Artificial intelligence (AI) is no longer a futuristic idea. It is already deeply embedded in products and services across every sector. Large language models generate marketing copy, underwriting algorithms set prices, and fraud‑detection tools decide which transactions to flag. Retail agents must help clients answer a critical question: Does your insurance cover AI?
Let's talk about how AI exposures fit within traditional cyber and technology Errors & Omissions (E&O) policies, why gaps are emerging, and why partnering with a specialist wholesaler broker is essential.
AI-DRIVEN LOSS SCENARIOS
AI changes the claims landscape in two ways: it becomes both a tool used by attackers and a driver of cyberattacks, social engineering scams, and professional errors and omissions. Expecting that all AI is covered under each insurance segment is not the right approach.
SOCIAL-ENGINEERING DEEPFAKE
Cybercriminals now use generative AI to mimic executives' voices and faces. We see multi-million-dollar funds-transfer fraud when an AI-generated voice clone convinces staff to wire money. Traditional cyber policies have often been silent on whether AI-enabled fraud is covered, leaving losses open to challenge. Some carriers have issued affirmative coverage grants to break that silence, while others say it's always been covered.
AI-GENERATED ERRORS + BIAS
Technology E&O insurers historically covered software bugs and service failures. AI introduces failures that do not look like traditional bugs: hallucinations, non-explainable outputs, and algorithmic bias. Standard E&O policies may not respond to claims stemming from hallucinations, model drift, or algorithmic discrimination. AI bias can trigger regulatory investigations and class actions, particularly in hiring, lending, insurance, and healthcare. These emerging liabilities require affirmative wording rather than reliance on legacy forms. Off-the-shelf SaaS wording isn't the answer, yet we regularly see these AI risks inadequately covered.
WHY CYBER INSURANCE MATTERS FOR AI
Cyber insurance was developed to cover first-party and third-party losses arising from security incidents such as data breaches, ransomware, and business interruption. It is broadly applicable across industries and pays for forensic investigation, legal defense, notification costs, data recovery, and public relations. Unlike tech E&O, cyber policies respond to attacks on an organization's networks and systems rather than product-performance failures. Cyber insurance remains a vital component of risk management as adversaries use automation and AI to scale attacks.
AI fits naturally within cyber insurance when it is the vector of a cyber incident. For example, if generative AI is used to craft more convincing phishing emails, the resulting ransomware or data-breach losses fall squarely under the purview of cyber. Some insurers are including AI-specific language in cyber policies, particularly around business email compromise. The language is meant to offer clarity, not an enhancement.
WHY TECHNOLOGY E&O MAY NOT PROTECT AI ACTIVITIES
Traditional Scope of Tech E&O
Technology E&O covers claims that a technology product or service failed to perform as promised and caused a client financial harm. It protects software developers, IT providers, and consultants against allegations of negligence, unmet service levels, or breach of contractual obligations. Typical scenarios include bugs that prevent transactions, data-migration errors, or missed implementation deadlines.
Gaps for AI-specific Failures
AI-driven products create risks that E&O policies were not designed to address. AI insurance is a specialized form of tech E&O that offers affirmative coverage for hallucinations, algorithmic bias, intellectual-property disputes, and regulatory investigations. Standard E&O policies often exclude or fail to mention these exposures, leaving coverage uncertain. Most technology E&O policies are silent on AI, creating friction in enterprise sales and investor due diligence. Companies may need to purchase separate AI-specific coverage or endorsements to close these gaps.
Overlap with Cyber Insurance + Need for Both Policies
Tech E&O covers performance failures, while cyber insurance covers security incidents. A ransomware attack that takes a platform offline is a cyber claim; a biased AI recommendation that harms a client is a tech E&O claim. Because AI introduces both performance failures and cyber-enabled fraud, organizations increasingly require both a robust cyber policy and a tech E&O program with affirmative and manuscript AI coverage.
OTHER LINES INTRODUCING AI EXCLUSIONS
AI risk is spilling beyond cyber and tech E&O into general liability, Directors & Officers (D&O), and other professional lines. The Insurance Services Office (ISO) has introduced optional endorsements, CG 40 47 and CG 40 48, that allow commercial general liability insurers to exclude bodily injury, property damage, and personal or advertising injury arising from generative AI. These endorsements mark the end of silent coverage; rapid adoption is expected, as ISO forms underpin about 82% of U.S. P&C policies.
Some carriers are adopting absolute AI exclusions, particularly in management and professional liability policies (D&O, employment practices, and fiduciary). These broad exclusions bar any claim based on a company's use of AI, including AI-generated content and inadequate governance, as well as regulatory investigations. U.S. carriers are filing AI exclusions across D&O, E&O, and general liability. We have even seen "absolute" AI exclusions that remove coverage for any claim arising from AI, as well as generative AI exclusions that name specific platforms and exclude any claim involving their use. These developments underscore why brokers must examine exclusionary endorsements across every line and seek affirmative AI coverage where available.
GROWTH OF THE U.S. CYBER INSURANCE MARKET (2019-2024)
AI risk management cannot be divorced from the broader trajectory of the cyber insurance market. The NAIC's 2025 report shows that global cyber premiums reached about $15 billion in 2024, a seven percent increase from the previous year. However, the U.S. market experienced its first decline: direct written premium (DWP) fell seven percent to $9.14 billion in 2024.1
U.S.-domiciled insurers reported $7.08 billion in DWP, down from $7.25 billion in 2023. The NAIC notes that the rapid growth phase peaked in 2021, when U.S. domestic premiums increased by 75%, but growth slowed to 1.6% in 2023 before contracting by 2.3% in 2024. Fitch Ratings later reported that the market rebounded in 2025: direct written premiums rose nearly 11% after two years of declines, driven by a roughly 34% increase in policies in force rather than higher pricing.1
The table below summarizes domestic U.S. cyber insurance premium growth using NAIC data (values rounded). Growth slowed markedly after 2022, highlighting the importance of underwriting discipline and emerging AI-driven threats.
U.S. CYBER INSURANCE PREMIUM GROWTH 1
CLAIMS EXAMPLE 1 - AI-ENABLED DEEPFAKE FRAUD
Scenario: A mid-sized manufacturer received an urgent video call from someone who appeared to be its CFO. The voice and facial mannerisms were convincing, but AI generated them. The fraudster directed the finance team to wire $250,000 to a "vendor" to secure a critical order. Only after the funds were transferred did the company realize the CFO was not on the call.
Coverage analysis: Under a typical cyber policy, funds-transfer fraud triggered by social engineering is covered only if the policy includes a social-engineering endorsement. Many cyber policies require authentication challenges to trigger coverage, leaving clients uncovered.
CLAIMS EXAMPLE 2 - ALGORITHMIC BIAS LEADS TO DISCRIMINATION LAWSUIT
Scenario: A technology company provides an AI-powered hiring platform that ranks job candidates. The algorithm learns from historical hiring data and unintentionally disadvantages women and minority applicants. A group of rejected applicants brings a class-action discrimination lawsuit alleging that the AI system perpetuated bias. Regulators also opened an investigation.
Coverage analysis: This is a classic professional liability claim. Tech E&O policies cover errors, omissions, and negligence in the delivery of technology services. However, standard E&O policies rarely address algorithmic bias. AI insurance, a specialized form of E&O, includes affirmative coverage for algorithmic bias and regulatory investigations. Without affirmative cover, the insurer is likely to argue that the claim is excluded because it relates to discriminatory outputs rather than traditional software defects. Cyber insurance would not respond because no security breach occurred. Retail agents should ensure that technology clients deploying AI have AI-specific E&O endorsements or stand-alone AI liability policies.
RECOMMENDATIONS FOR RETAIL AGENTS
- Review policy wordings for AI-specific terms and exclusions. Many carriers are revising forms; ISO endorsements can eliminate AI coverage under general liability, and absolute exclusions are emerging across D&O and professional lines. Check whether cyber and E&O policies affirm or exclude AI exposures.
- Ensure cyber policies cover social engineering and AI-enabled attacks. Coverage for funds-transfer fraud should explicitly include losses arising from AI-generated deepfakes or voice cloning.
- Layer Tech E&O and AI-specific coverage. Clients who build or deploy AI should maintain robust tech E&O coverage and consider AI insurance endorsements that address hallucinations, bias, IP infringement, and regulatory inquiries.
- Monitor developments across other lines. New endorsements and absolute exclusions in general liability, D&O, and EPL policies could create gaps. Work with a wholesaler who tracks these changes and can source coverage options that are affirmative.
- Educate clients on AI risk governance. Strong governance, bias testing, and transparency reduce claims and improve underwriting outcomes. As regulators release AI-specific rules, insurers will look for evidence of responsible AI practices.
BOTTOM LINE
AI is reshaping risk across every industry. The U.S. cyber insurance market has grown from roughly $2.3 billion in 2019 to $7.1 billion in 2024, and the first signs of premium contraction and new exclusions are emerging. Traditional tech E&O policies struggle to address AI-driven failures and discrimination claims. General liability and D&O carriers are introducing broad AI exclusions. Meanwhile, cyber insurers are retooling wordings to cover or exclude AI-enabled social engineering.
For retail agents, the question is no longer "Does my client have cyber and E&O insurance?" but "Do these policies affirmatively cover AI?" Partnering with a specialist wholesaler ensures that you can navigate emerging endorsements, source AI-specific coverage, and advise clients confidently. In a world where AI generates both innovation and risk, proactive coverage decisions safeguard your clients' businesses and your own reputation. Reach out to your CRC Specialty producer today for assistance.
CONTRIBUTOR
- Christiaan Durdaller is CRC Specialty's National Cyber + Technology Practice Director.
END NOTES
- Report on the Cybersecurity Insurance Market, NAIC, 2025. https://content.naic.org/sites/default/files/inline-files/2025_Cybersecurity_Insurance%20Report.pdf