Skip to main content
Marsh logo

3 risks for data centre developers, owners, tenants, and operators: Managing construction contract risk, ensuring sustainable energy sources, and addressing cybersecurity liability

Data centre investments in Asia Pacific are projected to reach US$564 billion by 2028, a staggering growth of 20% year over year driven by hyperscale expansion and the increasing adoption of artificial intelligence (AI).1


The data centre construction boom is reshaping the technology landscape, but this rapid growth also introduces complex interconnected risks for landlords, tenants, and operators. Key risks include managing construction contract risk and workers’ compensation across multiple contractors, ensuring sustainable and reliable energy sources, and protecting against cybersecurity liability and compliance issues.

 

Risk #1: How can data centre developers of large, costly construction projects mitigate the financial burden of insufficient insurance coverage that can lead to potential legal issues and project delays?

Challenges

Individual contractors typically obtain their own construction insurance, which can result in:

  • Inconsistent policies and coverage gaps that may only be identified after a claim is filed.
  • Complications in the claims process due to multiple contractors, as it may be unclear which policy applies to specific claims.

Consequently, if a contractor lacks sufficient insurance coverage, the construction project owner may face financial burdens, leading to disputes with insurers, project delays, and legal complications.
 

In addition to insurance structuring, data centre developers must prioritise addressing defective title risks. A clear and valid title is essential to ensure the development site is free of disputes such as sub-lease issues, boundary encroachments, or fraud. Failing to secure a valid title can result in construction delays, asset loss, and costly legal disputes.

 

Risk management strategies

Instead of having each contractor and subcontractor obtain their own insurance, the construction project owner can implement an Owner-Controlled Insurance Program (OCIP) to manage coverage for all parties involved in the construction project. The programme is managed by the project owner or an insurance broker to enrol eligible parties and maintain coverage throughout the project duration. OCIP streamlines insurance and reduces premium redundancies, enhancing safety and reducing potential coverage gaps especially for large-scale projects.

Transactional risk insurance enhances deal certainty by providing insurance solutions for potential defective title risks that could lead to significant legal and financial repercussions for the asset. To effectively mitigate defective title risks, contingent risk solutions that insure known title issues and standalone title insurance that covers unknown land title issues can be considered.

 

Risk #2: How to ensure sustainable and reliable energy sources to meet data centre demands? 

The IEA projects that global electricity demand from data centres will surge to approximately 945 terawatt-hours (TWh) by 2030, more than doubling current levels, largely driven by AI advancements.2 In Malaysia, energy demand from data centres is expected to surpass 11,000 megawatts (MW), accounting for over 40% of the nation’s current installed generation capacity.3


Challenges

This unprecedented demand places immense pressure on power grid capacity and backup systems. Additionally, reliance on intermittent renewables and lithium-based battery systems introduces new complexities and risks.
 

Extreme heat events significantly increase energy consumption for cooling, leading to equipment overheating and shutdowns or outages due to heat-related power disruptions in data centres. Additionally, extreme heat can compromise the structural integrity of data centre buildings, while prolonged drought conditions can exacerbate water scarcity, further reducing cooling capacity and causing operational disruptions.
 

Real-world incidents underscore these vulnerabilities. In 2022, a fire at SK Group's facility in Seoul disrupted communications and paralysed network services across central South Korea, resulting in estimated losses of US$27.5 million.4 Similarly, a cooling system failure at Microsoft’s Singapore data centre in early 2023 caused widespread service disruption across Southeast Asia.5


Risk management strategies

As data centres implement long-term power strategies—such as rooftop solar, battery storage, and next-generation cooling—they must also navigate emerging risks related to supply consistency, price volatility, sustainability and fire safety. 

  • Risk engineering assessments play a key role in reviewing critical systems such as energy supply, cooling, fire protection and central control infrastructure. These reviews occur during the design phase of new builds or as part of a resilience evaluation for existing facilities to ensure alignment with current standards.
  • Physical climate risk analysis enables data centre developers to gain an informed perspective on how the evolving climate will impact natural catastrophe-related risks that data centres may face over the next 10 to 15 years. By utilising an advanced climate risk modelling approach, organisations can proactively address vulnerabilities and enhance resilience against future climate challenges.
  • Business continuity planning and crisis management require integrated strategies that incorporate Uninterruptible Power Supply (UPS) systems, diesel generators and solar solutions to ensure uptime during grid instability or outages.
  • Parametric insurance provides a flexible approach to managing insurance coverage for climate-related energy disruptions, activating coverage based on predefined conditions — such as wind speed or rainfall thresholds—verified by third-party authorities.

By implementing proactive planning and conducting system-level reviews, organisations can effectively manage energy-related risks and reinforce their operational resilience.

 

Risk #3: How to protect data centres against cybersecurity liability and compliance issues

“If a data centre tenant’s systems are compromised due to a vulnerability in the building’s central management system, who is responsible for the damages? How do indemnity clauses work if one party's failure causes financial losses for another?”
 

One of the most pressing challenges in today’s data centre environment is the uncertainty surrounding cybersecurity liability.6


In hyperscale data centres where developers, owners, tenants and operators share infrastructure, a single cyber incident can lead to a chain reaction of operational, legal and financial exposures.
 

Recent cyberattacks on two Asia-based data centres between 2021 and 2023 highlight the exposures.7 Hackers exploited vulnerabilities in shared data centre infrastructure, compromising sensitive data across multiple tenants. These incidents have sparked scrutiny on ownership and accountability in cyber events. 
 

To address the uncertainty surrounding cybersecurity liability, data centres should consider implementing integrated insurance programmes that include first-party cyber coverage, third-party cyber coverage, and Technology Errors & Omissions (E&O) insurance to ensure adequate coverage during crises.

Strengthening resilience at every stage of the data centre lifecycle

At Marsh, we empower our clients throughout the entire data centre lifecycle with our unique industry expertise and practical risk mitigation solutions. With a global presence and deep sector knowledge, we possess a unique understanding of Asia’s data centre markets. We are brokers for over 80% of the world’s largest cloud service and data centre providers.
 

With Marsh, you gain a trusted risk advisor dedicated to driving success in your data centre initiatives.

Ready to enhance your risk management strategy? Contact Marsh for a non-obligatory discussion on how we can help you navigate the complexities of data centre risks.

1 Asian Business Review (2024) APAC data centre capacity to double by 2028: Moody’s

IEA (2025), AI is set to drive surging electricity demand from data centres while offering the potential to transform how the energy sector works

3 TheEdgeMalaysia (2024) Centre Stage: Boon or bane, tough conversations on data centres

4 Data Center Dynamics (2022) South Korea’s government to grill Kakao after data center fire cripples key service

5 W.media (2023) Microsoft’s Singapore Data Center Experience Outage due to Cooling Units failure

6 Reuters (2024) Cyber attack compromised Indonesia data centre, ransom sought

7 SCworld (2023), Two data centers used by major tech firms hacked

Our People

Placeholder Image

Larry Liu

Communications, Media, and Technology (CMT) Industry Leader, Marsh Asia

  • China