Rapid AI adoption outpaces cyber insurance cover

The rapid adoption of artificial intelligence (AI) across industries is significantly heightening cyber risk, yet the insurance market has been slow to respond with dedicated coverage solutions.

This was the warning from Zamani Ngidi, business unit manager for mergers and acquisitions and cyber solutions at Aon South Africa, during his presentation at ITWeb Security Summit 2025 yesterday.

Ngidi noted that organisations across all sectors are embracing the transformative potential of AI technologies, but with that innovation comes a new spectrum of risks.

“Innovation through AI will rapidly change business models, operational networks, end-user products, and accordingly, risk profiles,” he said.

“To add value in this evolving business landscape, risk managers must understand the risk and insurance implications of these AI developments, including how to provide leadership insights concerning potential liabilities and an action plan to optimise insurance strategies for emerging AI risks.”

Ngidi pointed out that while global AI adoption and revenue continue to expand, the insurance market has only just begun developing products tailored for AI risks.

He cited Munich Re, the German multinational insurer, as one of the early movers. The company has launched aiSure, a solution aimed at AI model vendors, followed by aiSelf, which is designed for businesses adopting AI technology.

He anticipates that more insurers will follow as AI-related claims begin to shape underwriting practices and policy language.

“As AI-related claims against cyber, as well as tech errors and omissions policies emerge, the data and learnings from these claims will inform underwriting approaches and future policy language.”

Currently, AI insurance coverage is divided based on the role of the insured party, he said. Coverage for AI developers and system integrators focuses on indemnifying legal and contractual liabilities from underperformance.

“Coverage designed for companies adopting AI systems seek to indemnify first-party losses resulting from underperformance of AI systems, business interruption, out-of-pocket expenses and reputational damage.”

Ngidi believes there are strong opportunities to tailor insurance products to specific AI use cases, provided insurers have sufficient data during the underwriting process. He estimated that conceptual limits for affirmative AI coverage could reach $50 million.

Current AI-related claims activity, he said, primarily involves privacy lawsuits in the US and European Union, stemming from data scraping of personally identifiable and licensed data to train AI models.

“This includes lawsuits by the US Federal Trade Commission against large technology companies that are engaged in building generative AI capabilities. It also includes copyright property violations [lawsuits] from Getty Images and multiple authors, musicians and publishers against the developers of AI agents.”

Ngidi shared an example of an Aon client that adopted an omni-channel commerce strategy spanning suppliers, in-store operations and global fulfilment – supported by AI-driven infrastructure.

“Concerns were raised by the insurable risk and security teams regarding the complex liabilities and exposures associated with the adoption of AI and lack of appropriate risk controls and insurance coverage.”

He explained that Aon conducted a top-down analysis of AI use cases, identifying and prioritising key risk scenarios using proprietary and peer data. It also assessed potential financial exposure and analysed gaps in existing insurance programmes.

“Using a variety of proprietary datasets, including the cyber data and analytics platform, Aon calculated the potential financial exposure of each identified AI risk scenario. Aon conducted risk tolerance analysis and coverage gap analysis to stress-test in-force insurance arrangements.

“Our analysis provided the client with a view of AI risk across their complex global operations and digital infrastructure.”

Ngidi added that the findings were instrumental in influencing insurance strategy and internal policy.

“For the security and privacy teams, the insights prompted updates to crisis management plans and contract terms with key technology vendors to account for newly-identified media liability and personally identifiable information exposures.”

He urged organisations to actively document their AI use cases to stay ahead of the risks associated with advancing technologies.