Artificial intelligence failures are no longer theoretical risk scenarios. They are happening in Australian businesses and government agencies right now, generating regulatory investigations, client claims, financial losses, and reputational damage that existing insurance policies were often not designed to address.

A 2025 Ernst and Young survey of 975 businesses found that 99 percent had suffered financial losses from AI-related risks. Nearly two thirds of those businesses reported losses exceeding one million dollars. These are not all technology companies. They are professional services firms, consulting practices, government contractors, and ordinary businesses using AI tools they did not fully understand the risk profile of.

This article covers five verified AI incidents, what each cost the businesses and individuals involved, and what type of insurance may be relevant to each scenario. All incidents cited are drawn from publicly reported sources. Data from Coalition's 2026 Cyber Claims Report, published March 2026 and based on over 100,000 policyholders including Australian businesses, is referenced throughout.

The AI Insurance Gap: What the 2026 Data Shows

Before the case studies, it is worth understanding what insurers are actually seeing in claims data. Coalition's 2026 Cyber Claims Report, the most detailed claims dataset available, drawing on over 100,000 policyholders across Australia, the US, Canada, the UK, and Germany, provides the clearest picture of how AI-related risks are showing up in insurance claims.

5% of all web privacy claims in 2025 cited chatbot-related conduct (Coalition 2025 report)

58% of all cyber incidents were business email compromise or funds transfer fraud, increasingly AI-enabled (Coalition 2026)

$269,000 average loss for a ransomware claim in 2025, up as AI-powered attack tools lowered the barrier for attackers (Coalition 2026)

‍47% surge in initial ransom demands in 2025 as AI-assisted ransomware-as-a-service made sophisticated attacks more accessible (Coalition 2026)

86% of businesses targeted by ransomware in 2025 refused to pay. A record high, driven by improved backups and insurer-supported negotiation (Coalition 2026)

Coalition launched explicit deepfake endorsement coverage in December 2025, available in Australia, covering forensic analysis, legal takedown support, and crisis communications when deepfake incidents cause reputational harm. This product launch is itself evidence that the AI liability gap in standard cyber policies is real and recognised by insurers.

For the full picture on cyber liability insurance, including what triggers a claim and how standard policies respond to AI-related incidents, the cyber liability insurance guide for Australian businesses covers this in detail.

Case 1: AI Hallucination in a Government Report

Australia, 2025. Source: Lockton Australia / Minter Ellison, October 2025

In July 2025, a government department published a report produced by a major consulting firm using Azure OpenAI. In October 2025, a Sydney University researcher identified that the report contained non-existent references and fabricated court quotes. A revised version was published. The consulting firm stated that their use of AI had been disclosed and that the conclusions did not change when the errors were corrected. The client received a partial refund.

Impact on the business

The consulting firm faced reputational damage, the cost of producing a corrected report, and a partial refund to the client. The incident was covered by Australian media. For a professional services firm whose value proposition is accuracy and reliability, a publicised AI hallucination episode carries long-term client trust consequences beyond the immediate financial cost.

Impact on consumers and stakeholders

Stakeholders and decision-makers who received the original report and relied on it in the period before the error was identified made decisions based on fabricated references. In a government context, that can include policy decisions, resource allocation, and advice to ministers or agencies.

What insurance may be relevant

Professional indemnity insurance may help cover claims arising from errors or omissions in professional services, including those caused by AI-generated outputs, subject to policy terms. Whether a specific policy responds to AI hallucination errors depends entirely on the policy wording. Some policies now include AI-specific exclusions. Confirming whether AI-assisted outputs are covered is worth doing before an incident occurs. upcover arranges technology professional indemnity insurance for consulting and professional services businesses. See the Tech Professional Indemnity Insurance page for what is available.

Case 2: Sensitive Government Data Uploaded to a Public AI Tool

Australia, October 2025. Source: Lockton Australia, October 2025

A contractor working for a New South Wales government department uploaded a spreadsheet containing thousands of rows of sensitive flood victim data directly into ChatGPT. The incident constituted a significant privacy breach. The data included the personal information of private citizens who had been affected by natural disaster.

Impact on the business

The government department faced a regulatory investigation. The contractor faced exposure to Privacy Act liability, possible termination of the contract, and personal financial risk depending on their indemnity arrangements with the department. Lockton Australia identified this as a primary example of AI governance failure creating professional liability exposure.

Impact on consumers and stakeholders

Flood victims whose personal information was uploaded to a commercial AI platform had their data processed by a system they had not consented to. Under the Privacy Act 1988 and the POLA Act 2024 statutory tort, which came into effect in June 2025, affected individuals now have the right to sue directly for serious privacy invasions without relying solely on an OAIC complaint.

What insurance may be relevant

Cyber insurance may help cover the costs of a data breach investigation, regulatory response, and notification to affected individuals, subject to policy terms. Professional indemnity may help cover claims arising from the contractor's breach of duty, subject to policy terms. For any contractor or sole trader handling personal data for government or corporate clients, both cover types working together address the full liability exposure this type of incident creates.

The relationship between cyber liability and professional indemnity for IT professionals and contractors, and why a combined policy can prevent claim gaps, is explained in the IT liability insurance guide.

Case 3: Algorithmic Bias in AI-Assisted Recruitment

Australia, 2021 and ongoing. Source: AHRC Human Rights and Technology Discussion Paper 2021

In 2021, the Australian Human Rights Commission published its landmark Human Rights and Technology discussion paper, flagging serious concerns about the use of automated decision-making tools in recruitment across Australian businesses and public sector agencies. The paper identified documented cases of AI-driven hiring platforms producing outcomes that disadvantaged applicants based on protected characteristics including gender, age, and disability status.

Since that paper, Australian regulators including the AHRC have continued monitoring AI use in employment decisions. There have been reports of applicants being unfairly excluded from job opportunities by AI screening tools, with the affected applicants having no visibility into how the AI reached its decision or what criteria it applied.

Impact on the business

Businesses using AI hiring tools face potential discrimination claims under the Age Discrimination Act 2004, Sex Discrimination Act 1984, and Disability Discrimination Act 1992 if an AI screening system produces outcomes that disproportionately disadvantage protected groups. Regulatory action from the AHRC, legal defence costs, and reputational exposure are all real financial consequences. The EU AI Act, relevant for Australian businesses whose AI products are deployed in European markets, classifies AI systems used in employment decisions as high-risk, requiring conformity assessments and transparency obligations.

Impact on consumers and stakeholders

Job applicants excluded by an AI screening tool with no transparency into the decision have limited recourse. They do not know whether they were screened out by a legitimate skills assessment or by a biased algorithm. The AHRC paper found that the lack of explainability in AI hiring tools makes it effectively impossible for affected individuals to challenge decisions or understand whether their rights were breached.

What insurance may be relevant

Technology errors and omissions insurance may help cover claims arising from AI systems failing to perform as specified or producing outcomes that generate legal liability, subject to policy terms. For businesses building or deploying AI hiring tools, professional indemnity and technology E&O are the primary cover types. For businesses using third-party AI recruitment tools that produce discriminatory outcomes, the question of whether liability sits with the platform provider or the employer using it is a genuine legal uncertainty that has not been fully resolved in Australian courts.

Case 4: Deepfake Fraud in a Corporate Environment

International, 2024. Source: multiple news outlets, widely reported

In 2024, an employee of multinational engineering and consulting firm Arup was deceived into authorising a significant financial transfer after participating in a video call in which the other participants were deepfake recreations of the employee's senior colleagues. The deepfake recreations were convincing enough that the employee did not identify them as fraudulent during the call. The financial loss was substantial.

This is the most significant documented case of deepfake-enabled business email compromise globally and set a precedent for how AI-assisted fraud can bypass controls that rely on visual or voice verification of identity.

Impact on the business

Arup absorbed a significant financial loss. The incident demonstrated that even large, sophisticated businesses with strong security practices are vulnerable to deepfake social engineering when the attack is sufficiently well-prepared. The reputational consequences of publicised deepfake fraud are considerable, as they signal to clients and partners that internal controls failed.

Impact on consumers and stakeholders

For Arup's clients and the broader market, the incident was a signal that standard identity verification methods are no longer sufficient when interacting with high-value contacts. The case accelerated adoption of out-of-band verification protocols and changed how businesses approach video-based authorisation for financial transactions.

What insurance may be relevant

Coalition launched explicit deepfake endorsement coverage in December 2025, now available in Australian markets, covering forensic analysis, legal support for takedown, and crisis communications when deepfake incidents cause financial or reputational harm. Cyber insurance with specific social engineering and funds transfer fraud coverage may help cover losses from deepfake-enabled financial fraud, subject to policy terms. Standard cyber policies vary significantly in how they treat social engineering losses. Coalition's 2026 Cyber Claims Report data shows $21.8 million in stolen funds was recovered across its policyholders in 2025, with an average recovery of $202,000 per incident, highlighting that fast reporting significantly improves recovery prospects.

For businesses operating in technology-intensive environments, the AI startup and technology business insurance guide covers the specific AI risk gaps that standard policies commonly exclude.

Case 5: Chatbot Liability: When AI Promises the Wrong Thing

International, 2024. Source: publicly reported legal case, Coalition 2025 data

Air Canada's AI chatbot incorrectly told a passenger that a bereavement discount fare was available and could be applied retrospectively. When Air Canada attempted to disclaim liability for the chatbot's statement, the Canadian Civil Resolution Tribunal ruled that Air Canada was responsible for the information provided by its own AI tool and ordered the airline to honour the discount.

This case established a significant precedent: a business is liable for what its AI chatbot tells customers, regardless of disclaimers. The ruling directly contradicts the position that chatbot errors are technical issues rather than corporate commitments.

Impact on the business

Air Canada was ordered to pay compensation and faced significant reputational damage from the widely reported ruling. The broader commercial implication was that any business operating an AI chatbot that makes representations to customers is exposed to liability for those representations. Coalition's 2025 report data identified chatbots in 5 percent of all web privacy claims, specifically citing that chatbot-related claims alleged interception of communications without consent. As chatbot adoption grows, so does this exposure.

Impact on consumers and stakeholders

Consumers received incorrect information from an AI tool and initially had no recourse, requiring legal proceedings to force the business to honour what its AI had said. The case highlighted that consumers interacting with AI tools have no way of knowing whether the AI's statements are accurate, and that obtaining remedy when they are not can require significant effort.

What insurance may be relevant

Technology errors and omissions insurance may help cover claims arising from an AI tool providing incorrect information that a customer relied on, subject to policy terms. Cyber insurance may also be relevant where chatbot errors result in data exposure or privacy breaches. Any business deploying a customer-facing AI tool should review its current policy to confirm whether chatbot errors and omissions are explicitly covered or excluded.

What These Cases Show About the AI Insurance Gap

Across all five cases, a consistent pattern emerges. The AI-related incidents that generated legal and financial consequences were not exotic or rare failure modes. They were ordinary uses of AI tools where the output was incorrect, the data governance was inadequate, the automated decision was discriminatory, or the interaction was manipulated by an attacker. In each case, the business had likely not reviewed whether its existing insurance coverage addressed the specific scenario.

The insurance industry is responding. Coalition's addition of deepfake coverage in December 2025 is one example. Munich Re, Chubb, and other major insurers have launched or expanded AI-specific coverage extensions in 2025 and 2026. But the default position for most existing cyber and professional indemnity policies is that AI-related errors are not explicitly included and may fall into an exclusion gap.

Three questions worth asking about your current policy:

• Does the policy specifically address AI-generated outputs, hallucinations, or errors as covered events, or are they excluded?
• If you use a third-party AI tool and that tool causes harm to a client, does your professional indemnity respond, or does liability rest with the tool provider?
• Does your cyber insurance cover deepfake-enabled social engineering and funds transfer fraud, or only traditional cyberattack vectors?

About upcover

upcover is a digital-first insurance broker helping Australian businesses arrange cyber insurance, technology professional indemnity, and AI business insurance quickly and online. upcover arranges business insurance for technology companies, AI startups, professional services firms, and contractors across Australia.

• 70,000+ businesses covered across Australia.
• 4.9/5 customer rating.
• Instant Certificate of Currency on policy confirmation.

upcover arranges cyber insurance, technology professional indemnity, and AI-related business insurance for Australian businesses. For technology companies, AI startups, and businesses whose services involve AI tools, understanding what is covered before an incident is the right moment to review. The upcover page for technology and AI startups covers the specific policies available for AI businesses and tech startups in Australia.

Get an instant quote at upcover

Frequently Asked Questions

What is AI insurance in Australia?

AI insurance refers to insurance policies that may cover claims arising from artificial intelligence-related errors, failures, and incidents. There is no single standardised product called AI insurance. Cover typically comes from a combination of cyber insurance (for data breaches and AI-enabled cyberattacks), technology professional indemnity (for errors in AI services or outputs), and technology errors and omissions insurance (for AI systems failing to perform as specified). Coverage for specific AI incidents depends entirely on the wording of the individual policy.

Do standard cyber insurance policies cover AI-related incidents?

Not automatically. Standard cyber insurance policies were designed before AI became embedded in business operations and many do not explicitly address AI hallucinations, algorithmic errors, or AI-enabled fraud. Some policies may include these events under existing coverage categories depending on how the claim is framed. Others may exclude AI-related errors explicitly. Coalition launched specific deepfake endorsement coverage in December 2025, available in Australia, indicating that dedicated AI coverage is a distinct addition to standard cyber policies, not an assumption.

What AI insurance do Australian businesses need?

The appropriate cover depends on how AI is used in the business. Businesses using AI tools to produce client work, including consulting, advisory, and content, commonly hold professional indemnity insurance that addresses AI-generated outputs, subject to individual policy wording. Businesses deploying customer-facing AI tools such as chatbots commonly hold technology errors and omissions cover. Businesses processing sensitive data through AI systems commonly hold cyber insurance with strong data breach provisions, subject to policy terms. AI product developers and startups typically hold technology professional indemnity and management liability cover. The AI startup insurance guide at upcover covers this in more detail.

Is a business liable for errors made by its AI chatbot?

Yes, based on the Air Canada civil tribunal ruling in 2024. The tribunal held that Air Canada was liable for incorrect information provided by its AI chatbot, regardless of disclaimers. The ruling established that a business is responsible for what its AI tools say to customers. Coalition's 2025 data found that chatbots were cited in 5 percent of web privacy claims, suggesting chatbot-related liability is already generating insurance claims at scale.

What does Coalition's 2026 Cyber Claims Report say about AI risks?

Coalition's 2026 Cyber Claims Report, based on data from over 100,000 policyholders, shows that AI-enabled attacks are increasing in sophistication and frequency. BEC and funds transfer fraud, increasingly assisted by AI social engineering tools, accounted for 58 percent of all cyber incidents in 2025. Initial ransomware demands rose 47 percent as AI-powered ransomware-as-a-service tools lowered the attack barrier. Coalition also launched deepfake-specific endorsement coverage in December 2025, now available in Australia, directly addressing an AI-specific gap in standard cyber policies.

What are the most significant AI insurance case studies in Australia?

The most significant verified AI incidents in Australia to date include a NSW government department contractor uploading sensitive flood victim data to ChatGPT (2025), a major consulting firm producing a government report containing AI-generated fabricated references (2025), and the Australian Human Rights Commission identifying documented cases of algorithmic bias in AI-driven recruitment tools (2021 and ongoing). Internationally, the Air Canada chatbot case established that businesses are liable for what their AI tools tell customers, and the Arup deepfake fraud case showed how AI-enabled social engineering can bypass standard verification controls. Each of these incidents has clear insurance implications for professional indemnity, cyber, and technology errors and omissions cover.

What should Australian businesses check in their current policies for AI risks?

Three specific checks are worth making. First, whether the policy explicitly covers AI-generated outputs, hallucinations, and errors as covered events or excludes them. Second, whether liability for harm caused by a third-party AI tool used in delivering your services falls under your professional indemnity or sits with the tool provider. Third, whether your cyber policy specifically covers deepfake-enabled fraud and AI-assisted social engineering, or only traditional cyberattack vectors. upcover arranges business insurance for Australian companies using or building AI tools.

‍

_{The information in this article is general in nature and provided for informational purposes only. It does not constitute personal advice on the insurance products or coverage levels appropriate for your business. Case studies and incidents cited in this article are drawn from publicly available sources including Coalition's 2026 Cyber Claims Report (March 2026), EY's 2025 AI Risk Survey, Lockton Australia (October 2025), the IAPP (January 2026), Minter Ellison (October 2025), and the Australian Human Rights Commission's Human Rights and Technology Discussion Paper (2021). Data accuracy reflects the source publications as of the dates noted. The insurance information has been prepared without taking into account your individual needs, objectives or financial situation. It should not be relied upon as personal advice. All insurance products arranged through upcover are subject to the terms, conditions, limits and exclusions contained in the relevant policy wording and Product Disclosure Statement. Coverage for any specific incident depends on the terms of the individual policy. Before deciding whether a particular insurance product is right for you, please read the relevant PDS and consider your personal circumstances. upcover Pty Ltd ABN 17 628 197 437 is a Corporate Authorised Representative (CAR 1299211) of Experience Insurance Services Pty Ltd ABN 41 657 596 506, AFSL 539078. upcover arranges insurance products with selected insurers and underwriters and does not compare all general insurers or insurance products available in the market.}