Fact: Insurance Companies, like pretty much all companies nowadays (2010), buy custom-made software from software development companies.
Paradox: Insurance Companies have a lot of experts in risk analysis working to determine how risky something is, in order to deal with it in a way that is profitable for the Insurance company, but when they actually go and buy a software development project, they do not use any of this risk analysis know-how, and make the exact same project estimation mistakes any other companies make.
Why are they unable to see this paradox? Why do they not see there might even be a business opportunity here (selling software estimation insurance to companies buying software projects)? I do not have the slightest idea.
The people in insurance companies that do quantitative risk analysis are the actuaries, and their scope is very tightly defined to include only insurance risks. They don't extend to software development, they don't extend to BRP, they don't even extend to financial investments (does that last one explain something?).
There's a complementary paradox in IT: Even though IT is up to its ears in powerful computers that could be used to prepare realistic project estimates, they still use unreliable project estimation techniques developed in the pencil-and-paper era to minimize the amount of calculation needed. -- MarcThibault