, the U.S. Department of Justice announced that it had reached a settlement with the life-sciences company Illumina, in which the company agreed to pay $9.8 million to resolve allegations that it violated the False Claims Act when it sold genomic sequencing systems with cybersecurity vulnerabilities to federal agencies.
An August 7, 2025, memo from the Skadden law firm said that the Illumina settlement underscores the fact that “cybersecurity remains a significant enforcement priority for the DOJ.” The law firm memo details that the action against Illumina is actually one of a series of civil FCA cases the agency has pursued based on alleged cybersecurity deficiencies.
The DOJ’s July 31, 2025, press release about the settlement quotes one government official as saying that “Companies that sell products to the federal government will be held accountable for failed to adhere to cybersecurity standards and protecting against cybersecurity risks,” and as saying further that the settlement underscores “the Department’s commitment to ensuring that federal contractors adhere to requirements to protect sensitive information from cyber threats.”
The government’s pursuit of the claims against Illumina shows that among the risks companies may face as a result of cybersecurity vulnerabilities is the risk of potential governmental enforcement action under the False Claims Act. The government’s actions show that companies now face not only the risks of traditional regulatory enforcement, but also, as the law firm memo puts it, the risks “from alleged failures to meet cybersecurity standards – particularly where those failures result in false representations to the government.”
In short, though cybersecurity may not be the D&O exposure that is garnering the most attention now, it remains a serious liability concern and an important potential source of D&O liability claims.
The Current Soft Market for D&O Insurance
With all that is going on in the D&O liability arena, it might well be expected that underwriters might pull back or even seek to raise prices in the months ahead. However, and despite everything discussed above, the D&O insurance marketplace remains competitive, with most buyers enjoying relatively advantageous pricing for relatively broad terms and conditions.
To understand what is going on, we have to go back a few years, to the 2019-2021 timeframe. At that time, following years of underpricing and after years of claim reserve strengthening, D&O insurers were experiencing widespread underwriting losses. For most buyers during this period, their D&O insurance costs increased, in some cases dramatically, and in many cases their self-insured retentions increased as well. In short, the industry was in a “hard market.”
The hard market pricing conditions attracted new capital and new market participants. The arrival of the new capacity coincided with the collapse of the market for IPOs and SPACs, meaning that as insurance supply expanded, insurance demand declined. Abundant supply and diminished demand meant that competition returned to the D&O insurance marketplace. As a result, starting in early 2022, many buyers saw their management liability insurance costs drop compared to the hard market years.
The soft market conditions that began to take effect in 2022 remain in place. The soft market for D&O insurance is now well into its fourth year, although the extent of the pricing reductions for many buyers have levelled off somewhat in more recent periods. Many D&O insurance buyers are continuing to see their overall insurance costs decline slightly, with even companies that have had issues or complications seeing flat renewals. Of course, financially troubled companies, companies in certain disfavored industries, and companies with complex claims histories may face a more challenging marketplace, but for most other buyers the D&O insurance marketplace has been and remains relatively benign.
There are voices in the D&O space (as there always are when the insurance market is in the soft phase of the cycle) saying that the price decreases have gone too far and have fallen below risk-based pricing levels. Perhaps these concerns could cause the D&O insurance market to shift to the next phase of the cycle. However, it is important to remember that — at least historically — the soft market phases of the insurance cycle generally last a lot longer than the infrequent and usually brief hard phases of the cycle. It probably should also be noted that the most important cause of the current softer market conditions – that is, abundant insurance capacity – remains fully in place, meaning that a significant move toward a harder market in the months ahead seems unlikely.
The laws of supply and demand generally control the D&O insurance marketplace, and at the current moment supply remains ample. For the moment, at least, generally competitive conditions remain in effect, and it remains a favorable pricing environment for most D&O insurance buyers. What the future may bring remains to be seen.
Follow the D&O Diary on LinkedIn: The D&O Diary now has its own LinkedIn page. The goal is to use the LinkedIn page to supplement The D&O Diary’s blog posts, with further information and commentary about the world of directors’ and officers’ liability and insurance. I encourage everyone to visit and to follow the new page. The D&O Diary’s LinkedIn page can be found here.