Listen to this post

A small but growing number of cyber insurers are incorporating language into their policies that specifically addresses risks from artificial intelligence (AI). The June 2025 issue of The Betterley Report’s Cyber/Privacy Market Survey identifies at least three insurers that are incorporating specific definitions or terms for AI. This raises an important question for policyholders: Does including specific language for AI in a coverage grant (or exclusion) change the terms of coverage offered?

To be sure, at present few cyber policies expressly address AI. Most insurers appear to be maintaining a “wait and see” approach; they are monitoring the risks posed by AI, but they have not revised their policies. Nevertheless, a few insurers have sought to reassure customers that coverage is available for AI-related events. One insurer has gone so far as to state that its policy “provides affirmative cover for cyber attacks that utilize AI, ensuring that the business is covered for any of the losses associated with such attacks.” To the extent that AI is simply one vector for a data breach or other cyber incident that would otherwise be an insured event, however, it is unclear whether adding AI-specific language expands coverage. On the other side of the coin, some insurers have sought to limit exposure by incorporating exclusions for certain AI events.   

To assess the impact of these changes, it is critical to ask: What does artificial intelligence even mean?

This is a difficult question to answer. The field of AI is vast and constantly evolving. AI can curate social media feeds, recommend shows and products to consumers, generate email auto-responses, and more. Banks use AI to detect fraud. Driving apps use it to predict traffic. Search engines use it to rank and recommend search results. AI pervades daily life and extends far beyond the chatbots and other generative AI tools that have been the focus of recent news and popular attention.

At a more technical level, AI also encompasses numerous nesting and overlapping subfields.  One major subfield, machine learning, encompasses techniques ranging from linear regression to decision trees. It also includes neural networks, which, when layered together, can be used to power the subfield of deep learning. Deep learning, in turn, is used by the subfield of generative AI. And generative AI itself can take different forms, such as large language models, diffusion models, generative adversarial networks, and neural radiance fields.

That may be why most insurers have been reluctant to define artificial intelligence. A policy could name certain concrete examples of AI applications, but it would likely miss many others, and it would risk falling behind as AI was adapted for other uses. The policy could provide a technical definition, but that could be similarly underinclusive and inflexible. Even referring to subsets such as “generative AI” could run into similar issues, given the complex techniques and applications for the technology.

The risk, of course, is that by not clearly defining artificial intelligence, a policy that grants or excludes coverage for AI could have different coverage consequences than either the insurer or insured expected. Policyholders should pay particular attention to provisions purporting to exclude loss or liability from AI risks, and consider what technologies are in use that could offer a basis to deny coverage for the loss. We will watch with interest cyber insurers’ approach to AI — will most continue to omit references to AI, or will more insurers expressly address AI in their policies?

Listen to this post

The hallmark of a claims-made liability policy is coverage exclusively for claims “first made” during the policy period, thus limiting the insurer’s risk to new claims asserted against the policyholder during a finite time period. Insurers further reduce their risk by “deeming” related claims to be a single claim made on the earliest date the first claim was made, rather than multiple claims that could reach the policy’s aggregate limit.  

These deemer clauses typically appear in the policy’s “general conditions” section in provisions explaining retentions or limits of liability, with variations of wording such as: 

More than one Claim involving the same or related Wrongful Acts shall be a single Claim, and only one Retention and Limit of Liability shall apply. All such Claims shall be deemed to have been made on the earlier of: (1) the earliest date on which any such Claim was first made; or (2) the earliest date on which any such Wrongful Act was reported under this Policy.

Most deemer clauses are reasonably interpreted as applying to related claims within the policy period – a reading that benefits the insurer by capping related claims to one policy limit as intended, provides value to the policyholder in return for the payment of premium, and comports with the signature characteristic of a claims-made policy. 

Unfortunately, some insurers unfairly attempt to convert deemer clauses into hidden coverage exclusions. They contend that a new claim relates to a prior claim made before the policy period and is therefore not covered. If the policyholder procured prior coverage from a different insurer, the current insurer argues that prior insurer is liable. If the current policy is a renewal and the policyholder did not timely provide notice of the prior claim, the insurer argues that all coverage for the new claim is forfeited due to the failure to timely report the so-called prior claim.

This argument is a perversion of the very nature of claims-made policies, often requiring the insurer to resort to semantic gamesmanship with no sound basis in the policy wording or structure. Under most claims-made insuring agreements, the new claim was “first made” during the current policy period because it did not exist during the prior policy period, related or not. Similarly, the policy definition of “claim” focuses on commencement of new legal processes.

Most claims-made policies exclude coverage for prior acts and prior and pending litigation before a designated date. These exclusions further evidence that deemer clauses were never intended to operate as coverage exclusions. Likewise, insurers can require policyholders applying for new or renewal coverage to list recent claims in policy applications prior to issuing coverage. If insurers intend to exclude new claims related to the listed claims, they should be required to say so.

While it’s always a best practice to promptly provide notice of claims to insurers – and have a regular protocol for doing so in place – policyholders may have valid practical reasons for declining to give notice. Deeming related claims to be a single claim does not ipso facto mean that the new claim falls within a prior policy period or that coverage is unavailable under the current policy. Policyholders can address this issue on the front end by asking the insurer to clarify whether an unreported claim could preclude coverage for a similar claim under a subsequent claims-made policy.  

Listen to this post

This is the second in a series of articles addressing critical issues in risk management and insurance for skilled nursing facilities.

How much insurance does my organization need? This conundrum impacts policyholders from small businesses needing single policies to Fortune 500 companies placing complex, multimillion-dollar insurance towers. For owners and operators of skilled nursing facilities, deciding on the right limits of liability insurance is not just a question of evaluating and balancing the risk of third-party claims to your organization – it can be a question of statutory compliance as well.

While many states do not require nursing facilities to maintain minimum levels of liability insurance, those states that do can pose serious regulatory risks to unwary policyholders. For example, in Virginia, certified nursing facilities must maintain minimum general liability insurance limits of $1 million and minimum professional liability limits of $2.65 million (VA ST § 32.1-127). The required professional liability limits increase every year, and by 2030 certified nursing facilities must maintain $2.95 million in limits (VA ST § 8.01-581.15). Failure to maintain these limits can lead to revocation of the facility’s license (VA ST § 32.1-127). Pennsylvania’s complicated statutory scheme of minimum professional liability insurance for non-hospital healthcare providers ranges up to $1 million in minimum per-occurrence limits and $3 million in aggregate limits (40 P.S. § 1303.711). Failure to submit proof of proper insurance can lead to license suspension or revocation. In Colorado, a condition of active licensure for healthcare institutions is maintenance of $500,000 per occurrence and $3 million in aggregate limits (C.R.S.A. § 13-64-301). 

Because minimum liability limits in the healthcare industry are not standardized, identifying the applicable statute may not be simple. For example, the Virginia law is found in the Virginia health code, the Pennsylvania law is found in the Pennsylvania insurance code, and the Colorado law is part of the “Health Care Availability Act” – which is itself part of Colorado’s “Court and Court Procedure” statutory scheme. 

A facility may only discover a failure to comply with regulatory limits when facing a serious liability claim. In that case, the insured may find itself fighting on two or even three fronts – with the underlying claimant to resolve the case, with its insurance company to fight for additional coverage, and potentially with the state to prevent or minimize regulatory consequences.

Because of the potential complexity of compliance and the consequences for noncompliance, insureds should ensure they are complying with minimum liability limits. This includes confirming with their brokers that current policies comply with applicable minimum limits in the states where they operate facilities. If the answer is no, the insured should seek an immediate and retroactive endorsement that complies with state requirements. At renewal, insureds should work with their broker and legal counsel to ensure continuing compliance. The correct solution will depend on the risk management strategy and goals of the policyholder, as well as the organizational structure. For example, policyholders operating numerous facilities may form LLCs for each facility and purchase insurance for each LLC. Others may insure numerous facilities under a master policy.

Insureds operating facilities across numerous states could choose among the following potential options when procuring liability coverage to ensure compliance with minimum limit requirements:

  • A separate policy for each facility providing the minimum limits required for the state where that facility is located;
  • A separate policy for each state where the policyholder operates that provides the requisite minimum limits for each facility in that state;
  • A master policy with separate endorsements amending the policy limits by location; or
  • A master policy providing the highest minimum limits of all states where the policyholder operates.

Operating a skilled nursing facility requires complying with a dizzying array of statutes and regulations. Ensuring that your facilities procure the required insurance limits may be simple by comparison, but it is a crucial step in ensuring protection from both third-party claims and regulatory compliance risk.