The rise of AI and cyber threats has pushed executive insurance into uncharted territory. According to Bryant Baloloy (pictured), CEO of Diamond Head Specialty Underwriting, these evolving risks are now forcing underwriters to reassess how they measure exposure beyond the balance sheet.
“Executive liability underwriting is no longer just about underwriting financial statements,” Baloloy said. “It's about how the board and management... handle technology and cybersecurity, resilience and AI accountability as well.”
That shift isn’t theoretical. Since March 2020, there have been 53 AI-related securities class actions. Data breaches have triggered 35 such actions since January 2017. With two-thirds of Fortune 500 companies referencing AI in their 2024 10-K filings, the risks tied to public disclosure are rising fast.
“The representations that management and the board make, that's really what they're subject to,” he said. “Hopefully the statements that they make... are more of an under-promise and over-deliver rather than the converse.”
As AI becomes central to business operations, underwriters are paying close attention to how firms govern its use - examining board expertise, internal AI policies, and vendor oversight. While financial loss remains the foundation of any claim, Baloloy said D&O underwriting has moved firmly toward “governance-based” frameworks.
“In terms of solutions, it's really just the underwriters being more keen to these emerging risks,” he said.
Baloloy added that insurers have increasingly started excluding cyber-related breaches from D&O policies, pushing those risks into standalone cyber coverage. However, oversight and decision-making by management remain covered under D&O lines.
“So just in recognition of that, I think more and more you're seeing cyber exposures specifically carved out of D&O policies because really the actual threat, the data breach, that belongs on the cyber side of the house,” he said. “Now the management oversight, that's where you do have a little bit of an overlap.”
As executives incorporate AI tools into decision-making, a key question arises: if an AI-driven decision leads to shareholder loss, is the resulting litigation a cyber claim or a D&O matter? Or does it warrant its own category of coverage?
Baloloy pushed back on the need for standalone AI insurance at this stage. “I don't think the current landscape excludes what we're talking about here,” he said. “Until it does, I don't think there's a real market for it.”
Creating a separate AI product, he warned, could lead to adverse selection – particularly if some firms opt out of broader D&O coverage under the assumption that AI is their only risk. “In that case, you run the risk of adverse selection,” he said.
He also cautioned that unless exclusions are introduced into current policies, there's little incentive for the market to spin up a new product class. “It would be interesting though, because now you have a product that some insureds may opt to buy rather than traditional D&O insurance thinking that's their only exposure.”
If AI and cyber threats weren’t enough, regulatory volatility is only making things more complex. Baloloy described the pace of executive orders as unprecedented, citing a recent forum he attended: “There have been more executive orders issued in this administration alone – 198 in this administration alone, just this year, more than Biden's entire term.”
He linked this flurry of executive action to growing exposure under employment practices liability (EPL), particularly around discrimination, harassment, and retaliation. Baloloy referenced federal reversals on policies such as gender-based bathroom assignments and affirmative action - shifts that could put employers at risk of violating Title VII.
“So it does reverse things and you might have organizations that go to the extreme where they're actually violating Title 7,” he said. “That's where you have increased exposures.”
On the D&O side, the SEC’s rollback of NASDAQ board diversity rules – originally approved in 2021 and reversed in December 2024 – only added to the unpredictability. “It just goes to show the fluidity, literally from one end of the spectrum extremely to the other,” he said.
For insurers, simply transferring risk isn’t enough anymore. Successful carriers are stepping in to guide clients through the compliance minefield. “Insurers that are going to be successful are going to be those who help their clients to navigate that complexity, not just transfer the risk,” Baloloy said.
Post-hard market conditions have drawn a wave of new entrants into the D&O space - more than Baloloy has seen in three decades. That influx has triggered a race to innovate, not just compete on price.
“Insurers, program administrators, MGAs, the capacity providers – they just need to seek to be solution partners rather than just capacity providers,” he said.
That means investing in API-driven workflows, streamlining underwriting, and offering legal hotlines and governance-focused risk services. It also means pushing tech into the front and back ends of the business – distribution and decision-making alike.
“In today's market, differentiation isn't about being cheaper,” Baloloy said. “It's about being faster, smarter, more relevant to how businesses actually operate.”
