Insurers Scramble to Cover AI Risks as Businesses Accelerate Adoption
The insurance industry is splitting coverage as businesses rapidly deploy artificial intelligence systems, leaving gaps in protection that could expose companies to significant financial losses.
Sixty percent of workers now have access to approved AI applications, up from 40% at the start of 2025, according to Deloitte's latest survey of 3,200 businesses. Yet security and governance have not kept pace. Only 21% of companies have developed mature AI governance models, even though 74% plan to deploy agentic AI - systems that can take autonomous actions with minimal human oversight.
This mismatch creates a coverage problem. Traditional cyber insurance policies are being rewritten to exclude AI-caused damage. Tech errors-and-omissions coverage and cyber policies are absorbing the risk instead. Some insurers have created dedicated AI liability policies, though the market remains small.
Claims Are Already Rising
Resilience, a cyber insurance provider, has seen an increase in claims tied to AI in 2025. The company attributes part of this rise to attackers using AI to improve phishing lures and accelerate their operations.
Maria Long, chief underwriting officer at Resilience, said the company is separating AI risks from traditional cyber risks to create appropriate coverage. "Our current policies inherently cover AI exposure since they do not distinguish the manner of attack but rather the outcome, like business interruption, fraud, and data breach," she said. "But we also know that AI is evolving rapidly, and lumping AI-related issues with traditional cyber claims won't always work."
The Agentic AI Problem
Agentic AI poses the most serious risk. These systems can take actions they were not intended to take - deleting data, authorizing incorrect transactions, or causing other business losses - before human oversight catches the error.
Gerry Glombicki, head of cyber risk at Fitch Ratings, said the risks depend heavily on the application and whether the AI explains its decisions. An HR AI agent that filters resumes without transparency could expose a company to discrimination lawsuits.
"AI risk becomes extremely bespoke very quickly," Glombicki said.
Michael von Gablenz, head of the Insure AI team at Munich Re, said insurers must address a fundamental problem: when AI makes mistakes, hallucinates, discriminates, or generates infringing content, the financial consequences fall on the business using the system.
"Insuring the errors of an AI model addresses one of the most fundamental risks of AI," von Gablenz said. "It provides financial protection to an AI user if an AI does not act in the way it was envisioned to do."
Coverage Gaps Create Legal Exposure
Whether an incident is covered often hinges on policy language. If a risk is neither explicitly excluded nor affirmed, insurers call it "silently affirmed" - a gray area that leaves legal liability unresolved.
Long said determining whether AI was the delivery method for a threat or the source of risk itself will become more prevalent as policy language evolves. An attack like prompt injection that causes business interruption might be covered by cyber insurance. Financial losses from incorrect AI responses might fall under tech E&O coverage.
Munich Re does not cover AI models that predict stock market prices because those risks fall outside the company's risk appetite.
Governance Must Come First
Businesses should conduct a comprehensive assessment of AI exposure across three areas: AI-enabled cyberattacks, shadow AI used by employees without approval, and errors from company-approved AI tools.
Glombicki said strong governance systems are essential. The audit trail they create helps companies investigate AI incidents and determine accountability when something goes wrong. "Was it the employee who did it? Was it Claude who did it? Was it something else? Who is ultimately accountable for its actions?" he said.
Companies should discuss their insurance policies before deploying AI widely. Without clarity on coverage, businesses risk accepting the default: self-insurance.
"Adding unknown risks at scale is usually the recipe for disaster," Glombicki said.
Long said insurers work with clients to understand their risk and recommend mitigations most likely to lower it, rather than requiring specific controls. The goal is to reduce exposure before an incident occurs.
Learn more about AI for Insurance and Generative AI and LLM systems to understand the risks your organization faces.
Your membership also unlocks:
