Please ensure Javascript is enabled for purposes of website accessibility

Category: Cyber Protection

How AI Adoption Can Increase Cyber Liability Risks for Businesses

Posted on by Jon Blankenship

Article Overview: AI can increase Cyber Liability Risks for Businesses that use it to collect, process, share, or generate sensitive information without proper controls.

To reduce risk, businesses should implement AI governance policies, review vendors carefully, limit access to sensitive data, require human oversight, train employees, update incident response plans, and document AI-related decisions and controls.

Artificial intelligence is changing how businesses write, analyze, sell, hire, serve customers, detect fraud, and manage operations. Used well, AI can improve efficiency and open new opportunities.

But rapid adoption also creates new cyber liability exposures.

Many companies are adding AI tools before they have clear policies, security reviews, vendor controls, or employee training in place. That gap can create serious risk. Sensitive data may be shared with the wrong tool. AI outputs may be inaccurate or biased. A third-party platform may suffer a breach. Regulators may question how a business uses automated decision-making.

The key issue is not whether AI should be used. It is whether AI is being used in a controlled, documented, and secure way.

Cyber liability is no longer limited to phishing, ransomware, or network breaches. As AI becomes part of everyday workflows, it can affect privacy, security, compliance, intellectual property, contracts, reputation, and insurance coverage.

Why AI Can Increase Cyber Liability Exposure

AI risk often comes from a mix of technology, data, people, and process. Even when a tool works as intended, the way employees use it can create liability. Some of the main areas businesses should understand include:

  1. Data Privacy Issues

AI tools often depend on large amounts of data. That creates privacy risk when users input sensitive or regulated information without proper approval.

This may include:

  • Customer names, contact details, account numbers, or purchase history
  • Employee records, payroll data, performance reviews, or health information
  • Financial data, contracts, pricing, or trade secrets
  • Client files, legal documents, claims records, or confidential business plans
  • Personal information protected by privacy laws

The risk increases when employees use public or consumer-grade AI tools. Some platforms may store prompts, use inputs to improve models, or process data across systems and geographies. If a company does not understand where data goes, how long it is retained, or who can access it, privacy exposure grows.

A privacy issue can lead to breach notification costs, regulatory investigations, customer claims, contractual disputes, and reputational harm.

  1. Third-Party Model and Vendor Risk

Most businesses do not build AI systems from scratch. They rely on third-party platforms, software providers, cloud services, plugins, APIs, and model vendors.

That creates a broader vendor risk environment.

A business may face liability if an AI vendor:

  • Suffers a data breach
  • Uses customer data in ways that violate contract terms or privacy laws
  • Provides weak access controls or poor encryption
  • Lacks clear incident notification procedures
  • Relies on subcontractors that have not been reviewed
  • Changes its data usage terms without clear notice
  • Produces outputs that create business harm

AI tools may also connect to internal systems, such as email, customer relationship management platforms, file storage, HR systems, or financial applications. These integrations can expand the attack surface.

If a vendor fails, customers and regulators may still look to the business that selected and deployed the tool. Vendor due diligence is therefore central to AI-related cyber risk management.

  1. Inaccurate, Misleading, or Harmful Outputs

AI systems can generate confident answers that are wrong. They can summarize documents inaccurately, create false statements, misread data, or recommend flawed actions.

This matters because businesses may use AI outputs in sensitive areas, such as:

  • Customer communications
  • Financial analysis
  • Legal or compliance reviews
  • Hiring and HR decisions
  • Healthcare, insurance, or lending workflows
  • Product recommendations
  • Security alerts and threat detection
  • Contract drafting or review

If employees rely on AI without review, errors can create real harm. A misleading customer statement may trigger consumer protection concerns. A flawed compliance summary may cause a missed obligation. A biased hiring recommendation may create employment liability. A faulty security alert may delay a response to an attack.

AI should support decision-making, not replace accountability. Human review remains essential, especially for high-impact decisions.

  1. Intellectual Property and Confidentiality Concerns

AI can create intellectual property risks in several ways.

First, employees may upload proprietary information, source code, marketing plans, designs, contracts, or client materials into AI tools. If the platform retains or reuses that information, the company may lose control over confidential data.

Second, AI-generated content may raise ownership questions. Businesses may not always know whether outputs are fully usable, whether they resemble existing protected works, or whether they can be copyrighted or defended as company-owned assets.

Third, AI may produce content that accidentally includes protected material, brand elements, code patterns, or text similar to third-party works. That can lead to disputes, takedown demands, or infringement claims.

For companies that depend on proprietary knowledge, creative assets, or software, these risks are not theoretical. They can affect valuation, contracts, licensing, customer trust, and competitive advantage.

  1. Regulatory and Compliance Exposure

AI use can touch many areas of regulation. Depending on the business, industry, and location, AI may create obligations tied to:

  • Data privacy and security
  • Consumer protection
  • Employment and hiring practices
  • Financial services
  • Healthcare information
  • Insurance and underwriting
  • Anti-discrimination rules
  • Automated decision-making
  • Recordkeeping and auditability
  • Cybersecurity standards and incident reporting

Regulators are increasingly focused on how businesses collect data, use automated tools, explain decisions, protect individuals, and prevent bias or unfair outcomes.

A business does not need to be a technology company to face AI compliance risk. Any organization using AI to process personal data, communicate with customers, screen applicants, evaluate risk, or automate decisions may need stronger oversight.

Poor documentation can make matters worse. If a regulator asks how an AI tool was selected, tested, monitored, or approved, the business should be able to answer.

  1. Weak AI Governance

AI risk often grows when adoption happens faster than governance.

Without clear rules, employees may not know:

  • Which AI tools are approved
  • What data can and cannot be entered
  • When legal, IT, security, or compliance review is required
  • Which AI outputs require human review
  • How to report errors, suspicious results, or data exposure
  • Who owns AI risk within the organization

This lack of structure can lead to inconsistent practices across departments. Marketing may use one tool, HR another, finance another, and operations another. Each tool may have different security terms, retention practices, and access levels.

Strong governance helps create a common standard. It also shows customers, carriers, regulators, and business partners that the company is managing AI in a responsible way.

  1. Employee Misuse and Shadow AI

Shadow AI occurs when employees use AI tools without company approval or oversight. This can happen for good reasons. Employees want to work faster, draft emails, summarize documents, analyze spreadsheets, or solve technical problems.

But unapproved AI use can bypass security controls.

Examples include:

  • Uploading client data to a public chatbot
  • Using AI to summarize confidential contracts
  • Entering source code into an unknown tool
  • Connecting an AI browser extension to company email
  • Using AI note-takers in sensitive meetings
  • Relying on AI-generated legal, financial, or compliance guidance
  • Creating customer-facing content without review

Shadow AI is difficult to manage because it may not appear in standard software inventories. If leaders do not provide approved tools and clear rules, employees may find their own options.

Training, monitoring, and practical alternatives can reduce this risk.

Practical Ways to Reduce AI Cyber Liability Risk

AI risk can be managed. The goal is not to block innovation, but to use AI in a secure, responsible, and defensible way. Take these steps to help reduce your business’s AI use-related risks:

  1. Create an AI Governance Policy
  2. Perform Vendor Due Diligence
  3. Limit Access and Protect Sensitive Data
  4. Require Human Review
  5. Train Employees on Safe AI Use
  6. Update Incident Response Plans to Include AI
  7. Document AI Decisions and Controls
  8. Review Insurance Coverage with Your Agent

AI Risk Management Is Now a Business Priority

AI can help businesses move faster, serve customers better, and compete more effectively. But it also changes the cyber liability landscape. AI loss exclusions are already becoming more common in policies.

The companies best positioned to benefit from AI will be those that pair innovation with control. That means understanding where AI is being used, what data it touches, which vendors are involved, who reviews outputs, and how incidents will be handled.

Cyber liability risk is evolving. Your AI strategy should evolve with it.

Contact Brandon Patterson on our team at brandon@ownbyinsurance.com to help develop a plan for your management of risks from AI use.

Insurance for NEMT Companies: Protecting Your Business and Patrons

Posted on by Jon Blankenship

Running a non-emergency medical transport (NEMT) company means taking on unique responsibilities. You’re not just moving people from point A to point B – you’re caring for vulnerable patients who depend on safe, reliable transportation to reach medical appointments that could impact their lives.

This specialized role comes with distinct risks that standard business insurance won’t cover. From vehicle accidents involving wheelchair-accessible vans to liability claims from patient injuries, NEMT companies face challenges that require specific insurance protection.

In this guide, we’ll explore the specific risks your NEMT business faces and the insurance coverages that can protect you, your employees, and the patients you serve.

Understanding NEMT Business Risks

Vehicle-Related Risks

NEMT vehicles spend more time on the road than typical commercial vehicles, increasing accident exposure. Your drivers navigate various weather conditions, traffic patterns, and unfamiliar routes while operating specialized equipment like wheelchair lifts and stretchers.

Consider this scenario: Your driver is transporting an elderly patient to dialysis when another vehicle runs a red light and crashes into your van. The patient suffers additional injuries, your vehicle sustains $40,000 in damage, and your driver requires medical treatment for whiplash. Without proper coverage, this single incident could financially devastate your business.

Patient Care Liability

Unlike standard transportation services, NEMT companies provide care during transport. You’re responsible for patient safety from pickup to drop-off, including proper securement in wheelchairs, assistance with mobility devices, and monitoring during the journey.

Imagine your employee fails to properly secure a patient’s wheelchair, causing them to fall during transport and break their hip. The resulting medical bills, rehabilitation costs, and potential lawsuit could reach hundreds of thousands of dollars.

Employment-Related Risks

Your drivers handle intimate patient care tasks, access personal health information, and work in patients’ homes. This creates exposure to discrimination claims, privacy violations, and allegations of inappropriate conduct.

Regulatory Compliance Risks

NEMT companies must comply with Department of Transportation regulations, Americans with Disabilities Act requirements, and state medical transport licensing. Non-compliance can result in fines, license suspension, or lawsuit vulnerability.

Essential Insurance Coverage for NEMT Companies

Commercial Auto Insurance

Standard personal auto policies won’t cover your business activities. Commercial auto insurance provides crucial protection for your fleet and operations.

Coverage components include:

  • Liability protection for bodily injury and property damage
  • Collision and comprehensive coverage for your vehicles
  • Medical payments for injured passengers
  • Uninsured/underinsured motorist protection

NEMT companies typically need higher liability limits than standard commercial vehicles due to patient vulnerability. Consider minimum limits of $1 million per occurrence, though many companies carry $2-5 million for adequate protection.

Real-world example: A NEMT van rear-ends another vehicle while transporting three dialysis patients. All passengers suffer neck injuries requiring ongoing treatment. With $1 million in liability coverage, the insurance company handles medical expenses, lost wages, and legal fees, protecting your business assets.

General Liability Insurance

This foundational coverage protects against claims arising from your business operations, including patient injuries that occur outside vehicle accidents.

Protection includes:

  • Slip and fall injuries at your facility
  • Patient injuries during loading/unloading
  • Property damage at patient locations
  • Advertising injury claims

Scenario: While helping a patient into their home, your employee accidentally knocks over and breaks an expensive personal item. General liability insurance covers the replacement cost, preventing an out-of-pocket expense that could strain your cash flow.

Professional Liability Insurance

Also called errors and omissions (E&O) insurance, this coverage protects against claims alleging negligent performance of professional services.

Coverage applies to:

  • Failure to follow patient care protocols
  • Medication administration errors
  • Improper patient handling techniques
  • Documentation mistakes affecting patient care

Case study: Your company’s care plan requires a patient to arrive at dialysis by 10 AM, but traffic delays cause a 30-minute late arrival. The patient misses their treatment, experiences complications, and claims your negligence caused their deteriorated condition. Professional liability insurance covers legal defense costs and potential settlements.

Workers’ Compensation Insurance

Required in most states, workers’ compensation protects employees injured on the job while shielding you from related lawsuits.

NEMT-specific considerations:

  • Repetitive lifting injuries from patient transfers
  • Back injuries from wheelchair securement
  • Stress-related conditions from patient care responsibilities
  • Vehicle accident injuries

Example: Your driver injures their back while operating a wheelchair lift for a 300-pound patient. Workers’ compensation covers medical treatment, rehabilitation, and partial wage replacement during recovery, while preventing the employee from suing your company.

Cyber Liability Insurance

NEMT companies handle sensitive patient health information, making them attractive targets for cybercriminals. Data breaches can result in massive fines, notification costs, and reputation damage.

Protection includes:

  • Data breach response costs
  • Regulatory fines and penalties
  • Credit monitoring for affected patients
  • Business interruption from cyber attacks

Commercial Property Insurance

This coverage protects your physical business assets, including your facility, medical equipment, and office contents.

Considerations for NEMT companies:

  • Wheelchair lifts and medical equipment in vehicles
  • Specialized communication systems
  • Patient records and computers
  • Building improvements for accessibility compliance

Work with Specialized Agents

Insurance agents familiar with NEMT operations understand your unique risks and can recommend appropriate coverages. They’ll help you navigate complex requirements and find competitive pricing from insurers who understand your industry.

Brandon Patterson from our team has experience with these risks and is ready to help you. Contact him today at brandon@ownbyinsurance.com to get the coverage info you need!

Do You Know These 4 Often Overlooked Coverages for Property Managers?

Posted on by Ownby Insurance Service

When it comes to insurance, property managers and residential building owners often focus on general liability and property coverage. While these are crucial, there are additional risk exposures that need to be addressed. Here are four important types of coverage you might be overlooking:

  1. Errors & Omissions (E&O) Coverage

    What is it?

    Errors & Omissions insurance may help protect you against claims of negligence or inadequate work. If a tenant sues you for failing to perform your duties or for providing incorrect advice, E&O coverage might help with costly legal fees and settlements.Why you need it:
    Property management is a complex field where mistakes can happen despite best efforts. Whether it’s a clerical error that leads to financial loss or a misstep in tenant placement, E&O insurance provides vital protection.

  2. Tenant Discrimination Coverage

    What is it?

    This coverage offers protection if a tenant (or prospective tenant) alleges discrimination based on race, religion, gender, etc., during the rental process or tenancy.

    Why you need it:

    Even with the best intentions, discrimination claims can arise and lead to expensive lawsuits. Tenant discrimination coverage can help manage the financial burden of legal defense costs and settlements.

  3. Workers’ Compensation Coverage

    What is it?

    Workers’ compensation insurance can help cover medical expenses and lost wages for employees who get injured while working on your property.

    Why you need it:

    If you employ staff such as maintenance workers, cleaners, or security personnel, workers’ compensation is often legally required. But even office staff may have risk exposures such as moving large packages or injuries during on-site work. It can also protect you in lawsuits brought by employees for workplace injuries.

  4. Cyber Liability Coverage

    What is it?

    Cyber liability insurance protects against data breaches and cyber attacks, covering costs like legal fees, notification expenses, and compensation to affected parties.

    Why you need it:

    Property managers handle sensitive data, from tenant applications to payment information. A breach can not only damage your reputation but also lead to significant financial consequences. Cyber liability coverage helps mitigate these risks.Have you considered these overlooked coverages? We’re here to help you better protect your business and assets. For more detailed advice tailored to your needs, contact Brandon Patterson on our team at brandon@ownbyinsurance.com

What Do Charities and Nonprofits Need to Know About Their Insurance?

Posted on by Ownby Insurance Service

We are lucky to have many charities and nonprofit organizations that serve a vital role in our communities. The services and resources they provide can be a lifeline of support for thousands of people. But even organizations with the best intentions, missions, and goals have risks to consider.

As you’d imagine, liability, workers’ comp, property, and commercial auto policies are often needed for most of these organizations. But what about other risks? Here are a few that nonprofits and charities should take into consideration:

Directors & Officers

Your organization likely has a group of volunteer leaders that help support the decisions and guide you in fulfilling your mission. However, they may be held responsible for some of those decisions if they have negative results. Directors & Officers (D&O) coverage may help with defense costs, settlements and judgments associated with claims against nonprofit organizations. It may also help protect their personal assets should legal matters implicate them.

Cyber Liability

Many organizations maintain sensitive data about those they serve. This may include medical information, personal details, addresses, and more. Having cybersecurity measures in place to protect this data is critical. But just as critical is having the right cyber liability policy in place. A data breach can cost thousands of dollars, even for a small organization. To help you respond and recover, consider a standalone cyber policy that provides the right coverage for your specific risks.

Vulnerable Groups Served

If your nonprofit or charity assists with support for children, the elderly, or mentally challenged individuals, it is an unfortunate reality that there is some risk for abuse. There are professional liability coverages that may help protect your organization if allegations of abuse occur.

Some may be specific to the type of charity work you perform, and it is best to consult with your agent on what is best suited for your risks. This may assist employees in the case of false allegations as well, even potentially providing defense funds and lost wages.

Additional Coverage Considerations

In some cases, insurers may offer specific coverages or umbrella policies that are more custom to the risks a charity or nonprofit is facing. Such coverages may help better protect your organization, your leadership, and the communities you serve.

Having an insurance agent who understands the risks of your charity or nonprofit is extremely important. The services you provide are often critical for the people who receive them. Not having the right insurance may leave the work you with vulnerabilities you never considered.

Brandon Patterson from our team would be more than happy to discuss these items with your organization and help you identify risks and coverages. Please contact him for more info at brandon@ownbyinsurance.com.

Claims for Theft and Burglary: What’s Covered and When?

Posted on by Ownby Insurance Service

If you own a business, having something stolen from your company may be an unfortunate reality someday. But is there a difference in how it is covered based on how it is stolen? There may indeed be differences depending on your policy. Let’s review what you may find as you understand these coverages.

Insurance for theft typically covers any stolen property, regardless of where it was stolen. Insurance for a burglary may only cover property that was stolen when a forced entry into a building or structure was involved. If you have commercial property insurance, you may think theft is covered. But that isn’t always the case, especially for crime-related losses.

However, if you have a commercial crime policy, there is a good chance you are protected from losses occurring from business-related crimes, including:

Employee Theft Insurance

Protects you against dishonest acts committed by your employees, including theft of money or property.

Robbery and Premises Theft Insurance

Protects your property inside your premises while you’re open for business. You’re even covered if you or your employees are ever robbed while doing business offsite.

Computer Fraud Insurance

May help cover losses when employees or hackers commit fraud or theft via computers. As an important note, crime insurance will typically not cover losses as a result of data breaches. This type of loss would need to be covered by cyber liability coverage.

Forgery Insurance

Helps protect you if documents are forged or altered in schemes that typically involve the false acquisition of your funds.

Theft of Money or Securities

Protection for physical theft of money or securities and may help protect you even if this theft occurs off premises of your business.

As you can see, there is more than one may realize when it comes to protecting your business from theft, burglary, or crime. Contact Brandon Patterson on our team at brandon@ownbyinsurance.com or call 865.453.1414 and he’ll help you understand these risks and your options.

Steps for Better Personal Risk Management

Posted on by Ownby Insurance Service

You could probably guess that companies need to take steps to reduce their risks, including safety programs, cybersecurity, and more. But should you be taking risk management steps for yourself? Do you have ways you can lower your own risks and potentially reduce the chances you have a loss or an insurance claim? The answer to both these questions is “yes” of course!

Driving Risks

Over 36,000 automobile accidents occur every day1 in the U.S. Many of these accidents are caused by distracted driving. One of the simplest steps you can take for better personal risk management is to avoid using your devices while driving. And while texting may be the most obvious, many people are using their phones for searches, looking up directions, or even watching videos! Avoid these while you aren’t parked in your vehicle whenever possible.

In addition, keeping your car in good working order is also a way to reduce your risk. Keep your tires properly inflated, have brakes and safety mechanisms checked, change windshield wiper blades as needed, and keep up regular maintenance to prevent mechanical issues that could cause an accident.

Cyber Risks

The average American accesses the internet for around seven hours of their day!2 Much of that may be for work, but many Americans also work from home. If you’re using your personal devices, take steps to protect your data:

  1. Protect your passwords and create stronger passwords whenever possible.
  2. Use multifactor authentication when it is an option for logins.
  3. Avoid using “open” or unsecured internet network connections.
  4. Be careful visiting websites and especially entering data on sites that do not have SSL encryption (https://).

Liability Risks

Lawsuits are on the rise in our country, and larger verdicts and judgments are more common. You can protect your own liability at home by taking steps that include:

  1. Fence in your yard, especially if you have a trampoline, pool, treehouse, etc.
  2. Avoid “overserving” alcohol to adults at your home – even friends and neighbors.
  3. Monitor and control your dog and/or other pets, even if they haven’t been known to bite.
  4. Talk with your family about being careful in their interactions with others, and the importance of safety.

These are just a few of the examples of ways you can be safer and also lower your risks. But accidents can still happen, and you need to have the right coverages in place in case they do. Contact Brandon Patterson from our team to better understand what those coverage options may be for you – brandon@ownbyinsurance.com or 865.453.1414.

1-per Progressive Insurance data

2-per Forbes data

Risk Management and Your Team’s Role in Lowering Risk

Posted on by Ownby Insurance Service

Risk Management and Your Team’s Role in Lowering Risk

Workers’ compensation rates have been steadily dropping for the last decade in Tennessee and other states. And while factors like market competition and legal system improvements are factors, one of the biggest impacts has come from a reduction in claims frequency and claims severity. How has this been achieved? Safety and risk management programs. When better procedures are in place to protect employees, fewer accidents – or less damaging accidents – occur. So, could this be applied elsewhere to lower your businesses risks?

Preparing Your Team for Success

Onboarding, training, screening, and testing of employees and potential hires can help you lower risk. And this isn’t just for jobs with physical risks. Training your employees on cyber risks, onboarding them for customer interaction, screening them for past loss history, and intermittently testing them on what they’ve learned can all help with your risk management. Let’s review some examples of how this approach can be impactful.

Cyber Liability Prevention

Most businesses store customer data or personal info in some fashion. Whether it be loyalty info like names and birthdays or financial info like credit cards stored for recurring payments, this data is sensitive and must be protected. If you train and test your employees on avoiding cyber risks like phishing, hacking, and human error, you’ll be helping lower your cyber risk.

Third Party Liability Prevention

How does your team interact with customers? If there is a physical location that customers visit for goods, services, or transactions, is it well-maintained? Does your team know to clean up spills, report malfunctioning equipment, or notify management of unsafe conditions? Quickly acting on these concerns not only makes for a better customer experience, it may also reduce your risk.

Property Damage Prevention

If you work on or interact with customer property, having your employees properly trained is critical. Whether it be a $20,000 car or a $1,000,000 piece of equipment, the work your employees do shouldn’t put position you for a claim. And while accidents happen, the better the training, the less likely they are to occur.

Good risk management leads to better options for your insurance, especially as your business’s loss history continues to be good or improves from prior claims. Contact Brandon Patterson at 865.453.1414 or email brandon@ownbyinsurance.com to discuss how it could help your business.

Cyber Risks: Managing Versus Insuring

Posted on by Ownby Insurance Service

The recent CrowdStrike outage that impacted Microsoft Windows users cost a reported $5 billion to Fortune 500 companies. But even if you aren’t a large company, you’re probably aware that cyber risks continue to increase for businesses, whether it be data breach, hacking, phishing, or otherwise compromising systems.

Cyber Protection
Whether it is the Windows Defender program that may have come with your computers, or an extensive plan with monitoring, having a plan for defending your data is critical. Business.com1 suggests these steps that every organization should take:

  1. Teach your staff about cybersecurity.
  2. Set internal controls to guard against employee fraud.
  3. Keep your software updated.
  4. Use difficult-to-guess passwords.
  5. Guard your wireless networks.
  6. Use encryption on all types of data.
  7. Back up your data every day.
  8. Switch to the cloud.

And we’ll add one more – use multifactor authentication (MFA) for logins. In fact, MFA combined with teaching your staff and keeping software updated may be the three most important steps to get started.

Cyber Liability Insurance
Even with a great plan in place, cyber incidents can occur. If you do have a breach or other cyber breach, having the right insurance can help you recover. Depending on the policy, there may be coverage to help you:

  1. Notify affected customers.
  2. Restore systems.
  3. Assist with legal liability.
  4. Third party liability for business partners impacted by the breach.
  5. Ransomware demands to restore our data.

Some other business policies may offer our include coverage for cyber liability. However, it is often not enough to protect you form the scale of incidents that typically occurs. A “standalone” policy that suits your business’s specific needs may be a better fit for your coverage.

Contact Brandon Patterson from our team at 865.453.1414 or brandon@ownbyinsurance.com for more information on cyber liability coverage options for your business.

1 – Per https://www.business.com/articles/7-security-practices-for-your-business-data/