Canada’s AI race is accelerating at a pace the insurance sector may not be ready for. This week, Microsoft announced a “landmark” $7.5 billion investment to rapidly expand the country’s artificial intelligence capacity over the next two years – bringing its total planned AI spending in Canada between 2023 and 2027 to $19 billion.
It’s the kind of blockbuster investment that shows how quickly advanced AI is scaling across the economy. But as the technology surges forward, so do the risks – raising urgent questions about whether insurers can keep up with the speed, complexity and systemic exposure that comes with it.
AI is already reshaping underwriting, pricing and claims. But the question of whether the insurance sector is truly ready for the risks that accompany the technology remains open, according to Sridhar Manyem, senior director at AM Best, who spoke at a recent industry event in Toronto.
“AI is ready, but are we ready? In terms of insurance – are we really ready for AI?” he said.
Manyem argued that the industry has leaned heavily into the promise of AI – faster decisions, richer data and new product designs – while underestimating the systemic threats now emerging in the background. Those threats, he said, range from corrupted training data and deepfakes to over-reliance on cloud infrastructure and models that few people inside a carrier truly understand or are able to challenge.
At the most basic level, he said, many insurers are attempting to bolt advanced AI capabilities onto shaky data foundations.
“Unfortunately, insurance companies have disparate systems, they can have one system for claims, one system for underwriting, a system for policies, and a separate system to talk to the regulators… All this data that they've collected over hundreds of years… is really not ready for AI because it is all different and in various places,” he said.
That sprawling legacy footprint, he noted, makes it difficult to build robust models – and even harder to validate them.
“We need to make sure that it is structured, organized, and that you can gain proper insights,” he said.
He also warned that data accumulated over years often lacks relevance in today’s environment, particularly when assessing climate risk, given how much weather patterns and exposures have shifted.
Beyond messy or outdated data, Manyem pointed to a more malicious and less visible threat: intentional corruption of the data itself.
“It’s called data poisoning, or model poisoning, where… bad actors inject bad data into your system, and therefore, when the model is getting trained on that data, it spits out wrong results or wrong inferences,” he said.
For carriers depending on AI to score risks, flag fraud, manage cyber exposure or drive automated underwriting decisions, that kind of interference can quietly undermine performance over time.
His warning was direct: “You need to make sure that the data you're using is protected and that you don't let any bad actors into the system.”
Data poisoning, he added, is emerging alongside a broader escalation in cyber risk as AI makes synthetic content cheap and convincing.
“There's a lot of cyber threats, and AI is only causing these cyber threats to increase,” he said. For insurers underwriting cyber, and for those deploying AI internally, the attack surface is widening in ways traditional control frameworks were not designed to handle.
Because models now pull from vast internal and external data sets, he said supervisors are increasingly focused on whether the data is being collected, used and protected responsibly, “so that it doesn't fall in bad actors’ hands.”
In Canada, he added, emerging rules are pushing insurers to ensure that AI is explainable and being used ethically. For boards and executives, that means AI can no longer be treated as a technical side project; it sits squarely in conduct, compliance and reputation territory.
Manyem also highlighted the sector’s growing dependence on external computing infrastructure as a live operational risk.
If firms aggressively automate, trim headcount and rely more heavily on AI hosted in a small number of hyperscale clouds, that concentration risk could backfire.
“If we're relying on AI by eliminating jobs and by eliminating people and putting ourselves at the mercy of AI, which requires a lot of power… then one cloud disruption could cause huge business interruption losses, not just for yourself, but also for your clients,” he said.