"AI will not replace humans, but humans who use AI will replace those who don't."
Whether or not you agree with that sentiment from Sam Altman, the implication is undeniable: Yet as businesses embrace AI, a precarious gap has opened between its capabilities and the insurance frameworks designed to protect organizations in light of this technology.
The Breakdown of Legacy Tech E&O
The P&C industry has long relied on tech E&O for risk mitigation when it comes to digital services. But these legacy policy forms were largely built for a software era where human error was the main culprit. There was a relatively clear trail of accountability, and a failure typically meant a system crash or a coding bug.
Today, we see autonomous agents making decisions that result in financial loss. Dynamic, self-learning algorithms are making questions of liability much more complex. New rules are being written seemingly in real time.
Take the Air Canada example – perhaps one of the highest-profile instances of AI E&O. Back in 2024, the airline's chatbot hallucinated a policy offering retroactive bereavement refunds. When the passenger tried to claim the refund, Air Canada refused, arguing that the chatbot was a separate legal entity, responsible for its own actions.
A Canadian tribunal rejected this defense, saying that a company is responsible for all information on its website – whether it is delivered by a web page, or an automated agent. "The AI said it" was not a legal defense.
There has been a distinct rise in grey-zone liabilities like this – risks that don't fit neatly into the buckets of a standard data breach or a traditional professional error. Consider issues such as algorithmic bias, data poisoning, and technology-driven discrimination. These risks often fall in the cracks between cyber exclusions and professional liability triggers.
For brokers and insured businesses, this gap creates dangerous exposure to a new class of litigation where policy language simply hasn't kept pace with technology.
Same Regulations, New Litigation
The idea of "cyber risk" itself is evolving thanks to the impact of AI. Where it was largely about data privacy in the past, businesses today also need to think about algorithmic accountability.
One of the most striking examples is how the Americans with Disabilities Act (ADA) is being used as a tool for technology litigation. For example, if an AI-driven hiring tool or a financial services algorithm inadvertently discriminates against a protected group, the resulting legal challenge can be seen as a violation of professional standards and statutory law.
Workday came up against this in 2025, facing a massive class-action lawsuit (Mobley v. Workday) that alleged its AI-based screening tools discriminated against applicants based on race, age, and disability.
This case showed that blaming a technical glitch isn't legally defensible. When technology begins to make decisions that affect human rights and equity, an error is ultimately a failure of governance – it's people that are ultimately liable.
Traditional E&O policies often focus on language such as "failure of technology to perform." This wording doesn't handle socially-driven technical failures.
From Risk Transfer to Integrated Resilience
For the P&C market to remain sustainable and relevant, we can't just be reactive. Digital innovation now happens so fast that by the time a claim is filed, the underlying technology has likely already iterated several times over. New technological uses for AI are emerging every day.
To meet this moment, the insurance industry must pivot to an integrated resilience framework – a ground-up re-engineering of policy language that addresses the reality of modern autonomous systems.
This requires a shift from simple risk transfer to a "predict, prevent, and insure" model. In this new framework, insurance can't be a static document sitting in a folder somewhere. It must include:
- A complete digital risk package that integrates cyber coverage, threat protection, and 24/7 incident response directly into the Tech E&O form.
- Insurer bundles that feature real-time threat intelligence and proactive monitoring.
- Explicit language to avoid exclusions and bridge the gap left by grey-zone liabilities.
By implementing these changes, we can provide incentives for early incident reporting (through motivators like retention waivers for fast action) rather than penalizing it – which ultimately leads to incidents that spiral into larger liabilities. We can create an environment where insurers and businesses are working together to strengthen resilience; rebuilding trust and collaboration.
Restoring Confidence Through Insurance
The ultimate goal of insurance should be to provide businesses with the confidence to innovate. In the early days of digital transformation, that meant protecting against hardware and human failures. Today, it means giving businesses of all sizes – from startups to enterprises – the self-confidence to deploy AI and SaaS solutions without the fear that an unforeseen algorithmic bias or a sophisticated social engineering attack could derail operations.
Simplicity is key here. Both cybersecurity and insurance have a reputation for being unnecessarily opaque. As we face sophisticated AI-related risks, our industry's response shouldn't be to add more jargon and complex exclusions. Instead, we should strive for unambiguous coverage that recognizes how professional services and digital delivery are connected.
Protecting Innovation for the Future
The path forward requires our industry to embrace a more proactive stance. We must move beyond the data breach and embrace a model where insurance is an active participant in a company's security posture. This means not only helping them respond to and recover from incidents faster, but perhaps more importantly, helping them predict and prevent incidents in the first place.
Validation for this approach is growing. We're beginning to see the market move toward all-in-one protection models that combine insurance with active risk management platforms. These platforms provide the tools and training necessary to strengthen controls before an incident occurs.
But the gap between legacy and modern Tech E&O is still growing. We need insurers and coverage models to keep pace with the ever-changing AI landscape.
The AI-fueled gap in Tech E&O is a challenge, but it is also an opportunity to build a more sustainable P&C market. By evolving our products to match the sophistication of the tools our clients use, we can ensure that the digital economy remains a safe space for growth and innovation for everyone.
