As geopolitical tensions intensify and cyber threats grow in scale, digital risk is being reframed as a core business vulnerability rather than a technical concern confined to IT departments. Disruptions to digital infrastructure, from data breaches to system outages, are exposing operational, financial, and reputational fault lines across industries.

For insurers, corporates, and data centers across the region, the challenge is no longer limited to preventing attacks. It is about ensuring resilience in the face of inevitable disruption.

Gaurav Bhatnagar, President and Head of Specialty for India, the Middle East, and Africa at Marsh, argues that organizations still underestimate the true business impact of digital risk. He says the biggest blind spot is treating it as a technology issue rather than a broader resilience challenge.

“What boards need to focus on is not only the cyber event itself, but the operational, financial, and reputational chain reaction that can follow across payments, customer service, cloud concentration, supply chains, and regulation,” Bhatnagar says.

Recent developments in the region, he adds, have shown that digital disruption does not always originate from a cyberattack. Physical or geopolitical shocks can affect critical infrastructure and still trigger significant digital and commercial fallout. As a result, digital risk has moved firmly into the realm of enterprise risk and board-level oversight.

REGIONAL READINESS

Preparedness across the region is improving, but, as Bhatnagar notes, “resilience has to be tested, not assumed.”

In the context of data centers, the challenge goes well beyond backup power. It includes the concentration of workloads, dependence on stable power and connectivity, exposure to climate risks, and the ability to recover from physical or geopolitical shocks.

At the same time, he cautions that this is not a broad market reset. The impact remains largely confined to areas such as political violence and war risk coverage. “Rates have not materially shifted, and construction activity is continuing,” he says. “However, the longer this uncertainty persists, the more likely it is that some projects will face delays linked to shipping disruptions, even as power supply remains broadly stable.”

“The sector has not stalled,” Bhatnagar adds, “but resilience has become more strategically important as the region scales up major data center and AI infrastructure projects. Operators should be proactively reviewing business continuity and contingency plans.”

Beyond infrastructure, insurers are also recalibrating risk with greater precision. Rather than treating marine risk as static, they are assessing it more granularly by route, voyage, cargo type, aggregation, and duration.

“The commercial effect is higher transport costs across the value chain, from shipowners and charterers through to cargo owners,” he says. For businesses, this means resilience will increasingly depend on looking beyond tier-one suppliers and responding quickly to logistical shifts, as pressure builds on warehousing and onward transport. Inventory buffers and supply chain visibility are becoming critical.

FUTURE ALIGNMENT 

As global disruptions continue to test the boundaries of force majeure clauses, businesses and insurers are reassessing what truly qualifies as “unforeseeable disruption.”

“Force majeure is a contractual mechanism and does not, in itself, necessarily trigger insurance coverage,” Bhatnagar explains. “The key questions are whether performance was genuinely prevented, whether notice and mitigation obligations were met, and what the underlying contract permits.”

For insurers, particularly in political risk, structured credit, and non-payment scenarios, contract wording has become increasingly critical. It determines whether a loss has crystallized, been deferred, or simply shifted over time. As a result, discussions are becoming more disciplined, even as they remain highly fact-specific.

Looking ahead, Bhatnagar points to a growing category of “unpriced risks” that are likely to shape the next one to two years. He groups these into three broad areas.

The first includes risks for which insurance solutions already exist, but which businesses choose not to cover, making them immediately controllable. Political violence insurance for war-related scenarios, when taken with adequate limits, is one example.

The second relates to contingency planning. While this enables organizations to adapt during disruptions, complacency often leads to inaction, making these risks controllable but frequently overlooked.

The third category is more complex. It involves outsized disruptions to business operations caused by shocks to the wider commercial ecosystem, risks that are inherently difficult to predict, control, or price.

“These are the risks that tend to emerge indirectly,” Bhatnagar says, “and that is exactly why boards should be paying attention now.”