Despite commitments from some large outsourcing players to continue their India-based operations, a more widespread perception of the dangers raised by the Mumbai attacks which I wrote about last week is starting to gain broader concern in the industry.

The terrorist attacks, however, are yesterday's news, and they pale in comparison to the dangers which are on the horizon this morning as India raises the level of rhetoric over Pakistan's presumed involvement with the attacks. If a few masked gunmen running around Mumbai for a couple of days is enough to make CIOs nervous about operations disruptions, then the spectre of a full-fledged war with a nuclear-armed Pakistan should cause real concerns.

As any CIO knows, risk assessment is the conflation of the likelihood of a given scenario occuring with the severity of damage resulting from that scenario. While nuclear conflict, fortunately, remains a relatively small likelihood (although greater than it was last week), the severity is immense. I have to imagine that even the vendors giving lip service to their Indian operations are casting about behind the scenes for other options at this point.