The insurance industry has no shortage of AI ambition. Carriers are piloting generative AI in underwriting, deploying machine learning for fraud detection, and experimenting with AI-assisted claims processing. The pitch decks are compelling, and the ROI projections look great. But, when you ask IT leaders whether their infrastructure can actually support it all, the answers get uncomfortable fast.
Rocket Software
Those numbers hit differently in insurance. When a carrier's core policy administration system dates to the 1990s, and when the people who built it are approaching retirement, the gap between AI ambition and IT reality isn't just a technology problem — it's an existential risk to the modernization roadmap.
The data quality problem hiding in plain sight
Here's the part of the AI conversation the industry isn't having loudly enough: AI models are
The Rocket Software survey found that the single biggest challenge IT leaders face when managing data across hybrid environments is data quality, cited by 62% of respondents. That was followed by access control and identity management (52%) and moving data securely between environments (50%). For insurers, those aren't abstract IT problems. They're the difference between an AI underwriting model that prices risk accurately and one that doesn't.
The industry has spent years building impressive data lakes and migrating to the cloud. But much of the highest-value data — loss histories, claims patterns, customer risk profiles — still lives on mainframes and systems that were never designed to serve as AI training pipelines. Bridging that gap is the real work, and it's harder than most digital transformation roadmaps acknowledge.
Security and compliance: Confidence is not the same as readiness
Insurance is one of the most heavily regulated industries in the world, and the regulatory environment isn't getting simpler. The survey found that fewer than one-third of IT leaders said they were extremely confident they would pass their next compliance audit. That should be a sobering data point for an industry where a single regulatory failure can trigger enforcement actions, reputational damage, and significant financial exposure.
What's interesting is that the concern isn't lack of effort — it's lack of certainty. Carriers are investing in multi-factor authentication, identity and access management systems, resiliency, rapid data recovery, and zero-trust architecture. The tools are in place. But as AI introduces new attack surfaces and hybrid cloud environments create new integration points, the confidence gap between "we have security tools" and "we are secure" keeps widening.
For AI specifically, data privacy and security ranked as the top concern for 70% of respondents looking ahead to the next 12 months. In insurance, where the data in question includes health records, financial histories, and personal risk profiles, that's not paranoia — it's appropriate caution.
The skills gap is quietly derailing modernization
There's a talent dimension to this conversation that doesn't get enough attention. More than half of the IT leaders we surveyed (52%) said finding skilled personnel familiar with legacy systems development was a significant challenge. Only 35% said their IT workforce had the skills needed to support those systems effectively.
Insurance carriers know this problem intimately. COBOL developers and mainframe specialists are a shrinking population. The people who built and maintain the core systems that process millions of policies and claims every day are retiring, and the institutional knowledge they carry is often not documented anywhere. The risk isn't just operational — it's that carriers lose the ability to safely modernize the systems that need to modernize most.
An encouraging sign from the research is that IT leaders aren't waiting for the problem to worsen. Eighty-one percent are allocating dedicated training budgets and learning hours for IT staff, 79% are providing access to online learning platforms, and 69% are offering vendor-specific certifications. But training programs take time to bear fruit, and the window for knowledge transfer from retiring specialists is narrowing.
What "modernization without disruption" actually means for insurers
The instinct when confronted with these challenges is often to reach for a rip-and-replace strategy: sunset the legacy systems, migrate everything to the cloud, and start fresh with modern architecture. It's an understandable impulse, but in insurance, it's almost always the wrong call.
The core systems running on mainframes at major carriers aren't just old - they are battle-tested, deeply reliable, and rich with decades of business logic that can't be replicated quickly or cheaply. The goal shouldn't be to eliminate them. It should be to unlock them. Make the data they hold accessible to modern AI tools, connect them to cloud environments without creating new security vulnerabilities, and modernize the surrounding workflows without disrupting the mission-critical operations underneath.
That's a different kind of modernization than the industry has typically pursued, which has historically been incremental, infrastructure-first, and focused on making existing investments work harder rather than replacing them. It requires a realistic assessment of where the source data lives, what internal skills exist, and what the genuine risk tolerance is for disruption. For most carriers, that tolerance is lower than their AI roadmaps currently assume.
Beyond ambition: Your roadmap to AI-supported operations
Sixty-six percent of IT leaders in our survey identified data accessibility for AI as their top concern for the future. That number should be front and center in every insurance CIO's planning conversation right now.
The carriers that will lead on AI aren't necessarily the ones with the biggest technology budgets. They're the ones that close the gap between what they want AI to do and what their infrastructure can actually support. That work starts with an honest look at where the data is, who can manage it, and whether the systems holding it are ready for what's being asked of them.
