FICCI-EY Risk Survey 2026 highlights rising concerns around cybersecurity, AI governance, supply chain disruptions, regulatory compliance and talent shortages across Indian businesses.
Cybersecurity breaches and attacks have emerged as the biggest risk to organisational performance for Indian companies in 2026, according to the latest FICCI-EY Risk Survey, reflecting growing concern among businesses over digital resilience, AI governance and operational continuity.
The survey, titled “Risk outlook – A compass to India’s risk landscape”, was released by EY India in collaboration with FICCI and draws insights from senior business leaders across sectors. The findings point to mounting pressure on companies as they navigate technology disruption, geopolitical uncertainty, evolving customer expectations and workforce transformation.
According to the report, 51% of respondents identified cybersecurity breaches and attacks as the top risk affecting organisational performance. Changing customer demands and expectations ranked next at 49%, followed by geopolitical events at 48%.
The findings come at a time when Indian enterprises are accelerating digital transformation initiatives, expanding cloud adoption and integrating artificial intelligence into business operations, increasing exposure to cyber threats and governance challenges.
Technology and AI-related risks featured prominently across the survey. Around 61% of respondents said rapid technological change and digital disruption were affecting their competitive position, while an equal proportion identified cyberattacks and data breaches as major financial and reputational risks.
The report also highlighted growing concerns around insider threats and data protection. Nearly 57% of respondents cited potential data theft and insider fraud as major risks, while 47% acknowledged difficulties in addressing increasingly sophisticated cyber threats.
Artificial intelligence emerged as both a business opportunity and a governance challenge. The survey found that 60% of respondents believe inadequate adoption of emerging technologies, including AI, could negatively affect operational effectiveness. At the same time, 54% said AI-related risks, including ethical and governance concerns, are not being effectively managed.
Rajeev Sharma said organisations are increasingly embedding risk management into long-term business planning rather than treating it as a standalone function.
“In a business environment shaped by volatility, the ability to anticipate, absorb and adapt to risk is emerging as a defining capability for sustained growth,” Sharma said. “The report indicates that organizations are moving away from treating risk as episodic and are instead embedding it into strategic decision-making, governance structures and long-term planning.”
Sudhakar Rajendran said businesses are facing multiple overlapping risks that directly affect resilience and competitiveness.
“Organizations are navigating a phase where multiple risks are converging rather than occurring in isolation. Inflation, cyber threats, AI governance, climate exposure and regulatory change are interacting in ways that directly influence India Inc’s performance and resilience,” Rajendran said.
The report also identified operational and supply chain vulnerabilities as a growing area of concern. About 54% of respondents said supply chain disruptions pose a significant threat to operational and business continuity, while 56% pointed to physical events and 52% highlighted ineffective real-time crisis management as key operational risks.
Climate and ESG-related financial exposure is also moving higher on corporate agendas. Nearly 45% of respondents cited financial impact from climate change as a major operational risk in India, while 44% expressed concerns over non-compliance with ESG disclosure and reporting requirements. Another 42% flagged concerns around board oversight on ESG-related matters.
On workforce issues, the survey found that 64% of respondents believe talent shortages and critical skill gaps could affect organisational performance. Around 59% cited weak succession planning as a risk to organisational stability, while 41% said uncertainty around remote and hybrid working models could impact corporate culture.
Regulatory compliance continues to remain a challenge for businesses operating in India’s evolving policy environment. The survey showed that 67% of respondents agree or strongly agree that regulatory changes require immediate attention, while 40% said their compliance frameworks struggle to keep pace with regulatory shifts. Another 39% said gaps in technology, budgets or resources limit their ability to manage compliance requirements effectively.
The findings underscore how risk management is becoming increasingly tied to digital transformation, AI adoption and governance capabilities across India’s corporate sector as companies balance growth ambitions with resilience planning.
Key Takeaways
• Cybersecurity breaches ranked as the top organisational risk for India Inc in 2026.
• 60% of respondents said inadequate AI adoption could impact operational effectiveness.
• Supply chain disruptions remain a major operational continuity concern.
• Talent shortages and skill gaps continue to pressure Indian businesses.
• Regulatory compliance and ESG reporting obligations are becoming more complex.
Source: EY