Cybersecurity breaches and attacks have become the leading threat to business performance for Indian companies, with 51% of senior executives identifying them as their primary risk, according to a new survey released by FICCI and EY.
The FICCI-EY Risk Survey 2026 ranked changing customer expectations and geopolitical developments as the next most significant risks, flagged by 49% and 48% of respondents respectively.
The findings point to a business environment where technology, regulation and external shocks are increasingly interconnected.
The survey, conducted through a web-based questionnaire, gathered responses from 137 senior decision-makers, including CXOs, across multiple sectors.
Technology firms accounted for the largest share of respondents, followed by professional services companies.
According to the report, technology-related risks are now closely tied to operational continuity and resilience.
About 61% of respondents said rapid technological change and digital disruption are affecting their competitive position, while an equal proportion cited cyber-attacks and data breaches as major financial and reputational threats.
More than half of those surveyed, 57%, flagged risks related to data theft and insider fraud, and 47% said they face difficulties in countering increasingly sophisticated cyber threats.
Artificial intelligence emerged as a dual risk area. While 60% of executives said inadequate adoption of emerging technologies, including AI, could weaken operational effectiveness, 54% said risks linked to AI ethics and governance are not being managed effectively.
“In a business environment shaped by volatility, the ability to anticipate, absorb and adapt to risk is emerging as a defining capability for sustained growth,” said Rajeev Sharma, chair of the FICCI Committee on Corporate Security and Disaster Risk Reduction.
He added that organisations are increasingly embedding risk considerations into strategic decision-making rather than treating them as isolated events.
The survey also highlighted workforce-related concerns. Nearly two-thirds of respondents said talent shortages and skill gaps could hurt organisational performance, while 59% pointed to weak succession planning as a risk to long-term stability.
Regulatory change remains another pressure point. About 67% of executives said regulatory developments need to be addressed proactively, while 40% acknowledged that existing compliance frameworks struggle to keep pace with evolving rules.
Climate and environmental, social and governance risks are also translating into financial exposure. Around 45% of respondents cited climate-related financial impacts as a critical operational risk, and 44% said non-compliance with ESG disclosure requirements could significantly affect business outcomes.
Supply chain disruptions continue to weigh on corporate planning, with 54% of leaders identifying them as a risk to operational and business continuity.
“Organisations are navigating a phase where multiple risks are converging rather than occurring in isolation,” said Sudhakar Rajendran, risk consulting leader at EY India, pointing to the combined impact of inflation, cyber threats, AI governance, climate exposure and regulatory change on corporate resilience.
