APAC getting left behind on silent AI risk protections  

It’s the conversation that every broker dreads.  

The call from an unhappy client demanding to know why they were not covered for a major risk.  

Yet this could soon be happening across the APAC region amid one of the fastest evolving cyber challenges: silent artificial intelligence risk.   

While Europe and the US are starting to address this protection gap with new products, APAC risks falling behind.  

Now a major discussion is taking place over how to address the challenge before costly incidents start piling up.   

Defining silent AI risk   

“We are a bit behind Europe, but I think that generally, insurers are beginning to think about Silent AI risks.”  

Nicholas Blackmore

Lawyer at Kennedys

Silent AI risk refers to the hidden risks of AI that insurance policies may not explicitly cover.   

While the risks of malicious actors using AI to target individuals and companies are well understood, insurance coverage is far less clear for software firms that develop problematic or malfunctioning AI for others to use.   

Uncertainty also surrounds the extent of cover for businesses deploying AI—for example, a financial services firm using an off-the-shelf model—that may face liability if the technology fails or causes harm.  

Nicholas Blackmore, a lawyer at Kennedys specialising in data privacy and cyber insurance law, is one of a handful of APAC’s recognised experts on this emerging risk field.   

Blackmore defines the silent AI risk into a few broad categories.  There is quality of output – hallucination, bias, lack of transparency.  Then there are privacy and security risks around these tools.  Finally, there is copyright infringement, which is likely to come more into focus amid the escalating power of generative AI. 

The issue is that clients may find themselves with a patchwork of insurance policies covering these AI risks, rather than one specific standalone policy.  

This could lead to gaps in cover.  The best a client can hope for is that the AI risk is covered in their current policies.  

Copyright infringement could be covered under media liability or intellectual property policies.  Data and security AI risk, by cyber insurance or data privacy insurance.  

Blackmore highlights ‘output risks’ as one that needs a sharp focus.   

He notes: “That’s probably the most interesting area where I suppose, to some extent, lawyers and all services firms are using software products and research tools and that sort of thing to provide their services.   

 ”And I guess this is just one more type of software, but it’s one that poses unique risks in that area. It’s one that we’re certainly talking to insurers about. The need to think about the risks that this poses, particularly when they’re writing PI (professional indemnity) policies.”  

New products   

Sensing there is a protection gap, fleet-footed insurtechs and forward-thinking (re)insurers are releasing products to help clients.  

In April, Lloyd’s insurer Chaucer and insurtech Armilla released a groundbreaking third-party liability standalone product. It targets the mechanical underperformance of AI systems and models, and their related exposures.  

In June, Bermudian start-up Relm released three AI liability solutions. They cover a wide range of AI silent risks, everything from intellectual copyright infringement to regulation liability, and even bodily injury.   

Hiscox has rewritten its technology professional indemnity policy, unveiled in May, claiming it is the ‘first in the UK to grant clear, affirmative cover for AI-related claims’.  

These products are offered in either Europe or US, but not yet in APAC. This begs the question whether the region is getting left behind.  

Even if these innovative insurance companies wanted to release AI specific products to APAC, there are likely to be hurdles.   

One APAC trading broker, giving some on background context to (Re)in Asia, said: “These existing AI products we are seeing are designed to be written on an insurance basis, and whilst they can be converted to a “re” position, the intent is to sit at the side of the risk which can make them somewhat more challenging for the region, especially with the various non-admitted requirements.”  

In Australia, generally one of the leading countries in APAC when it comes to insurance innovation, there is a sense that Europe and the US are ahead.  

Blackmore observes: “We are a bit behind Europe, but I think that generally, insurers are beginning to think about Silent AI risks.”  

Standalone debate   

While APAC is lacking these newly emerging specific AI products coming to market in Europe and US, brokers and insurers might plug any protection gap holes with existing policies.  

Howden International’s head of cyber, Jean Bayon de la Tour, says:  “There is always a temptation to see a business opportunity for insurers there, but we need to take care.   

“Does the insured end up paying for cover twice? Are we avoiding disputes and finger-pointing between policies in the event of an incident, particularly if the AI market suffers significant losses?   

“There is always a temptation to see a business opportunity for insurers there, but we need to take care.”

Head of Cyber at Howden International

Jean Bayon de la Tour

“There may be gaps where AI standalone policies are relevant. But much of the exposure is already covered under existing technology E&O or financial lines policies, for example. Those are also being amended to provide specific coverage – for example, for data poisoning attacks.  

“So, the risks and current policies of each client need to be carefully considered, rather than one single solution always being the way forward.”  

APAC regulation   

The good news for brokers and (re)insurers is that APAC is evolving its AI regulation and legislation. Across APAC, governments are tightening AI oversight through new or draft laws in China, South Korea, Thailand, Vietnam, Australia, and Singapore.   

These rules emphasise accountability, transparency, and human oversight, setting clearer liability standards for AI failures.   

For insurers, that means less ambiguity about what constitutes negligence.   

These frameworks will play a crucial role in shaping underwriting, exclusions, and the pricing of operational and liability cover. Singapore, for example, has created guidelines and voluntary frameworks.  

This can help companies understand model AI governance. Insurers could expect clients to follow them, otherwise face exclusions or tightened underwriting.  

Blackmore summarises: “More broadly, I’m sure Australia, Singapore, and Hong Kong tend to lead the way on these things in Asia. But then there’s a wide range of jurisdictions in Asia, some of which will take a lot longer.” 

Future development  

Perhaps the biggest barrier of all in addressing these AI risks is the lack of historical data and standard definitions.   

Recent reports highlighted how software giant Open AI was only able to secure US$300m cover for AI-related risks as insurers baulked at the prospect of claims that could run into billions of dollars.    

However, optimism runs deep that the insurance industry can tackle the silent AI challenge.   

Blackmore notes the similarities with cyber insurance cover, reflecting: “That’s taken 15 or so years to get to that position, and probably with AI risks, I would imagine it will develop in a similar way, that insurers will start to deal with it in various ways, and we’ll gradually sort of look at each other’s examples and perhaps coalesce into common structures, common ways of dealing with it.”  

Bayon de la Tour is even more upbeat, concluding: “I think that’s exactly what clients expect: for us to see a business need and then build a product, just like with D&O 50 years ago.   

“The premium needed to sustain a market, covering that risk can then be refined as the data develops. It may mean the market is a little bumpy to begin with, but it’s a challenge that the insurance industry has navigated before.”