← Security Frontier 12 min read

The AI Insurance Reckoning: What Your CFO Needs to Know Before the Next Renewal

Brandon Sneider | March 2026

Executive Summary

  • The insurance market underwent a structural break in 2025-2026. Between January 2025 and January 2026, major carriers — WR Berkley, AIG, Great American, Hamilton Insurance Group — filed regulatory requests to restrict or eliminate AI liability coverage. Verisk’s standardized ISO exclusion (CG 40 47 01 26) is now available to every carrier in the country. A company that renewed with silent AI coverage in 2024 may face an explicit exclusion at its next renewal.
  • The market is splitting into three tiers. Companies with documented AI governance programs qualify for affirmative coverage (Armilla/Lloyd’s, Munich Re’s aiSure, Google Cloud’s Beazley/Chubb partnership). Companies with legacy policies have “silent” coverage that disappears at the next renewal. Companies without governance face blanket exclusion — WR Berkley’s “absolute” AI exclusion eliminates D&O, E&O, and fiduciary coverage for any claim “arising out of” AI use.
  • AI-related securities class actions doubled from 7 in 2023 to 14 in 2024, with 53 AI-related SCAs identified through H1 2025 (Stanford Law School Securities Class Action Clearinghouse). Median settlement: $11.5 million. Almost all involve “AI-washing” allegations — overstating AI capabilities in disclosures.
  • Cyber insurance premiums are rising 15% in 2026 as AI expands threat surfaces (Forrester Research/Claims Journal). The CFO’s renewal conversation now spans four policy types — cyber, D&O, E&O, and professional liability — and the governance documentation that satisfies one underwriter satisfies all of them.
  • The $15,000-$45,000 governance investment documented in prior research is no longer just a compliance cost. It is the price of insurability. The CFO who spent it qualifies for affirmative coverage. The CFO who did not may discover the coverage gap when a claim arrives.

Four Insurance Lines, One Governance Problem

Most mid-market CFOs treat insurance lines as separate purchasing decisions — cyber with the IT team, D&O with the board, E&O with operations, professional liability with the GC. AI breaks this compartmentalization. A single AI-related incident can trigger claims across all four policies simultaneously, and the governance documentation that satisfies underwriters is the same across all of them.

Cyber Liability: The Expanding Threat Surface

Written cyber insurance premiums are projected to hit $23 billion globally by 2026 (S&P Global Ratings). Forrester Research’s Rohit Makhijani describes the dynamic plainly: “If you’ve got a bigger house, you’re going to need more insurance. Because there’s more to lose.” AI deployment expands the attack surface — AI systems are simultaneously weapons for attackers (deepfake CEO impersonation, automated phishing at scale) and targets themselves (prompt injection, model poisoning, training data extraction).

For clean accounts with strong security controls, cyber premiums are flat to -10% on primary layers (CRC Cyber REDY Index, Q3 2025). For accounts without documented AI controls, the market remains hard. The divergence is the story: the best-prepared companies are paying less while the unprepared face coverage restrictions.

What underwriters now require as table stakes:

Control Status
Multi-factor authentication (all email and remote access) Non-negotiable — claims denied without it
Endpoint Detection and Response (EDR) or Managed Detection (MDR) Antivirus alone no longer qualifies
Air-gapped, immutable backups Required; segregated from operational networks
Documented AI tool inventory Emerging requirement for 2026 renewals
AI-specific incident response protocol Expected in “AI Security Riders”

Self-attestation is dead. Carriers now demand technical validation with documentation of patch management, incident response readiness, and active monitoring. Vague answers about AI use produce broad exclusions. Specific documentation of which models the firm uses, what data provenance looks like, and what human oversight exists produces narrower, more favorable terms.

Directors & Officers: The AI-Washing Liability Wave

D&O insurance is entering what WTW calls a “shift from rate reductions toward flat-to-modest increases” after years of softening. The driver is not AI technology failures — it is AI governance failures. As WTW’s March 2026 analysis states: “Plaintiffs do not need to prove the AI system failed. They need to prove the board failed to govern the AI system.”

The numbers are concrete. AI-related securities class actions doubled from 7 filings in 2023 to 14 in 2024, with 53 identified through H1 2025 (DLA Piper/Stanford Clearinghouse). The pattern is consistent: companies alleged to have overstated AI sophistication, concealed reliance on manual processes behind AI marketing claims, or failed to disclose AI limitations in securities filings. The median settlement is $11.5 million, with the average at $38.4 million excluding the largest outlier ($189 million).

Notable enforcement actions:

  • Presto Automation Inc. (SEC, January 2025): First AI-washing enforcement against a public company. Alleged overstatement of Presto Voice AI capabilities for restaurant drive-throughs, failure to disclose the “AI” system was operated by a third party with significant human intervention.
  • GigaCloud Technology Inc. (S.D.N.Y., settled 2025): $2.75 million settlement for materially misleading statements about AI use in offering materials.
  • Nate Inc. (DOJ, April 2025): Criminal wire fraud charges against CEO for scheme to defraud investors about AI capabilities.

Two-thirds of board directors report limited or no knowledge of AI. Fewer than one in four companies have board-approved AI governance policies. For a mid-market company with a 5-7 member board, this gap represents uninsured D&O exposure — not from using AI incorrectly, but from failing to demonstrate that the board understood what it was overseeing.

AI-specific D&O exclusions remain uncommon in public-company policies but are appearing in private-company D&O forms. WR Berkley’s absolute AI exclusion applies across D&O, E&O, and fiduciary coverage. The CFO should confirm at renewal whether the company’s D&O policy contains standard exclusions (bodily injury, professional services, privacy) that could be triggered by AI-related allegations — and whether the policy has securities-claim carve-backs that preserve coverage for AI-related shareholder suits.

Errors & Omissions: The Silent Coverage Crisis

E&O is where the coverage gap is largest and least visible. Most mid-market E&O policies were written before AI deployment became routine. They neither explicitly cover nor explicitly exclude AI-related claims — the “silent AI” problem. Insurers are closing this ambiguity at every renewal cycle.

The exclusion landscape is bifurcating along lines that matter for professional services firms:

Copyright and content exclusions. Insurers now add provisions excluding claims involving AI-generated content. Some apply only to deliberate reproduction of copyrighted material, but others exclude “any claim that involves AI-generated content, regardless of intent.” For firms using generative AI in client deliverables — marketing agencies, consulting firms, architecture practices — this creates a coverage gap for claims that have nothing to do with copyright.

Training data disputes. Newer policy wordings carve out claims arising from training data issues, including privacy violations and unlicensed use of personal or proprietary data. The distinction between a “data breach” (covered under cyber) and a “training data dispute” (potentially excluded under both cyber and E&O) is now one of the most contested boundaries in commercial insurance.

The “natural persons” problem. Many E&O policies limit covered services to those provided by “natural persons.” If AI contributed to the work product, the insurer may argue the service was not a “professional service” within the policy definition. This argument has not yet been tested in a landmark case, but insurers are positioning the language for future disputes.

Insurers frequently insert new exclusions at renewal inside endorsement schedules rather than the base policy wording. A CFO who reviews only the declarations page and premium notice may miss the endorsement that eliminates coverage for the firm’s highest-exposure AI risk.

Professional Liability: The Malpractice Calculation

Professional liability is the most profession-specific insurance line and the most immediately affected by AI deployment. The exposure analysis is detailed in the companion research document on AI professional liability. The insurance market summary: the three-tier structure applies here too.

Firms with documented review workflows — where AI-assisted work product receives the same professional review standard as associate work — qualify for affirmative coverage from specialized carriers. Firms operating on “silent” coverage face exclusion at renewal. Firms with no governance program face what Berkley’s absolute exclusion makes explicit: no coverage for any claim arising out of AI use, by any person or entity, in any capacity.

The practical cost: Armilla Insurance Services (Lloyd’s-backed, Chaucer Group underwriter) offers AI liability coverage up to $25 million per company, with first-year costs for SMEs estimated at $15,000-$35,000 and ongoing annual costs of $8,000-$20,000. This is not a new budget line — it replaces coverage that the company’s existing E&O policy used to provide silently and will no longer provide at renewal.

The Governance-to-Insurability Pipeline

The same governance infrastructure satisfies underwriters across all four policy types. This is the CFO’s leverage: one governance investment, four insurance benefits.

Governance Element Cyber D&O E&O Professional Liability
AI tool inventory and approved-use list Required Expected Expected Required
Data classification for AI inputs Required Expected Required
Human-in-the-loop review workflow Expected Required Required
Board-level AI oversight documentation Required
AI-specific incident response protocol Required Expected Expected Expected
Employee AI training documentation Expected Expected Expected Required
Vendor AI risk assessment Required Expected Expected Expected
AI disclosure in client communications Expected Required

“Expected” means underwriters are asking about it in 2026 renewal questionnaires. “Required” means carriers are conditioning coverage on documented evidence. The gap between “expected” and “required” is closing at every renewal cycle.

The Renewal Conversation: What to Bring

The CFO’s next renewal conversation should address all four policy types with a unified governance narrative. The broker needs:

Before the renewal meeting:

  1. A complete AI tool inventory — every tool in use, by whom, for what purpose, with what data
  2. The company’s AI acceptable use policy, dated and signed
  3. Evidence of employee AI training (attendance records, completion certificates)
  4. The human review workflow documentation for AI-assisted client work
  5. Board meeting minutes showing AI governance discussion (even one documented conversation materially reduces D&O exposure)

At the renewal meeting, ask:

  1. Does the policy contain any AI-specific exclusions or endorsements — including those added at last renewal?
  2. Is AI-related liability affirmatively covered, silently covered, or excluded?
  3. Does the “professional services” definition encompass AI-assisted work product?
  4. What governance documentation would move the company from silent coverage to affirmative coverage?
  5. What is the premium differential between exclusion and affirmative coverage?

The negotiation posture: Do not accept broad blanket AI exclusions without challenge. The Continuum Insurance analysis recommends negotiating narrower exclusions tied to specific AI use cases rather than accepting sweeping “arising out of” language. A company that can document its AI governance program has leverage: it is a better risk than the company that cannot.

Key Data Points

  • 53 AI-related securities class actions through H1 2025; doubled from 7 (2023) to 14 (2024); median settlement $11.5M, average $38.4M excluding outliers (Stanford Law/WTW, November 2025)
  • 15% cyber insurance premium increase projected for 2026, driven by AI-expanded threat surfaces (Forrester/Claims Journal, November 2025)
  • $23 billion projected global cyber insurance premiums by 2026 (S&P Global Ratings)
  • Three major carriers — WR Berkley, AIG, Great American — have filed regulatory requests to restrict AI liability coverage (Metropolitan Risk Advisory, 2025)
  • ISO CG 40 47 01 26 — standardized generative AI exclusion available to all carriers since January 2026 (Verisk)
  • WR Berkley PC 51380 — absolute AI exclusion across D&O, E&O, and fiduciary liability; covers any claim “arising out of” AI use by any person or entity
  • Two-thirds of board directors report limited or no knowledge of AI; fewer than 1 in 4 companies have board-approved AI governance policies (WTW, March 2026)
  • Armilla AI offers Lloyd’s-backed AI liability coverage up to $25M per company; first-year SME costs estimated at $15,000-$35,000
  • Cyber premiums flat to -10% for accounts with strong security controls; hard market persists for accounts without controls (CRC Cyber REDY Index, Q3 2025)
  • D&O premiums shifting from rate reductions toward flat-to-modest increases; median SCA settlement rose 21% to $17M in 2025 (WTW, February 2026)

What This Means for Your Organization

The insurance market has moved faster than most mid-market companies realize. A CFO who last renewed in Q3 2025 with comfortable silent coverage may encounter a materially different policy at the next renewal — new exclusions buried in endorsement schedules, new questions about AI governance on the application, and potentially a premium differential that makes governance investment look like the bargain it is.

The action is specific. Before your next renewal, assign someone — the GC, the CIO, or the person who inherited AI governance — to assemble the governance documentation package: tool inventory, acceptable use policy, training records, review workflows, and one set of board minutes showing AI oversight. This package serves every underwriter across every policy line. It converts the $15,000-$45,000 governance investment from a compliance cost into a risk transfer asset.

The companies that capture value from AI — the 5% — treat governance and insurability as the same conversation. They do not wait for a claim to discover whether their policy covers AI-related losses. They negotiate from a position of documented risk management, and they pay less for broader coverage. If this raised questions specific to your renewal timeline or governance posture, I’d welcome the conversation — brandon@brandonsneider.com.

Sources

  1. WTW. “Sarbanes-Oxley and the AI Governance Gap: D&O Insurance Considerations.” March 2026. Analysis of board governance failures creating D&O exposure. Credibility: High — major insurance broker, independent analysis.

  2. WTW. “Directors and Officers (D&O) Liability: A Look Ahead to 2026.” February 2026. SCA filing statistics, settlement data, premium trends. Credibility: High — major insurance broker with claims data access.

  3. Founder Shield. “Technology Insurance Pricing Trends 2026.” March 2026. Premium trend data, underwriting requirements, MFA/EDR/backup mandates. Credibility: Moderate-high — insurance broker, technology sector focus.

  4. Claims Journal/Forrester Research. “Research Report Shows Cyber Insurance Growing 15% in 2026 on AI and Data Threats.” November 2025. Rohit Makhijani analysis of AI-driven premium increases. Credibility: Moderate-high — analyst firm via trade publication.

  5. S&P Global Ratings. “Cyber Insurance Market Outlook 2026.” 2025. $23B premium projection, market stability assessment. Credibility: Highest — independent ratings agency with proprietary data.

  6. DLA Piper. “AI-Related Securities Class Action Filings Are on the Rise: Key Observations.” September 2025. Filing doubling statistics, case patterns. Credibility: High — major law firm securities practice.

  7. Stanford Law School Securities Class Action Clearinghouse. 53 AI-related SCAs through H1 2025. Credibility: Highest — academic institution, comprehensive database.

  8. Zelle LLP. “AI Update: The Growing Trend of AI-Related Insurance Policy Exclusions.” 2025. WR Berkley and Hamilton Insurance exclusion language analysis. Credibility: High — insurance law firm, specific policy language review.

  9. Metropolitan Risk Advisory. “Major Insurers Are Pulling Back from AI Liability.” 2025. AIG, Great American, WR Berkley regulatory filing analysis. Credibility: Moderate-high — insurance advisory, specific carrier names confirmed.

  10. Continuum Insurance. “The Hidden AI Exclusions in PI and Cyber Insurance.” 2026. Coverage gap analysis, endorsement schedule warnings, negotiation guidance. Credibility: Moderate-high — insurance broker, practical focus.

  11. Verisk/ISO. CG 40 47 01 26: Exclusion — Generative Artificial Intelligence. Effective January 2026. Credibility: Highest — standardized insurance form, primary source.

  12. WR Berkley Insurance Co. PC 51380: Absolute AI Exclusion. 2025-2026 filings. Credibility: Highest — primary insurer filing.

  13. Armilla Insurance Services/FFNews. AI Liability Insurance offering, Lloyd’s-backed, Chaucer Group underwriter. Up to $25M coverage. January 2026. Credibility: Moderate — vendor source, but confirmed Lloyd’s backing.

  14. CRC Cyber REDY Index. Q3 2025. Cyber premium trends by account quality. Credibility: Moderate-high — wholesale broker market data.

  15. Broadridge. “AI-Driven Filings, Opt-In Momentum, and More Than $4B in Recoveries Reshape Global Securities Class Actions.” 2026. Median $11.5M settlement, average $38.4M. Credibility: High — financial services infrastructure provider, comprehensive dataset.

Brandon Sneider | brandon@brandonsneider.com March 2026