Cybersecurity, AI Governance and Data Privacy Emerge as Top Risks for India Inc: FICCI–EY Survey

Indian companies are facing an increasingly complex and interconnected risk environment, with cybersecurity threats, artificial intelligence (AI) governance gaps, and stricter data-privacy regulations emerging as the most critical concerns at the boardroom level.

These findings were highlighted in the FICCI–EY Risk Survey 2026, released on 8 February, which captures the evolving priorities of senior leadership across India Inc.

The survey underscores how digital risks—once viewed primarily as technical challenges—have now escalated into strategic and reputational threats demanding urgent attention from boards and top management.

Cybersecurity Risks Take Centre Stage

Cyber Attacks and Data Breaches as Major Business Threats

According to the survey, 61% of respondents identified cyber-attacks and data breaches as posing “significant financial and reputational risks” to their organisations. This sharp focus reflects the growing dependence of businesses on digital infrastructure and data-driven operations.

The report noted that “Cyber risk poses a direct threat to operations, revenue and trust and cyber readiness is central to business continuity and confidence,” highlighting that cyber resilience is no longer optional for Indian enterprises.

Rising Sophistication of Cyber Threats

Ransomware, Phishing and Infrastructure Attacks on the Rise

The survey warned that threats such as ransomware attacks, phishing campaigns and intrusions into critical infrastructure are increasing not only in frequency but also in sophistication. Attackers are leveraging advanced tools, automation and AI-driven techniques, making traditional security measures inadequate.

As organisations expand cloud adoption, remote work and digital supply chains, vulnerabilities are widening—placing sensitive customer data, intellectual property and operational continuity at risk.

AI Governance Gaps Emerge as a Critical Risk

Weak Controls Over AI Adoption Impact Operations

The rapid integration of AI into business processes has emerged as another major area of concern. Around 60% of senior executives surveyed said that inadequate adoption of emerging technologies, including AI, was negatively impacting operational effectiveness.

While companies are keen to deploy AI for efficiency and growth, the lack of structured governance frameworks is creating new risks that extend beyond technology teams.

Ethical and Operational Risks of AI Remain Under-Managed

More than 54% of respondents acknowledged that AI-related risks, including ethical concerns, were not being effectively managed within their organisations.

The survey clearly stated that “AI risk is now a core business risk and not merely a technology issue,” signalling a shift in how enterprises must approach AI oversight.

Emerging AI Threats Reshaping Risk Management

Hallucinations, Deepfakes and Shadow AI

The report highlighted a range of AI-specific threats that are troubling boards and risk committees, including:

• Hallucinations producing inaccurate or misleading outputs

• Data poisoning that compromises model integrity

• Model drift reducing reliability over time

• Deepfakes enabling fraud and misinformation

• Shadow AI, where employees use public AI tools for sensitive tasks without approval or oversight

These risks raise serious concerns around data security, compliance and decision-making accuracy.

Agentic AI Raises Legal and Compliance Uncertainty

Autonomous Systems Add New Complexity

The survey also cautioned against the risks posed by agentic AI systems, which can take autonomous actions with minimal human intervention. Such systems introduce fresh ambiguity when decisions related to contracts, payments or approvals are executed without explicit human authorisation.

This creates unresolved legal, regulatory and accountability challenges, especially in highly regulated industries.

Data Privacy and Regulatory Scrutiny Intensify

Data Protection Rules Add Pressure on Management

Cyber and AI risks are being further amplified by tightening regulatory oversight. The survey revealed that 56% of respondents flagged increasing scrutiny around data privacy as a major risk.

Additionally, 67% said frequent regulatory changes required urgent attention from senior management and boards, reflecting the fast-evolving compliance landscape.

Impact of India’s DPDP Act on Corporate Governance

Strengthening data-protection frameworks, including India’s Digital Personal Data Protection (DPDP) Act, is compelling companies to rethink governance structures, internal controls and third-party risk management.

The report stressed that “Regulatory and compliance risk is a core business challenge and not a formality,” warning that delayed compliance or weak governance could result in financial penalties, reputational damage and erosion of investor confidence.

Converging Risks Demand an Integrated Response

Taken together, the survey findings point to a rapidly converging risk landscape where cyber threats, AI governance failures and data-privacy lapses can cascade into operational disruption and long-term credibility risks.

The report concluded that “Managing risk now requires integrated, enterprise-wide approaches that connect strategy, operations and governance,” urging Indian companies to break down silos and embed risk management into core business decision-making as digital dependence deepens.

Conclusion

The FICCI–EY Risk Survey 2026 makes it clear that India Inc is entering an era where cyber resilience, responsible AI governance and regulatory compliance are inseparable from business strategy. As digital transformation accelerates, boards can no longer treat these risks in isolation or delegate them solely to IT or legal teams.

Instead, organisations must adopt holistic, enterprise-wide risk frameworks that align technology adoption with ethics, security and compliance. Companies that proactively strengthen governance, invest in cyber readiness and build AI accountability will be better positioned to safeguard trust, ensure continuity and sustain long-term growth in an increasingly uncertain digital environment.