FICCI–EY Risk Survey 2026

FICCI–EY risk survey 2026: Risk outlook: A compass to India’s risk landscape

EY
EY India

Multidisciplinary professional services organization

5 minute read 05 Feb 2026
Related topics
Risk

A strategic compass for organizations navigating India’s evolving risks with foresight and governance.

In brief

  • Concerns around digital risk remain prominent: 
    • 61% of respondents highlight cyber-attacks and data breaches as major financial and reputational threats.
    • 59% point to limited adoption of emerging technologies, including AI, affecting operational effectiveness.
  • Workforce challenges persist: 64% report talent shortages and skill gaps influencing organizational performance and long-term capability planning.
  • Governance-related pressures are also increasing: 45% of respondents indicate that non-compliance with ESG disclosure requirements has a direct impact on their organization.

The FICCI-EY Risk Survey 2026 is built on a structured, multi‑sector questionnaire that captures how organizations are responding to converging disruptions. It covers perspectives across seven risk themes, highlighting where exposures are increasing, governance expectations are tightening and which resilience capabilities can most effectively protect performance in an increasingly volatile environment.

The trade reset and India Inc.’s resilience imperative

  • Geopolitics has become a board-level operating variable for Indian businesses. Nearly two-thirds of leaders from the survey cite economic slowdown and disruption (68%), prolonged inflation/volatility (67%) and geopolitical tensions (64%) as material drivers of outcomes – raising the intensity of business risks in India.
  • As major economies reset trade policy, industrial priorities and supply chains, uncertainty is expected to persist, accelerating trade-flow realignment, amplifying global trade disruptions and reshaping cost, continuity, compliance and competitive advantage.
  • Input availability and pricing, especially in semiconductors, clean energy, electric mobility and advanced manufacturing, is expected to increasingly determine resilience, reinforcing the need for robust risk management strategies across suppliers, logistics and customer fulfilment.

Operational continuity in a multi-vector cyber landscape 

  • Cyber risk is now a business-continuity and trust issue, as a result of which cybersecurity in business is a CEO-and-Board agenda item. Attackers blend ransomware, DDoS, phishing/social engineering, deepfake fraud, insider abuse and third‑party entry points, triggering simultaneous hits to operations, revenue and reputation.
  • Leaders increasingly see cyber as a material enterprise risk that can undermine competitiveness, financial performance and brand confidence, especially amid escalating cybersecurity threats in India.

Operational continuity in a multi-vector cyber landscape 

  • Cyber risk is now a business-continuity and trust issue, as a result of which cybersecurity in business is a CEO-and-Board agenda item. Attackers blend ransomware, DDoS, phishing/social engineering, deepfake fraud, insider abuse and third‑party entry points, triggering simultaneous hits to operations, revenue and reputation.
  • Leaders increasingly see cyber as a material enterprise risk that can undermine competitiveness, financial performance and brand confidence, especially amid escalating cybersecurity threats in India.

Technology Solutions

EY India delivers technology solutions to drive digital transformation, improve efficiency, manage risk, and support industry-specific business goals.

Know more

 

AI without guardrails 

  • Artificial Intelligence (AI) is boosting productivity, but can also create enterprise risks that affect operations, trust and liability. In the survey, 60% of senior executives are concerned that inadequate AI adoption will impact operational effectiveness, while unmanaged use of public tools and AI‑driven misinformation heightens exposure to data/IP leakage, biased or hallucinated decisions, deepfake reputational shocks, compliance breaches and new attack paths such as prompt injection.
  • These artificial intelligence risks are not theoretical. They show up in model governance, data provenance, access controls, vendor reliance and accountability for decisions influenced by AI.
  • Scaling AI should be accompanied by measurable performance, clear accountability, governance and enforceable guardrails.

Strengthening ESG governance for resilience and control

  • ESG, especially climate, has shifted from reporting to a balance sheet and operating model risk. The climate change impact on business is becoming more visible as climate shocks damage assets, disrupt supply chains and tighten insurance, while disclosure rules and stakeholder scrutiny intensify.
  • ESG now drives continuity, costs and competitiveness and weak controls amplify climate change business risks. Strong governance must connect operational risk controls, data integrity and ESG reporting standards into one coherent framework.

Workforce resilience as a competitive advantage

  • Workforce risk is becoming a structural constraint on performance. Talent shortages, fast-evolving skill requirements (accelerated by AI), weakened succession pipelines and fragmented culture in hybrid models are eroding productivity and stability while increasing conduct and compliance exposure.
  • These workforce challenges in India elevate operational and reputational risk at the same time, especially where skills, safety and accountability are not in sync with business transformation.
  • As roles and expectations shift, the differentiator can be workforce resilience. Continuous learning at scale, leadership readiness for distributed teams and a trust-led culture reinforced by clear accountability, role modelling and controls needs to be a core operating rhythm.

Continuous compliance as the new governance mandate

  • Regulatory and compliance risk in India is accelerating in pace, scrutiny and enforcement, shifting compliance from periodic filing to always‑on governance. As reforms across data protection, labor, ESG, tax and sector rules evolve, 67% of executives say they have to address complex changes and 56% say rising privacy scrutiny is priority.
  • Regulators increasingly expect firms to demonstrate and defend controls via digital reporting and near‑real‑time monitoring, while senior management and third‑party conduct face tighter accountability.

Operational and business continuity risks

  • Operational resilience supported by strong business continuity planning has shifted from a risk-function concern to a value‑protection mandate as continuity risk rises faster than operating models are adapting. Disruptions are more frequent and interconnected, with shocks cascading quickly from suppliers to customers, cost and reputation.
  • Expectations have also tightened. Stakeholders want measurable recovery readiness, such as tested plans, clear roles and proven outcomes. As physical events, workplace safety and site disruptions converge with traditional outages, resilience becomes strategic - the ability to operate through disruption, not merely respond after loss.

Download the full pdf

PDF (1 MB)

Summary

Risk is a capability that determines performance. Across the broader India enterprise risk landscape, the winners are likely to be those that govern geopolitics, cyber, AI, ESG, workforce, compliance and continuity as one connected agenda, building measurable resilience, provable controls and rapid recovery into a resilient operating model. In an environment shaped by global trade disruptions, intensified cybersecurity threats and tighter ESG reporting standards, leaders who operationalize modern risk management strategies can protect trust, sustain competitiveness and outperform through disruption.

How EY can help

  • Risk consulting services

    Risk Consulting Services at EY helps identifying and managing risks across domains like Digital Risk, Enterprise Risk, Financial Services Risk, Actuarial & Risk Solutions to drive business success.

    Read more

  • Cloud Governance Services

    Optimize IT costs and compliance with EY’s ITAM services—manage software, hardware, and open-source assets across their full lifecycle.

    Read more

  • HITRUST Assessments

    EY HITRUST assessments use the adaptable HITRUST CSF framework, enabling organizations to tailor controls and security measures to their specific needs.

    Read more

Related content

How India GCCs are powering core industry processes in Retail and CPG sector

India’s GCCs are powering global Retail and CPG brands through AI, analytics, merchandizing, marketing, customer service and store operations transformation.

Arpit Dharma + 1

How Eastern India can lead the next GCC wave

Eastern India is emerging as a strategic GCC hub as enterprises shift to intelligence-led models powered by AI, data and automation, with Kolkata at the core.

Arindam Sen + 1

India’s GCCs are leading the shift to Intelligent, AI-native enterprises

India’s GCCs are evolving from cost hubs to global innovation leaders, driving AI adoption, digital transformation, and enterprise strategy.

Arindam Sen + 1

    About this article

    EY
    EY India
    Multidisciplinary professional services organization
    Related topics
    Risk

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.