Chief Risk Officers (CROs) at insurance companies across the Asia-Pacific (APAC) region are grappling with one of the most complex risk landscapes in recent years, according to the latest EY-IIF Global Insurance Risk Management Survey. Cybersecurity, conduct, and operational risks have emerged as key areas of concern.
Cybersecurity remains the top risk for insurers in APAC, with 62% of CROs naming it as their primary concern. This highlights the increasing exposure to digital threats amid rising geopolitical tensions, accelerated digitisation, and the large amounts of sensitive data insurers manage.
Conduct risk has also risen sharply in importance across the region. It was cited by 46% of APAC CROs, compared to just 5% in EMEIA (Europe, the Middle East, India, and Africa) and 7% in the Americas. This difference is being driven by tougher regulatory scrutiny in countries like Australia, Hong Kong, and Indonesia, where regulators are focused on ensuring fair customer treatment, appropriate product offerings, and ethical sales practices.
Operational resilience is another growing area of focus, cited by 31% of APAC CROs—almost double the rate in EMEIA and more than four times that in the Americas. This concern is linked to regulatory developments such as Australia’s CPS 230, as well as increased reliance on third- and fourth-party service providers. Regulators are becoming more concerned with insurers’ ability to maintain operational continuity during disruptions.
Compliance risk, also cited by 31% of respondents in the region, continues to be a significant issue. Insurers are preparing for stricter capital and solvency rules, as well as enhanced data protection regulations.
Looking ahead, APAC CROs expect cyber, regulatory, and geopolitical risks to remain high on the agenda over the next three years.
Tze Ping Chng, EY’s Asia-Pacific Consulting Insurance Sector Leader, commented that the risk environment in APAC is becoming more complex due to regulatory fragmentation, geopolitical uncertainty, and fast-paced technological change. He emphasized that the regional focus on conduct and operational risks reflects the urgent need for insurers to remain agile and strengthen their risk and compliance frameworks.
Related topics:
