Last Updated on 12. December 2025
As digital expectations grow and new competitors score points with their speed of innovation, regulatory requirements are also constantly increasing – from DORA and NIS2 to stricter requirements for outsourcing and cybersecurity. An effective IT strategy for insurers is essential.
At the same time, almost all insurers are feeling the effects of the shortage of skilled workers: projects are taking longer, priorities are shifting, and internal teams are reaching their capacity limits. At the same time, new opportunities are opening up, particularly through AI-based automation and modern data architectures.
In short, the framework conditions have become more complex. But this is precisely where a great opportunity lies. With a clear strategy, methodological strength and the right combination of technology, governance and organisation, this complexity can not only be mastered – it can become a competitive advantage.
In our projects, we see every day that insurers who tackle challenges early on reap the benefits much more quickly: through more efficient processes, greater digital sovereignty, more resilient IT and a noticeable boost to innovation.
Rethinking IT strategy for insurers: transforming data, processes and people together
Digitalisation is not a technical upgrade, but a fundamental realignment of business capabilities. We often encounter fragmented data landscapes, established structures and different process logics. But it is only when data strategy, architecture and organisation work together that true digital performance emerges.
This is exactly where we come in:
- Building modern data architectures
- Establishing data governance
- Empowering teams and adapting organisational structures
- Structured roadmaps that range from analysis to implementation
The result: data is not only collected, but understood, utilised and used to create value.
Mastering regulation: DORA and NIS2 as drivers of digital resilience
Hardly any other topic currently dominates IT agendas as much as dealing with new regulatory requirements.
DORA – digital resilience becomes mandatory
With the Digital Operational Resilience Act, insurers must prove that their entire digital value chain, including service providers, is resilient.
We support you in these areas:
- Setting up a complete information register
- Automating risk workflows
- Establishing structured incident and test management
- Governance structures for resilient IT
- Preparing for audits
- Structured gap analyses
- Contract management and contract adjustments
- Service provider management
NIS2 – Cybersecurity as a corporate responsibility
The NIS2 directive tightens the cybersecurity requirements for ICT service providers and directly affects the insurance industry’s supply chain. The changes go beyond pure IT issues:
- Risk analysis and risk treatment as a management task
- Higher requirements for prevention and monitoring
- Incident reporting in shorter time windows
- Greater liability for executives
Our consulting services for NIS2 implementation include governance models, gap analyses, security architectures and integrated control logic.
Both regulations have one goal in common: to increase digital resilience – not just to tick off the compliance checklist. And that is precisely the approach we bring to our projects.
Skills shortage: efficiency wins over impact
Insurers are under enormous pressure to manage digitalisation and regulation in parallel – often with limited resources.
We see two key levers that can have a rapid impact:
- Strategic outsourcing governance: We help design models that are both regulatory compliant and efficient, controlling external providers, minimising risks and reducing dependencies.
- IT portfolio and sourcing strategies: Where is it worthwhile to build up internal expertise? Where does it make more sense to have a strong partner? A clear make-or-buy logic takes the pressure off teams and creates planning security.
This creates a clear focus: deploy internal capacities where they create the greatest added value.
AI as a strategic lever: from automation to decision support
Artificial intelligence is fundamentally changing the insurance industry – and at a rapid pace. We support insurers in the introduction and scaling of AI:
- AI use cases for the automation of routine processes
- Extraction and structuring of large amounts of data (e.g. documents, emails, claims information)
- Agent-based systems for decision support
- Optimisation/automation of processes (e.g. in fraud detection)
- Model evaluation and quality management through our AI Evaluation Framework
Our approach combines operational efficiency with transparency and governance so that AI not only impresses, but also delivers real added value. You can find more information about mgm AI solutions here.
Digital sovereignty: independence as a strategic capability
Insurers are increasingly working with external service providers, cloud platforms and software ecosystems. The question today is less whether these dependencies can be managed and more how confidently they can be managed.
Digital sovereignty means:
- Control over data
- Independence in strategic decisions
- Transparent, manageable supply chains
- Freedom of choice in technologies and providers
Our consulting areas – data management, outsourcing governance and IT strategy – support precisely this goal.
Conclusion: Reduce complexity, shape the future
The challenges for IT decision-makers in insurance companies are great, but solvable. Digitalisation, DORA, NIS2, skills shortages, AI and sovereignty are intertwined and require a clear, integrated strategy.
This is exactly where we support our customers: with industry expertise, technical depth, methodological clarity and a pragmatic, implementation-oriented consulting style.
If you feel that requirements are growing and new opportunities are emerging at the same time, then let’s talk. Together, we will create structures, processes and architectures that will not only make your company robust, but also future-proof.
