New Delhi: Cybersecurity breaches and cyber-attacks have emerged as the single biggest risk to organisational performance for Indian companies, with 51% of senior leaders identifying it as their primary concern, according to the Ficci-EY Risk Survey 2026 released on Sunday. The findings underline how technology risk has moved beyond IT functions to become a core business continuity and trust issue for corporate India.
The survey, based on inputs from 137 senior decision-makers including CXOs across sectors, shows that cyber risk now poses serious financial, operational and reputational threats. As Indian enterprises accelerate digital adoption, 61% of respondents said cyberattacks and data breaches represent major risks, while 57% flagged potential data theft and insider fraud.
Nearly half of the respondents (47%) acknowledged challenges in countering increasingly sophisticated cyber threats, highlighting growing exposure from ransomware, phishing, deep fake fraud and third-party vulnerabilities.
Cyber Risk Moves to Boardroom Agenda
Cybersecurity has firmly moved onto the CEO and boardroom agenda as attackers increasingly deploy multi-vector strategies that simultaneously disrupt operations, revenues and brand confidence. The survey notes that technology risk is now tightly linked to operational resilience, with 61% of leaders stating that rapid technological change and digital disruption are impacting their competitive position.
AI has emerged as a double-edged sword for India Inc. While 60% of executives believe inadequate adoption of AI and emerging technologies could hurt operational effectiveness, 54% feel that AI-related risks — such as ethical concerns, governance gaps and unmanaged use of public AI tools — are not being effectively addressed. These risks include data and IP leakage, biased or hallucinated decision-making, and new cyber-attack pathways such as prompt injection.
Converging Risks Heighten Pressure on India Inc
Beyond cyber threats, the survey highlights a convergence of risks shaping corporate performance. Changing customer demands (49%) and geopolitical events (48%) rank next among critical concerns, while nearly two-thirds of respondents cited economic slowdown, prolonged inflation and geopolitical tensions as material drivers of business risk.
Workforce challenges also remain pronounced, with 64% of respondents pointing to talent shortages and skill gaps, and 59% citing weak succession planning as threats to stability. On governance, 67% agreed that regulatory changes require urgent attention, while 45% warned that non-compliance with ESG disclosure requirements could have a direct financial impact.
Commenting on the findings, Rajeev Sharma, Chair, Ficci Committee on Corporate Security & DRR, said, “The risk landscape is undergoing a fundamental shift. Climate-related risks, environmental compliance, resource constraints and sustainability expectations are rising sharply on boardroom agendas. Parallelly, the rapid adoption of digital technologies, while enabling growth and efficiency has amplified exposure to cyber threats, data breaches, and the misuse of emerging technologies such as drones and AI. Addressing these risks requires not only robust regulation but also active collaboration between government, industry, start-ups and academia.”
“Scientific capability and frontier technologies are increasingly at the core of India’s transformation, driving mission-mode initiatives and fostering innovation, intellectual property creation, and global competitiveness. In this context, understanding risk as a dynamic, interconnected spectrum rather than as isolated challenges is essential for informed decision-making,” he added.
EY India’s Risk Consulting Leader Sudhakar Rajendran added, “Indian businesses are navigating an increasingly complex risk landscape marked by geopolitical volatility, regulatory activism, supply chain fragility, rapid digitalisation, and heightened stakeholder scrutiny. These risks are converging, amplifying their impact on profitability, business continuity, and reputation.”
“For Indian enterprises, resilience is now a strategic imperative. Leading organisations are strengthening enterprise-wide risk governance, investing in technology-enabled controls, and embedding risk intelligence into capital allocation and growth decisions. Those that proactively anticipate, quantify, and respond to emerging risks will be better positioned to protect value and sustain long-term growth,” he added
Companies which integrate cybersecurity, AI governance, ESG controls, workforce resilience and compliance into a single, connected risk framework will be better positioned to protect trust and sustain performance in an increasingly volatile business environment, the survey concludes.