The 74/28 Gap and the $20M Write-Off Problem
Insurance legacy system modernization is the most consequential program a carrier will run, and the one most likely to fail before it delivers. Seventy-four percent of insurers acknowledge that legacy systems are actively blocking growth. Only 28% have a plan to act [1].
The gap exists for a specific reason: carriers cannot confidently plan transformation for systems they do not fully understand. This article covers what is inside a typical carrier’s legacy stack, why modernization programs fail at a 70% rate, and what the carriers that succeed do structurally differently.
The consequence of attempting transformation without that confidence is well-documented. Large-scale core system transformations fail more than 70% of the time. Nearly 25% become full write-offs [2]. These are not projects that ran over budget or missed a deadline. They are programs that consumed years of organizational capacity and capital and delivered nothing deployable.
More than half of US insurers spend between 51% and 75% of their IT budget keeping existing systems operational [3]. That maintenance tax compounds annually. Every dollar spent on keeping legacy systems running is a dollar not available for the transformation program designed to replace them.
The question this article addresses is not whether to modernize. That decision is settled for most carriers. The question is why these programs keep failing at the rates they do, and what the programs that succeed do structurally differently.
What’s Running Inside a Typical Carrier and Why It’s So Hard to Touch
Legacy insurance systems in production today are not a single platform with known boundaries. They are a collection of interdependent systems, each carrying decades of accumulated product decisions, regulatory adjustments, and operational workarounds, most of which were never designed to work together.
- Policy Administration System (PAS): The PAS is the operational core: quote, bind, issuance, endorsements, renewals, cancellations. It is also the system with the deepest embedded logic, such as rating algorithms, bureau rate integrations, state filing dependencies, and product-specific exception handling layered over the years. Many carriers run more than one. The accumulation of PAS platforms through M&A is one of the defining structural problems of the industry: a significant proportion of L&A carriers run two or more policy administration systems simultaneously, and a meaningful share operate four or more, each with its own data model and business rule implementation. For deeper guidance on the PAS modernization path specifically, see our Policy Administration System Modernization: A 2026 Guide for Insurance IT Teams Ready to Act.
- Claims: Claims systems carry the highest operational load and the most direct customer impact. Adjudication logic, such as coverage determination, reserve calculations, subrogation rules, or fraud indicators, is embedded across workflows that have been modified repeatedly without systematic documentation. The business consequences of getting this wrong during transformation include claims paid incorrectly, coverage disputes, and regulatory exposure.
- Underwriting: Underwriting systems are where rule accumulation is most dangerous. Hundreds of interdependent rule modules govern risk selection and pricing. A single product change can trigger months of regression testing across lines of business, not because the change is complex, but because the dependency map is unknown.
- Billing, CRM, and BI/Analytics: These systems compound the challenge rather than introduce new categories of risk. Billing fragmentation erodes policy persistence. CRM data is split across lines of business and channels, producing a customer view that exists in strategy decks but not in production. Batch-based BI architectures cannot support real-time AI applications, fraud detection at claim intake, or dynamic pricing. The gap is an architecture problem that originates in the systems feeding the data layer.
Insurance core systems (PAS, claims, billing, and underwriting) are among the most tightly coupled architectures in any enterprise environment. Changes in one system cascade across the others.
A billing change affecting premium collection touches PAS policy status, claims payment eligibility, and underwriting renewal triggers simultaneously. This interdependency is what makes isolated modernization so operationally dangerous, and what makes the standard approaches to transformation so frequently inadequate.
Legacyleap supports the full insurance legacy stack across all of these system types: VB6/.NET Framework, Java EE/EJB/Struts, AngularJS, and SSIS/Ab Initio.
The M&A Problem: When Modernization Means Inheriting Systems You Did Not Build
Carriers that have grown through acquisition frequently run four or more PAS platforms simultaneously, each with its own data model, business rule implementation, and integration assumptions. They were patched together after each deal closed. The integrations between them are undocumented.
The consequence is specific: a billing change in one acquired system can trigger policy status errors in another because that dependency was never built, only patched. A modernization program discovers it through a production incident, not a design review.
You cannot replace what you cannot map across systems you did not build. The carriers that successfully modernize after M&A-heavy growth produce a cross-system dependency and logic map before selecting a transformation path. Without it, the program is modernizing the visible layer while the inherited architecture underneath remains intact.
Why Insurance Modernization Programs Fail: The Structural Causes
The 70% failure rate is not primarily a technology selection problem or a budget problem. It is a structural problem, and it has the same root cause across most of the programs that collapse: carriers attempt transformation without an accurate picture of what the systems under transformation actually contain.
The Embedded Logic Problem
Insurance legacy systems carry decades of accumulated business decisions, such as underwriting rules, pricing edge cases, or adjudication exceptions. Almost none of it is systematically documented.
A SimpleSolve practitioner account [4] describes a P&C carrier engagement that began as a rules rationalization exercise and became a full rules discovery exercise: thousands of interdependent conditions uncovered, vintage logic for terminated products still firing, analytics misrepresenting operational reality because the actual decision logic was buried in layers the reporting layer had never reached.
When a carrier migrates to a new platform, the undocumented rules do not migrate with it. They get missed, get rebuilt incorrectly, or keep executing from the legacy layer underneath the new one. “We moved to Platform Y” frequently means the actual decision logic still lives in Platform X.
Five Forces That Compound the Risk
The embedded logic problem does not exist in isolation. Five structural forces make failure more likely and its consequences more severe with each passing year.
| Force | What It Creates |
| Maintenance cost spiral | Regulatory exposureThe |
| Product velocity gap | New insurance products take 12-18 months to launch from concept to market. Insurtechs operating on modern infrastructure ship in days to weeks. The constraint is architectural, not actuarial. Underwriting rules are hardcoded; rating engines are tightly coupled to policy systems. |
| AI architecture blockage | Legacy systems cannot provide the real-time data access, unified data models, or open APIs that GenAI requires. Nearly half of P&C insurers identify data quality and limited accessibility as the primary barrier to analytics adoption. The tooling is available. The infrastructure underneath is not. |
| Regulatory exposure | NAIC Data Security Model Law is active in 23+ states. The NAIC AI Model Bulletin is adopted in 24 states, with market conduct exams already underway. Undocumented logic creates a specific regulatory risk: a carrier cannot explain a decision it cannot trace. |
| Workforce retirement | The knowledge embedded in legacy systems lives in two places: the code and the developers who built it. Both are leaving simultaneously. Unlike technical debt, knowledge loss is discontinuous — a retirement is a hard cutoff, not a degradation curve. |
The Knowledge-Transfer Crisis: What Happens When Your Last Legacy Developer Retires
P&C insurance is projected to lose nearly half its workforce to retirement within five years [5]. Ninety-three percent of insurance CxOs rate knowledge loss as mission-critical or a significant concern [5].
The deeper issue is what that workforce carries. The exception logic, adjudication rules, and rating algorithms that the business runs on were built by people, not written into specifications. When those people retire, that knowledge ends on a specific date. The system keeps running. The rationale behind its behavior does not.
Any modernization program that starts after those retirements faces the same problem: a replacement platform cannot replicate behavior no one can explain, and a QA process cannot validate parity against a baseline that was never captured. Manual documentation exercises do not close this gap. The developers who know the most are the least available to document it.
Every year a carrier defers this, the window narrows.
The Stakeholder Paralysis That Follows
Structural causes do not fail programs on their own. They create the conditions for the organizational dynamics that stall them. Only 52% of health insurers report complete alignment between business and IT on modernization priorities [3]. Finance, legal, and compliance functions resist when they cannot get clear answers about what the legacy system does and what the transformation guarantees to preserve.
Ninety-four percent of US insurers had at least one strategic technology program delayed or canceled for budget reasons in the last 12 months [3]. “Budget reasons” frequently mean the program could not demonstrate what it was transforming or what it would deliver, which is a governance visibility problem, not a funding problem.
The structural failure pattern, in sequence:
- Embedded business logic is not mapped before transformation begins. The program rebuilds behavior that it has not documented
- M&A-driven PAS accumulation means multiple systems with incompatible data models that no single replacement platform resolves cleanly
- Stakeholder resistance hardens when no one can answer: what changes, what is preserved, and how is that validated before go-live
- The replacement or wrapping approach presupposes knowledge of the system that the carrier does not have, and the program discovers this after commitment, not before
If any of this maps to your environment, the first step is not choosing a platform. It is understanding what is actually in your codebase. Legacyleap’s $0 Modernization Assessment produces the dependency map, embedded logic summary, risk indicators, and modernization readiness view your program needs before any architecture decision is made.
How Legacyleap Executes Insurance Modernization: Full Lifecycle, Validated Delivery
Every carrier evaluating modernization eventually faces the same three-path decision. The choice looks strategic. In practice, it is structural, and two of the three paths fail at the rates documented above for identifiable reasons.
Three Paths, Two Failure Modes
- Replace. Migrating to Guidewire, Duck Creek, or Majesco works when the carrier can fully specify what the new system must do. For carriers with undocumented logic across multiple PAS platforms, that specification is precisely what was never written. This is where the 70% failure rate is concentrated.
- Wrap. API-layer and Strangler Fig approaches build modern interfaces above legacy systems without changing what those systems do. The embedded logic keeps executing underneath. AI readiness and data consolidation are not achievable through interface modernization alone. Wrapping defers the problem.
- Comprehend and Modernize. Comprehend and Modernize is a third path that starts with systematic codebase analysis to extract undocumented business rules, dependency maps, and embedded logic before any transformation decision is made. Transformation, governance, and validation are then treated as inseparable phases of a single program that’s governed, diff-reviewed, and parity-validated throughout.
The three paths compared:
| Path | Timeline | Cost Range | Core Risk | Best For |
| Replace (Guidewire, Duck Creek, Majesco) | 12-24 months | $500K-$2M+ | Undocumented logic gets missed or rebuilt incorrectly; specification work was never done | Carriers with fully documented legacy behavior and clean system boundaries |
| Wrap (API layer / Strangler Fig) | 6-12 months per phase | Moderate | Legacy logic keeps executing underneath; AI readiness and data consolidation not achieved | Carriers extending system life while planning full transformation |
| Comprehend and Modernize | Phased | Scales to program scope and complexity | Requires codebase-level assessment before execution begins | Carriers with undocumented logic, M&A-accumulated systems, or retiring developer knowledge |
The Five-Agent Execution Model
Legacyleap executes insurance modernization through five specialized agents, working in coordinated sequence across the modernization lifecycle. No agent acts autonomously as every transformation decision affecting product behavior, architectural direction, or release readiness is subject to human review and approval before it proceeds.
- Assessment Agent maps systems, dependencies, and legacy risk areas across the full codebase. For insurance environments, this means identifying tightly coupled dependencies across PAS, claims, billing, and underwriting, and flagging the sequences where transformation risk is concentrated.
- Documentation Agent reconstructs missing documentation, module boundaries, and embedded business rules. The undocumented underwriting logic, rating algorithms, and adjudication exceptions that replacement programs consistently miss.
- Recommendation Agent evaluates modernization paths and target architecture options based on complexity, effort, and feasibility. The output is a sequenced blueprint with effort ranges and migration target recommendations, not a generic roadmap.
- Modernization Agent executes governed code transformations. All changes are delivered as diff-based pull requests. There are no autonomous merges, no deployments without engineering review and approval. The transformation record is complete and auditable.
- QA Agent validates functional parity, runs regression checks, and generates test suites. Parity is confirmed before deployment, not after go-live, when the cost of discovering a missed adjudication rule is a production incident.
The governance model built across this sequence is not incidental. It is the mechanism that addresses the stakeholder resistance that stalls most programs. Finance, legal, and compliance can see exactly what changed, why it changed, and what was validated before it moved.
CodeShield scans every block of AI-generated code for vulnerabilities. Audit logs capture every agent action across the transformation lifecycle. The program is traceable, which means it is defensible in regulatory examinations and in board-level reviews.
For carriers evaluating the platform vs. services decision or planning a phased, incremental modernization across a complex multi-system environment, those decisions are better made with a complete codebase picture than without one.
Insurance Case Study: VB6 Administration Platform to .NET
The client was a major insurance administration provider running a VB6 core system: 327 files, 259 forms, 242,613 COM component calls, all incompatible with modern .NET, and no automated testing framework.
Legacyleap produced a full dependency map across all 242,613 COM calls, replaced every one with native .NET alternatives, eliminated the ADODB layer, and built a custom automated UI testing framework covering all 259 forms. That testing framework was not in the original scope. It was the infrastructure required to prove 100% functional parity before deployment.
Results: 50% faster development cycles. Zero legacy COM calls remaining. Five EXEs and ten DLLs consolidated. A permanent automated testing capability has been deployed.
For carriers evaluating VB6 insurance administration modernization, the distinction between a migration count and a validated delivery outcome is where programs succeed or stall.
Legacyleap platform results across insurance engagements:
- 50-70% acceleration in modernization efforts compared to manual approaches
- 100% functional parity validated before deployment, not after
- Supported stacks: VB6/.NET Framework to .NET 6/8; Java EE/EJB/Struts to Spring Boot; AngularJS to Angular/React; SSIS/Ab Initio to Azure Data Factory/Databricks/Spark
Conclusion: What Successful Modernization Delivers, and How to Start
Carriers that complete core modernization report a 15-25% reduction in operating expenses within three years of go-live [2]. Legacyleap’s insurance engagements deliver 50-70% acceleration in modernization efforts and 100% functional parity validated before deployment.
Those outcomes follow from running the right program, not selecting the right platform. The 28% of carriers with a comprehensive modernization plan started with a structured assessment of what they actually have, not a vendor evaluation.
The $0 Modernization Assessment produces the codebase-level view that modernization programs require before any architecture decision is made: dependency and module map, embedded logic summary, risk indicators, effort and timeline ranges, recommended migration targets, and a structured modernization readiness view across your insurance stack.
For carriers ready to see the execution model in a live environment: Book a Demo.
FAQs
The only reliable approach is extracting behavioral logic directly from the codebase rather than from documentation or developer interviews. Documentation is incomplete by definition, and the developers with the deepest knowledge are typically closest to retirement. Systematic codebase analysis maps what the system actually executes under real conditions, including edge cases and override paths. Parity validation against that baseline before deployment is what separates a migration that closes from one that runs indefinitely in parallel.
M&A-accumulated systems require a cross-system dependency map before any transformation path is selected. Incompatible data models are rarely documented. They were patched at integration points after each acquisition and never rationalized. A billing change in one acquired system can trigger policy status errors in another because those dependencies are undocumented. Transformation sequencing must be built around a complete map of how inherited systems interact, not around platform replacement timelines.
Platform selection presupposes the carrier can specify what the new system must do, which requires knowing what the legacy system currently does. Before evaluating any replacement platform, carriers need a complete picture of embedded business rules across PAS, claims, and underwriting; a dependency map across core systems; and an inventory of undocumented exception logic that the new platform must replicate. Without that baseline, specification gaps surface after commitment, not before.
Parity validation requires a behavioral baseline captured from the legacy system before transformation begins, test coverage across all functional paths including exception handling, and automated regression testing run against both systems before cutover. The failure mode is a QA process that validates what the new system does rather than whether it matches what the old system did. Adjudication rules and underwriting exceptions that differ between legacy and modern rarely surface in functional testing. They surface in production.
Workforce retirement is irreversible in a way that technical debt is not. When a senior developer retires, the undocumented exception logic they maintained ends on a specific date. The system keeps running; the rationale behind its behavior does not transfer. The only mechanism that reliably captures this knowledge is systematic extraction from the codebase itself, analyzing what the code actually executes under real conditions, not what documentation says it should do.
References
[1] HFS Research / Sutherland Global — “Redefining Legacy Transformation in Insurance: Insights for 2025 and Beyond.” 74% of insurers acknowledge legacy systems hinder business growth; 28% have a comprehensive modernization plan. https://www.sutherlandglobal.com/insights/blog/legacy-transformation-in-insurance
[2] McKinsey / BCG via Carrier Management, March 2026 — “How Modern Is ‘Modern Enough’ for Insurance Applications?” Large-scale core system transformations fail 70%+ of the time; nearly 25% become full write-offs. McKinsey: carriers completing modernization report 15-25% reduction in operating expenses within three years of go-live. IT cost per policy (-41%) and operations productivity (+40%) attributed to McKinsey; original report not directly accessed. https://www.carriermanagement.com/features/2026/03/04/285258.htm
[3] West Monroe Partners — “Insurance Modernization Under Pressure” (October 2025) and “New Tech, Old Habits: Why Modernization Stalls With Health Insurers” (March 2026). 300 US insurance executives surveyed. 51-75% of IT budgets spent on run-the-business activities; 52% of health insurers report complete business-IT alignment on modernization priorities; 94% had at least one strategic technology program delayed or canceled for budget reasons in the last 12 months. https://www.westmonroe.com/insights/from-legacy-systems-to-strategic-advantage and https://www.westmonroe.com/insights/modernization-with-health-insurers
[4] SimpleSolve, March 2026 — “Insurance Palimpsest: Why Layered Processes Hide the Real System.” Practitioner account of a P&C carrier rules discovery engagement. Ovum attribution (27% PAS implementation success rate) cited through SimpleSolve; original Ovum report not directly accessed. https://www.simplesolve.com/blog/why-layered-insurance-processes-hide-the-real-system
[5] Insurance Thought Leadership / APQC, December 2025 — “Insurance’s Silver Tsunami Knowledge Crisis.” P&C insurance workforce retirement: nearly half of workforce projected to retire within five years. 93% of insurance CxOs rate knowledge loss as mission-critical or significant concern. https://www.insurancethoughtleadership.com/ai-machine-learning/insurances-silver-tsunami-knowledge-crisis
