EY helps clients create long-term value for all stakeholders. Enabled by data and technology, our services and solutions provide trust through assurance and help clients transform, grow and operate.
At EY, our purpose is building a better working world. The insights and services we provide help to create long-term value for clients, people and society, and to build trust in the capital markets.
How businesses can navigate India’s evolving risk landscape
Listen to our latest podcast — Risk outlook: A compass to India’s risk landscape — on how Indian businesses can embed risk into strategy, build resilience and manage today’s interconnected threats.
The recently released FICCI-EY risk survey serves as a strategic compass for organizations seeking to navigate India’s evolving risks with foresight and governance. The survey highlights that in the current business environment defined by co-existing growth and disruption, risk is fast emerging a critical boardroom priority. In this episode of the EY India Insights podcast, Srikanth Potturi, Partner, Risk Consulting, EY India shares how forward-looking boards and CXOs are embedding risk into strategy to drive sustainable growth in an increasingly complex world.
Key takeaways
Boards must embed risk into strategy, using forward-looking intelligence and make faster decisions to navigate business growth, disruption, and interconnected threats.
Proactive resilience requires real-time risk sensing, scenario planning, and ecosystem collaboration to anticipate shocks rather than react after crises occur.
Competitive advantage will belong to organizations that are integrating cyber, AI governance, talent, and ESG into unified risk frameworks.
Building a risk-aware culture begins with capability, not just compliance. Organizations must invest in digital, cyber, data and risk skills while strengthening leadership pipelines and succession planning.
For your convenience, a full text transcript of this podcast is available on the link below:
Pallavi
Hello and welcome to EY India Insights podcast. In this episode, we explore how organizations can navigate today’s evolving risk landscape – from regulatory and geopolitical uncertainty to cyber and technology risks.
Srikant, the FICCI-EY Risk Survey 2026 describes today’s environment as high-growth yet highly disruptive. How should Indian businesses interpret this paradox, and what does it mean for board-level decision-making?
Srikanth
Thank you for having me, Pallavi. It is an interesting question because the paradox of high growth and high disruption is defining the reality of Indian businesses today.
On one hand, India is among the fastest growing major economies, supported by domestic consumption and capital investment. But on the other hand, the risk environment has become more complex, interconnected and super volatile. The survey also makes it clear that growth and disruption are no longer sequential. They are actually happening at the same time; strategic, operational, financial and technology risks are blurring into one another.
This means boards can no longer treat risk as episodic compliance exercise or something delegated only to assurance functions. For boards, this translates into three shifts:
First, risk must be embedded into strategy, not reviewed after the fact. Growth beds, whether digital, geographic or M&A must be stress tested against geopolitical shocks, supply chain fragilities and cyber exposure.
The second shift is that the decision cycles are compressing as we speak. The report highlights how external shocks and internal vulnerabilities now interact at speed. Boards need faster access to forward-looking risk intelligence, not just historical dashboards.
The third shift is that there is a growing expectation for active board oversight on resilience – how quickly the organization can anticipate, absorb and adapt to disruption. In today's environment, resilience itself becomes a source of competitive advantage.
These are some of the perspectives that I have gathered from the risk survey report that we have recently concluded.
Pallavi
Thank you, Srikanth. With geopolitical tensions and economic volatility and supply chain disruptions emerging as major concerns, how can organizations move from reactive risk management to proactive resilience?
Srikanth
The survey strongly indicates that many organizations are still very reactive in responding to crises, rather than anticipating them. Moving to proactive resilience requires a mindset shift, and not just a capability shift. The first step is continuous risk sensing. You see that organizations have annual risk assessments and periodic risk reviews, but organizations need real-time visibility across geopolitics, regulatory changes and other cyber and digital risks. India's deep integration into global supply chains makes make this especially critical.
Second is scenario driven planning. The survey also emphasizes that uncertainty is no longer an exception; it is the baseline. Leading organizations are running multiple plausible scenarios around tariffs, energy costs, logistic disruptions and currency volatility, and linking these scenarios directly to operational and financial decisions.
The third one is that resilience must be built across ecosystems, not just within the enterprise. Strengthening supplier diversification, improving third party governance, and collaborating across industries and with policymakers are the recurring themes from the survey. Finally, resilience needs ownership at the top. When boards and CEOs treat resilience as a strategic capability rather than crisis response, it fundamentally changes how quickly organizations can adapt.
Pallavi
The survey also highlights cybersecurity threats, including data risks, and both slow and unmanaged AI adoption. How should organizations balance rapid digital transformation with strong risk governance and trust?
Srikanth
Cyber security breaches are ranked as the single biggest risk to organizational performance by the CEOs, CFOs, CROs who have taken the survey. Many of them have rated cyber risk ahead of geopolitics and economic volatility. At the same time, organizations are caught in dual challenge with AI – fear of falling behind and fear of getting it wrong. So, these are all in the mix, and they are all interrelated as well.
The balance lies in governing acceleration, not slowing down digital transformation. The first thing that companies can do is that cybersecurity and data protection must be treated as core business enablers. and not just IT topics. The survey shows that technology risk is now directly linked to operational continuity and reputation. This means boards must ask sharper questions about cyber resilience, incident response readiness and data governance, which also means that boards and the CXOs need to upskill themselves on cyberthreat landscape, and emerging risks of data and AI technologies. These are some topics that boards and CXOs should be familiar with.
The second shift that boards can think of is that with AI, the risk is two-fold. Many leaders acknowledge that inadequate adoption of AI can hurt competitiveness, while at the same time admitting that AI ethics, governance, and controls are not yet mature. The answer is not to pause AI, but to embed guardrails early, set clear accountabilities, develop ethical frameworks and lay strong data foundations.
The third mindset shift is that trust becomes the currency of digital growth. Customers, regulators and employees are increasingly expecting organizations to demonstrate responsible use of technology. Those who get this right will scale faster and more sustainably than those who chase speed alone.
Pallavi
Talent shortages, skill gaps and ESG expectations are increasingly interconnected risks. How can the leaders build a risk culture that aligns with the workforce strategy, ethics, and long-term sustainability?
Srikanth
One of the most important insights from the survey is that people, purpose and performance risks are converging. Majority of leaders who have taken the survey highlight talent shortages and critical skill gaps as threats to performance. From climate impact to ethical conduct, ESG expectations are increasingly influencing investors and regulatory scrutiny. Building a risk averse culture starts with capability building, not just compliance. Organizations need to invest in future skills around digital, cyber ,data and risk, while also strengthening leadership pipelines and succession planning.
Second, ESG cannot be operated in a silo. The survey shows growing concern around ESG oversight and disclosure readiness. When workforce strategy, ethics, sustainability are aligned. ESG stops being a reporting burden and becomes part of how decisions are made.
Third, culture is shaped by what leaders reward. When leaders openly discuss risk, ethical tradeoffs in long-term value, not just short-term performance, it creates psychological safety for teams to flag issues early.
Ultimately, organizations that integrate talent strategy, ethical governance and sustainability are far better positioned to manage both current disruptions and long horizon risks. These are some of the long-term focused actions that boards and CXOs can take from ESG, workforce strategy, and upskilling point of view.
Pallavi
If you had to identify one risk capability that Indian organizations must strengthen most urgently to stay competitive through 2026 and beyond, what would it be and why?
Srikanth
It is very difficult to pick one, but if I have to, I will pick integrated, forward-looking risk intelligence as one of the capabilities that need to be built. The survey makes it clear that risks no longer occur in isolation. Cyber threats, AI governance, geopolitics, climate exposure, regulatory change and talent challenges are all interacting at the same time, and at the same place are also. Organizations that are still managing these risks in silos will always be one step behind.
What is urgently needed is the ability to collect data across functions, anticipate how risks cascade and translate insights into faster decisions at the board and executive levels. This capability underpins everything else – resilience, trust, digital transformation and sustainable growth. In a high growth, high disruptive environment, the winners will not be those who avoid risk, but those who understand it best, and respond the fastest.
Pallavi
Thank you. That brings us to the end of this episode. Thank you so much for spending your time and sharing your perspectives on managing the risk in this rapidly changing environment.
Srikanth
Thank you, Pallavi. Thanks for having me.
Pallavi
To all our listeners, thanks for tuning in to this EY Insights podcast. We hope you found this conversation useful. Stay tuned for more insights in our upcoming episode. Until next time, this is Pallavi, signing off.
If you would like to listen to our podcasts on the go:
Risk Consulting Services at EY helps identifying and managing risks across domains like Digital Risk, Enterprise Risk, Financial Services Risk, Actuarial & Risk Solutions to drive business success.
EY HITRUST assessments use the adaptable HITRUST CSF framework, enabling organizations to tailor controls and security measures to their specific needs.
