AI is changing underwriting, but not enough for a standalone policy – yet

The real challenge with AI is knowing what you don’t know, says BOXX Insurance expert

As artificial intelligence reshapes the business landscape, insurers are facing a rising tide of risk that doesn’t behave like traditional tech exposures. While the market for AI insurance is still in its early stages, the liability questions emerging are already proving complex – and much of that complexity starts with how AI systems are built, trained, and deployed.

Phil Baker (pictured) chief underwriting officer at BOXX Insurance, said the difficulty of underwriting AI comes down to the fact that much of the technology remains opaque – even to those who develop it.

As an industry, we’re still learning about AI, what it can and can’t do, and it’s ultimately a black box system in a lot of cases,” he said. “So companies may not know exactly what they’re going to get when they’re using AI tools or developing those tools.”

That unpredictability introduces what Baker calls the “unknown unknowns” of artificial intelligence – risks that are hard to define, and harder still to insure.

Underwriting starts with data exposure

When assessing liability risks tied to AI systems, Baker said BOXX approaches it the same way they would any risk – by focusing first on the controls in place around the technology.

“We certainly look at the controls that they have around the technology,” he said.

“We determine if they are harvesting or using any sort of personally identifiable information or other proprietary content. If they are, then we have to dig deeper. There might be a privacy exposure or some sort of a third party liability exposure that we want to address, either through controls, underwriting, rating, or other method to make sure that we both understand the exposure.”

That focus becomes even sharper when the AI application involves data aggregation – especially when the data in question could be personal, biometric, or sensitive in nature.

Baker said that BOXX Insurance focuses closely on where that data is coming from. Is it sourced publicly or from private channels? The answer to that question can significantly affect a firm’s exposure to privacy violations or copyright risks. Understanding both the origin and nature of the data is critical to assessing how their policy may need to respond.

These questions, he said, are at the core of how BOXX evaluates exposure and determines whether a policy can respond appropriately. “Those are the things we want to really get a handle around,” he said.

No standalone AI coverage – at least not yet

While cyber insurance eventually matured into a distinct policy class, Baker doesn’t foresee AI following the same path – at least not for now.

“At this point, I don’t see that as being the case,” he said, when asked whether AI could evolve into a standalone product. “There may be coverage enhancements or refinements, as we get a better understanding of what these exposures are and what the potential loss costs may be as a result of using these technologies.”

For most clients, he noted, the preference remains for broad policies that accommodate emerging risks without overcomplicating the structure. “Most customers want as broad a policy as possible,” he said.

The emergence of cyber as a standalone coverage line was driven less by the nature of the business and more by the market’s initial unwillingness to cover it. “Cyber developed on its own because it was a unique coverage that most mainstream insurers either didn’t yet understand or were not prepared to cover,” Baker said. That created space for specialists like BOXX to build targeted cyber and tech risk solutions.

As for AI, Baker said the future may involve fine-tuning existing language rather than carving out entirely new policies. “If there’s additional enhancements that we could offer on our policy those are certainly things we’re investigating now,” he said. But he cautioned against narrowing the scope with overly rigid definitions. “We wouldn’t want to restrict anything by being too specific in terms of how we define AI or other emerging technologies, as these definitions actually might not be in the best interests of our insureds.”