Impact of AI on Management and Cyber Liability

In a recent study, McKinsey found that in early 2025, 78% of respondents said their organizations use AI in at least one business function, up from 72% in 2024 and 55% in 2023. As businesses increasingly adopt artificial intelligence (AI) to enhance efficiency and decision-making, they face new risks that can impact key areas of their insurance programs.

AI technologies are transforming the business landscape by automating complex tasks, improving data analysis, and optimizing business operations. However, this rapid integration introduces new legal, regulatory, and ethical risks that directly affect cyber liability, as well as management liability coverages. Insurers are closely monitoring how the use of AI is shaping claims trends, updating underwriting guidelines to account for losses that may arise from its use.

With advancements in AI moving at a rapid pace, investing in risk mitigation practices today lays the foundation for continued operational strength, enabling you to remain agile as you navigate and respond to dynamic risks. Additionally, understanding AI risks and their coverage implications is critical to meeting underwriting requirements, attracting market capacity, and obtaining optimal rates.

Cyber Liability

AI plays a dual role in cybersecurity: it enhances detection and defense capabilities but also introduces new vulnerabilities. IBM’s latest Cost of a Data Breach Report found that organizations that extensively used security AI and automation were able to identify and contain data breaches almost 100 days faster on average than organizations that didn’t use these technologies. IBM also found that the average cost of a data breach for organizations using AI security tools was $3.84 million, compared to $5.72 million for those that aren’t. However, the impact of AI on cyber liability loss trends is yet to be fully seen, with cyber insurers wary of AI’s integration into cybercrime.

Additionally, since AI systems process large volumes of sensitive data and optimize critical business functions, they are attractive targets for cybercriminals. AI-driven processes can also increase the risk of data breaches, intellectual property theft, and business disruptions. Malicious actors may exploit vulnerabilities in AI models or use AI to conduct sophisticated cyberattacks. Businesses must also remain compliant with data privacy regulations as they continue to evolve.

Risk Mitigation Strategies

• Secure AI infrastructure – Implement advanced cybersecurity controls to protect AI systems and the data they process.
• Invest in employee education – Regularly administer employee awareness trainings, communicating the role that each person plays in the organization’s cybersecurity.
• Conduct regular assessments – Perform continuous risk assessments and penetration testing to identify and mitigate vulnerabilities.
• Implement incident response plans – Develop and maintain AI-specific incident response protocols to quickly address and recover from cyberattacks.

Insurance Considerations

Cyber liability insurance can help businesses manage the financial impact of AI-related cyber risks. Organizations should review their policies at least once a year to confirm coverage for data breaches, business interruption, and regulatory penalties related to AI. If possible, consider enhancing coverage for AI-driven operational risks and third-party exposures. Additionally, communicate with your advisor to stay abreast of evolving underwriting requirements that may arise in response to AI-related loss patterns.

Directors and Officers (D&O) Liability

Artificial Intelligence (AI) adoption presents both opportunities and challenges for corporate leadership. With public disclosure of AI usage, companies and their board members may be susceptible to increased scrutiny from shareholders and regulators. AI-driven decisions can lead to allegations of mismanagement, inadequate oversight, or failure to disclose material risks. Some of the most common risks associated with AI that may lead to D&O claims include AI washing and AI hallucinations.

We’ve seen securities litigation and SEC enforcement actions stemming from allegations of AI washing, which is when a company overstates the extent of their AI capabilities in a manner that may be seen as deceptive to customers, investors, and the market. Additionally, if an AI system generates incorrect or misleading information, an issue referred to as AI hallucination, stakeholders may hold directors and officers accountable.

Risk Mitigation Strategies

• Implement robust governance frameworks – Establish clear policies and accountability structures for AI oversight, including regular audits and compliance checks.
• Enhance board-level AI literacy – Ensure directors and officers understand novel technologies, their potential risks, and regulatory implications.
• Disclose AI risks transparently – In public disclosures, provide clear, accurate information about how AI systems are used, potential risks, and mitigation measures.
• Maintain regulatory awareness –The regulatory environment for AI usage continues to evolve, and some of these changes may impact company leadership’s oversight obligations.

Insurance Considerations

D&O insurance can protect executives against claims of mismanagement related to AI deployment. Businesses should review their policies to confirm coverage for AI-related claims and ensure adequate limits.

In a recent survey of 134 D&O underwriters, when asked what questions or concerns are most top of mind, the single largest response was related artificial intelligence. Specific responses included AI washing, AI related disclosures, and how companies plan on using AI in their business.

Employment Practices Liability (EPL)

The use of AI in hiring, performance evaluation, and workforce management continues to proliferate. In a survey with 948 participants, Resume Builder found that 51% of companies are leveraging AI technology in their hiring processes, and this number is set to rise to 68% by the end of 2025. While these technologies can streamline processes, they also introduce risks of bias, discrimination, and privacy violations. The same survey also found that 96% of participants said that AI produces biased recommendations, yet about 7 in 10 still let AI reject candidates without human oversight.

Without proper oversight, AI recruitment and performance management systems may inadvertently perpetuate discrimination, leading to claims of wrongdoing. Employees and/or applicants may allege that automated decisions violate employment laws, adversely affect protected classes, or violate privacy.

Additionally, evolving regulations regarding AI transparency and fairness may introduce additional risks. For example, the Equal Employment Opportunity Commission (EEOC) has issued guidance regarding the use of AI in employment-related decision making, and many states are also introducing legislation to regulate the use of AI in the employment process.

Fiduciary Liability

AI is transforming how businesses manage employee benefits, including retirement plans and health programs. For example, fiduciaries may turn to AI-powered tools and algorithms to inform investment decisions. Since fiduciaries have a duty to act prudently and in the best interest of plan participants, in the era of AI, this means establishing governance over the use of AI and its impact on plan participants.

While AI can enhance decision making, errors or mismanagement related to these technologies may expose fiduciaries to liability claims. AI-driven investment advice, benefits administration, and plan management can lead to claims of fiduciary breach if systems provide inaccurate recommendations or fail to comply with legal requirements. Fiduciaries may face allegations of imprudence, conflicts of interest, or failure to monitor AI-driven processes effectively.

Risk Mitigation Strategies

• Evaluate AI decision tools – Conduct rigorous due diligence on AI vendors and regularly review the accuracy and fairness of automated decision tools.
• Document fiduciary processes – Maintain comprehensive records of how AI-backed decisions are made, validated, and monitored.
• Ensure participant communication – Provide clear, accurate explanations to plan participants about how AI informs benefit-related decisions and their rights to dispute outcomes.

Insurance Considerations

Because AI is evolving at such a rapid pace, insurers are still trying to understand the complexities of AI and its potential impact on the fiduciary liability claims landscape. Businesses should confirm that their policies extend to AI-related risks and consider enhancing coverage for emerging regulatory exposures. If the use of AI leads to a breach of these duties, this could theoretically be covered, though it depends on the specific policy’s wording.

Build a resilient AI risk strategy

As AI becomes integral to more and more business operations, organizations must address the legal and regulatory risks it introduces and understand how it continues to impact insurance coverage needs. Ultimately, a proactive approach to governance, transparency, and compliance is essential to help minimize exposure. Partner with The Baldwin Group’s management liability and cyber liability experts for insights and recommendations about how you can prepare your organization to successfully navigate the new frontier that lies ahead.