Cybersecurity breaches, inadequate governance of artificial intelligence (AI), and increasing scrutiny under India’s data protection laws have emerged as critical risks for Indian businesses, according to the FICCI–EY Risk Survey 2026 released on February 8. The survey highlights a shifting landscape where the significance of digital threats has escalated from mere IT issues to board-level concerns.
Notably, 61% of respondents identified cyber-attacks and data breaches as presenting “significant financial and reputational risks” to their organizations. This shift underscores the evolving nature of cyber risk, which now directly threatens operational integrity, revenue streams, and public trust. The report emphasizes that cyber readiness is essential for business continuity, warning that ransomware, phishing, and assaults on vital infrastructure are becoming increasingly sophisticated.
The survey also raised alarms about the rapid integration of AI into business practices, particularly in areas lacking robust governance. Approximately 60% of senior executives acknowledged that insufficient adoption of emerging technologies, including AI, was adversely affecting operational efficiency. Furthermore, more than 54% indicated that AI-related risks, such as ethical dilemmas and algorithmic failures, were not being adequately managed within their organizations.
“AI risk is now a core business risk and not merely a technology issue,” the report stated, pointing to challenges such as hallucinations, data poisoning, model drift, and deepfakes. It also flagged the phenomenon of shadow AI, where employees utilize public AI tools for sensitive tasks without proper oversight. Such vulnerabilities raise questions about accountability, especially as AI systems capable of autonomous actions muddle legal and compliance frameworks when contracts or decisions are executed without human approval.
These cyber and AI risks are compounded by stricter regulatory oversight, particularly concerning data privacy. The survey revealed that 56% of participants pinpointed increasing scrutiny around data protection as a significant risk, while 67% indicated that frequent changes in regulatory frameworks demanded immediate attention from management and boards. The ongoing implementation of India’s Digital Personal Data Protection (DPDP) Act has prompted companies to reassess their governance structures, internal controls, and supervision of third-party actions.
“Regulatory and compliance risk is a core business challenge and not a formality,” the report asserted, stressing that lax governance or delays in compliance could lead to financial penalties, reputational damage, and erosion of investor trust. Taken together, these findings paint a picture of an increasingly interconnected risk landscape, where failures in cybersecurity, AI governance, and data privacy can lead to operational disruptions and long-term challenges to credibility.
As businesses navigate this complex terrain, the report urges a holistic approach to risk management that integrates strategy, operations, and governance. “Managing risk now requires integrated, enterprise-wide approaches that connect strategy, operations, and governance,” it stated, emphasizing that as digital reliance deepens, organizations must move beyond siloed controls to effectively mitigate risks.
See also
CISOs Prioritize 80% of 2026 Budgets for AI-Driven Cybersecurity Solutions
White House Unveils New Cyber Strategy Focused on AI Security and Incident Reporting Changes
AI Still Relies on Human Oversight for Multi-Stage Cyberattacks, Report Reveals
