Data loss and cyberattacks sit at the top of the risk register for directors and officers across Asia. Three-quarters of regional respondents – 76% – rated both threats as very important or extremely important, according to a Directors & Officers (D&O) liability insurance survey published June 2, 2026, by Willis, a WTW business, conducted alongside international law firm Reed Smith LLP.
The result separates Asia from the global cohort, where health and safety holds the leading position. Across Asia, the concentration of cyber-related concern reflects years of accelerating digital adoption, which has placed growing pressure on boards to demonstrate oversight of data protection, incident preparedness, and cyber resilience frameworks. The survey drew responses from 975 senior decision-makers worldwide, spanning finance, insurance, healthcare, industrial, energy and utilities, and transportation and retail sectors. Company revenues ranged broadly, with 36% of respondents from organisations below $50 million and 14% from those exceeding $5 billion.
Beneath the headline cyber findings, the composition of Asia’s top seven risks has shifted. Bribery and corruption climbed to fifth place, with 67% of Asia-based respondents rating it a significant concern. The survey links the increase to a period of more active enforcement by regional authorities, which has raised the stakes for boards navigating anti-corruption obligations across multiple jurisdictions. New to this cycle’s prominent concerns are corporate crimes and “failure to prevent” offences – a category that spans money laundering, foreign bribery, fraud, financing of terrorism, and employee misconduct. The emergence of this cluster in the upper rankings suggests boards are becoming more attentive to liability exposure from the conduct of those acting within their organisations.
Namit Mahajan, head of FINEX, Asia, at Willis, said: “Shifts in areas such as bribery and corruption, corporate crime, and regulatory exposure point to a more complex and fast-changing risk environment for boards across Asia. In this context, organisations need to take a proactive view of both risk management and D&O protection to stay ahead of emerging exposures.” Perceived regulatory breach risk, by contrast, slipped in relative terms – falling to 66% from 75% in the prior survey cycle. The survey notes that this decline in ranking does not reflect a simpler regulatory environment. Cross-border compliance obligations across the region are still multiplying, and boards continue to flag regulatory complexity as an underlying concern even as its standing in the top-seven list falls.
The divergence between Asia’s risk priorities and those of the broader global respondent pool is particularly visible in two areas: geopolitical instability and artificial intelligence. Globally, geopolitical risk has undergone the most significant repositioning in this cycle. It now sits within the global top seven, cited as very or extremely important by 59% of respondents worldwide – a substantial shift from the previous survey, when the same category ranked 15th out of 30 risks. The elevation is partly driven by larger multinational organisations, for which geopolitical exposure tends to be more direct and harder to localise. In Asia, the category did not reach the top seven. Regional boards appear to be directing attention toward operational and compliance risks that are more proximate and more clearly within the scope of internal governance, rather than macroeconomic or geopolitical forces they have limited ability to control.
Artificial intelligence presents a similar pattern. Globally, 56% of respondents rated AI as a very or extremely important risk – a five-percentage-point increase over the prior cycle. In North America, the proportion reached 71%. The three concerns cited most frequently in relation to AI were errors and misinformation generated by AI systems, cited by 50% of global respondents; AI-enabled fraud and social engineering, cited by 40%; and strategic failure to adopt AI, cited by 38%. Board readiness remains an open question: only 55% of global respondents said they believe their boards have the knowledge and skills needed to oversee AI implementation.
In Asia, AI and machine learning did not feature in the top seven. The survey characterises regional boards as treating AI as a medium-term concern rather than an immediate governance priority, with attention remaining concentrated on cyber risk and compliance. Mahajan said: “The latest survey findings show that while the core risks facing directors and officers in Asia remain broadly familiar, the order of concern is evolving in line with the region’s economic and digital transformation. Data loss and cyberattacks continue to dominate board agendas, underlining the need for strong governance around cyber resilience, data protection, and incident response.”
Climate change dropped out of Asia’s top seven risk rankings in 2026 and followed a similar pattern in most other regions globally. Diversity, equity, and inclusion also lost ground on the global agenda, with 52% of respondents rating it as very or extremely important – down seven percentage points from 59% in 2025.
On coverage, the global findings indicate that most organisations consider their D&O insurance adequate, though confidence is higher around policy scope (77%) than around financial limits (73%). The share of organisations indemnifying directors and officers to the fullest extent permitted by law edged down to 62%, from 64% in the previous year. Supply chain disruption was identified as the leading operational resilience challenge by 39% of global respondents, with the greatest concentration of concern in healthcare, industrial, energy and utilities, and transportation and retail sectors. The Willis survey recommends that Asia boards prioritise strengthening cyber governance structures, sustain attention to both conventional and emerging risk categories, and position themselves for a period of heightened regulatory scrutiny and potential claims activity.
