Why cyber attacks remain the top threat and how firms are preparing

Cyber attacks, data privacy requirements and technology-related disruptions continue to rank among the most significant risks for Indian businesses, according to two separate assessments released by ICICI Lombard with the Institute of Risk Management (IRM) India Affiliate, and Aon’s 2025 Global Risk Management Survey.

Both studies point to heightened exposure to digital, regulatory and operational risks across sectors, with organisations reporting varying levels of preparedness and differing impacts depending on size and industry.

Cyber and data-related risks dominate short-term and long-term priorities

The ICICI Lombard–IRM India survey finds cyber risk at the top of the short-term risk list for the third consecutive year, followed by legal and regulatory risks, talent-related issues and macroeconomic pressures.

• Cyber and technology risks also lead the long-term rankings for 2025.


• Aon’s survey similarly places cyber attacks/data breaches as the most significant risk for Indian companies, with data privacy compliance emerging as a key area of concern.


• The report notes growing influence of global and domestic data regulations on corporate risk planning.

Broader risk environment reflects economic and operational pressures

Aon’s India findings list economic slowdown, business interruption, talent retention, property damage and exchange rate fluctuations among the top 10 risks for 2025.

The survey indicates that Indian companies report higher exposure to property-related losses and currency volatility compared with peers in the rest of Asia.

The ICICI Lombard–IRM report identifies sectoral differences:

• BFSI, services and logistics prioritise cyber risks.


• Manufacturing and construction highlight supply chain disruptions.


• Energy and oil companies cite geopolitical issues and civil strife.


• Smaller firms and start-ups place greater emphasis on technology and geopolitical risks.

Preparedness improving, but significant gaps remain

• Both surveys indicate improvements in formal risk management practices.


• Aon notes that 70% of Indian respondents have dedicated risk and insurance functions, and over 90% have cyber preparedness plans.


• The ICICI Lombard–IRM survey shows strong preparedness for fire, cyber and technology risks, with 64%-71% reporting relevant strategies.

However, gaps persist:

• Around 36% of organisations do not assess the cost of insuring their risks, according to the ICICI Lombard–IRM report.


• More than 20% report no controls or insurance for certain risk categories.


• Talent, climate, macroeconomic and supply chain risks show relatively lower preparedness.

Culture maturity lags process development

The ICICI Lombard–IRM report finds that while several organisations have built operational risk processes, risk culture remains less developed. Only a small share of companies show both high process and cultural maturity. Formal assessments of culture and consistent sharing of lessons from incidents are limited.

Emerging future risks: AI, climate and long-duration disruptions

Aon’s outlook for 2028 places cyber risks at the top, followed by AI, economic slowdown, business interruption and climate change.

The ICICI Lombard–IRM findings similarly flag technology and geopolitical shifts as key determinants of long-term resilience.

ALSO READ | 2025's most popular AI feature may be its biggest riskRead about our editorial guidelines and ethics policy