Cyberattacks, data breaches top risks for India Inc – What FICCI-EY survey revealed

For a long time, corporate risk was about what might happen next a slowdown, a policy change, a global shock. In 2026, that framing no longer holds.The FICCI–EY Risk Survey 2026 suggests that the biggest risks facing Indian companies are already here, built into the way businesses operate every day.Across industries, executives say their primary concerns stem from digital dependence on data, software, networks, and third-party systems that are now essential to growth but difficult to fully control.

Cybersecurity emerges as the most significant risk in the FICCI–EY Risk Survey 2026, ahead of regulatory uncertainty and market volatility. This isn’t because cyber threats are new, but because their impact has changed.A breach today does not stay confined to IT systems. The survey highlights concerns around data theft, insider threats, and increasingly sophisticated attacks that can disrupt operations, attract regulatory scrutiny, and damage trust in one stroke.What companies are really worried about is not just being attacked, but losing control over data, processes, and reputation.

Growth made companies more fragile

The survey points to a structural issue: digital growth has made businesses faster and more efficient, but also more exposed.Indian companies have embraced cloud platforms, AI tools, digital payments, and remote work at scale. According to the FICCI–EY Risk Survey 2026, many leaders now believe that risk management has not kept pace with this transformation.The result is a business environment where systems are tightly connected, dependencies are deep, and failures travel quickly.

AI is changing risk conversation

Artificial intelligence sits at the centre of this shift.

The survey notes that companies worry about slow AI adoption hurting competitiveness, while simultaneously admitting that AI-related risks including data governance, ethical concerns, and regulatory readiness are not fully addressed.This reflects a broader change in how risk is perceived. Innovation is no longer optional, but it is also no longer clearly understood. AI has become both a growth lever and a source of uncertainty.

Risk no longer arrives alone

One of the clearest insights from the FICCI–EY Risk Survey 2026 is that risks are now interconnected.

Cybersecurity overlaps with regulatory compliance, customer trust, talent shortages, and operational continuity. A single incident can trigger multiple consequences, often faster than organisations can respond.

This convergence is forcing companies to rethink traditional, siloed approaches to risk management.

The survey shows that boards and leadership teams are responding by shifting focus from prevention alone to resilience. Cyber preparedness, data controls, and technology governance are increasingly treated as strategic priorities rather than support functions. The ability to absorb disruption and recover quickly is becoming as important as efficiency or scale.

The FICCI–EY Risk Survey 2026 indicates that companies which invest in resilience are better positioned to sustain growth in an environment where disruption is constant.

The most important insight from the survey is not the ranking of risks, but what it says about maturity.

India Inc is no longer assuming that growth will automatically bring stability. Instead, leaders are recognising that complexity is the price of scale, and managing that complexity is now a core leadership challenge.

The FICCI–EY Risk Survey 2026 captures this transition clearly: risk is no longer a future event to prepare for. It is a present condition to be managed, every day.