Insurers Cap AI Risks: New Limits on Cyber Payouts

Insurers are establishing new limitations on payouts for cyber losses and regulatory fines stemming from AI use, reflecting a swift industry reaction to escalating technology risks. QBE and Beazley are among the groups exploring policy language to cap payouts specifically for AI-induced damages.

QBE has introduced "sublimits" for LLMjacking events, a cyber threat targeting large language models. For instance, a policy with a $5 million limit might only cover $250,000 for LLMjacking losses. Beazley is also developing contractual terms to limit exposure to regulatory breaches connected to AI.

These proposed changes aim to define coverage for AI-related risks. However, policy buyers express concern that these new stipulations could reduce overall protection for various emerging AI threats beyond specific incidents like LLMjacking. The sublimits could restrict specific AI losses to roughly 10% of the total policy value.

While Beazley stated these changes are under development and not yet applied to active policies, QBE asserts it is not withdrawing from AI risks. They maintain that developments enhance protection for specific exposures rather than narrow core coverage, ensuring conventional cyber incidents driven by AI remain fully covered.

Criminals are increasingly exploiting costly computing resources by avoiding usage fees, a trend that LLMjacking exemplifies. This is one of many evolving risks companies face as AI deployment grows, alongside concerns like AI "hallucinations." Some anticipate insurers may eventually offer AI coverage as a distinct cyber security product line, similar to how dedicated cyber policies emerged previously.