News
AI Exposes Gaps in E&O Coverage
-
BOXX's Vishal Kundi highlights autonomous AI systems are outpacing legacy tech E&O policies, exposing businesses to uninsured algorithmic accountability risks.
-
Kundi mentions the idea of "cyber risk" itself is evolving thanks to the impact of AI. Where it was largely about data privacy in the past, businesses today also need to think about algorithmic accountability.
-
Kundi also highlights that the gap between legacy and modern Tech E&O is still growing and we need insurers and coverage models to keep pace with the ever-changing AI landscape.
“AI will not replace humans, but humans who use AI will replace those who don’t.”
Whether or not you agree with that sentiment from Sam Altman, the implication is undeniable: Yet as businesses embrace AI, a precarious gap has opened between its capabilities and the insurance frameworks designed to protect organizations in light of this technology.
The Breakdown of Legacy Tech E&O
The P&C industry has long relied on tech E&O for risk mitigation when it comes to digital services. But these legacy policy forms were largely built for a software era where human error was the main culprit. There was a relatively clear trail of accountability, and a failure typically meant a system crash or a coding bug.
Today, we see autonomous agents making decisions that result in financial loss. Dynamic, self-learning algorithms are making questions of liability much more complex. New rules are being written seemingly in real time.
Take the Air Canada example – perhaps one of the highest-profile instances of AI E&O. Back in 2024, the airline’s chatbot hallucinated a policy offering retroactive bereavement refunds. When the passenger tried to claim the refund, Air Canada refused, arguing that the chatbot was a separate legal entity, responsible for its own actions.
A Canadian tribunal rejected this defense, saying that a company is responsible for all information on its website – whether it is delivered by a web page, or an automated agent. “The AI said it” was not a legal defense.
There has been a distinct rise in grey-zone liabilities like this – risks that don’t fit neatly into the buckets of a standard data breach or a traditional professional error. Consider issues such as algorithmic bias, data poisoning, and technology-driven discrimination. These risks often fall in the cracks between cyber exclusions and professional liability triggers.
For brokers and insured businesses, this gap creates dangerous exposure to a new class of litigation where policy language simply hasn’t kept pace with technology.
Same Regulations, New Litigation
The idea of “cyber risk” itself is evolving thanks to the impact of AI. Where it was largely about data privacy in the past, businesses today also need to think about algorithmic accountability.
One of the most striking examples is how the Americans with Disabilities Act (ADA) is being used as a tool for technology litigation. For example, if an AI-driven hiring tool or a financial services algorithm inadvertently discriminates against a protected group, the resulting legal challenge can be seen as a violation of professional standards and statutory law.
Workday came up against this in 2025, facing a massive class-action lawsuit (Mobley v. Workday) that alleged its AI-based screening tools discriminated against applicants based on race, age, and disability.
This case showed that blaming a technical glitch isn’t legally defensible. When technology begins to make decisions that affect human rights and equity, an error is ultimately a failure of governance – it’s people that are ultimately liable.
Traditional E&O policies often focus on language such as “failure of technology to perform.” This wording doesn’t handle socially-driven technical failures.
From Risk Transfer to Integrated Resilience
For the P&C market to remain sustainable and relevant, we can’t just be reactive. Digital innovation now happens so fast that by the time a claim is filed, the underlying technology has likely already iterated several times over. New technological uses for AI are emerging every day.
To meet this moment, the insurance industry must pivot to an integrated resilience framework – a ground-up re-engineering of policy language that addresses the reality of modern autonomous systems.
This requires a shift from simple risk transfer to a “predict, prevent, and insure” model. In this new framework, insurance can’t be a static document sitting in a folder somewhere. It must include:
- A complete digital risk package that integrates cyber coverage, threat protection, and 24/7 incident response directly into the Tech E&O form.
- Insurer bundles that feature real-time threat intelligence and proactive monitoring.
- Explicit language to avoid exclusions and bridge the gap left by grey-zone liabilities.
By implementing these changes, we can provide incentives for early incident reporting (through motivators like retention waivers for fast action) rather than penalizing it – which ultimately leads to incidents that spiral into larger liabilities. We can create an environment where insurers and businesses are working together to strengthen resilience; rebuilding trust and collaboration.
Restoring Confidence Through Insurance
The ultimate goal of insurance should be to provide businesses with the confidence to innovate. In the early days of digital transformation, that meant protecting against hardware and human failures. Today, it means giving businesses of all sizes – from startups to enterprises – the self-confidence to deploy AI and SaaS solutions without the fear that an unforeseen algorithmic bias or a sophisticated social engineering attack could derail operations.
Simplicity is key here. Both cybersecurity and insurance have a reputation for being unnecessarily opaque. As we face sophisticated AI-related risks, our industry’s response shouldn’t be to add more jargon and complex exclusions. Instead, we should strive for unambiguous coverage that recognizes how professional services and digital delivery are connected.
Protecting Innovation For the Future
The path forward requires our industry to embrace a more proactive stance. We must move beyond the data breach and embrace a model where insurance is an active participant in a company’s security posture. This means not only helping them respond to and recover from incidents faster, but perhaps more importantly, helping them predict and prevent incidents in the first place.
Validation for this approach is growing. We’re beginning to see the market move toward all-in-one protection models that combine insurance with active risk management platforms. These platforms provide the tools and training necessary to strengthen controls before an incident occurs.
But the gap between legacy and modern Tech E&O is still growing. We need insurers and coverage models to keep pace with the ever-changing AI landscape.
The AI-fueled gap in Tech E&O is a challenge, but it is also an opportunity to build a more sustainable P&C market. By evolving our products to match the sophistication of the tools our clients use, we can ensure that the digital economy remains a safe space for growth and innovation for everyone.
__
This article was originally published on Insurance Thought Leadership
About BOXX Insurance
BOXX Insurance helps businesses, individuals and families insure and defend against cyber threats, harnessing the power of ALL IN ONE Cyber Insurance and Protection. Headquartered in Toronto, Canada, with offices worldwide, BOXX is a global, award-winning provider of cyber protection services & cyber insurance coverage.
We're not a typical insurance company. That's by design. We're obsessive about making our clients’ digital worlds safer and more livable; creating real, positive changes for our clients, partners and brokers. With comprehensive, technologically advanced products and services that have a strong emphasis on predicting, preventing and insuring against negative cyber events, BOXX is dedicated to protecting and digitally safeguarding our clients, our brokers' clients and our partners' customers, 365 days a year.
BOXX Insurance Inc. is part of Zurich Global Ventures, a global platform business providing products and services that go beyond traditional insurance. Zurich Global Ventures aims to get closer to customers by offering customized, proactive and digital experiences that empower individuals and businesses to be better prepared for the future.
Related Posts
News
BOXX Boomerang Partnership: Complete Family Cyber Protection
BOXX Insurance, a leading global cyber Insurtech, is excited to announce its partnership with Boomerang Parental Control.
16/12/2024
News
Christyn Yoast of BOXX Insurance Talks to Risk & Insurance
Earlier this year, Risk & Insurance editor in chief Dan Reynolds caught up with Christyn Yoast, President, USA, for BOXX Insurance.
17/04/2025
Sign up for the BOXX Insurance Newsletter
Get the latest updates about Cyber Insurance and Protection with our newsletter.