Australian businesses adopted AI faster than most expected.

A summarisation tool for client emails. An AI assistant drafting contracts. A chatbot handling after-hours customer queries. Each one quietly embedded into daily operations before anyone updated a policy or called their broker.
That’s not a criticism. It’s just how adoption works. The tool solves a problem, the team uses it, and the risk conversation happens later. Usually much later.

What Makes AI Risk Different

Most businesses have a basic understanding of traditional cyber threats. Phishing emails. Ransomware. Someone trying to break in from the outside.

AI introduces a different kind of exposure. The risk often doesn’t come from an external attack. It comes from normal, everyday use of tools your team already trusts. The Australian Signals Directorate (ASD) has flagged this as a growing concern for small business, and it’s worth taking seriously.

Four Risks Worth Knowing About

1. Data leaving your control. When your team inputs client records or sensitive business information into a third-party AI platform, that data is processed externally. Depending on the platform’s terms, it may be retained or used to improve the model. For businesses handling sensitive client information, this can trigger obligations under the Australian Privacy Act.
2. AI outputs that get acted on. AI generates confident output. It also generates incorrect output. The liability for acting on a flawed AI-generated document or recommendation sits with your business, not the platform that produced it.
3. Supply chain you didn’t choose. AI is now embedded in accounting platforms, CRM systems, and cloud storage providers. A compromised AI feature in a vendor’s platform can expose your data or disrupt your operations without you ever having chosen to use AI directly.
4. Manipulation of AI systems. Bad actors can feed corrupted data into an AI model to alter what it produces. The ASD calls this “poisoning.” For businesses using AI in financial forecasting or automated decision-making, a compromised model can drive bad decisions before anyone notices something’s wrong.

One More Thing Worth Checking

Once you’ve read through the risks above, it’s worth having a conversation with your insurance broker.

AI tools have changed how your business operates. Whether that change is reflected in your current insurance coverage is a separate question, and one worth asking before a claim makes it urgent.

At McKenzie Ross, this is exactly the kind of gap we look for. As an independent brokerage with access to over 100 insurance markets, we’re not tied to any single insurer’s view of what AI risk looks like. We review your actual operations, identify where your exposures sit across Cyber, Professional Indemnity, and Management Liability, and make sure the coverage you’re paying for is the coverage that responds when something goes wrong.

If you’d like an independent review of how your current insurance programme responds to AI-related risks, our team offers a Free Risk Assessment. No obligation, no jargon.

Book your Free Risk Assessment →

AI Risk Checklist for Australian Businesses

Use this checklist to work through your business’s AI risk exposure with the relevant people in your team. It covers five areas: what you’re actually using, how data is handled.