As emerging technologies reshape how companies operate, brokers are under pressure to understand and mitigate a fast-evolving risk landscape.
According to Matt Clayton, head of technology professional risk at Tokio Marine HCC, the biggest risks tech clients face often have little to do with the technology itself. “One of the trends I see a lot is the increased volume of Software as a Service risk, but the interesting thing is that they appear like technology risks on the tin because they produce software... but what they're actually doing is providing a more traditional service,” he said. Take accountancy software, for example: “As an insurer, we see that as being an accountancy risk, but it's delivered through technology,” he said.
For brokers, misclassification can mean clients end up with inadequate or misaligned protection. But the solution isn’t becoming a tech expert. “Brokers just need to ask three key questions: What do they do? Who do they do it for? And how is it delivered?”
Clayton noted that AI doesn’t always change the product itself - so the risk might not be where people expect. “Technology companies will use AI to improve a process or make their data analysis easier,” he said. “In terms of what they produce as output to their customers, it's not really impacting it. It's making their jobs a bit easier.”
For brokers, this means distinguishing between tools that streamline internal operations and those that materially alter client-facing services, “Our biggest concern is actually on our media book - that’s where we see heavy content-led risk,” Clayton said. According to ArentFox Schiff’s report, by the end of 2024, there were nearly 30 active lawsuits in the US alone alleging that AI developers violated copyright law by using protected content to train their models without proper rights or by removing copyright management information.
Clayton explained that reframing risk should go hand-in-hand with reassessing insurance cover. Cyber incidents, for example, do not always pay out as expected: “Other markets may have clauses down deep in their wording that will say we will treat any incident as one loss across the whole policy. But if they've got five million written for cyber and five million for PI, because they've got this clause in, they're only going to pay out a total of five million rather than it doubling up.” Clayton argued that several important cyber coverages are not always included in policies. “So, for example, crime is a really prominent cover of a cyber policy that is not included as standard for a lot of markets,” he said. “There's a cover called dependent business interruption, an optional extra often not included. And there's another key cover called operational error, which is often an exclusion.”
Critical covers brokers may need to consider include:
Clayton believes that many clients are still unaware of the cyber risks. Speaking on cyber uptake, he said: “Until recently, uptake ranged from 20% to 60%, but I spoke to someone last week who said only 5% of their customer base buys cyber cover,” Clayton noted. “Even among those who push it consistently, the mindset of ‘it won’t happen to me’ is still common.”
Clayton believes that brokers can help change the narrative by explaining to clients what will happen if they do not have cyber coverage and a cyber event occurs. He argued that “education is going to be key”, as well as informing clients on the complexity of dealing with a cyber incident.
