Estimated reading time: 3 minutes
Illinois Cyber Insurance Litigation
The ruling in Illinois cyber insurance litigation, which came last month in the state’s appeals court, stemmed from the high-profile 2021 ransomware attack on Kronos Private Cloud (now part of UKG), in which hackers exploited vulnerabilities like Log4j to disrupt payroll and HR services for millions of employees worldwide. Clients, including healthcare providers, governments and businesses, faced weeks of downtime and were forced to make manual workarounds. The hack eventually led to a $6 million class action settlement. It certainly won’t be the last cyber insruance lawsuit.
Client: Cyber Insurance Claim Should Cover Overpayment
Villa Financial Services, which manages nursing homes, was notified in December 2021 that its systems were offline. To avoid payroll interruptions that might lead to staff shortages, Villa had to use outdated records to determine payments for its employees. The result: Overpayments to staff members of $1.2 million, all of which proved unrecoverable. Villa filed a cyber insurance claim under the policy’s extra expense provision for these costs, which it claimed were “necessarily incurred to mitigate an interruption.” But insurer Lloyd’s of London considered the extra payments “gratuitous” since Villa wasn’t legally required to make them. Villa then began cyber insurance litigation to recover the expenditures.
The court was not having it: “While it may be true that [Villa] felt that it had no choice in that moment but to pay out extra funds in order to meet its payroll obligations, [Villa’s] apparent misfortune does not create coverage where none exists under the policy,” an appellate judge concluded, according to a November 24, 2025 press release from the law firm Skarzynski Marick & Black LLP, which prevailed in the case on behalf of its client, Lloyd’s of London.
Don’t Count on Cyber Insurance to Cover Response Mistakes
This cyber insurance lawsuit ruling underscores a key risk in cyber liability insurance claims: Expensive mistakes made by insured companies in responding to a hack may not be covered, even if driven by good intentions to maintain operations. The ruling may encourage stricter policy scrutiny and more cautious crisis decision-making among policyholders, while bolstering insurers’ ability to enforce narrow interpretations. The lesson for cyber insurance policyholders: When even obvious cyber insurance claims may not be fast or large enough for companies to recover rapidly, detailed response preparation before hacks, and disciplined execution after, are critical.
Related Cyber Liability Insurance Posts
