S&P 500 Filings Reveal Surge in AI Risk Awareness
72% of S&P 500 companies mentioned AI as a material risk on their Form 10-Ks this year, a sharp rise from just 12% in 2023, according to new research from The Conference Board (October 2025).
Frontline sectors like healthcare, finance, industry, and IT were most likely to disclose AI risk.
Here are some of the key findings:
- One of the biggest concerns was reputational risk, cited by 38% of firms. This included privacy and data risks, bias, and hallucinations.
- 20% of firms mentioned AI-related cybersecurity threats, including third-party vendor risk.
- 45 companies cited implementation and adoption risks like overpromising on AI projects or AI not meeting expectations.
- 42 firms considered customer-facing AI to be a risk.
- 41 companies cited compliance risk.
Implications for brokers and their clients:
- Ensure cyber and tech E&O policies explicitly include coverage for AI-related vulnerabilities.
- Reassess D&O exposure as boards face increased scrutiny over AI oversight.
- Review reputational and regulatory risk clauses to ensure coverage for AI-driven compliance breaches, privacy violations, or misinformation incidents.
Source: Fortune. (October 8, 2025). A whopping 72% of S&P 500 companies disclosed AI as a ‘material risk’ on their 10-Ks this year. They’re most worried about reputational threats.
Institutional Crypto Investment Surges, Security Risks Follow
Institutional investment in digital assets is increasing rapidly. As of mid-2025, 71% of institutional investors had invested in digital assets, and 96% believed in their long-term value.
Institutional investors have allocated around 5% to digital assets. The highest allocation was among Family Offices, as shown below.
Institutional investment shows no signs of slowing. In 2025, 67% of institutional investors expect to increase holdings and 24% expect to do so significantly. Just 12% plan to keep holdings unchanged and a mere 3% expect to decrease holdings (but not significantly).
Implications for brokers and their clients:
- Ensure appropriate crime and cyber coverage limits as rising institutional allocations make custodians higher-value targets for sophisticated attacks.
- Broaden digital asset custody insurance to explicitly include coverage for theft or loss from private key compromise, smart contract exploits, and insider threats.
- Consider business interruption insurance tailored for crypto custodians that covers losses caused by outages.
Source: CoinLaw. (July 14, 2025). Cryptocurrency Adoption by Institutional Investors Statistics 2025: How Institutional Investors Are Embracing Digital Assets.
Cannabis Product Safety Failures Force Shutdowns and $400K Settlement
Nuka Enterprises LLC and Sima Sciences LLC, the companies behind the cannabis sleep aid Midnight Drops, have been ordered to suspend operations in Colorado and pay a $400,000 settlement.
Regulators ordered the shutdown following an investigation that concluded that companies didn’t warn consumers about known health risks and misrepresented the safety and health benefits of the product.
Regardless of complaints dating back to 2020, the companies failed to recall the product or implement additional safety measures — despite its reformulation in 2022.
Regulators found the companies had not conducted adequate research on two key herbal ingredients, Corydalis and Stephania.
Implications for brokers and their clients:
- Seek specialized cannabis insurance that includes coverage for investigation, defense, and settlements. Where possible, work with insurers who have employed specialist advisors in the field.
- Ensure product liability insurance includes coverage for product recalls, contamination, and undisclosed health risks.
- Policies that include public relations response, crisis communication, and brand rehabilitation support can be critical in mitigating the commercial fallout from adverse regulatory or media attention.
Source: Cannabis Science and Technology. (September 23, 2025). Colorado Attorney General Phil Weiser Shuts Down 1906 Cannabis Brands Over Undisclosed Health Risks.
Christchurch Casino Hit with NZ $5.06 Million Penalty for AML Lapses
Christchurch Casino will pay a penalty of NZ $5.06 million after an investigation found years of severe deficiencies in anti-money laundering and counter-terrorism financing controls. The initial fine was NZ $6.03 million but it was lowered due to the casino’s cooperation.
According to the Department of Internal Affairs, the casino failed to maintain a compliant AML program, didn’t properly monitor customer accounts, and ignored red flags. For example, between May 2023 and September 2024, records showed $56 million worth of transactions from only 24 customers. Instead of triggering due diligence checks, these transactions were overlooked.
There’s no evidence that the casino was knowingly facilitating criminal activity. Instead, the use of sub-standard systems for record keeping caused issues to go unnoticed.
Implications for brokers and their clients:
- Ensure robust D&O policies in case oversight of AML programs is deemed inadequate.
- Reassess professional indemnity and E&O policies to ensure they respond to negligent AML monitoring or oversight failures.
- Ensure coverage includes investigation and defense costs.
Source: iGaming Today. (October 7, 2025). Christchurch Casino fined $5.06m after AML compliance failures.
Spacecom Incident Highlights Rising Hacktivist Threat to Satellite Operators
Pro-Palestinian hacktivist group Handala has claimed responsibility for a cyberattack on Israeli satellite operator Spacecom, alleging that it accessed internal systems and exfiltrated approximately 379 GB of data, including contracts, satellite logs, and employee records.
Independent cybersecurity analysts have not confirmed that the attackers gained access to Spacecom’s operational control systems. Initial reviews of the leaked files suggest the data is largely administrative and technical documentation, rather than material that would allow interference with satellite operations.
While the authenticity and sensitivity of the data remain unverified, the incident underscores the growing exposure of satellite and space-communications infrastructure to politically motivated cyber activity. Space assets are increasingly attractive targets for hacktivists and nation-state-aligned groups seeking to disrupt communications or influence public perception.
Implications for brokers and their clients:
- Review satellite insurance policies to ensure politically motivated hacktivist incidents are covered.
- Ensure coverage includes reputational harm and business interruption resulting from alleged or unverified cyber incidents that disrupt operations or erode client trust.
- Review whether incident response and forensic investigation support is included in satellite insurance policies.
Source: Daily Security Review. (September 30, 2025). Spacecom Breach Claims Questioned Amid Hacktivist Group’s Bold Assertions.
Regulators Push Back on Fintech Growth Amid Risk Control Concerns
Revolut’s bid for a full UK banking license is currently stalled as the Prudential Regulation Authority (PRA) continues to scrutinize the company’s global risk and compliance framework.
The process has extended well beyond standard timelines due to ongoing questions about the robustness of Revolut’s risk controls, governance structures, and anti-money-laundering systems across its international operations.
The company remains under a restricted ‘mobilization’ license, allowing limited banking activity while the PRA evaluates its readiness for full authorization. Regulators have not publicly confirmed specific deposit caps, but sources note that operational limits remain in place while supervisory reviews continue.
The PRA’s caution reflects a broader tightening of oversight for fast-growing fintechs, as supervisors seek assurance that innovative business models are supported by strong internal controls, data protection standards, and compliance systems.
Implications for brokers and their clients:
- Fintechs should select insurers with cross-border regulatory expertise, capable of underwriting risks tied to international operations and changing supervisory expectations.
- Consider reputational harm and crisis management coverage to address stakeholder confidence issues arising from licensing setbacks or regulatory scrutiny.
- Consider business interruption coverage to protect against disruption caused by enforcement actions or licensing delays.
Source: Finance Magnates. (October 14, 2025). Revolut’s Full UK Bank Licence Is on Hold over Global Risk Control Concerns: Report.
