Insurance exists to manage risk. It prices it, absorbs shocks, and provides stability when events do not unfold as expected. Yet across much of the property and casualty insurance sector, that forward‑looking mission rests on infrastructure designed for a different time.
The industry has been taking a cosmetic approach, developing increasingly polished digital front ends without transforming or modernizing the core systems, which were built for paper files, batch processing, sub-scale data sets, and relatively static risk models. These platforms were designed when policies changed slowly, data arrived infrequently, and loss patterns were more predictable. They were never intended to support an industry now shaped by climate volatility, cyber risk, real‑time data, and algorithmic decision-making. And yet, they remain central to how insurers operate.
That inconsistency is no longer a marginal issue. It has become a defining constraint on the industry's ability to evolve.
Modern expectations, outdated foundations
The environment in which insurers operate has changed materially. Customers expect speed, transparency, and digital interaction as standard. Brokers and underwriters require faster pricing and decision support. Regulators, for their part, are raising expectations around traceability, governance, and explainability as automation and AI become more deeply embedded in core processes.
To respond, insurers are investing heavily in data platforms, automation, and artificial intelligence. Underwriting, claims handling, fraud detection, and customer service are all areas where technology promises meaningful improvements in efficiency and accuracy.
The difficulty is that many of these capabilities are being introduced into operating environments that were not designed to support them. Policy administration, claims, billing, and customer data frequently sit in separate systems, often linked through layers of custom integration and manual intervention. This results in a series of connected compromises, instead of a coherent digital enterprise.
This gap between ambition and architecture can no longer be papered over.
And this is no longer an internal hindrance, but the Financial Conduct Authority, Prudential Regulation Authority, and Bank of England have jointly and individually mandated Operational Resiliency policies and tolerances. The definition of 'model' has also been expanded to AI models, Machine Learning (ML), and recommendation engines.
When "stable" becomes restrictive
Legacy systems are rarely fragile in an obvious sense. They tend to run reliably and process large volumes of transactions without incident. That reliability is often cited as a reason to leave them untouched.
But stability alone ensures only resiliency, not agility or suitability.
Over time, complexity accumulates. Customization replaces configuration, and documentation erodes. Critical knowledge becomes concentrated among a diminishing group of specialists. The systems continue to function, but they become harder to change, while knowledge democratization increases.
Product launches slow down. Rule changes take longer than the business expects. Data initiatives become multi‑year undertakings rather than incremental improvements. Meanwhile, a significant share of IT budgets becomes devoted to maintenance rather than innovation.
This is not just a technology problem, but also an operating constraint. It limits the pace of change and raises the risk associated with even modest transformation. And of course, it impacts the commercial competitive landscape and the ability to grow inorganically.
AI meets operational reality
AI makes these limitations harder to ignore. The potential value of AI in insurance is well understood: better risk selection, faster claims resolution, improved fraud identification, and more personalized service. Interest is high, and experimentation is widespread.
But AI depends on data — consistent, accessible, trustworthy, and current data. In many insurers, that data remains fragmented across systems built over decades for different purposes. As a result, models are trained on incomplete or inconsistent information. This means performance suffers, oversight becomes more complex, and confidence in automated decisions is harder to establish.
This helps explain why AI adoption in insurance often progresses quickly to the pilot stage, then stalls. The constraint is not the algorithm, but the environment in which the algorithm is being deployed.
In a sector that is rightly cautious about model risk, this is more than a technical inconvenience. It is a material limitation.
The limits of quick fixes
Competitive pressure understandably pushes insurers towards visible progress. Digital tools and AI layers are often introduced on top of existing systems in an effort to accelerate outcomes. Sometimes this works — temporarily, but often, it does not. Without addressing underlying data and architectural constraints, these initiatives can add further complexity rather than reduce it.
At the other extreme, large‑scale core replacement programs remain costly, disruptive, and difficult to execute. For many organizations, the operational and financial risk of wholesale replacement outweighs the potential benefit. The result is an uncomfortable middle ground: platforms that are too critical to abandon, yet too inflexible to support the future operating model.
Experience suggests that the most resilient approach sits between these extremes. Rather than replacing everything at once, insurers need to take a front-to-back approach, creating an intelligence layer to segregate the core systems from the digital engagement layer. This will enable enterprises to modernize data layers, accelerate AI deployment, and introduce cloud‑based services alongside existing record systems.
This will enable modernization programs to deliver in bite-sized pieces, instead of drawn out initiatives without visible results.
From responding to losses to managing risk
The strategic payoff of this type of modernization extends beyond efficiency. It enables a shift in how insurers engage with risk itself.
Historically, insurance has been largely reactive: an event occurs, a claim is made, and a payout follows. Better data integration and more mature analytics make it possible to anticipate risk earlier — identifying exposures before losses occur, intervening where appropriate, and adjusting underwriting and pricing as conditions evolve. This facilitates a shift from remediation to prevention.
This represents a meaningful evolution of the insurer's role, from passive risk bearer to more active risk manager or mitigator. But it also raises expectations around governance, transparency, and accountability. As automation takes on a greater role, decisions must remain explainable and auditable. Human oversight cannot be designed out. For an industry built on trust, those controls are not optional.
A strategic decision, not a technology choice
The insurance sector understands the case for modernization. The question is no longer whether it should happen, but how.
Legacy infrastructure is no longer simply a back‑office concern. It shapes speed-to-market, regulatory responsiveness, and the feasibility of new operating models. It defines what insurers can do safely — and what they cannot.
The firms best positioned for the coming decade will not be those that adopt technology most aggressively. They will be those that modernize with intent: addressing structural constraints, strengthening data foundations, and progressing incrementally, with a clear sight of both risk and reward.
Because in a business devoted to managing uncertainty, one assumption is increasingly difficult to defend — that systems designed for yesterday can indefinitely support the demands of tomorrow.
Indranil Roy is managing partner and global head of Industry Solutions Group at Mphasis. Opinions expressed here are the author's own.
(Featured image credit: Twin Design/Shutterstock.com)
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.