Cyber vs. AI Liability: What's Actually Covered?

Most businesses already carry cyber liability insurance. But does it cover the new risks from AI and large language models? The short answer: not always.

What cyber liability usually covers

• Data breaches (hacks, ransomware, lost devices)
• Breach notification costs
• Business interruption due to cyberattacks
• Regulatory fines for data protection failures

AI-specific risks not always covered

1. Hallucinated content – AI gives wrong advice (medical, legal, financial) → lawsuit risk.
2. Prompt injection attacks – Malicious users trick AI into leaking or altering data.
3. Bias/discrimination – Especially in HR and recruiting, healthcare applications, or financial services.
4. Vendor chain issues – Using a non-compliant third-party AI vendor may fall outside coverage.

Gray zones and disputes

Even when policies reference "cyber incidents," insurers may argue that an AI error isn't a cyber event. Without clear definitions, claims may be denied.

What to ask your insurer

1. Does my cyber policy cover AI/LLM-related incidents explicitly?
2. Is there an endorsement available for AI-specific risks?
3. Would hallucination-caused harm count as a "covered event"?
4. How does the policy treat vendor AI tools and subcontractors?

For a complete list of questions, see our 5 questions to ask your insurer about AI risk.