Ed.
note:
This
is
the
latest
in
the
article
series, Cybersecurity:
Tips
From
the
Trenches, by
our
friends
at Sensei
Enterprises,
a
boutique
provider
of
IT,
cybersecurity,
and
digital
forensics
services.
Artificial
intelligence
(AI)
is
everywhere
—
in
legal
research
tools,
in
“smart”
assistants
that
draft
contracts,
and,
if
we’re
honest,
probably
in
that
partner’s
suspiciously
polished
brief.
The
legal
profession
can’t
avoid
it,
and
neither
can
the
insurance
industry.
But
while
cyber
insurers
are,
somewhat
surprisingly,
holding
firm
on
AI
risks,
other
key
coverage
lines
are
quietly
changing
—
and
not
in
your
favor.
Cyber
Insurers
Aren’t
Running
for
the
Hills
Contrary
to
what
you
might
expect,
cyber
insurers
are
not
panicking
over
AI.
In
fact,
some
are
adding
affirmative
endorsements
to
confirm
coverage
for
AI-related
incidents.
From
their
perspective,
AI
is
less
a
new
frontier
than
a
turbocharged
version
of
familiar
risks.
Deepfakes,
social
engineering,
and
AI-powered
phishing
aren’t
brand-new
—
they’re
just
faster
and
harder
to
spot.
That’s
not
to
say
the
consequences
aren’t
serious.
Imagine
a
deepfake
video
of
your
CFO
authorizing
a
fraudulent
transfer.
The
financial
fallout
and
reputational
damage
could
be
immense.
However,
for
now,
cyber
insurers
are
signaling
that
they
anticipated
this,
and
coverage
remains
in
effect.
Where
The
Exclusions
Are
Creeping
The
real
trouble
starts
outside
cyber
policies.
Management
liability,
directors
and
officers
(D&O),
errors
and
omissions
(E&O),
employment
practices,
fiduciary,
and
crime
coverage
are
all
beginning
to
include
sweeping
AI
exclusions.
Some
of
the
language
is
alarmingly
broad.
A
few
carriers
have
introduced
“absolute”
exclusions
that
eliminate
coverage
for
“any
actual
or
alleged
use,
deployment,
or
development
of
Artificial
Intelligence.”
That’s
not
a
scalpel;
it’s
a
sledgehammer.
Consider
the
implications:
–
A
discrimination
case
involving
an
AI
résumé
screening
tool?
Excluded.
–
A
negligence
claim
tied
to
an
AI-driven
contract
review
platform?
Excluded.
–
A
fiduciary
duty
allegation
that
a
board
failed
to
oversee
AI
risks?
Also
excluded.
Even
routine
disputes
could
devolve
into
arguments
about
whether
AI
played
a
role.
The
net
effect
is
to
shift
risk
back
onto
firms
and
their
clients
—
often
without
their
awareness.
Why
Lawyers
Should
Pay
Attention
Lawyers
need
to
look
at
this
from
two
angles.
First,
as
business
leaders,
your
own
firm’s
policies
may
already
contain
AI
exclusions
you
haven’t
noticed.
Second,
as
advisors,
clients
will
expect
you
to
spot
these
risks
in
their
coverage.
Missing
them
is
an
easy
way
to
damage
both
trust
and
credibility.
We’ve
seen
this
movie
before.
“Silent
cyber”
risk
crept
into
property
and
liability
policies,
sparking
disputes
about
whether
losses
were
covered.
Over
time,
insurers
responded
with
exclusions
and
clarifications.
AI
appears
to
be
on
the
same
path
—
only
the
exclusions
are
emerging
faster
and
with
less
precision.
What
To
Do
About
It
Here’s
how
firms
and
their
clients
can
stay
ahead:
–
Review
policies
carefully.
Don’t
assume
your
existing
D&O
or
E&O
coverage
includes
AI-related
events.
Look
for
exclusionary
language,
especially
vague
or
undefined
terms.
–
Push
for
clarity.
If
an
exclusion
exists,
negotiate
definitions.
What
exactly
counts
as
AI?
A
predictive
text
feature?
A
chatbot?
The
less
defined
the
term,
the
more
room
for
denial.
–
Explore
affirmative
options.
Some
insurers
are
beginning
to
offer
endorsements
or
new
products
to
cover
AI-related
risks.
If
your
firm
or
clients
rely
heavily
on
AI
tools,
these
are
worth
investigating.
–
Collaborate
with
brokers
and
risk
managers.
They’re
often
the
first
to
spot
emerging
exclusions
and
can
help
secure
coverage
that
matches
your
operations.
Remain
Calm
and
Vigilant
The
good
news
is
that
cyber
insurance
remains
a
reliable
option.
The
bad
news
is
that
exclusions
are
creeping
across
other
policies
—
and
they’re
being
drafted
broadly
enough
to
cause
serious
problems
down
the
road.
So
no,
you
don’t
need
to
panic.
But
you
do
need
to
pay
attention.
These
exclusions
aren’t
hypothetical;
they’re
already
appearing.
Unless
you’re
proactive,
you
may
discover
that
the
very
AI
tools
making
your
firm
more
efficient
are
also
the
reason
your
insurance
claim
gets
denied.
Bottom
line:
review
your
coverage
this
quarter
for
your
firm,
and
before
AI
exclusions
creep
any
further.
Michael
C.
Maschke
is
the
President
and
Chief
Executive
Officer
of
Sensei
Enterprises,
Inc.
Mr.
Maschke
is
an
EnCase
Certified
Examiner
(EnCE),
a
Certified
Computer
Examiner
(CCE
#744),
an
AccessData
Certified
Examiner
(ACE),
a
Certified
Ethical
Hacker
(CEH),
and
a
Certified
Information
Systems
Security
Professional
(CISSP).
He
is
a
frequent
speaker
on
IT,
cybersecurity,
and
digital
forensics,
and
he
has
co-authored
14
books
published
by
the
American
Bar
Association.
He
can
be
reached
at [email protected].
Sharon
D.
Nelson
is
the
co-founder
of
and
consultant
to
Sensei
Enterprises,
Inc.
She
is
a
past
president
of
the
Virginia
State
Bar,
the
Fairfax
Bar
Association,
and
the
Fairfax
Law
Foundation.
She
is
a
co-author
of
18
books
published
by
the
ABA.
She
can
be
reached
at [email protected].
John
W.
Simek
is
the
co-founder
of
and
consultant
to
Sensei
Enterprises,
Inc.
He
holds
multiple
technical
certifications
and
is
a
nationally
known
digital
forensics
expert.
He
is
a
co-author
of
18
books
published
by
the
American
Bar
Association.
He
can
be
reached
at [email protected].