Why 15% AI Loading Isn't Enough: A Better Way to Price AI Risk

Allianz recently made headlines by announcing a blanket 10-15% loading on cyber policies that include AI-related coverage. It’s a pragmatic response to a genuinely new risk — but for brokers placing coverage in the DACH region, it’s also a reminder of what happens when insurers lack the tools to price emerging risks precisely.

The Problem with Blunt Instruments

Blanket surcharges are the underwriting equivalent of using a sledgehammer to hang a picture. They solve the immediate problem (exposure to AI risk) but create several downstream headaches:

For brokers, a flat loading means you’re explaining to clients why their premium jumped 15% even though their AI implementation is tightly controlled, sandboxed, and monitored. Meanwhile, another client with loosely governed AI tools — perhaps shadow IT LLM deployments by marketing teams — pays the same rate. Good luck defending that logic in a renewal conversation.

For insureds, the message is equally confusing. A 15% surcharge on a €50,000 cyber policy means an extra €7,500 annually. For a company that uses AI only for internal code completion with no customer-facing deployment, that feels like paying flood insurance on a hilltop. For a company running customer-facing AI agents with access to sensitive data, 15% might be a bargain — which means the insurer is underpricing the real exposure.

For insurers, blanket loadings create adverse selection. Risk-aware companies avoid AI features to dodge the surcharge. Risk-oblivious companies proceed as usual, now subsidized by the risk-aware. The portfolio skews toward exactly the exposures the loading was meant to capture.

Why AI Risk Isn’t One Thing

The fundamental flaw in a 10-15% blanket approach is that “AI risk” is not a monolithic category. Consider two mid-market companies in Germany:

• Company A: A manufacturing firm using a private LLM deployment for internal documentation. No customer data, no internet-facing endpoints, no autonomous decision-making. Human-in-the-loop for all outputs.

• Company B: A fintech startup with an AI agent that processes loan applications autonomously, interfaces with core banking systems, and has access to customer PII and payment data.

Both have “AI-related coverage.” Both would attract Allianz’s loading. But their risk profiles differ by orders of magnitude.

The problem isn’t that Allianz is wrong to charge more for AI risk. It’s that the risk varies too much to price with a single number.

The Alternative: Structured Assessment

At resiliently.ai, we’re building the systematic alternative to blunt surcharges. Our approach treats AI risk as what it actually is: a multi-dimensional exposure that can be measured, scored, and priced accordingly.

Here’s how we break down AI risk for underwriting:

1. Deployment Context

Is the AI system internal-only or customer-facing? Does it process sensitive data? What regulatory frameworks apply (EU AI Act, sector-specific rules)? These aren’t binary questions — they form a gradient that directly correlates with potential loss severity.

2. Governance Maturity

Has the company implemented AI-specific policies? Is there an AI risk register? Are AI outputs reviewed before use in high-stakes decisions? Mature governance reduces frequency risk significantly — but you can’t assess it from a yes/no checkbox.

3. Technical Controls

Sandboxing, prompt injection defenses, output filtering, access logging — the technical stack matters. A company with robust AI security controls faces a fundamentally different threat landscape than one running GPT-4 via browser with no visibility.

4. Supply Chain Exposure

Is the AI hosted internally, via API, or through a third-party vendor? Each model carries different concentrations of risk. A dependency on a single LLM provider creates a systemic exposure that should be priced differently than a diversified architecture.

5. Business Impact

What happens if the AI fails? A hallucinated marketing blog post is annoying. An AI-generated error in a financial report is expensive. An AI decision that discriminates against loan applicants is a regulatory nightmare. The business context determines whether we’re pricing nuisance risk or existential risk.

From Assessment to Pricing

The output of this structured assessment isn’t a binary “AI or no AI” flag. It’s a risk score that maps directly to pricing modifications:

• Low AI risk scores: Minimal loading (0-5%) — the equivalent of Company A with its sandboxed internal documentation use.
• Moderate AI risk scores: Moderate loading (5-12%) — customer-facing AI with human oversight and mature controls.
• High AI risk scores: Significant loading (15-25%+) — autonomous AI with systemic access, weak governance, or regulatory exposure.

This approach rewards risk-aware companies with fair pricing. It captures the full exposure from high-risk deployments. And it gives brokers a defensible narrative: “Your premium reflects your specific AI risk profile, not an industry average.”

Built for the DACH Market

We underwrite in German and English, with native understanding of the DACH regulatory landscape. The EU AI Act’s risk-based classification system maps directly onto our assessment framework — we’re not pricing AI risk in isolation from regulatory reality.

For brokers placing coverage in Germany, Austria, and Switzerland, this means you can present resiliently.ai as a sophisticated alternative to carriers still using the surcharge playbook. When your client asks why one insurer charges 15% across the board and we charge 4%, you have a structured answer grounded in their actual risk profile.

The Bigger Picture

AI risk isn’t going away. If anything, the divergence between well-governed and poorly-governed AI implementations is growing. The companies that invested in AI governance early are pulling ahead. The ones that treated AI as “just another SaaS tool” are accumulating invisible risk.

In this environment, blanket loadings become increasingly untenable. They overcharge the prepared and undercharge the exposed. They incentivize clients to hide AI usage rather than disclose and manage it. They make brokers the bearer of bad news about arbitrary pricing.

Systematic assessment is the way forward. It aligns pricing with reality. It rewards good risk management. And it gives brokers a competitive advantage when placing coverage for AI-forward clients.

Ready to see how systematic AI risk assessment works in practice?

We’re currently onboarding select brokers in the DACH region for early access. If you’re placing cyber coverage for companies with AI exposure — and you’re tired of explaining blanket surcharges — get in touch to join our early access program.