AI: What does an AI failure mean for directors and their insurers?

A different perspective on risk

different perspective on risk
The use of AI does not expand the scope of directors’ duties, but it forces directors to think differently about the risks that may arise. Directors ultimately bear responsibility for the implementation of AI within a business. They have an obligation to assess the benefits of using AI systems and to consider what new liabilities may arise as a result. Directors are also ultimately responsible for ensuring compliance with laws and regulations, as well as whether the AI technology is being used in a responsible manner. 

An analogy of how a failure to properly consider new technology might lead to a claim against a director can be drawn with recent developments in general technology failures or cyber breaches. For example, a failure to implement and/or to control adequate security measures for the business’ own IT systems or its cloud service providers that leads to a hack, may lead to financial losses and reputational damage to the business. That may translate to claims or investigations that implicate directors and senior managers. 

One cautionary example of directors held accountable for a failure to properly consider an emerging risk is that of US retailer, Target. The directors had previously been advised to buy cyber insurance with a larger limit. However they decided against it. Subsequently, the company suffered a large-scale cyber-attack and the directors were found liable for a failure to arrange for sufficient insurance cover arising out of the loss. A similar failure by a director to consider the wider consequences of AI technology may lead to a claim against the director.

The one that got away?

Revaluating risk assessment
Where a claim is made against a director, they may benefit from cover under a Directors & Officers’ liability policy. At present, these policies are broadly drafted and would most likely extend to defend claims against directors relating to the use, or failure, of AI. We anticipate that, moving forward, insurers may scrutinise companies’ use of AI in evaluating risks in much the same way that boards’ analysis of cyber risk is now an underwriting focus, 

We anticipate insurers may also examine whether existing wordings provide wider cover for AI exposures than was originally anticipated, and whether this can be restricted through the appropriate use of exclusions or sub limits. This is similar to the issue facing many insurers on the “silent cyber” risk that recently drew the attention of Lloyd’s, whereby many of the non-cyber insurance policies reviewed were found to be picking up the risk of cyber claims.

As AI technology becomes more widespread, insurers may wish to consider specific wording to address the potential risks arising from the use of AI. 

The benefits of AI mean directors must be receptive to the changing landscape and be prepared to utilise technology in a business where appropriate. However, both they and insurers need to be aware of the possible increased level of risk faced by an uninformed director from the use of AI. That means thinking carefully about how the AI technology is deployed and the repercussions should it fail.