From Deloitte’s AI misfire to DeFi compliance struggles and new AI governance rules, technology continues to test the limits of liability and cover, this edition of Risk Wrap highlights how AI errors, digital asset innovation, and expanding space regulation are reshaping global risk.
Deloitte Faces Backlash Over AI Hallucinations in $440K Government Report
Deloitte is due to reimburse the Australian government part of an AUD $440,000 fee after a report it produced using AI was found to contain numerous errors, including false citations.
The report, commissioned by the Department of Employment and Workplace Relations (DEWR), examined the agency’s compliance framework and IT system. Concerns were first raised by University of Sydney academic Chris Rudge, who discovered more than a dozen fabricated references, including false attributions to his colleagues. One example was a supposed citation titled ‘The Rule of Law and Administrative Justice in the Australian Social Security System,’ a paper that doesn’t exist.
Deloitte provided a revised version of the report and confirmed that gen AI had been used in its preparation. The firm stated that the AI tool was licensed by DEWR and hosted on DEWR’s Azure tenancy but hasn’t explicitly acknowledged that the errors were caused by AI.
Implications for brokers and their clients:
- Coverage terms may be affected by whether AI tools are internally controlled or client-hosted.
- Verify that technology errors and omissions policies explicitly cover losses arising from the use of AI tools.
- Consider extending coverage to include reputational harm or crisis management costs as public AI-related errors can damage trust.
Source: news.com.au. (October 7, 2025). Deloitte to pay back some of $440,000 to Australian government after report found riddled with errors.
Tokenized Stocks Break $1.3 Billion Barrier — But Experts Warn of “Double Exposure” Risk
The value of tokenized stocks has now exceeded $1.3 billion. But industry executives warn that tokenization introduces compounded risks for digital asset treasury (DAT) companies and their investors.
The value of tokenized stocks has now exceeded $1.3 billion, but industry executives warn that tokenization introduces compounded risks for digital asset treasury (DAT) companies and their investors.
Kadan Stadelmann, CTO of DEX platform Komodo, explained to Cointelegraph how the 24/7 nature of trading through blockchain poses a risk. Sudden price swings that happen outside traditional market hours could trigger a run affecting a company’s tokenized or conventional stocks, leaving little time for response. Stadelmann also emphasized that smart contract vulnerabilities pose additional threats.
Kanny Lee, CEO of DEX SecondSwap, added: “Investors end up exposed twice, once to the volatility of the treasury’s crypto, and again to the complexity of corporate equity, governance, and securities law. That’s a lot of risk layered onto already volatile assets.”
Implications for brokers and their clients:
- Ensure D&O insurance covers claims arising from investor allegations of misrepresentation or nondisclosure of tokenization risks.
- Confirm policies cover costs associated with regulatory investigations, given the uncertain legal frameworks governing digital asset securities.
- Specialized tech E&O and smart contract failure insurance safeguard companies in case of losses related to smart contract flaws and other technical failures.
Source: Cointelegraph. (October 4, 2025). Tokenizing stocks of DATs compounds investor risk: Crypto execs.
Space: The Next Frontier for Cyber Warfare?
The space economy was valued at more than $630 billion in 2023 and forecasts expect it to reach $1.8 trillion by 2035. This progress brings a rapidly growing attack surface.
The World Economic Forum recently described how space systems operate as a “system of systems” — the components including satellites, ground control, communication links, and user devices. A breach in one can have a knock-on effect on the others.
The space threat risk matrix below shows the severity of the consequences of several types of threats.
In many cases, substantially greater resources are allocated to innovation compared to cybersecurity. Many commercial providers rely on open-source code and off-the-shelf components to cut costs, increasing their exposure to cyber threats.
New technologies like quantum communication satellites, space-based solar power demonstrators, and AI driven satellite constellations introduce new vulnerabilities and dependencies.
Security by design and zero-trust architectures are recommended to mitigate the risks. Other important areas of focus include supply chain security, digital resilience, and real-time threat intelligence sharing between government and industry stakeholders.
Implications for brokers and their clients:
- Consider cyber insurance tailored to the space industry that explicitly covers satellite systems and other relevant infrastructure.
- Embed sufficient cyber resilience and security controls for physical and digital infrastructure to meet insurer requirements.
- Verify whether policies protect against vulnerabilities introduced through compromised hardware or software in the supply chain.
Source: World Economic Forum. (October 6, 2025). Why cyber resilience in space is essential for economic security.
EU Space Act Sparks Concern Over Red Tape
Payload Europe recently held a webinar on the EU Space Act, bringing together industry and regulatory experts to help attendees understand the regulation. Questions and concerns about the Act’s potential impact on the European space sector were also addressed.
The Act aims to simplify and harmonize regulations for space companies operating in the EU, but panelists warned that its current form may create new administrative burdens instead. There are also concerns about how it will interact with existing national laws across the 13 member states that regulate space activities. Companies may start looking to establish themselves in friendlier jurisdictions.
Overall, the panel agreed that the Act could slow the growth of Europe’s emerging space industry due to over-regulation and unclear regulatory borders.
Implications for brokers and their clients:
- Consider space insurance policies that cover costs related to regulatory enforcement actions, including fines, legal costs, and remediation expenses tied to failure to meet the new EU Space Act standards.
- Since the Act may drive companies to different jurisdictions, consider policies that address cross-border legal uncertainties to protect multinational operations.
- With an expected implementation timeline of 10 years, closely monitor changes and ensure coverage is in place to protect against continued regulatory uncertainty.
Source: Payload Space. (October 2, 2025). The EU Space Act Raises Questions.
MiCA One Year Later: DeFi Firms Struggle to Stay Compliant
December will mark one year since the implementation of the EU’s Markets in Crypto-Assets (MiCA) regulation was completed. Compliance is a gray area for DeFi companies, so how is the sector responding to the change? Here are some recent statistics:
- More than 65% of DeFi projects operating in the EU are having trouble determining whether MiCA applies to them.
- More than 50% of DeFi platforms can’t comply with KYC rules because of their permissionless nature.
- Only 22% of dApps in the EU have successfully integrated compliance solutions to meet MiCA’s AML rules.
- Smart contract audits increased by 78% in the first half of 2025 and DeFi compliance costs have increased by 45%.
- 34% of EU-based DeFi protocols have either suspended operations or relocated to crypto-friendly jurisdictions.
Implications for brokers and their clients:
- Secure regulatory defense insurance to handle costs from investigations, fines, and legal defense due to non-compliance.
- Consider business interruption coverage in case of regulatory shutdowns.
- Engage insurers that provide tailored, specialized coverage reflecting the unique exposures in DeFi.
Source: CoinLaw. (June 16, 2025). Impact of MiCA on DeFi Platforms Statistics 2025: Transforming the DeFi Landscape with New Regulations.
Hong Kong Tightens AI Oversight With New Governance Guidelines
Organizations operating in Hong Kong have new guidance from the Privacy Commissioner for Personal Data (PCPD) about AI governance:
- Scope of permissible use: Companies must specify which Gen AI tools are approved, for what use cases, and identify who the policy covers.
- Protection of personal data privacy: Policies should detail how personal data is handled in AI inputs and outputs, ensuring proper use, storage, and retention in line with privacy laws.
- Lawful and ethical use and prevention of bias: AI must not be used for unlawful or harmful purposes, and all outputs should undergo human review to check for accuracy, bias, and proper labelling.
- Data security: Organizations should control access to Gen AI tools, enforce strong security measures, and require prompt reporting of any AI-related security incidents.
- Violations of AI policy: Clear consequences for breaching the AI policy should be established, with reference to broader governance frameworks such as the PCPD’s 2024 Model Framework.
- Practical measures to support responsible use: Ongoing communication, targeted training, dedicated support teams, and feedback mechanisms for continuous improvement are encouraged.
Implications for brokers and their clients:
- Beyond implementing proper governance, companies should ensure cyber liability cover protects against breaches caused by AI system vulnerabilities.
- Ensure cover for regulatory investigations in case of increased scrutiny.
- Consider coverage to protect against reputational harm in case AI-related breaches go public.
Source: Mayer Brown. (October 6, 2025). AI Governance: Practical Guidance from Hong Kong Privacy Commissioner for Personal Data.
