AI exclusions are creeping into insurance: But cyber policies aren’t the issue (yet)

By Michael C. Maschke, Sharon D. Nelson, Esq., and John W. Simek

Artificial intelligence (AI) is everywhere - in legal research tools, in "smart" assistants that draft contracts, and, if we're honest, probably in that partner's suspiciously polished brief. The legal profession can't avoid it, and neither can the insurance industry. But while cyber insurers are, somewhat surprisingly, holding firm on AI risks, other key coverage lines are quietly changing - and not in your favor.

Cyber Insurers Aren't Running for the Hills
Contrary to what you might expect, cyber insurers are not panicking over AI. In fact, some are adding affirmative endorsements to confirm coverage for AI-related incidents. From their perspective, AI is less a new frontier than a turbocharged version of familiar risks. Deepfakes, social engineering, and AI-powered phishing aren't brand-new - they're just faster and harder to spot.

That's not to say the consequences aren't serious. Imagine a deepfake video of your CFO authorizing a fraudulent transfer. The financial fallout and reputational damage could be immense. However, for now, cyber insurers are signaling that they anticipated this, and coverage remains in effect.

Where The Exclusions Are Creeping
The real trouble starts outside cyber policies. Management liability, directors and officers (D&O), errors and omissions (E&O), employment practices, fiduciary, and crime coverage are all beginning to include sweeping AI exclusions.

Some of the language is alarmingly broad. A few carriers have introduced "absolute" exclusions that eliminate coverage for "any actual or alleged use, deployment, or development of Artificial Intelligence." That's not a scalpel; it's a sledgehammer.

Consider the implications:

• A discrimination case involving an AI résumé screening tool? Excluded.
• A negligence claim tied to an AI-driven contract review platform? Excluded.
• A fiduciary duty allegation that a board failed to oversee AI risks? Also excluded.

Even routine disputes could devolve into arguments about whether AI played a role. The net effect is to shift risk back onto firms and their clients - often without their awareness.

Why Lawyers Should Pay Attention
Lawyers need to look at this from two angles. First, as business leaders, your own firm's policies may already contain AI exclusions you haven't noticed. Second, as advisors, clients will expect you to spot these risks in their coverage. Missing them is an easy way to damage both trust and credibility.

We've seen this movie before. "Silent cyber" risk crept into property and liability policies, sparking disputes about whether losses were covered. Over time, insurers responded with exclusions and clarifications. AI appears to be on the same path - only the exclusions are emerging faster and with less precision.

What To Do About It
Here's how firms and their clients can stay ahead:

• Review policies carefully. Don't assume your existing D&O or E&O coverage includes AI-related events. Look for exclusionary language, especially vague or undefined terms.
• Push for clarity. If an exclusion exists, negotiate definitions. What exactly counts as AI? A predictive text feature? A chatbot? The less defined the term, the more room for denial.
• Explore affirmative options. Some insurers are beginning to offer endorsements or new products to cover AI-related risks. If your firm or clients rely heavily on AI tools, these are worth investigating.
• Collaborate with brokers and risk managers. They're often the first to spot emerging exclusions and can help secure coverage that matches your operations.

Remain Calm and Vigilant
The good news is that cyber insurance remains a reliable option. The bad news is that exclusions are creeping across other policies - and they're being drafted broadly enough to cause serious problems down the road.

So no, you don't need to panic. But you do need to pay attention. These exclusions aren't hypothetical; they're already appearing. Unless you're proactive, you may discover that the very AI tools making your firm more efficient are also the reason your insurance claim gets denied.

Bottom line: review your coverage this quarter for your firm, and before AI exclusions creep any further.

About the authors:

Michael C. Maschke is the president and chief executive officer of Sensei Enterprises, Inc. Mr. Maschke is an EnCase Certified Examiner (EnCE), a Certified Computer Examiner (CCE #744), an AccessData Certified Examiner (ACE), a Certified Ethical Hacker (CEH), and a Certified Information Systems Security Professional (CISSP). He is a frequent speaker on IT, cybersecurity, and digital forensics, and he has co-authored 14 books published by the American Bar Association. He can be reached at [email protected].

Sharon D. Nelson is the co-founder of and consultant to Sensei Enterprises, Inc. She is a past president of the Virginia State Bar, the Fairfax Bar Association, and the Fairfax Law Foundation. She is a co-author of 18 books published by the ABA. [email protected].

John W. Simek is the co-founder of and consultant to Sensei Enterprises, Inc. He holds multiple technical certifications and is a nationally known digital forensics expert. He is a co-author of 18 books published by the American Bar Association. [email protected].

The Iowa State Bar Association (ISBA) knows that artificial intelligence is reshaping the future of law-and raising important questions along the way. This fall, don't miss the ISBA's six-part AI Training Series and special programs, including the Digital Defense webinar with CNA insurance representatives on December 8. These timely offerings are designed to give you the knowledge, tools, and practical insights you need to stay ahead in a rapidly evolving legal landscape.

VIEW ISBA EVENTS

Visit the Iowa Bar Blog for more news.