AI Liability Emerges as “New Cyber” Risk for SMEs, HSB Says

A distinct liability risk is emerging as small and mid-sized businesses expand their use of artificial intelligence, while insurance coverage and underwriting standards remain underdeveloped, according to a report by Insurance Business America.

HSB - Hartford Steam Boiler, part of Munich Re, identified growing AI-related exposure across the SME segment. Internal data shows 74% of small businesses already use AI tools, with 91% expecting near-term adoption.

Timothy Zeilman, Global Head of Product Ownership at HSB, said the pattern resembles the early stages of cyber risk, when usage expanded faster than insurers could define and price exposure.

“We’re seeing the same pattern we saw with cyber 15 or 20 years ago,” Zeilman said to Insurance Business America.

“Adoption is happening very quickly, but the understanding of how that translates into insured risk is still catching up.”

Comparable gaps are already visible in other sectors, where AI systems are introduced into operational workflows before consistent validation standards are established

AI exposure sits inside existing policies

AI-related risks currently sit inside established insurance lines, including professional liability, directors and officers (D&O), and general liability policies. In many cases, these exposures were not explicitly considered when policies were designed or priced, leaving uncertainty around how coverage applies.

“In many cases, these risks weren’t contemplated when policies were written or priced,” Zeilman said. “But in the absence of exclusions, they may still be picked up by those policies.”

This creates a period where insurers may carry exposure that is not fully priced, while policyholders operate without clear confirmation of coverage. Similar operational gaps have already produced downstream financial risk in systems where data quality and workflow fragmentation are not fully addressed.

That uncertainty is beginning to narrow. The Insurance Services Office introduced AI-related exclusions at the start of 2026, requiring insurers to define coverage boundaries more explicitly. As these exclusions are adopted, previously implicit coverage is being removed, creating potential gaps for businesses relying on AI systems.

HSB has introduced an AI liability insurance product designed to provide explicit coverage for AI-related incidents, including bodily injury, property damage, and personal or advertising injury.

Non-physical risks lead early claims outlook

Early indicators show that most AI-related claims are likely to center on non-physical risks. These include intellectual property infringement, defamation, and misuse of personal data, particularly where businesses deploy generative AI tools in marketing and customer-facing functions.

“It’s very easy for a business to publish something generated by AI without realizing it contains infringing or problematic content,” Zeilman said.

Reputational harm is closely linked to these risks, especially when AI systems produce inaccurate or misleading outputs. As AI systems move further into operational workflows, including decision support and customer interaction, exposure increases alongside usage.

Physical risks remain less common but are developing as AI systems connect to real-world environments such as robotics, automation, and smart infrastructure. These scenarios include equipment failures, incorrect automated decisions, and safety risks in systems such as security or fire detection.

Liability is also extending beyond AI developers to the businesses deploying these systems. Companies using AI-powered tools may share responsibility when outputs lead to harm or legal exposure.

“If a company is deploying an AI-powered chatbot or using AI-generated content, they may share liability if something goes wrong,” Zeilman said.

From an underwriting standpoint, insurers can begin to estimate the severity of potential losses, particularly for reputational and intellectual property claims. However, the frequency of such events remains unclear, limiting the ability to model risk with precision.