Viewpoint: Are You Covered for AI Risks?

November 8, 2024 by and

You can’t go anywhere without hearing about the impact of generative artificial intelligence on … well, everything. The insurance industry is not immune from these impacts; it has been affected by AI in countless ways – from the use of AI in underwriting and claims processing and handling to a growing need to ensure that policies adequately respond to the minefield of risks policyholders will face when utilizing AI in their business operations. The latter is the subject of this article.

Most businesses are insured under a program of insurance policies, through which separate policies such as commercial general liability (CGL), directors and officers (D&O), professional liability (E&O), employment practices liability (EPLI), cyber, and property, provide coverage for certain types of claims that fall within each policy’s ambit. As AI becomes more integral to the way companies do business, policyholders need to determine whether their patchwork of policies protects them from their AI risks. Different types of policies that could provide coverage for claims arising out of the use of AI are outlined below. These examples are offered only as generalizations, as policy language often differs.

  • CGL: A CGL policy provides coverage for a business’s liability to third parties resulting from bodily injury, property damage, or personal/advertising injury that are caused by accidents. Advertising injury claims include claims for copyright infringement, trade dress infringement, slogan infringement, and misappropriation of advertising ideas. A CGL policy could provide coverage for certain intellectual property claims, including claims that generative AI output inadvertently infringed and used copywritten materials, trade dress infringement, and slogan infringement.
  • D&O: D&O policies typically cover the costs of claims made against a company or its directors, officers, managers, and board members arising out of their decisions or actions. In the AI context, D&O risks include things like claims arising out of companies’ representations relating to its AI capabilities (AI washing) and shareholder and derivative actions regarding companies’ misuse of AI in employment or data privacy. A D&O policy could provide coverage for claims against directors and officers involved in corporate decision-making relating to a company’s adoption and implementation of an AI strategy.
  • E&O: E&O insurance (also referred to as professional liability insurance) provides coverage for claims arising out of the provision of professional services by policyholders such as accountants, architects, financial advisors, and health care professionals. An E&O policy could provide coverage for claims arising out of any professional’s use or reliance on AI in performing their professional duties. For example, if a financial services company uses AI to balance investor portfolios but the AI errs because of improper algorithms or lack of human oversight, an E&O policy could provide coverage for resulting claims.
  • EPLI: EPLI policies typically provide coverage for a wide variety of employment-related claims, including claims of discrimination, wrongful termination, and harassment. If your company utilizes AI to screen or rank candidates in the hiring process, but the AI system inadvertently introduces bias or discrimination into that process, an EPLI policy could cover resulting discriminatory or unfair hiring claims.
  • Cyber: Cyber policies vary widely, but typically provide coverage for third-party liabilities resulting from data breaches and privacy concerns, as well as first-party incident response costs incurred to investigate a cyber attack, accomplish digital asset restoration, and take proactive measures such as required notifications. A cyber policy could provide coverage when a company’s AI system is hacked and private information is exposed, or “data poisoning” attacks that attempt to infiltrate a company’s AI system to affect the algorithms.
  • Property: Property insurance policies typically protect a business’s physical property as well as the costs of business interruption when physical property is damaged or destroyed. A property policy could provide coverage for loss or damage to a company’s physical assets when AI is hacked and (for example) industrial control systems are manipulated to cause physical damage. A property policy could also provide coverage for loss or damage to a company’s facilities used to store AI software (e.g., a data center), the AI software itself, as well as resulting business income losses when business is interrupted as a result of the physical damage to the physical AI assets.

Although these policies could potentially provide coverage in the event of an AI-related claim, policyholders should be wary of electronic data, cyber, and AI exclusions, or exclusionary definitions, that insurers may rely on to deny coverage for AI-related risks.

Policyholders should also be aware of new state laws that attempt to regulate AI, and whether violation of those laws impacts coverage that may otherwise be available. For example, Colorado enacted legislation to address “algorithmic discrimination” in AI systems (SB24-205), which takes effect in 2026. Many policies include exclusions for intentional criminal or wrongful acts, but it is unclear at this time whether violation of these types of state laws, intentionally or negligently, will trigger policy exclusions.

As the corporate use of AI becomes more widespread, business leaders should be proactive in assessing their company’s AI exposure and the potential coverage issues under existing policies. First, you should identify every way in which your business relies on AI and all representations your company makes about its use of AI and AI capabilities. Second, you should analyze the potential types of claims that might arise from your specific uses of AI. Finally, you should work with your broker and/or attorneys to thoroughly review your insurance policies to minimize any potential coverage issues or gaps for AI-related liabilities.

[inline-ad-1]