Who Will Insure the Algorithm?
- Afroditi Boura

- Jul 8
- 5 min read

The reinsurance industry has always been remarkably adept at adapting to new risks. It has evolved alongside industrial revolutions, technological breakthroughs, financial innovation and geopolitical change. From insuring wooden sailing vessels crossing unpredictable oceans to underwriting satellites orbiting the Earth, insurers have repeatedly demonstrated an extraordinary ability to quantify uncertainty and transfer risk.
Yet a new category of exposure is emerging that may challenge one of the industry's most fundamental assumptions. For centuries, insurance has been built on the premise that people make decisions, people make mistakes, and organisations bear the consequences.
But what happens when the decision-maker is no longer a person?
Artificial intelligence is rapidly moving beyond its role as a decision-support tool. Across financial services, healthcare, logistics, manufacturing, energy and government, algorithms are increasingly making decisions that carry legal, financial and societal consequences. They approve mortgages, detect financial crime, allocate healthcare resources, optimise supply chains, assess insurance claims, determine investment strategies and increasingly influence hiring, pricing and customer outcomes, write legislations.
The pace of this transformation is accelerating, not because organisations necessarily trust AI more than human judgement, but because algorithms can process volumes of information, identify patterns and execute decisions at a scale that no human workforce could ever replicate.
This evolution raises a question that is far more profound than whether AI is accurate, ethical or transparent. It challenges the foundations upon which risk transfer has traditionally been constructed. Insurance has historically responded to losses arising from identifiable human behaviour: negligence, professional error, omissions, fraud, operational failures or physical events. Even cyber insurance, despite its technological focus, ultimately protects organisations against the consequences of human vulnerabilities, malicious actors or failures in digital infrastructure.
AI introduces something fundamentally different. It creates autonomous decision risk.
An algorithm does not become fatigued, emotional or distracted. It does not deliberately act in bad faith or consciously ignore procedures. Instead, it can make thousands, or even millions, of technically consistent decisions that are strategically flawed because of deficiencies embedded within its design, its training data, its governance framework or the objectives it has been instructed to optimise. Unlike human error, algorithmic error is scalable.
A flawed underwriting decision made by one individual may affect a handful of policies; the same flaw embedded within an AI-driven underwriting engine can influence an entire portfolio before anyone recognises that something has gone wrong.
When these failures occur, organisations instinctively search for familiar sources of liability.
Was the software developer responsible? Did the technology vendor fail to disclose limitations? Did management rely excessively on automation? Did the Board exercise sufficient oversight? Was the Compliance Officer aware of the risks? These are legitimate questions, yet they remain rooted in a governance model that assumes artificial intelligence is simply another technology solution. Increasingly, that assumption appears inadequate.
Perhaps the more uncomfortable question is whether we have misunderstood the nature of AI altogether. We continue to govern algorithms as software, when in reality they are becoming organisational actors. They are capable of making decisions that directly influence customers, markets, capital allocation and regulatory compliance. They are not replacing governance; they are becoming subjects of governance. That distinction fundamentally changes how organisations should think about accountability, oversight and, ultimately, insurance.
The implications extend far beyond insurers.
Boards have spent decades refining governance frameworks that define authority, delegation, accountability and oversight for human decision-makers. Corporate governance principles, regulatory frameworks and directors' duties all assume that significant decisions originate from identifiable individuals acting within defined responsibilities.
AI disrupts this model because the decision may be generated by a system that continuously learns, adapts and evolves in ways that neither its developers nor its users can fully predict.
The Board remains accountable, yet the decision-making process itself becomes increasingly opaque. Governance therefore shifts from supervising people to supervising decision architectures.
This transformation should also force the insurance industry to reconsider what is actually being underwritten. Are insurers protecting organisations against software failure, or against the financial consequences of autonomous decisions? Should future policies respond to defective algorithms, governance failures surrounding their deployment, biased datasets, flawed model training or failures in human oversight? Traditional policy wordings were never designed to answer these questions because the underlying risk simply did not exist when they were drafted.
The challenge becomes even greater as AI agents begin interacting with one another.
Imagine a future where an insurer's underwriting algorithm negotiates with a broker's placement algorithm, both relying on real-time data generated by autonomous systems connected to Internet of Things devices, satellite imagery and external data providers. When a catastrophic loss occurs because multiple algorithms collectively reached an incorrect conclusion, identifying the proximate cause may become extraordinarily complex.
The question will no longer be which individual made the wrong decision, but whether the ecosystem itself created a governance failure that no single participant could reasonably identify.
This is why the next frontier of risk management may not lie in developing better algorithms but in developing better governance around algorithms.
Organisations have invested heavily in cybersecurity, operational resilience, anti-money laundering controls and enterprise risk management because regulators required them to do so.
Algorithmic governance is likely to become the next major discipline, demanding new approaches to accountability, assurance, model oversight, audit, ethics and independent challenge. Those organisations that continue to view AI as an IT project rather than a governance issue may discover that they are preparing for yesterday's risks while tomorrow's exposures accumulate unnoticed.
Insurance has always evolved alongside society's changing perception of risk.
Fire insurance emerged when cities became denser. Marine insurance expanded with global trade. Cyber insurance developed as economies digitised. Autonomous decision risk may represent the next significant evolution of the industry. The insurers that recognise this shift early will not simply develop another specialised insurance product; they will help redefine how organisations understand accountability in an era where decisions increasingly originate from machines rather than people.
The more important question, however, may not be whether insurers are ready. It is whether Boards, regulators and corporate leaders are asking the right questions. Much of today's debate focuses on the reliability, explainability and ethics of artificial intelligence. Those discussions are important, but they overlook a more fundamental issue.
Governance has always been about determining who has the authority to make decisions on behalf of an organisation. As algorithms increasingly assume that role, governance can no longer focus exclusively on human behaviour. It must also encompass the systems that organisations deliberately authorise to act in their name.
The defining insurance question of the next decade may therefore have little to do with technology itself.
It may simply be this:
when an algorithm makes a decision that destroys value, harms customers or triggers systemic consequences, are we insuring the software, the organisation, the governance framework, or the decision itself?

