Despite forging ahead with generative AI (gen AI) use cases and capabilities, many insurance companies are finding themselves stuck in the pilot phase, unable to scale or extract value. Jörg Mußhoff sat down with Cameron Talischi and Khaled Rifai to discuss how organizations can escape “pilot purgatory” by leveraging traditional AI and robotic process automation in addition to gen AI; the importance of reimagining domains such as claims, underwriting, and distribution; and how to address data privacy and security concerns regarding intellectual property (IP) and other issues early on. This transcript has been edited for clarity.
Jörg Mußhoff: To us, gen AI is not just hype. McKinsey has estimated that the total gen AI potential for the global economy is $4.4 trillion.1 Many insurance leaders are asking, “How do we get the benefits from first use cases, and how do we scale and make it real across geographies and business models?” Cam, could you start us off by telling us what you see in the overarching trends in gen AI and what applications and domains have the greatest potential impact for clients?
Cameron Talischi: We’ve seen a lot of interest and activity in the insurance sector on this topic, which is not surprising given that the insurance industry is knowledge-based and involves processing unstructured types of data. That is precisely what gen AI models are very good for.
In terms of promising applications and domains, three categories of use cases are gaining traction. First, and most common, is that carriers are exploring the use of gen AI models to extract insights and information from unstructured sources. In the context of claims, for example, this could be synthesizing medical records or pulling information from demand packages. In the context of underwriting for a commercial P&C [property and casualty insurance carrier], this could look like pulling information from submissions that come from brokers or allowing underwriters to more seamlessly search and query risk appetite and underwriting guidelines.
The second category is the generation of content—namely, creative content. Think about it in the context of marketing or personalization. Again, in the context of claims, it’s communicating the status of a claim to a claimant by capturing some of the details and nuances specific to that claim or for supporting underwriters, and it’s communicating or negotiating with brokers. Use cases for coding and software development make up the last category. These are notable given the imperative for tech modernization and digitalization and that many insurance companies are still dealing with legacy systems.
Khaled Rifai: I would add one more in the context of client engagement and self-service. Think about the insured wanting to know whether they’re covered, what the statuses of their claims are, or whether they need to update their addresses or names. Many insurers are still employing people to handle these requests. With the help of gen AI, those tasks can be automated or designed for self-service. I think the long-term effects of gen AI are underrated, and the short-term effects are overrated. And that’s the dilemma many insurance companies and other corporations find themselves in. They want fast results from the benefits of gen AI applications but hesitate to invest in data management, technology modernization, organizational change, and budgetary allocations.
While we believe in the potential of gen AI, it will take a lot of engagement, investment, and commitment from top management teams and organizations to make it real. To make gen AI truly successful, you must combine gen AI with more-traditional AI and traditional robotic process automation. These technologies combined make the secret sauce that helps you rethink your customer journeys and processes with the right ROI.
Want to subscribe to the McKinsey on Insurance podcast?
Jörg Mußhoff: That’s exactly what we’re seeing many players do. But we are still in that pilot phase. Why do organizations get stuck in this phase, and how can they successfully scale up from there?
Cameron Talischi: We are seeing a lot of organizations getting stuck in what we call “pilot purgatory” for several reasons. One is misplaced focus on technology versus what matters from a business perspective. Many organizations have identified several use cases and have development teams building these assets. But a lot of time is being spent on testing, analyzing, and benchmarking different tools such as LLMs [language learning models] even though the choice of the language model may be dictated by other factors and, ultimately, has a marginal impact on performance.
While there’s value in learning and experimenting with use cases, these need to be properly planned so they don’t become a distraction. Conversely, leading organizations that are thinking about scaling are shifting their focus to identifying the common code components behind applications. Earlier, we talked about extracting information from unstructured sources. Typically, these applications have similar architecture operating in the background. So, it’s possible to create reusable modules that can accelerate building similar use cases while also making it easier to manage them on the back end.
Another area where organizations get stuck is how they think about impact. We’ve seen many organizations source ideas from various parts of the business and prioritize them. But many of the use cases are very isolated and don’t generate much value, so the organization prolongs the pilot. If you’re not seeing value from a use case, even in isolation, you may want to move on. The better approach to driving business value is to reimagine domains and explore all the potential actions within each domain that can collectively drive meaningful change in the way work is accomplished. So that includes looking at all the levers at your disposal, not just gen AI. That approach better lends itself to scaling versus piloting an isolated use case.
Khaled Rifai: I fully agree. Reimaging domains is key because you can very quickly get to the restrictions connected to isolated use cases because of the dependencies with other systems and processes. We are at a point in time with gen AI where we should take a step back and really reimagine claims, underwriting, and distribution. By combining these technologies and thinking about how to design processes that capture the right data at the right point, we can drive meaningful change. This approach requires investments in more than just tech; it also takes quite some commitment, quite some investment, and quite some change to do so.
Jörg Mußhoff: Do you have any pragmatic advice for our clients about what they should do to set this up and develop these capabilities over time?
Cameron Talischi: Everything must be anchored in a strategic vision and a road map, but in terms of capabilities, the data setup is critically important, especially as you think about gaining scale. You need to make sure that the data underpinning the possible use cases are in usable condition. We talked about the technology stack and this notion of creating infrastructure that can build and deliver use cases at an accelerated pace. You are touching on talent and operating models, which are equally important. One of the failures of some operating models is when the effort is solely tech-led versus business-led with the technology function as an enabler. It’s important to assess how much of the development is done centrally versus within the business.
You shouldn’t wait it out, because you need to build that muscle to understand what solutions you should buy.
On the talent side, organizations will most likely pursue a combination of building and buying: purchasing some of the capabilities and use cases from external vendors and building some internally, such as use cases that tie to your IP and ways of working. To build internally, you’ll need the requisite talent to create those capabilities. For example, new roles such as prompt engineers address how we interact with models and get the right behavior out of them. You need to build that muscle and some of those capabilities through a combination of tech and business to deploy them as part of the right operating model.
Khaled Rifai: Some companies wonder what to do about data management now that gen AI is being implemented at large vendors. Should they just wait it out? Our answer is no—you shouldn’t wait it out, because, as Cam said, you need to build that muscle to understand not only how to keep your organization safe but also what solutions you should buy that will fit your needs.
Jörg Mußhoff: Besides data privacy and security, there’s also a big regulatory question. Gen AI can be biased, which raises ethical questions. In the mid- to long-term use of these technologies, what should insurance carriers focus on to avoid risk?
Cameron Talischi: First and foremost, it’s important for insurance carriers to have a comprehensive framework in place that covers major AI-related risks such as data privacy issues or issues and concerns about accuracy and hallucinations. Incidentally, insurance carriers need to account for risks that they’re exposed to via the use of gen AI by customers or other parties they interact with. The use of image generation is a good example of this because it could lead to fraudulent claims.
Regarding data privacy, it is possible to have automated routines to identify PII [personal identifiable information] and strip that data—if it’s not needed—to ensure that it doesn’t leave a secure environment. With accuracy, it’s important to, in tandem with the business, have objective measures and targets for performance. Test these in advance of the application or use case going into production, but also implement routine audits postproduction to make sure that the performance reached expected levels.
Khaled Rifai: In terms of regulation in Europe, the EU Artificial Intelligence Act has recently been passed. With room for national regulations, national regulators of the insurance industry will look at certain cases to determine standards. In my experience, the regulations are good enough for clients to work with. I wouldn’t start with high-risk cases concerning decisions that impact the life and health of the insured, but instead begin with other use cases that we’re certain we can implement in a secure, customer-friendly way. The thing to remember is that nothing is static, and the ongoing process of shaping regulations means taking things one step at a time.