Reading time: 7 minutes
Listening time: 11 mins

Welcome to the Pride's Friday Five

Every week our team rips through 200+ insurance, legal, and risk articles to surface three events your board needs to hear about in its Monday morning brief.

• For two decades, D&O carriers relied on the bump-up exclusion to avoid paying when shareholders didn't like the deal price. The Delaware Supreme Court just told AIG, Chubb, and Berkley that's not how it works, and the implications reach every FI board contemplating M&A.
  ​
• M&A volumes jumped 40% last year and deal activity shows no signs of slowing. But a coverage gap between your tail policy and go-forward D&O could leave your board completely exposed on post-deal claims. We explain the straddle problem, and how to fix it before closing day.
  ​
• Every M&A deal creates a cybersecurity gap between what both sides believe and what actually holds up. A growing legal doctrine called "stepping stone liability" could turn that gap into personal exposure for directors. We explain why the cyber delta is a D&O problem, not just a technology problem.

We think these all deserve a closer look…First, If you'd rather listen check out the audio version.

Delaware Tells AIG and Chubb, "Not so Fast!"

Summary
​
​For the last two decades, D&O carriers didn't have to worry about footing the bill when shareholders didn't like the price they got.
​
The bump-up exclusion handled that. Think of it as a rule in the D&O policy that says: if you get sued for paying too little in a deal, we're not paying to "fix" your price. The exclusion carves settlement dollars out of the definition of "Loss" when a claim alleges that acquisition consideration was inadequate.

Defense costs still get covered. But the settlement itself?

Carriers treated that as a business risk, not an insurable loss. Over the last decade, insurers increasingly used bump-up as an automatic denial: if the underlying case smelled like a price dispute, the settlement was out. The Delaware Supreme Court just told them that's not how it works.

Samsung acquired Harman International in 2017 through a reverse triangular merger.

Former shareholders filed a federal securities class action under Section 14(a), alleging misleading proxy disclosures that pushed them to approve an undervalued deal. Harman settled for $28 million and tendered the settlement to its D&O tower. AIG's Illinois National led the program. Chubb's Federal Insurance was on the first excess and Berkley on the second excess. All three denied indemnity based on the bump-up exclusion, arguing the payment was effectively an increase in merger consideration.

The Delaware Supreme Court applied a two-prong analysis.

1. Prong one: did the claim allege inadequate consideration? Yes. The insurers cleared that bar.
2. Prong two: did the settlement represent an effective increase in the deal price? No. The insurers failed.

Three factors drove the court's reasoning. The settlement class wasn't limited to shareholders who actually received merger consideration. The $28 million correlated with estimated defense costs, not a per-share valuation gap. And neither party had submitted expert reports on the "true value" of the shares before settling.Two justices dissented. The decision was 3-2.
​
(sources: Jones Day, Harvard Law School Forum on Corporate Governance)

So what?

This decision comes from the Delaware Supreme Court. Arguably the most influential corporate law jurisdiction in the country.

It directly limits how broadly carriers can apply a common exclusion in post-M&A shareholder litigation. AIG, Chubb, and Berkley are marquee D&O markets, and a high-court loss for them on a heavily negotiated exclusion invites copycat coverage litigation against other insurers using similar wording. For boards, CFOs, and GCs who've been told "bump-up kills coverage for price cases," the Harman decision cuts the other way. Policyholders and brokers can now argue that many deal-related settlements compensate disclosure and process failures, not pure price deltas. Insurers must tie the actual settlement dollars to a quantified bump in the price — using the actual words of the policy and the structure of the transaction.

That shifts negotiating leverage at renewal.

Expect carriers to respond. Underwriting and wordings committees are already evaluating revised bump-up language designed to capture a broader set of M&A settlements. For anyone buying or placing D&O with Delaware choice-of-law and active M&A exposure, bump-up wording just became one of the most important clauses in your policy. Other federal courts, including the Fourth Circuit, have applied bump-up exclusions more aggressively in similar fact patterns. Outcomes will turn on specific facts, policy wording, and jurisdiction.
​
​That makes manuscript review before your next renewal, not after your next deal, essential.​
​
​Want to know how your bump-up wording holds up after Harman? Contact us for a free D&O policy evaluation! We'd be happy to show you the modifications we're advising LION clients to make...

The Straddle Claim Few M&A Pros Plan For

Summary

Global M&A volumes increased 40% last year, according to Goldman Sachs' 2026 outlook, and AI, accommodating regulatory conditions, and available capital will continue to fuel dealmaking through 2026.

Standard M&A practice calls for two D&O purchases at closing: a tail policy covering pre-deal conduct and a go-forward policy covering post-deal conduct. Checking both boxes feels like continuous coverage. It isn't.

The gap materializes when a claim alleges wrongful acts on both sides of the closing date.

These are called straddle claims, and when they land, both carriers can deny coverage simultaneously. The tail insurer points to post-closing allegations. The go-forward insurer points to pre-closing conduct. And your board sits between two denial letters with zero coverage.

A January 2026 case in the Southern District of Florida, Greenwich Insurance Co. v. Fernandez, illustrated the problem: the insurer argued the policyholder submitted its straddle claim both too early and too late. (source: Law360)

The LION Lens

What happened — Post-M&A claims increasingly allege conduct spanning both sides of the closing date, creating coverage disputes where neither the tail nor go-forward D&O policy responds.

Why it matters — Tail policies commonly exclude claims "based upon, arising out of, directly or indirectly resulting from, or in any way involving" post-closing misconduct. Under that broad language, a single post-closing allegation can void coverage for the entire claim. Mirror that with a go-forward policy containing a prior-acts exclusion, and you have a total coverage blackout.

Practical implications — Every M&A transaction requires specific analysis of how the tail and go-forward policies interact on claims that span the closing date. Default provisions and standard forms are not sufficient.

So what?

The straddle problem isn't theoretical.

In real transactions, employee class actions alleging harm from converting benefits plans, shareholder derivative suits challenging asset management decisions, and regulatory investigations spanning pre- and post-deal periods all generate claims that cross the closing-date line. Practitioners who negotiate straddle coverage in advance avoid litigation entirely. In one documented example, a company spinning off a subsidiary negotiated a tail endorsement that specifically defined straddle claims and the terms under which they would be covered.

When two claims materialized, both alleging wrongful acts before and after the spin, no coverage litigation followed. The underlying actions were ultimately dismissed.Without that advance work, the alternative is grim. In another transaction, the tail insurer denied coverage because the complaint's class period extended past the cutoff date. The go-forward insurer denied under a prior-acts exclusion because the complaint alleged conduct dating back four years before the cutoff.

The policyholder had nowhere to go. The fix requires action before closing, not after a claim arrives.

The LION POV

Here's how we're advising clients:

• Audit tail policy exclusionary language now. Look for broad "arising out of" formulations that could allow a tail insurer to deny coverage based on any post-closing allegation. Negotiate these down to conduct-specific triggers, not allegation-based triggers.
• Map the interaction between tail and go-forward policies before signing. Identify the precise cutoff dates, the scope of each policy's exclusions, and where overlapping or conflicting provisions create denial pathways. If both policies can deny the same claim, you have a straddle gap.
• Negotiate straddle claim definitions into your tail endorsement. The most effective protection is a negotiated provision that explicitly defines straddle claims and commits the tail insurer to coverage. Complex to negotiate. Worth every hour.

In a market where M&A volumes are surging and carriers are tightening exclusion language, the straddle gap represents one of the most significant unaddressed exposures in financial institution D&O programs.

Want to discuss how your tail and go-forward policies interact? Contact LION Specialty for a confidential review before your next transaction.

Does M&A Create a "Stepping Stone" to Personal Liability?

Summary
​
Every M&A deal now creates a cybersecurity gap.

The acquiring company assumes one risk posture. The target operates with another. The distance between what both sides believe about their security and what actually holds up under scrutiny is what practitioners call the "cyber delta." Legacy systems carry the highest risk. Everyone assumes its because they're old! But it's actually just because no one fully understands them anymore.

Unpatched servers, outdated middleware, forgotten databases, unsupported operating systems.

Traditional due diligence frequently overlooks this kind of technical debt. Add compliance inherited by acquisition, maturity misalignment between the two security teams, and the compressed timelines that define deal execution, and the exposure window widens fast. Adversaries know this.

Regulatory transitions, system integrations, and data migrations create exactly the kind of disruption attackers exploit. And regulators have made clear they expect cybersecurity to be a board-level agenda item — especially during corporate transitions.
​
(sources: CIO.com, JSM / Johnson Stokes & Master)

So what?

Here's where it could connect to your D&O program...

A growing legal doctrine called "stepping stone liability" holds that when a company breaches cybersecurity or data protection regulations, that corporate violation becomes the stepping stone to personal director liability. The concept originated in Australian corporate law, where ASIC has pursued directors under Section 180(1) of the Corporations Act for failing to prevent company contraventions.

The FTC has taken similar action in the US. UK and Hong Kong regulators have issued explicit guidance that cyber risk is a board-level responsibility. The sequence is straightforward. A breach surfaces during or after a transaction. The company is found to have violated data protection or cybersecurity regulations — perhaps inherited from the target, perhaps from integration failures.

Regulators then ask whether the board fulfilled its duty of care. If directors failed to implement cyber risk management, didn't stay informed about threats, or neglected compliance obligations during the deal, the company's regulatory breach becomes the basis for personal claims against them.

For financial institutions engaged in M&A, this creates a compounding exposure.

The bump-up exclusion may not cover your deal settlement. Your tail and go-forward policies may leave straddle claims uncovered. And now, a cyber breach tied to the transaction could expose individual directors to personal liability — with the adequacy of your D&O program determining whether that liability is insured.

The cyber delta is a technology problem. And now it's a governance problem too with potential D&O consequences. Directors who treat cyber due diligence as a late-stage checkbox are potentially accepting personal risk they may not be able to transfer.

The Bottom Line

The bump-up exclusion was the D&O market's bright line on M&A risk for two decades. Harman blurred it. The straddle gap was always there, hiding in the architecture between tail and go-forward policies. And now the cyber delta adds a third dimension: personal director liability when a breach surfaces during or after a deal.

Three coverage gaps. One transaction. Boards that address all three before the next deal (not after) will be positioned ahead of peers who wait.

In Case You Missed It!

Friday is for market signals. Wednesday is for structural intelligence, insider to insider. This week's Wednesday Intelligence detoured from our miniseries on deepfakes with a special ALERT!

Anthropic released Claude Code Security. An AI-powered code scanning tool that found 500+ vulnerabilities in production codebases that survived decades of expert review. That matters for your board because AI security tools are quietly resetting the standard of care. Carriers writing cyber and tech E&O are going to start asking whether insureds use AI-powered code scanning the same way they ask about MFA and EDR today.

If your institution builds or maintains custom applications, this changes your renewal conversation.

We also put together a one-page AI Security Standard-of-Care Checklist — 10 questions your board should be asking before your next renewal. Reply "AI CHECKLIST" and we'll send it over.

[Listen here / Read here]
​
​Thank you for reading today's edition!

Want to share this edition via text, email or social media? Simply copy-and-paste the link below:

​http://lionspecialty.ck.page/mergers-acquisitions-are-blowing-insurance-up-and-every-fi-deal-is-in-the-blast-radius

And if this briefing was forwarded to you, subscribe directly here.
​
​Stay Covered Out There Y'all,

TASH & FLIP

Co-Founders and Managing Partners

LION Specialty