Why Every Business Needs an AI Risk Management Plan

Home » News » Why Every Business Needs an AI Risk Management Plan

AI is reshaping how businesses operate, but without an effective AI risk management plan, it can lead to an expensive mistake. 

Somewhere in your company, someone is using AI to get work done faster. Maybe it’s a report, research, presentation, or a client-facing document, but what happens when the document is entirely fabricated? In some cases, an AI hallucination or error could cost your business thousands of dollars. 

AI can build presentations or scan a thousand-page document in minutes. At the same time, it’s also capable of sounding completely right while being completely wrong. POWERS Insurance & Risk Management wants your business to be protected and have a risk management plan in place if AI tools cause a consequence. 

When AI Gets It Wrong: Two Law Firms Penalized

In May 2025, two prominent law firms, Ellis George LLP and K&L Gates LLP, learned how AI could be a $31,000 mistake. The firms collaborated on a case, Lacey v. State Farm General Insurance Company, and submitted a supplemental legal brief that appeared well-researched and professionally prepared. Turns out, nearly a third of the cited legal sources did not exist. Ellis George LLP later acknowledged using several AI tools to draft the brief, including Google Gemini, Westlaw Precision, and CoCounsel. 

The firm shared the document with K&L Gates LLP without disclosing the use of AI. Those citations were incorporated into the final filing without verification. A judge flagged suspicious citations and requested corrections, but the revised filing still contained six false references. The result was a $31,100 legal fee. 

More concerning, the firms were not using basic tools. They relied on professional-grade legal AI designed specifically for attorneys. Even then, the output was convincing enough to resemble legitimate case law. 

What is an AI Hallucination

An AI hallucination happens when a generative AI tool produces false information due to how it predicts language patterns. Large language models (LLMs) generate responses based on probability, not verified truth, which can lead to entirely fabricated outputs. 

AI hallucinations are becoming more common, mainly because more people are using AI. Courts have reported a steady increase in AI-generated errors since 2023. In another case, Mata v. Avianca, attorneys submitted a filing with entirely fictional case law and were later fined and required to issue formal apologies. 

AI Risk in My Business

Strip away the legal setting, and the underlying exposure applies to almost any company that uses AI to support decision-making. When businesses use AI to support work, responsibility still rests with leadership. D&Os using AI could be exposed to several points: 

  • If directors and officers do not disclose the extent to which AI is involved in making corporate decisions, it introduces legal liability.
  • D&Os can be seen as negligent if the AI fails in such a way that it introduces parties to make claims, such as discrimination and privacy violations.
  • If the AI is flawed and the directors or officers fail to address it, they can be liable for product liability.
  • AI can create flawed reports on behalf of directors and officers. This effectively means that the directors and officers misrepresented the information in those reports.
  • If an AI incidentally uses inside information from another company to set something like prices, this can lead to competition claims.
  • Errors and omissions (E&O) policies may limit or exclude coverage tied to AI-assisted professional services.

These concerns are relevant in industries like cannabis, construction, manufacturing, and hospitality, where accuracy and trust are foundational. A single unchecked output can trigger multiple layers of risk at once: legal, financial, reputational, and operational. 

Does Business Insurance Cover AI Mistakes

The short answer is that it depends on your policy, and typically, the answer is no. Many traditional commercial policies were written before AI became embedded in everyday operations. As a result, coverage for AI-related incidents has historically been unclear or “silent”. 

Insurance carriers are now responding to these exact exposures by tightening policy language and introducing AI-related exclusions. Here’s a breakdown by coverage type: 

  • Commercial General Liability (CGL): This was largely silent on AI before 2026. As of January 2026, the Insurance Services Office (ISO) introduced a generative AI exclusion endorsement. Since most carriers use ISO-based forms, those exclusions are spreading fast. Bodily injury, property damage, and personal injury claims tied to AI outputs are being cut out. 
  • E&O/Professional Liability: This is where the most aggressive exclusion activity is happening. Some insurers now restrict or eliminate coverage for losses tied to AI-assisted professional services. If a client sues because AI-generated advice or work product was wrong, you may not be covered. 
  • D&O: Tightening around AI governance failures and “AI-washing”, companies that overstate their AI capabilities to investors. If leadership fails to disclose how much AI is driving decisions, claims from that gap are increasingly excluded. 
  • Fidelity and Crime: AI-enabled fraud like deepfakes and business email compromise typically don’t qualify as “direct theft” under standard terms, so they’re excluded unless you’ve added a social engineering endorsement. 
  • Cyber: The exception. Most cyber policies still affirm AI-related losses from network intrusions, ransomware, and data breaches.  

AI creates a new challenge for businesses. You may believe you are covered, only to discover gaps when a claim arises. 

The law firm case highlights another critical issue. Even when insurance applies, it often does not cover court-ordered sanctions or fines, which leaves businesses exposed to out-of-pocket losses despite carrying coverage. 

Building a Risk Management Plan for AI

The good news is that most AI-related risk is manageable with the right controls in place. Here are practical safeguards that reduce the likelihood of costly mistakes: 

  • Verify all AI-generated outputs, especially in client-facing or regulated work
  • Establish clear internal policies that define acceptable and restricted use of AI
  • Train employees on how AI can fail, not just how it can help
  • Disclose AI usage transparently to clients and stakeholders
  • Implement governance structures that involve legal and IT leadership
  • Document how AI is used across the organization for both operational clarity and insurance purposes

Quick Answers

Does business insurance cover AI-related mistakes? Not as reliably as it used to. The more important question is whether your current policy was written before or after AI became part of your daily operations. 

Who is liable when a company’s AI makes a mistake? Often, the people who deployed it. Directors and officers can be responsible for failing to disclose or govern how AI gets used inside their organization. 

What should a business do first to manage AI risk? Inventory where AI is being used, put a verification step in front of any AI-generated output that affects a client, and have an insurance broker review current policies for AI-related exclusions or gaps. 

How POWERS Insurance & Risk Management Can Help Your Business

A risk management plan only goes so far without the right coverage behind it. POWERS Insurance & Risk Management reviews existing policies line by line, looking specifically for the AI exclusions and sublimits that have started showing up across the industry. POWERS Insurance can evaluate endorsements or standalone AI liability coverage built around how your business uses the technology. 

If your business is using AI in any capacity, ask yourself, are you protected if it gets something wrong? Contact POWERS Insurance to review your current coverage before it costs you. 

Related Research

Research & Insight Topics

Leading Advisors

Chris Sullivan

CLCS, PWCA

Commercial Practice Lader

Casey Parisoff

PWCA

Chief Surety Officer

JD Powers

CRM, PWCA, CLCS

Chief Executive Officer

Resources

Contact

Email Address
Risk Hub graphic 4
Call Text Email Service