Cyber threats biggest risk to India Inc, ahead of geopolitics: EY-Ficci

Cybersecurity breaches emerged as the biggest risk to organisational performance for India Inc, followed by shifting customer expectations and geopolitical events, according to the Ficci-EY Risk Surve

Cybersecurity breaches and attacks have emerged as the biggest risk to organisational performance for India Inc, according to the Ficci-EY Risk Survey 2026. 

 

The survey, titled 'Risk outlook – A compass to India’s risk landscape', draws on responses from senior leaders across sectors and highlights how technology, governance and workforce pressures are increasingly shaping business priorities.

 

At least 51 per cent of respondents flagged cybersecurity breaches as a key concern. Changing customer demands and expectations followed at 49 per cent, while 48 per cent pointed to geopolitical events as a major risk factor.

 

Technology, cyber and AI risks

   

Technology risk is now closely linked to operational continuity, the survey shows. As many as 61 per cent of respondents said rapid technological change and digital disruption were affecting their competitive position, while an equal proportion identified cyber-attacks and data breaches as significant financial and reputational threats.

 

More than half of respondents, or 57 per cent, flagged data theft and insider fraud as major risks, while 47 per cent acknowledged challenges in addressing increasingly sophisticated cyber threats.

 

Artificial intelligence has emerged as a dual risk area. Around 60 per cent of respondents said inadequate adoption of emerging technologies, including AI, could adversely impact operational effectiveness. At the same time, 54 per cent felt AI-related risks, including ethical and governance issues, were not being effectively managed.

 

Commenting on the findings, Rajeev Sharma, chair, Ficci Committee on Corporate Security & DRR and Cluster Managing Director, India, Nepal & Bangladesh, G4S Corporate Services (India) Pvt Ltd, said, “In a business environment shaped by volatility, the ability to anticipate, absorb and adapt to risk is emerging as a defining capability for sustained growth.”

 

Sudhakar Rajendran, risk consulting leader, EY India, said risks were increasingly converging rather than occurring in isolation. “Inflation, cyber threats, AI governance, climate exposure and regulatory change are interacting in ways that directly influence India Inc’s performance and resilience. Boards are being pushed to strengthen oversight, improve data quality and integrate resilience into core strategy. The survey shows that leaders who increasingly recognize risk management as a strategic capability, shall be poised for long-term competitiveness," he said. 

Climate and ESG risks

 

Climate and ESG risks are translating into direct financial exposure for companies. Nearly 45 per cent of respondents cited the financial impact of climate change as a critical risk to their operations in India, while 44 per cent pointed to the potential impact of non-compliance with ESG disclosure and reporting requirements. About 42 per cent expressed concerns over the effectiveness of board oversight on ESG-related issues.

 

Operations and supply chain pressures

 

Operational and business continuity risks remain elevated, with 54 per cent of respondents viewing supply chain disruptions as a major concern. Physical events were flagged by 56 per cent, while 52 per cent cited ineffective real-time crisis management as a risk to business continuity.

 

Talent and regulatory risks

 

Talent shortages and skill gaps continue to weigh on organisational performance, with 64 per cent of respondents highlighting this risk. Weak succession planning was cited by 59 per cent, while 41 per cent pointed to ambiguity around remote and hybrid working as a risk to corporate culture.

 

On the regulatory front, 67 per cent of respondents said frequent regulatory changes needed to be addressed. Around 40 per cent indicated that their compliance frameworks struggled to keep pace with regulatory shifts, while 39 per cent said gaps in technology, budgets or resources limited their ability to manage compliance demands.