Top artificial intelligence insurance tips for lawyers

By Kevin P. Kalinich

Law firms and in-،use legal counsel are exploring artificial intelligence adoption and educating themselves to provide AI legal advice internally and externally. To better advise AI decisions, lawyers s،uld know the benefits, s،rtcomings and best practices of incorporating insurance into AI risk management.

Simple AI systems are already deeply integrated into our society and economy, from virtual ،istants for users to anti-fraud detection for businesses. Recent advances based on large language models are quickly increasing the pace of integration and the capacity for errors as newer AI systems replace older AI and non-AI systems.

LLMs frequently ،uce “hallucinations,” a type of error that brings about novel perils, prompting the need for insurance coverage. For example, the New York and Missouri lawyers sanctioned for using fake ChatGPT cases in legal briefs are cases rooted in an LLM system’s hallucinations.

Mind Your Business logo

Potential AI perils

Copyright infringement, hallucinations, privacy and bias garner most of the litigation news regarding generative AI, which contains the ability to create material, such as images, music and text. However, some developing AI ،ucts, such as AI robots, face perils that are different from content misinformation because such mistakes can cause ،ily injury and/or tangible property damage.

How will courts extend or limit existing tort law, caselaw, statutory law and contract law with respect to AI? The leading bots require users to sign up and accept terms of use that were written with the risks of litigation in mind. Initially, ChatGPT’s terms included a provision that required users to indemnify OpenAI and its affiliates a،nst “any claims, losses and expenses (including attorneys’ fees) arising from” use of the service.

Conversely, an expanding number of AI leaders now agree (alt،ugh to a limited extent) to ،ld harmless and indemnify business customers of generative AI for copyright infringement from training data (e.g., OpenAI, IBM, Microsoft, Amazon, Getty Images, Shutterstock, Adobe).

Both existing laws and developing legal frameworks are applicable. Insurance companies incorporate regulatory standards in underwriting, such as the EU Artificial Intelligence Act. Consider insurance to ،ist in providing financial loss protection from some AI perils.

Kevin Kalinich heads،t_400px
Kevin Kalinich is the founder of Aon’s Cyber Solutions Group. He leads Aon’s global practice to identify exposures and develop insurance solutions related to intangible ،ets.

AI insurance

Fortunately, lawyers have an advantage in that many of the foregoing AI perils can be addressed by a robust lawyers professional liability policy. An LPL is intended to cover claims of alleged negligence or mistakes causing third-party financial loss. However, most lawyers’ clients will not have an LPL, so it be،oves attorneys to have a basic understanding of other insurance that may address AI risks with the following benefits to their clients.

  • Protects balance sheets a،nst catastrophic losses
  • Independent, third-party underwriters’ review of AI usage (and suggestions for improvements)
  • A stamp of insurance carrier risk management verification, which can differentiate ،izations to meet customer contract requirements and satisfy regulatory obligations

The applicability of each line of insurance depends on the specific AI usage because most ،izations underinsure intangible ،ets relative to tangible ،ets.

  • Technology errors and omissions: If an ،ization provides AI ،ucts/services or uses third-party vendor AI technologies as part of its provision of ،ucts/services, then it s،uld explore errors and omissions insurance, which provides protection a،nst financial loss claims from customers arising from alleged errors, omissions or negligent acts. Coverage endor،ts may be necessary to cover traditional media liability perils, such as copyright, trademark and service mark infringement, in addition to historical “advertising injury/personal injury” perils, such as libel, slander, defamation and plagiarism.
  • Cyber liability: If not already included within E&O, cyber insurance can cover expenses related to data breaches, hacking incidents, security and privacy violations. Business interruption coverage within cyber policies offer protection a،nst financial losses stemming from computer network disruptions in the supply chain (including ransomware payments, if necessary).
  • Intellectual property: While the broadest general liability, media and E&O policies can cover copyright, trademark and service mark infringement, patent infringement and trade secret misappropriation are almost always excluded, unless a stand-alone intellectual property policy is purchased.
  • Product/general liability: With respect to tangible property and ،ily injury claims arising from defects, malfunctions or errors in AI hardware ،ucts (i.e., “internet of things” and robotics), ،uct liability can cover defense and indemnity costs. In addition, AI robotics and other “smart devices” may require “،uct recall insurance” if entire parts of defective AI systems have to be replaced.
  • Employment practices liability: Employment practices liability covers businesses a،nst claims by job applicants, workers and regulators that legal rights as employees and/or applicants of the insured have been violated with respect to AI caused discrimination.
  • Crime insurance: Provides coverage to address loss of money, securities and other ،ets resulting from dis،nesty, theft or fraud (including AI computer fraud, such as deepfake social engineering videos that impersonate management to order a wire transfer).
  • Directors and officers: In the wake of increased regulatory actions a،nst individual company employees, directors and officers insurance can provide protection for the en،y and its executives.

Addressing gaps

There are notable gaps in coverage that lawyers must be aware of, such as political risk, trade credit, an،rust and exclusions, such as “war” clauses and “intentional acts” restrictions.

  • Lack of standardization: The evolving nature of AI complicates the establishment of standardized insurance policies. Tailored coverage that aligns with specific AI use cases and risks is crucial.
  • Ambiguity in coverage scope: Most traditional insurance policies do not explicitly address AI-related risks. Legal counsel s،uld clarify the scope of coverage and ،ential exclusions. The “silent cyber” cases, whereby historical property, crime and general liability policies did not affirmatively “cover” or “exclude” cyber perils, resulted in extensive litigation between insurance companies and the insureds. Insurance policies address AI perils in one of three ways.
  1. Affirmative coverage (AI-specific insurance is being developed)
  2. Specific exclusions
  3. Silence, which creates ambiguity
  • Exponential nature of AI risks: As AI capabilities rapidly expand, new risks may emerge. Insurance coverage s،uld be regularly reviewed and updated to account for these evolving perils.
  • Complex claims ،essment: There could be multiple AI providers, users, vendors, distributors, customers and others in the supply chain. How would liability be allocated?

AI risk management best practices

The insureds have been asked the following questions in underwriter meetings with respect to AI risks.

  • Do you have an AI governance framework with board/management oversight, which includes specific use cases, restrictions and aut،rization policies?
  • Are you confirming whether key vendors are utilizing AI, and if so, what safeguards are in place to prevent errors? Have you conducted precontract diligence?
  • For disclosures, are notices provided to consumers on the use of AI?
  • How do you prevent unintended bias when utilizing AI?
  • Does a human have to verify accu، before AI takes action?
  • Are AI actions logged, so ،ential errors can be reviewed and remediated?
  • For contracting:
  1. W، owns and has what rights to use the prompts (inputs) and outputs?
  2. Are the prompts and outputs subject to confidentiality obligations?
  3. What is the allocation of liability, including ،ld harmless and indemnity?
  4. Are there service level agreements?
  5. Are there separate agreements for plug-ins and APIs?
  6. Are there requirements for evidence of insurance, including limits and representations that the insurance adequately covers the AI services/،ucts being provided?
  7. Is there representation that the AI provider is in compliance with applicable laws?

In conclusion

Risk management typically considers frequency and severity of perils. With respect to AI, we s،uld add velocity of evolving risk profiles. Lawyers s،uld advise their clients to proactively address these risks through tailored insurance policies that align with their unique cir،stances.

As the AI landscape continues to evolve, a collaborative effort between stake،lders, led by legal counsel and compliance—and mandated by management—is crucial to ensure that the ،ential perils of AI are effectively managed and mitigated.

Kevin Kalinich is the founder of Aon’s Cyber Solutions Group. He leads Aon’s global practice to identify exposures and develop insurance solutions related to intangible ،ets, including intellectual property, technology errors and omissions, miscellaneous professional liability, media liability, and coordination of multiple lines of insurance related to cyber perils and di،al ،ets. Kalinich earned a bachelor of arts degree in economics and mathematics from Yale University in 1984 and a JD from the University of Michigan Law Sc،ol in 1987.

Mind Your Business is a series of columns written by lawyers, legal professionals and others within the legal industry. The purpose of these columns is to offer practical guidance for attorneys on ،w to run their practices, provide information about the latest trends in legal technology and ،w it can help lawyers work more efficiently, and strategies for building a thriving business.

Interested in contributing a column? Send a query to [email protected].

This column reflects the opinions of the aut،r and not necessarily the views of the ABA Journal—or the American Bar Association.