Artificial intelligence is transforming how businesses operate—driving efficiency, innovation, and competitive advantage. But as organizations lean more heavily on AI, they’re also opening the door to a new generation of cyber risks. From deepfake fraud to AI-powered phishing, the threat landscape is evolving quickly—and the cyber insurance market is racing to keep up.
A New Risk Landscape Emerges
AI has become a powerful tool not only for businesses, but for cybercriminals. Attackers are now using AI to automate and scale social engineering campaigns, create highly convincing phishing messages, and even replicate voices or identities through deepfake technology. These increasingly sophisticated attacks are harder to detect and can lead to significant financial and reputational damage.
At the same time, AI introduces entirely new types of risk. Errors in AI-generated outputs, manipulation of training data (such as data poisoning), and regulatory challenges around AI use all present exposures that didn’t exist just a few years ago. As a result, organizations face a more complex and unpredictable cyber risk environment than ever before.
The Limits of Traditional Cyber Policies
Most cyber insurance policies in force today were designed before AI entered the mainstream. This creates a gray area often referred to as “silent AI exposure,” where policies neither clearly include nor explicitly exclude AI-related risks.
On the surface, broad policy language may appear to cover AI-driven incidents. However, many AI-related losses don’t fit neatly into traditional definitions of cyber events. For example:
- AI-generated errors may not trigger standard coverage provisions
- Manipulation of AI systems, like data poisoning, may not align with existing policy triggers
- Autonomous decision-making by AI tools could blur liability lines
This ambiguity can lead to uncertainty during claims, making it unclear whether coverage applies. As real-world claims begin to emerge, insurers are gaining insight into these gaps—and moving toward more explicit policy language.
Why Insurers Are Paying Close Attention
For insurers, AI presents a fundamental challenge: it’s difficult to quantify risk without historical data. Because AI-related incidents are relatively new, there’s limited information on how often losses occur, how severe they might be, or whether events could create widespread (systemic) impacts.
Despite this uncertainty, the market is already responding. Insurers are:
- Increasing underwriting scrutiny at renewal
- Asking more detailed questions about AI use
- Exploring new exclusions or limitations for AI-related losses
Some industry organizations have also begun introducing endorsements that allow insurers to exclude generative AI-related claims under certain policies. While these changes are still evolving, they signal a broader shift toward more defined and deliberate risk treatment.
How Policy Language Is Evolving
Although cyber insurers have been slower than other lines to address AI explicitly, that is beginning to change. Policy language is gradually adapting to address emerging exposures such as:
- Deepfake and impersonation fraud
- AI-related regulatory and compliance risks
- Intellectual property and copyright concerns tied to AI outputs
Some insurers are narrowing coverage or adding exclusions, while others are taking the opposite approach—offering affirmative coverage for specific AI-related risks like data poisoning or liability from automated decisions.
At the same time, a small but growing number of standalone AI insurance products are entering the market. These policies aim to fill gaps but may overlap with existing cyber or technology errors and omissions (E&O) coverage.
The Challenge of Defining “AI”
One of the biggest obstacles facing insurers is something surprisingly basic: there’s no universal definition of “artificial intelligence.”
If definitions are too narrow, they risk becoming obsolete as technology evolves. But if they’re too broad, they may unintentionally exclude claims where AI played only a minor role. There’s also concern that overly broad exclusions could extend beyond a company’s own systems to third-party platforms—something that’s increasingly problematic given how widely AI is embedded in everyday business tools.
This lack of consistency means insureds may face more detailed questioning about their use of AI during renewals, as insurers try to better understand and evaluate exposure.
What Businesses Should Do Now
As AI continues to reshape the cyber risk landscape, businesses can’t afford to take a passive approach to insurance. Instead, organizations—and their brokers—should take proactive steps to ensure proper coverage:
- Review policies carefully
Look closely at renewal terms and endorsements, paying attention to language like “machine learning,” “automated output,” and “generative AI.” - Evaluate coverage across policies
Coordinate a review of cyber, technology E&O, and management liability policies to identify potential gaps or overlaps. - Engage with insurers
Don’t assume coverage—ask carriers directly whether AI-related risks are included, excluded, or limited. - Map and document AI use
Understand where and how AI is used within your organization. Strong documentation and governance practices can improve underwriting outcomes and reduce risk.
The Bottom Line
AI is reshaping cyber risk at a rapid pace—and the insurance market is still catching up. As policies evolve and underwriting becomes more rigorous, organizations that understand their AI exposures and actively manage them will be better positioned to secure effective coverage.
For guidance on navigating these changes, contact Horst Insurance to learn more.
