As the digital and regulatory environment continues to evolve, Chief Information Security Officers (CISOs) in Asia are grappling with a unique set of challenges in 2025.
The 2024/2025 Directors and Officers Liability Insurance Survey, conducted by Willis Towers Watson (WTW) in collaboration with Clyde & Co, reveal that 75% of directors and officers (D&O) in Asia view the risk of regulatory breaches as very important or extremely important to their organisations. This marks a significant divergence from global trends, where health and safety risks dominate. Namit Mahajan, head of Financial, Professional & Executive Risks (FINEX), Asia at WTW, highlighted the complexity of navigating Asia's regulatory landscape:
"The region's diverse regulatory environment requires companies to navigate a complex array of rules across multiple jurisdictions, significantly increasing the risk of non-compliance. This trend is also reflected in coverage concerns, with the majority of directors rating cover for multi-jurisdictional exposures as their top priority in Asia."
For CISOs, this underscores the importance of aligning cybersecurity strategies with compliance requirements to mitigate financial and reputational risks.
Cybersecurity and Data Privacy: Persistent Challenges
Cybersecurity remains a critical concern, with 72% of respondents identifying data loss and cyber-attacks as significant risks. Despite this high ranking, many boards admit they lack sufficient expertise in this area. James Cooper, Partner and Head of Financial Institutions and D&O at Clyde & Co, emphasised the urgency of addressing these gaps:
"Cyber-attacks and data loss are among the most pressing risks for directors and officers today. Ensuring that protections such as D&O insurance adequately cover these areas is crucial as leaders feel increasingly exposed."
For CISOs, this highlights the need to advocate for robust cybersecurity frameworks and continuous board-level education on emerging threats.
Artificial Intelligence: A Growing Concern
While artificial intelligence (AI) currently ranks low on the list of material risks in Asia—only 56% consider it very or extremely important—this perception may shift as regulations tighten and use cases expand. Boards also report limited expertise in managing AI-related risks. As organisations integrate AI into their operations, CISOs will need to prepare for new challenges related to algorithmic accountability, data ethics, and compliance.
Litigation Risks on the Rise
Civil litigation and third-party claims have re-entered the top seven concerns for the first time since 2018, with 65% of respondents acknowledging them as significant risks. Smaller organisations are particularly vulnerable due to limited resources for legal defence. Mahajan noted:
"Despite increasing concerns over litigation risks, cost remains the dominant driver for D&O insurance purchasing decisions. By taking a proactive approach, companies can optimise their coverage while mitigating financial and reputational exposures."
CISOs must work closely with legal teams to ensure that cybersecurity incidents do not escalate into costly litigation.
Sector-Specific Insights
The survey also revealed sector-specific variations in risk priorities. For instance:
- In finance and insurance, data loss is the top concern.
- Health and safety remains paramount across most other sectors but has declined in importance within services.
- Diversity, equity, and inclusion (DEI) has gained traction among larger organisations but remains less relevant for smaller firms.
Looking Ahead
The findings underscore the need for CISOs to adopt a proactive approach to risk management. By collaborating with boards to enhance expertise in cybersecurity and emerging technologies like AI, they can help organisations navigate an increasingly complex risk landscape. As Cooper aptly summarised:
"Identifying critical risks and understanding pressure points is crucial for successfully navigating existing and emerging challenges."
In 2025, CISOs in Asia must not only defend against cyber threats but also act as strategic advisors on broader organisational risks.