Listen to this post

Introduction

Cryptocurrency isn’t just for tech startups and X (formerly Twitter) enthusiasts anymore. Mainstream corporations are increasingly forced to consider Bitcoin—the undisputed “king” of crypto—and other investments into digital assets whether they are on board or not. Some, like Tesla and MicroStrategy (now rebranded as “Strategy”), have already poured billions into Bitcoin. Others, like Microsoft and Amazon, have fielded recent shareholder pushes to invest, while companies like GameStop are proactively positioning themselves to invest in Bitcoin and other crypto-related assets through updated, crypto-friendly investment policies. And with regulators starting to soften—think legal shifts and the White House’s recent announcement of a U.S. strategic crypto reserve—justifying a “no” might get tougher.

But whether a company “hodls” (crypto slang for holding an asset long-term) or “folds,” there are insurance and liability risks either way.

  • Reject Bitcoin? Shareholders could claim you failed to act in their best interest, and your directors and officers (D&O) insurers might leave you hanging.
  • Invest in Bitcoin? A cyberattack could wipe out your digital assets, and your crime or cyber insurer may deny coverage.

As recent legal and corporate developments show, companies need to think beyond the investment decision itself and assess the insurance-related implications of their decision to invest (or not invest) in Bitcoin, as well.

The Risk of Saying No: Could Shareholders Sue for Missing Bitcoin Gains?

Most boardrooms don’t associate Bitcoin with D&O insurance, but recent events suggest they should. For example, in December 2023, gaming retailer GameStop approved a policy authorizing CEO Ryan Cohen and a small committee of other executives handle the company’s securities investments—including in digital assets like Bitcoin. In November 2024, the National Center for Public Policy Research (NCPPR) pressed Microsoft to assess if Bitcoin could benefit its $484 billion in assets, mostly tied up in bonds and securities that the NCPPR said “barely outpace inflation.” The proposal urged a study on whether diversifying with Bitcoin would best serve shareholders’ long-term interests, arguing boards might have a fiduciary duty to consider a Bitcoin investment despite its short-term volatility. While Microsoft ultimately rejected the proposal, the retail giant Amazon is now facing a similar push. In December 2024, Amazon shareholders proposed allocating 5% of the company’s assets to Bitcoin.  The proposal is awaiting a vote in April.

Historically, companies like Microsoft and Amazon could cite regulatory uncertainty as a reason to avoid Bitcoin. But with a friendlier U.S. regulatory stance taking shape—including the DOJ’s recent dismissals of their legal cases against crypto exchanges Coinbase and Gemini, increased political support for the industry, and the White House preparing to host its first-ever “Crypto Summit” later this month where it will announce the creation of a national strategic crypto reserve that will house billions of dollars worth of Bitcoin and other large-cap cryptocurrencies—Bitcoin’s legitimacy as a corporate asset could become an issue. As crypto regulation stabilizes, corporate boards may begin to encounter scrutiny over whether they are responsibly considering Bitcoin as an investment option.

This recent shift in corporate and regulatory sentiment towardsBitcoin raises an important question: If Bitcoin’s value rises and a company chooses to stay out, could shareholders claim the board failed in its fiduciary obligations, and, if so, would the company’s insurance program provide protection?

This risk isn’t hypothetical. Bitcoin has surged over 50% just in the past year.  And its decade-long haul has been nothing short of staggering, rising from around $200-$300 in 2015 to peaks over $100,000 earlier this year—a gain of as much as 30,000%-40,000%. Even NVIDIA, one of the best-performing stocks of the era, has returned an estimated 25,000%-30,000%, making it one of the only public assets to come close—yet Bitcoin still edges it out.

While there has not (yet) been any reported litigation challenging a company’s decision not to invest in Bitcoin or other crypto-related assets, shareholders may begin to argue that a company’s refusal to consider a Bitcoin investment improperly disregarded significant potential benefits and undermined shareholders’ best interests. And while the strengths or weaknesses of their case could be debated, these recent instances of shareholder activism over investments in Bitcoin indicate that a lawsuit could be brought. If it is, the company will almost certainly want insurance coverage to defend against such allegations.

So, could a D&O policy cover a shareholder lawsuit alleging the board mismanaged corporate assets by rejecting Bitcoin? Notably, there is no standard form from the Insurance Services Office (ISO) for D&O insurance policies, and many such policies are manuscript—meaning they’re specifically drafted or tailored for an individual insured. Thus, while most D&O policies follow a general structure, and typically provide coverage for shareholder lawsuits alleging breach of fiduciary duty, the policy language can vary significantly between insurers and even between individual policies. Some policies may exclude claims involving speculative investments or financial decisions, which could be relevant in a Bitcoin-related lawsuit. Others may expressly exclude cryptocurrency-related claims altogether. If your company is fielding Bitcoin-related shareholder proposals or considering investment policy shifts to more freely allow investments in digital assets, it may be time to closely review your D&O policy language to ensure proper coverage for digital-asset-related investment decisions.

The Risk of Saying Yes: If You Buy Bitcoin, Can You Insure It?

For companies that do invest, the next challenge is securing those assets—and that’s where things get tricky. Saying “yes” to Bitcoin might juice your balance sheet, but it’s a magnet for thieves and scammers—and your crime or cyber insurers might not have your back. Just last month, crypto exchange ByBit lost $1.5 billion worth of the cryptocurrency Ethereum to an alleged North Korean hack, proving that even “secure” cold wallets (offline storage mechanisms) aren’t immune.

Crypto exchanges aren’t the only targets—corporate treasuries holding crypto are in the crosshairs too, and the losses sting just as bad. In December 2024, Web3 firm Hooked Protocol lost $9 million when hackers exploited a smart contract vulnerability. And in 2021, meatpacking giant JBS paid an $11 million Bitcoin ransom to regain access to its systems after a cyberattack—not a theft of corporate-owned crypto, but a forced payout from company funds. As more non-crypto-native companies move Bitcoin onto their balance sheets—just recently, three U.S.-based biotech firms each publicly pledged to buy $1 million worth—bad actors will be taking note.

So, can your cyber or crime policy cover Bitcoin theft? Cyber insurance might handle hacks or ransomware, but crypto? Policies built for data breaches may exclude “digital assets” or “speculative investments,” potentially leaving stolen Bitcoin uncovered. Crime insurance is better suited—think employee theft or third-party fraud—but many still define “money” as cash or traditional securities, not digital assets like Bitcoin. Social engineering scams (e.g., a CFO tricked into sending Bitcoin to a scammer) might slip through, too, unless you’ve got an endorsement for that.

Custody is another critical factor. If you hold Bitcoin in-house (whether in “hot” or “cold” storage), coverage might apply if “cryptocurrency” is explicitly listed as covered property. Store it with a third party, like Coinbase? Look for coverage for custodial losses. Additionally, insurers often impose exclusions and limitations that could restrict coverage. For example, “voluntary parting” (e.g., sending crypto to a scammer, even if duped) or “unsecured systems” (e.g., failing to implement multi-factor authentication) can endanger coverage. Insurers also hate crypto’s volatility—some cap payouts at the theft-day value, not a later cycle high.

As more companies explore Bitcoin investments, it’s critical to review existing cyber and crime policies to determine whether digital assets are adequately covered. Specialty crypto insurance products are emerging—offered by providers like Evertasand Coincover—but they’re far from standard. For now, companies holding Bitcoin should assume there are gaps in coverage unless their policy explicitly says otherwise and should take action to protect their risks accordingly.

So, What’s the Play? Insurance Takeaways for Corporate Policyholders.

Bitcoin presents a double-edged risk—whether a company invests or not, there’s exposure on both the D&O and cyber/crime insurance fronts.

Here’s what policyholders should do:

  • If you’re rejecting Bitcoin: Review your D&O coverage to ensure it would respond to shareholder suits alleging mismanagement of investment strategy over digital assets, like Bitcoin.
  • If you’re investing in Bitcoin: Review your cyber and crime policies for coverage gaps—especially regarding digital asset theft, exchange insolvency, and fraud.

Bitcoin isn’t just an investment decision—it’s a liability and insurance minefield. Whether your company hodls or folds, the right coverage makes all the difference.

Listen to this post

This is the first in a series of discussions about insurance issues unique to the Lone Star State.

For nearly a century, the Stowers doctrine has been a critical cornerstone of Texas insurance law protecting insureds facing the threat of a nuclear verdict. This doctrine, named after the seminal 1929 case G.A. Stowers Furniture Co. v. American Indemnity Co., is both a powerful sword for plaintiffs – allowing them to recover damages exceeding the available insurance limits – and a shield for insureds – shifting the risk of an excess judgment to the insurer. But obtaining Stowers protection can be a challenge for defendants with multiple layers of coverage.

Under the Stowers doctrine, an insurer faced with a settlement offer within policy limits must accept the offer if “an ordinarily prudent insurer would do so” (G.A. Stowers Furniture Co., 15 S.W.2d 544, 547 (Tex. Comm’n App. 1929)). If the insurer rejects that offer, the insurer is liable to its insured for the resulting judgment – even if that judgment exceeds the insurance policy limits. Stowers liability is based on the premise that it is usually the insurer, not the insured, who has the power of the purse and therefore control over both settlement and defense of the case, as provided in a standard form commercial general liability policy.

In the common circumstance of a single insurer with a single policy, the risk of Stowers liability is clear. The insurer controls settlement discussions and bears the corresponding Stowers risk. For example, standard form ISO commercial auto policies (CA 00 01 11 20), CGL polices (CG 00 01 04 13), and cyber liability policies (CY 00 02 11 21) all cede control of both defense and settlement to the insurer. Any proper Stowers demands made within the policy limits of these policies raise the specter of excess exposure for the insurer. But what if there are multiple insurers, such as an umbrella or excess insurer? Under standard form ISO commercial umbrella (CU 00 01 04 13) and excess policies (CX 00 01 04 13), the insurer can only take control of defense and settlement once the underlying limits have been exhausted. The interplay between the duties of the primary and umbrella/excess insurers can put insureds at risk.

Let’s use a basic $3 million, three-layer insurance program as an example. Insurer A provides coverage for the insured’s first $1 million in liability, Insurer B covers the second $1 million under an umbrella policy, and Insurer C covers the final $1 million under an excess policy – for a total of $3 million in liability coverage. A wrongful death claimant sues the insured, alleging liability within the limits of all three policies, and makes a settlement demand against the insurers for $3 million. Are the three insurers in this hypothetical subject to Stowers liability?

The insurers may contend that Stowers does not apply if they do not agree on settlement strategy. The Stowers doctrine rests on the premise that an insurer confronted with a properly made Stowers demand controls the decision to settle, and accordingly should be held to account for an unreasonable refusal to do so. In the hypothetical above, the insurers may disagree on strategy and, as a result, contend that none of them controls the settlement. Insurers A and B may wish to accept the settlement offer, but both are powerless to accept the full $3 million demand unless Insurer C also agrees. Furthermore, Insurer C may argue that its policy is not implicated until Insurer A’s and Insurer B’s policy limits are exhausted by payment of judgment or settlement. Insurers will cite case law suggesting that Stowers liability does not attach in this scenario. See, e.g., AFTCO Enterprises, Inc. v. Acceptance Indem. Ins. Co. 321 S.W.3d 65 (Tex. App. 2010). But relieving all three insurers of their Stowers obligations would effectively eliminate the critical protection Stowers provides — leaving the insured exposed to a potentially nuclear verdict arising from the insurers’ collective refusal to settle. This outcome would be particularly perverse given that only relatively high-value claims implicate multiple layers of insurance.

Insureds can turn to a federal district court case, Pride Transp. v. Cont. Cas. Co., 804 F.Supp.2d 520 (N.D. Tex. 2011), as a solution. Pride provides a guidepost for how umbrella and excess insurers can still be held to their Stowers obligation if the lower insurers tender their policy limits to the excess insurers. Interestingly, Pride is the reverse of the prototypical Stowers case, as it involved the insurer arguing that its Stowers duties were triggered and the insured arguing that no Stowers duty existed. Pride involved an auto accident where the owner of the at-fault vehicle, Pride Transportation, was insured by a $1 million primary policy and a $4 million excess policy. The underlying plaintiff made a Stowers demand against Pride’s driver for $5 million – the combined limits of the primary and excess policies. Pride demanded that its primary insurer (Continental) tender its limits to its excess insurer (Lexington) – which Continental did. Lexington then settled the claims against Pride’s driver for the full $5 million limits of both insurance policies. After settling the claims against the driver, Lexington withdrew its defense of Pride, and Pride’s exposure was left uninsured. Pride sued Continental and Lexington for breach of contract, arguing in part that the insurers had no duty to accept the $5 million demand against Pride’s driver because the demand did not impose Stowers liability. Relying on AFTCO, Pride argued that there could be no Stowers liability where the demand exceeded each individual policy’s limits. The court rejected this argument, reasoning that, because Continental had tendered its limits to Lexington, Lexington could unilaterally accept the $5 million demand, triggering Lexington’s Stowers duty (804 F. Supp. 2d at 529-530). 

So, what are the practical implications for a Texas insured covered by a multi-layer insurance tower? Once a claim has been made, an insured faced with a Stowers demand that implicates multiple layers of its insurance tower should demand that the lower-tier insurers tender their limits to the highest insurer. The highest insurer, now in complete control of the settlement – and therefore now subject to Stowers liability – may find itself open to a settlement it previously rejected.

While the excess insurer may not be contractually bound to accept the tender of the lower-level policy limits, Stowers liability may attach even if the excess rejects the tender. As the Texas Supreme Court has noted, Stowers liability can arise from “the insurer’s control over settlement” – not just from the insurer’s formal duty to defend (Rocor Intern., Inc. v. National Union Fire Ins. Co. of Pittsburgh, PA, 77 S.W.3d 253, 263 (Tex. 2002)). Once the primary insurer tenders its limits to the excess insurer and cedes control of settlement negotiations to the excess insurer, the excess insurer would have the sole and unilateral ability to settle the case within its policy limits – which is the hallmark of Stowers liability – regardless of whether the excess insurer exercises that control. Furthermore, an excess insurer who refuses to exercise the settlement authority provided by the lower-level insurers could also be pursued by those same lower-level insurers (in addition to the insured) should an excess verdict result.

In sum, Texas policyholders faced with a Stowers demand should demand that their insurers tender the limits to the highest excess insurer in play and then demand that the excess insurer settle the case or face Stowers liability. Doing so will increase the possibility that the insurer – not the insured – bears the risk of an excess verdict.

Listen to this post

The foundation of a policyholder’s agreement to pay premiums for a standard commercial general liability policy (CGL) is the insurer’s agreement to defend the policyholder against lawsuits and shoulder the costs of the defense. The insurer has “the right and duty to defend any ‘suit’” containing any allegation that potentially falls within the policy’s coverage. In other words, the insurer has agreed to defend the entire suit, even if it also includes non-covered claims. But along with that duty, the insurer has the valuable right to control the defense and use its resources to combat a finding of liability against the policyholder that would trigger its duty to indemnify. (Note that an insurer may have a conflict of interest in a “mixed action” alleging both covered and non-covered claims, requiring the insurer to pay for the policyholder’s choice of independent counsel, which we’ve covered previously.)

What a standard CGL does not give the insurer the right to do is seek recoupment of defense costs. Period. Yet insurers often attempt to do just that if it is later determined (usually through a declaratory judgment action) that none of the claims in the suit was covered.

Reserving a Non-Existent Right Doesn’t Make It So

In a mixed action or when potential coverage is doubtful, the insurer is obligated to reserve the right to later deny coverage and explain the reservation to the policyholder. These so-called reservation-of-rights letters may also include the insurer’s assertion of a “right” to seek reimbursement of defense costs for claims ultimately determined to be non-covered, including those claims with the potential for coverage that triggered the defense duty in the first place.

Despite the absence of any such right in the wording of the insurance contract and lack of additional consideration, some courts, most notably in California, have upheld a right of recoupment based on the equitable doctrines of implied-in-fact contract and unjust enrichment. Their theory is that the policyholder (1) could have objected to recoupment and instead impliedly consented to that condition by accepting the defense, or (2) was unjustly enriched because it ultimately turned out the insurer had no defense duty.

These rationales turn the insurer’s broad duty to defend on its head, permitting insurers to retroactively narrow the CGL’s principal benefit to policyholders. The result is certainly not equitable given that insurers could readily resolve the issue by amending policy wording to specifically enshrine a right to recoupment. Fortunately, the number of courts rejecting insurers’ recoupment arguments now predominates, perhaps in part due to the American Law Institute’s position in the Restatement of the Law of Liability Insurance that recoupment is unavailable absent an express right in the policy itself.  

When a CGL insurer elects to defend a claim subject to a reservation of rights, policyholders should challenge unwarranted assertions of a right to recoup defense costs as nothing more than a unilateral attempt to diminish the very benefit the insurer agreed to provide.