While Indian organisations report confidence in managing cyber threats and conventional exposures, implementation gaps threaten to undermine risk mitigation efforts across emerging threat categories.
This pattern extends across Asia, where organisations similarly struggle to convert strategic awareness into comprehensive protection frameworks, according to recent industry research examining corporate risk landscapes in India and throughout the region.
Organisations across India and Asia increasingly recognise expanded threat horizons beyond traditional operational concerns. Cyber exposures maintain prominence as the foremost risk category for Indian enterprises for the third consecutive year, according to the India Risk Report 2025 prepared collaboratively by ICICI Lombard and the Institute of Risk Management India Affiliate. The research gathered feedback from more than 250 organisations, with 55% of respondents holding C-suite positions.
Legal and regulatory compliance obligations follow cyber risks in organisational priority rankings. Significantly, geopolitical tensions and trade volatility have surfaced as emerging concerns, signalling that risk perceptions have expanded to encompass broader economic factors. This expansion mirrors findings from Aon’s Global Risk Management Survey, which analysed nearly 3,000 risk management professionals across 63 nations and identified competition as a newly ascendant concern in Asia – ranking third for 2025, up from eighth place in 2023.
Sandeep Goradia, chief corporate solutions, international & bancassurance, ICICI Lombard, commented: “Across industries, risk perception is transforming rapidly – organisations now see challenges such as cybersecurity threats, economic uncertainties, and global trade realignments not merely as risks, but as catalysts for strategic growth.”
Despite heightened risk consciousness, significant gaps persist between stated strategies and actual preparedness. Ninety-five per cent (95%) of Indian enterprises had mitigation approaches for conventional risks such as fire and explosions, while 93% report cyber risk strategies. However, approximately one-fifth of respondents acknowledge lacking controls or insurance protections for specific risk classifications. Additionally, 36% of surveyed Indian organisations do not evaluate the financial costs associated with their risk insurance arrangements.
The implementation deficit extends across the broader Asian region. More than half of Asian organisations reported losses linked to exchange rate fluctuations, according to Aon’s analysis. Economic deceleration and intensified competition each contributed to organisational losses, affecting 45.4% and 43.6% of Asian respondents, respectively. These financial consequences suggest that awareness of risks has not sufficiently translated into effective mitigation mechanisms.
Sector-specific variations compound the execution challenge. Banking, financial services, and insurance entities in India prioritise cyber vulnerabilities, while manufacturing and construction firms emphasise supply chain continuity. Energy sector organisations cite geopolitical instability as their foremost concern. Start-up enterprises highlight civil unrest and international tensions as principal exposures. Weather-related and natural disaster concerns rank eighth among Asian risk priorities overall, reflecting the region’s particular susceptibility to climate-related events.
A critical disconnect separates procedural development from organisational risk culture across both India and Asia. Only 12.3% of Indian organisations demonstrate both advanced process maturity and strong cultural frameworks around risk management. Leadership commitment remains insufficient for embedding risk accountability across organisational hierarchies, the India Risk Report noted.
Workforce recruitment and retention challenges further illustrate regional vulnerability. In Asia, 30.4% of businesses reported difficulties in attracting and retaining skilled employees as a source of loss, representing a concern unique to the region that does not appear in global top 10 risk rankings.
Hersh Shah, chief executive officer of IRM India Affiliate, said: “The organisations that thrive in the coming decade will be those that view risk as intelligence, resilience as innovation, and foresight as their most valuable currency.”
Technology-related exposures and workforce management continue to command organisational attention in India. Cyber and technology risks are projected to dominate organisational risk rankings through 2025 and beyond. The emergence of global trade uncertainties and macroeconomic volatility alongside traditional concerns indicates that Indian enterprises and their Asian counterparts must develop multi-faceted risk management approaches addressing both immediate and strategic considerations.
Insurance industry professionals may expect increased client demand for emerging risk coverage as organisations work to align risk strategies with implementation practices. The convergence of findings across both surveys indicates that addressing cultural and execution deficiencies represents a significant area of focus for organisational resilience development throughout the region.
