AI Insurance and Directors' Liability: D&O, Cyber, and Professional Indemnity in the AI Age

AI insurance governance covers the intersection of artificial intelligence risk with directors' and officers' liability, cyber insurance, and professional indemnity. In 2026, the insurance market is actively repricing AI-related risk. Aon's 2026 AI Risk report identifies AI governance maturity as an emerging factor in D&O underwriting — insurers are asking how companies vet their AI-related public disclosures and how boards approach AI oversight. D&O exposure from AI includes governance and oversight failures, regulatory scrutiny from non-compliance with AI-specific regulation, and shareholder litigation arising from AI-related losses or misstatements. Cyber insurers are examining whether existing policies cover AI-specific incidents like model manipulation, training data poisoning, or agentic AI failures. Professional indemnity is being tested by cases where AI-assisted professional advice proves wrong.

D&O liability and AI governance

Directors face personal liability exposure from AI in several areas. Governance failures: where inadequate AI controls, human-in-the-loop processes, or model testing lead to financial, operational, reputational, or regulatory impacts. Regulatory non-compliance: where the organisation fails to meet AI-specific regulatory obligations (EU AI Act, sector rules, data protection) and faces enforcement action. Shareholder litigation: where AI-related misstatements, inadequate AI risk disclosure, or AI-driven losses lead to securities claims. The practical implication for boards: D&O insurers are increasingly asking questions about AI governance maturity during underwriting. Boards that cannot demonstrate adequate AI oversight may face higher premiums, coverage restrictions, or exclusions.

Cyber insurance and AI

Most cyber insurance policies were written before AI was a significant attack vector or operational tool. Key questions for risk managers: does your policy cover AI-specific incidents such as model manipulation, adversarial attacks, training data poisoning, or agentic AI failures? Does the policy cover regulatory fines arising from AI non-compliance? Are AI vendor failures and third-party AI service disruptions covered? Does the policy exclude incidents arising from inadequate AI governance? As the threat landscape evolves — ASIC's May 2026 letter warned that frontier AI has fundamentally changed cyber risk — insurers are reviewing coverage terms. Organisations should proactively engage with their brokers to understand AI-related coverage gaps.

Professional indemnity

Professionals who use AI to assist in delivering services — lawyers, accountants, financial advisors, engineers, healthcare providers — face professional indemnity exposure when AI-assisted advice or work product proves wrong. Courts have held professionals personally responsible for AI errors regardless of which tool produced them. Professional indemnity policies may not cover AI-related claims if the use of AI in professional services was not disclosed to the insurer or falls outside the insured activities. The governance implication: professionals should disclose AI use to their PI insurers, implement quality review processes for AI-assisted work, and maintain records of human professional judgment applied to AI outputs.

Further reading: Aon — AI Risk 2026: Practical Agenda | APRA Letter to Industry on AI

Related reading

• Board AI Literacy for Directors
• AI Governance in Financial Services
• CFO Guide to AI Regulatory Penalties