professional liability (malpractice), cyber liability, and errors & omissions.

Law firms carry three types of insurance that could theoretically respond to AI-related incidents: professional liability (malpractice), cyber liability, and errors & omissions. The problem is that AI creates risks that fall into the gaps between all three. When AI hallucinates a citation, your malpractice policy should respond — but the insurer might call it a technology failure. When AI leaks client data, your cyber policy should respond — but the insurer might call it a professional services issue.

The professional liability gap is the space between what your insurance policies cover and what AI actually puts at risk. It's growing every month as firms deploy AI tools faster than insurers update policy language. Understanding exactly where the gaps are is the first step toward closing them.

Professional Liability: Covers Judgment Errors, Not Tool Failures

Professional liability (malpractice) insurance covers claims arising from wrongful acts in the performance of professional legal services. When a lawyer misreads a statute or misses a deadline, that's a covered claim. The policy was designed for human error.

AI complicates the coverage analysis in three ways. First, if the lawyer relied on AI output without verification, did the lawyer commit a wrongful act (failing to verify) or did the AI tool fail (technology malfunction)? The answer determines which policy responds. Second, if the firm's AI governance framework was inadequate, the insurer could argue the claim arose from management failure rather than professional services — potentially triggering a different exclusion. Third, if multiple lawyers across the firm relied on the same hallucinating AI tool, the insurer might treat it as a systemic failure rather than individual malpractice, which changes the claims analysis entirely.

The core problem: professional liability insurers designed their policies for individualized human judgment errors. AI creates systemic, tool-dependent risks that don't fit neatly into that framework.

Cyber Liability: Covers Data Breaches, Not Bad Legal Advice

Cyber liability insurance covers data breaches, network security failures, privacy violations, and business interruption from cyber events. If your AI vendor gets hacked and client data is exposed, the cyber policy responds. If a lawyer enters privileged information into an AI tool that trains on user inputs, the cyber policy might respond.

But cyber policies explicitly exclude professional services claims. If AI generates bad legal analysis and your client suffers financial harm, that's not a cyber claim — it's a malpractice claim. The cyber policy won't touch it.

Here's where the gap emerges: what happens when a single AI incident creates both types of harm? An AI tool hallucinates case law (malpractice risk) AND the same tool's vendor has a breach that exposes the client data you entered while using it (cyber risk). You need to file claims under both policies simultaneously, and both insurers will try to characterize the loss as falling under the other policy. This dual-claim scenario is increasingly likely as firms use AI tools that both generate work product and process client data.

Errors & Omissions: The Middle Ground Nobody Understands

Some law firms carry separate errors & omissions (E&O) policies in addition to professional liability coverage, particularly firms that offer consulting, compliance advisory, or technology-related services alongside legal representation. E&O coverage is broader than professional liability but narrower than general liability.

The relevance to AI: E&O policies may cover claims arising from advice or services that aren't strictly legal practice — such as recommending an AI tool to a client, providing AI governance consulting, or implementing AI-assisted processes that fail. If your firm advises clients on AI compliance (an increasingly common practice area) and your advice causes harm, E&O may be the responding policy.

The gap: most law firms don't have standalone E&O coverage because their professional liability policy is supposed to cover everything related to their practice. But as firms expand into AI consulting, compliance advisory, and technology implementation, they're creating service offerings that may fall outside traditional malpractice coverage. A firm advising a client on EU AI Act compliance isn't performing traditional legal services — and their malpractice insurer might agree.

The Three Scenarios That Expose the Gap

Scenario 1: AI hallucinates, client loses. Your associate uses AI to research a dispositive motion. The AI cites a case with a fabricated holding. The motion is denied. The client loses a $2M claim they should have won. The client sues for malpractice. Your professional liability insurer investigates and discovers the firm had no AI verification protocol. They reserve rights, citing the reasonable care condition. Gap: coverage is uncertain.

Scenario 2: AI vendor breached, privilege lost. Your firm uses an AI tool for document review. The vendor suffers a data breach. Opposing counsel obtains privileged communications from the breach. Your client's case is compromised. You file a cyber claim for the breach and a malpractice claim for the privilege loss. Both insurers point to the other policy. Gap: neither wants to pay the full claim.

Scenario 3: AI generates compliant-looking but non-compliant work. Your firm uses AI to draft regulatory filings for a client. The AI produces filings that look correct but contain errors in compliance calculations. The client is fined $500K by a regulator. The client sues. Your malpractice insurer argues this was a technology failure (AI miscalculation), not a professional judgment error. Gap: the insurer recharacterizes the claim to avoid coverage.

Closing the Gap: A Three-Policy Strategy

Managing partners need to approach AI insurance coverage as a portfolio problem, not a single-policy problem. Here's the framework:

Professional liability: Request an AI endorsement that explicitly covers claims arising from AI-assisted legal work product. Ensure the policy language doesn't exclude technology-assisted services. Get written confirmation that AI verification failures are covered as professional services claims, not technology failures.

Cyber liability: Ensure your cyber policy covers data incidents involving AI vendors as third-party processors. Confirm coverage for privilege loss resulting from vendor breaches. Add your AI vendors to the policy's vendor management requirements.

E&O (if applicable): If your firm provides AI-related advisory services, evaluate whether a standalone E&O policy is needed to cover those services separately from traditional legal malpractice.

Cross-policy coordination: Review all three policies together for gaps and overlaps. Ensure there's no scenario where both policies exclude the same claim through cross-referencing exclusions. Get your broker to provide a written gap analysis that maps AI risk scenarios to specific policy provisions. This analysis is your roadmap for negotiating better coverage at renewal.

The Bottom Line: AI creates risks that fall between your professional liability, cyber, and E&O policies. Insurers designed these policies for different eras and different risk types. The gap between what AI risks and what your policies cover is real and growing. A written gap analysis from your broker, AI-specific endorsements, and cross-policy coordination are the minimum. Hoping your policies cover AI claims without checking is not a strategy.