Most top insurance carriers have amassed a significant portfolio of legacy applications, and many of these are running on mainframe platforms. This means they are expensive to run, hard to maintain, and rely on resources with hard-to-find legacy technology experience.
In many cases, these core policy administration and claims processing systems have been in use for many decades. In some cases, their origins can be traced back to the early eighties or even the seventies.
This means multiple development teams have worked with them and have come and gone. Inevitably the applications have accumulated technical debt. This makes them less and less agile to respond to the need for new products and changing business processes.
Further, the people who know these applications and their inner workings are getting older and leaving the business. As they leave, undocumented domain knowledge leaves with them.
All of these factors add up to a risk to the business and it is increasingly difficult for carriers to respond to regulatory changes in a timely and cost-effective way.
But modernizing is risky too
However, insurance firms are notoriously reluctant to invest in modernizing their legacy core systems. In general, the insurance industry adopts a laggard view of investing in
Some of this reluctance has been driven by the sentiment of, "if it ain't broke, don't fix it". As time has gone by and insurers have doubled down on legacy technology and applications, the idea of modernizing away from the old core platforms has been perceived to be increasingly risky.
Today, carriers find themselves in a self‑reinforcing risk paradox: legacy platforms are recognized as a growing operational and regulatory exposure, yet any attempt to modernize them is perceived as introducing even greater risk. In an industry built on managing uncertainty, this paradox has become one of the biggest blocks to transformation.
Something has to give
As carriers evolve and modernize their business practices, changing their organizations to a more product centric model, they are being faced with the challenge that their core admin and claims platforms are not supporting these structural changes.
Many organizations pursued full core replacement programs under the assumption that buying modern platforms would reduce risk. In reality, these initiatives often introduced new forms of complexity, including long transition timelines, duplicated systems of record, and the degradation of differentiating business logic embedded in the legacy estate. All of which is to say that these initiatives would ultimately fuel runaway transformation costs rather than contain them.
Very often the process of moving to an off-the-shelf replacement risks compromising, or at least having to recreate the differentiating business functionality that has been honed over the years in the legacy platform. And, in practice, many organizations use replacement platforms to implement new products but fail to migrate policies for existing books of business to the new system.
Rather than taking on a large-scale replacement, it is advisable for carriers to move their legacy platforms onto the cloud, which offers a more pragmatic path forward. By modernizing in place, organizations can preserve institutional knowledge while improving data flow, scalability and performance. This approach avoids the disruption and duplication inherent in full replacements, shortens time to value, and enables continuous evolution. Cloud enablement shifts modernization from a costly reset to a controlled, strategic progression.
To modernize or not to modernize? Now is a great time to break the risk cycle
Having been in the application modernization business for over 40 years I can tell you things are changing dramatically and the level of investment and risk associated with application modernization initiatives is reducing radically.
What has changed fundamentally is how AI impacts the economics and risk profile of modernization itself. Generative and Agentic AI now make it possible to systematically extract, understand, and preserve decades of embedded business logic, turning legacy systems from opaque liabilities into transparent sources of auditable modern assets.
In fact, the use of Agentic-AI has enabled almost anyone to get into the business of legacy code conversion and migrating applications off expensive mainframe platforms. GenAI and Agentic AI are speeding up and therefore lowering the investment level for modernization projects.
AI may accelerate modernization projects, but it doesn't by itself derisk them. As we all have experienced, an LLM can often give the wrong answer. To truly reduce the risk of a modernization initiative the trick is to leverage the power of LLMs but control them with the power of deterministic contextual data that ensures the modernization process is accurate, predictable and repeatable.
When embarking on a modernization journey, be sure to use a guide
In the new world of GenAI code assistants, organizations can tackle application modernization as incremental development projects – chipping away at the legacy "iceberg". This can be a good approach for organizations that are not in a hurry.
If an organization wants to drive a modernization project to a tangible outcome in a fixed period of time, then bringing in a modernization specialist firm is a good way to go. Even though AI is impacting the automation and execution of the code and data modernization initiatives, there are other components of executing a project in a way that doesn't impact business as usual and assures the desired outcome is achieved within budget and on time.
Strategic modernization vendors will provide outcome based commitments putting any risk associated with the project on them rather than the carrier.
It's riskier not to modernize
With the developments in GenAI for application modernization, and the way solution providers are now delivering, modernization outweighs the risks, and investments related to large scale modernization projects are far less. Insurers should consider their legacy modernization strategies and timelines.
For insurers, the real risk is no longer modernization but continued opacity. In trying to avoid disruption, many carriers have hedged their bets for years, tolerating incremental increases in operational and regulatory risk. Like the proverbial frog in slowly heating water, the danger has risen gradually enough to feel manageable until it reaches a boiling point where escape is no longer possible and the energy to act has all but been exhausted. With the ability to expose, validate, and evolve core business logic safely, insurers are now at a crossroads: continued inaction compounds risk, while decisive modernization is increasingly the safer path forward.
