Willis warns leaders over AI governance gap

Willis has warned business leaders that AI adoption is moving faster than existing governance frameworks, creating new challenges around accountability, liability and insurability.

The latest “Risk and Resilience” review from Willis emphasised that AI is already being embedded across underwriting, claims, cyber defence and operational decision-making.

The broker said the issue facing businesses is no longer simply whether to adopt AI, but how to do so responsibly.

Willis said that many organisations are already relying on systems they cannot fully interrogate, placing trust in outputs that are not always challenged.

The report warned that this is creating “a subtle yet significant shift” in how risk is created, distributed and amplified.

Spike Lipkin, chief AI officer at Willis, said: “AI is already reshaping the risk landscape in real time, but many organisations are moving forward without fully understanding the systems they rely on.

“That creates a dangerous gap between innovation and oversight.

“Business leaders need to recognise that this is no longer just a technology issue, but a governance, liability and trust challenge,” Lipkin added.

Willis said AI exposure is already building across multiple insurance lines, even as questions of liability, accountability and insurability continue to be worked through.

More than 700 million people now use leading AI systems every week, the broker said, with the technology increasingly embedded into operational infrastructure, customer interactions and executive decision-making.

The insurance market is also beginning to diverge in its treatment of AI risk.

Willis stressed that some insurers and brokers continue to rely on traditional policy wording and “silent AI” assumptions, while others are introducing affirmative AI cover and strengthening underwriting requirements tied to governance and control frameworks.

The review said AI risk has become a governance and liability issue, rather than a purely technological concern.

Some of the most immediate impacts are being felt in core insurance processes, as AI becomes part of the machinery through which risks are assessed, priced and managed.

Willis said cyber risk is also becoming more adaptive and harder to benchmark, increasing pressure on organisations to adopt AI-enhanced threat detection and continuous monitoring.

Global cybercrime costs have risen from roughly $3trn in 2015 to a projected $10.5trn annually by 2025, according to the broker.

Lipkin said organisations need to move from passive adoption to active control.

“Those who stay passive risk falling behind both in resilience and competitiveness,” Lipkin said.

“Leaders must be vigilant, challenge outputs, and invest in robust governance frameworks that bring transparency and accountability to how AI is deployed,” he added.

The report is available, here.