AI adoption is outpacing insurance governance, Willis report finds
AI systems are already embedded across underwriting, claims processing, and cyber defence at insurers and brokers, but most organisations lack adequate governance frameworks to manage the risks they create, according to a new report from Willis.
The AI for Insurance integration is introducing questions around accountability, liability, and insurability that existing policy language and regulatory structures have not yet addressed. More than 700 million people now use leading AI systems weekly, with these tools shaping customer interactions and executive decisions across the insurance sector.
The governance gap
Many organisations are relying on AI outputs they cannot fully interrogate, according to the Willis Risk and Resilience review. This creates a gap between innovation speed and oversight capability.
Spike Lipkin, Chief AI Officer at Willis, said: "Many organisations are moving forward without fully understanding the systems they rely on. That creates a dangerous gap between innovation and oversight. This is no longer just a technology issue, but a governance, liability and trust challenge."
The problem extends beyond technical implementation. Organisations are placing trust in outputs that are not always questioned, which subtly shifts how risk is created, distributed, and sometimes amplified across operations.
Market divergence on AI coverage
The insurance market is splitting into two camps. Some insurers and brokers continue using traditional policy wording with unaddressed AI assumptions, while others are introducing affirmative AI coverage and tightening underwriting requirements tied to governance frameworks.
This divergence reflects uncertainty about how existing liability and coverage frameworks apply to AI-driven decisions. Questions about who bears responsibility when an AI system makes an underwriting or claims decision remain largely unresolved.
Cyber risk acceleration
Cybercrime costs have risen from roughly $3 trillion in 2015 to a projected $10.5 trillion annually by 2025. This pressure is driving organisations to adopt AI-enhanced threat detection and continuous monitoring systems.
The shift creates a circular problem: organisations deploy AI to manage cyber risk, but that deployment itself introduces new governance and liability questions that insurance products are still learning to cover.
What insurance leaders should do
Leaders need to challenge AI outputs rather than accept them passively. This means investing in governance frameworks that bring transparency and accountability to how AI is deployed across underwriting, claims, and operational decision-making.
For AI for Executives & Strategy, this means treating AI governance as a business priority alongside technical implementation. Organisations that establish clear accountability structures and interrogate their systems' decision-making will be better positioned to manage both resilience and competitive risk.
Your membership also unlocks:
