Business environments worldwide are becoming more complex and interconnected, with uncertainty shaping strategic, operational and investment decisions. Risks now emerge simultaneously from multiple risk vectors and often interact to influence stability, growth and governance. In this setting, organizations need a structured and coherent view of risk to support sound judgement and timely action. Within this broader landscape, India is navigating an economic transition shaped by global developments and domestic pressures. Geopolitical tensions, evolving trade patterns, regulatory changes, technology dependence, climate considerations and workforce dynamics are influencing how enterprises plan and operate, affecting supply chains, market access, compliance and cost structures.
The FICCI-EY Risk Survey 2026: Risk outlook – A compass to India’s risk landscape for Indian businesses, offers a comprehensive view of these challenges. Drawing on insights from business leaders across sectors, the report examines risk perception, prioritization and management juxtaposed with global trends, India-specific risks and sector-level perspectives to support informed decision-making.
Key findings at a glance
Geopolitical pressures and rapid shifts in the operating environment are increasingly influencing organizational priorities, affecting stability, leadership focus and business confidence. Survey insights reflect growing pressure across technology, governance and workforce dimensions, with respondents highlighting several areas of heightened exposure.
Concerns around digital risk remain prominent
- 61% of respondents highlight cyber-attacks and data breaches as major financial and reputational threats.
- 59% point to limited adoption of emerging technologies, including AI, affecting operational effectiveness.
Workforce challenges persist
- 64% report talent shortages and skill gaps influencing organizational performance and long-term capability planning.
Governance-related pressures are also increasing
- 45% of respondents indicate that non-compliance with ESG disclosure requirements has a direct impact on their organization.
Together, these findings indicate that risks across technology, governance and talent are becoming more interconnected rather than operating in isolation. As these pressures converge, organizations have to take a more integrated approach to risk management, strengthening oversight, capability planning and decision-making to support stability and sustained performance in an evolving operating environment.
Major risks shaping business outcomes
A close look at the changing global conditions influencing investment and sourcing decisions
Geopolitical developments, shaped by evolving trade policies and shifting global priorities, continue to influence the global operating environment. As major economies adjust their policy direction, uncertainty is expected to persist into 2026, affecting trade, investment and supply networks.
These shifts are contributing to a gradual realignment of global trade flows. Many economies are placing greater emphasis on domestic capacity building and supply resilience, particularly across sectors such as semiconductors, clean energy and advanced manufacturing. Changes in trade measures are influencing the availability and pricing of critical inputs used across electronics, electric mobility and renewable energy value chains.
Together, these trends reinforce the importance of preparedness. Ongoing geopolitical shifts continue to influence energy markets, supply chains and regulatory environments, with implications across operational, financial and reputational areas. In such an environment, scenario planning and geopolitical awareness are becoming important tools to support informed decision-making and strengthen organizational resilience.
Resilience and adaptability are no longer optional. Building flexibility and staying attuned to geopolitical shifts can influence how organizations sustain performance in this evolving environment.
The FICCI-EY risk survey data indicates that economic slowdown, market disruptions and sustained inflation remain key areas of attention for Indian businesses, with 68% of respondents reflecting a shared view on their relevance. Economic volatility continues to feature prominently, with 67% of respondents agreeing or strongly agreeing on its impact on business planning and operations. Geopolitical factors also remain relevant, with 64% of respondents acknowledging that geopolitical tensions are having a noticeable impact on their organizations, contributing to uncertainty in decision-making and long-term outlook. These findings reinforce the need for boards to embed geopolitical foresight, prioritize resilience over efficiency and align capital allocation with a fragmented, unpredictable global landscape.
The message for business leaders is clear: Sectoral impacts are real and immediate. Technology, automotive, defense, energy and manufacturing firms should build resilience into their supply chains, diversify sourcing and stay agile in pricing and regional strategy. In this new era, monitoring geopolitical flashpoints is not just prudent but essential for survival and growth.
Cyber risks
Elevating the conversation from IT threat to boardroom priority
Cyber risk is emerging as a defining challenge for operational stability and infrastructure resilience in today’s digital-first business landscape. No longer isolated, these risks now shape the very foundation of enterprise continuity and competitive advantage.
Ransomware and Distributed Denial-of-Service (DDoS) attacks disrupt production, logistics and essential services, resulting in downtime and financial loss. Data breaches expose sensitive customer and business information, leading to lasting reputational damage. As system defenses improve, human error is exploited through phishing and social engineering. In parallel, dependence on third-party vendors expands exposure, where a single security failure can cascade into regulatory, legal and operational consequences across the organization.
Globally, the average cost of a data breach stands at US$4.4 million, while ransomware incidents now cost approximately US$5 million, up nearly 17% year-on- year, reflecting a shift toward data theft and system disruption. Attacks on critical infrastructure are also rising, with manufacturing, healthcare, energy and finance being among the most affected. Ransomware incidents have increased 50% in 2025, largely via phishing and remote access.
India faces a sharp rise in cyber intrusions due to AI- based social engineering, cloud gaps (misconfigured or weak cloud security settings that expose systems and data), and vulnerability chaining (attackers linking multiple small security flaws to gain deeper access into networks). Bot activity has increased, with multi-vector campaigns becoming more common. Deepfake voice scams affect the banking sector, leading to losses from fraud and higher complaint volumes on the National Cyber-Crime Reporting Portal (NCRP).
The survey indicates that technology and cybersecurity risks are a growing concern, with 61% of respondents agreeing or strongly agreeing that digital disruption affects competitiveness and cyber attacks pose major threats. Additionally, 57% highlight the impact of data theft and insider fraud, while 47% acknowledge challenges in managing sophisticated cyber threats.
Cyber-attacks and data breaches pose major financial and reputational risks, while rising threat sophistication, insider fraud and business espionage demand stronger internal controls and vigilance. These findings reinforce that the real challenge is not just to defend but to anticipate and adapt.
For organizations, the implication is increasingly evident: Cyber risk poses a direct threat to operations, revenue and trust and cyber readiness is central to business continuity and confidence.
Artificial intelligence (AI) risks
Evolving from technical challenge to enterprise imperative
AI is reshaping the business landscape, creating new opportunities as well as risks that require thoughtful oversight from senior leaders. The growing use of AI systems that can complete tasks with very little human involvement makes strong guidance and close coordination across teams more important than ever. AI can introduce inherent risks, including hallucinations that produce confident but incorrect outputs, bias embedded in training data, and weak explainability and poor data quality, all of which can undermine decision accuracy and accountability. These risks are no longer theoretical.
Deepfake incidents have risen sharply, with manipulated content becoming increasingly widespread. In a global survey, around 35% of respondents reported being exposed to manipulated or AI-generated media, including deepfake videos, images or audio encountered through social media, messaging platforms, news feeds or campaign communications. As reliance on AI grows, failures such as model drift, where AI accuracy declines as data patterns change over time and data poisoning, where incorrect or manipulated data affects model outputs, trigger forecasting errors, inventory disruptions and productivity losses, while stricter regulation heightens compliance exposure. Public-facing errors erode trust and unmanaged model extraction risks expose proprietary challenges, creating lasting financial, regulatory and reputational consequences.
Beyond these risks, organizations face emerging AI exposures that directly affect control, liability and talent while incurring additional costs. Shadow AI remains a major concern, as employees use public tools for sensitive work, risking irreversible intellectual property leakage. At the same time, Agentic AI introduces legal ambiguity when autonomous systems execute contracts or financial actions without human approval. New attack vectors, such as prompt injection, allow hidden instructions to bypass traditional security controls.
Talent dynamics are also shifting, with AI capability gaps driving attrition, while excessive reliance on automation risks weakening critical thinking and judgment across teams. As the focus shifts to AI, it is critical to address AI-related cyber risks through stronger governance, access controls and continuous monitoring to prevent misuse, data leakage and model manipulation. Managing AI risk now requires integrated and continuous monitoring to prevent innovation from outpacing organizational control and accountability.
The survey reveals significant operational concerns on both the lack of adoption and the ineffective management of AI. There is a prevailing concern about technological readiness, cost impact and risk management areas associated with the use of AI. About 60% of respondents believe that inadequate adoption of emerging technologies, including AI, can adversely impact operational effectiveness, while more than 54% feel that AI risks, including ethical concerns, are not effectively managed within their organization.
These findings highlight that the true imperative is to proactively embrace and manage AI risks, promoting operational resilience, adaptability and risk governance in a rapidly evolving landscape.
From a leadership standpoint, the priority is to understand that AI risk is now a core business risk and not merely a technology issue. As AI and Agentic systems scale, failures can directly affect decisions, compliance and trust. Strong governance, clear accountability and disciplined controls are essential to protect value and sustain confidence.
Environmental, social and governance (ESG) risks
Driving cascading global and domestic disruptions
Risks from climate and environmental pressures continue to rise as global warming intensifies, extreme weather events become more frequent and damage to land, forests and natural ecosystems worsens. These risks now disrupt economies, supply chains, food systems and livelihoods in real time. Slower progress on decarbonization, persistently high fossil fuel use and rising greenhouse gas concentrations are leading to severe weather conditions, biodiversity loss, pollution and resource stress, while rapid urban expansion in coastal and dry regions increases exposure for millions of people.
The economic cost of climate change is escalating, with global damages projected to reach US$38 trillion annually by 2050 under current conditions. Storms, floods and heatwaves already cost about US$16 million every hour. Repeated extreme events have damaged infrastructure and agriculture, pushing cumulative losses since 2000 into the trillions. Water mismanagement alone could cut average GDP by 8% and up to 15% in low-income countries, threatening over 50% of global food production. Yield volatility has pushed food prices up by 4% to 6%, disrupted rural demand and raised the risk of a 16% output decline by 2030. Heat stress is increasingly shaping financial and operational risk.
The survey shows that 45% of respondents agree or strongly agree that non compliance with ESG disclosure requirements affects their organization. Additionally, 44% of respondents feel that climate related financial impacts pose risks, while 41% indicate that limited board oversight increases their exposure to ESG related issues.
From India’s perspective, water scarcity is a growing business risk, with per capita availability estimated at 1,341 cubic meters, below the stress threshold. Severe groundwater extraction in Punjab, Haryana, Rajasthan and Karnataka threatens water-intensive sectors such as agriculture, food processing, textiles, chemicals, power and electronics.
Record temperatures and rising extreme events mean productivity losses of 20% to 30% in construction, logistics and mining, while higher cooling demand has lifted power costs by about 15%. For companies, this raises risks of production disruptions, higher compliance costs, location constraints and supply chain instability. This increases credit risk in agriculture, MSMEs and climate-exposed regions, while insurers face rising crop, health and property claims.
Workforce risks
Creating structural constraints on business performance
As organizations evolve through shifting market realities and new ways of working, the strength of their talent and culture is emerging as a defining force for long-term success. Growing skill shortages, leadership gaps and rising expectations around workplace safety and conduct are reshaping how businesses attract, develop and retain their people. Hybrid work models continue to test connection and belonging, particularly when culture is left to develop organically. This places greater responsibility on leaders to actively shape engagement and shared identity. As emerging technologies such as AI become deeply embedded across functions, talent strategies should be designed with an openness to continuous learning and future skills so that the workforce grows in step with the enterprise’s ambitions.
Talent and culture dynamics are undergoing a profound reset, shaped by changing workforce expectations, evolving skill requirements with the advent of AI and the rising complexity of leadership roles. Organizations are experiencing widening shortages not only in digital and analytics capabilities but also in adaptive, cross- functional skills that are essential for modern work. The EY Work Reimagined 2025 survey finds that while 88% of employees now use AI in their daily roles, only 28% of organizations have the talent systems needed to unlock its transformative value, suppressing potential productivity gains by up to 40% when learning culture, rewards and role design are misaligned. This makes re-skilling and up-skilling a continuous rather than an episodic capability-building mandate that will influence future competitiveness.
Leadership pipelines are also weakening as roles expand in complexity and expectations for empathy, integrity and change readiness increase. The Global 2026 HR trend research indicates an urgent need to rethink succession models, with organizations placing greater emphasis on adaptable leaders capable of guiding hybrid teams and sustaining rapid transformation.
Leaders can strengthen organizational resilience by placing people and culture at the heart of strategy. This means building future skills, investing in practical leadership development and shaping workplaces where trust, clarity and connection guide everyday behavior. Organizations that do so can expect to stay relevant and move forward with confidence.
Regulatory and compliance risks
Reshaping business and governance
Regulatory reform, expanding compliance scope and stronger enforcement across sectors are shaping the regulatory and governance risks in India. With changes in data protection rules, New Labour Codes, ESG disclosure requirements, tax administration, competition law and sector-specific regulations, operational frameworks and governance expectations are evolving. Regulators are relying more on digital reporting, automated scrutiny and real-time monitoring to reduce interpretations or delayed compliance. At the same time, compliance and monitoring expectations on senior management are increasing, with greater accountability for risk oversight, disclosures, third-party conduct and internal controls.
Indian organizations are navigating system upgrades, documentation requirements, audits and specialist legal and risk resources. Planning cycles, decision- making and execution effectiveness have to keep pace, particularly for firms operating across multiple states or regulated sectors. Weak governance structures, limited board engagement, or poor visibility over vendors and contractors heighten exposure to regulatory action and reputational damage. For listed companies, specifically in regulated sectors, governance lapses can affect investor confidence and access to capital. As enforcement becomes faster and more data-driven, regulatory and governance risks are increasingly influencing business continuity, growth priorities and long-term credibility in the Indian market.
Views on internal readiness remain mixed, with organizations continuing to evolve compliance frameworks to keep pace with regulatory change. Strengthening data privacy requirements such as India’s Digital Personal Data Protection (DPDP) Act and global standards like the General Data Protection Regulation (GDPR) are elevating expectations around responsible data use and helping build a more transparent ecosystem. As technology, budget and resource capabilities gradually improve, it is vital that compliance and regulatory measures are viewed not as constraints but as enablers of transparency, resilience and sustainable growth.
The New Labour Codes standardize wages, introduce a national digital license, expand social security and strengthen online enforcement across establishments. These steps could lead to a rise in overall payroll costs and closer oversight on hiring temporary or contract workers. Organizations may require changes to internal control processes and stronger compliance reporting. There is also a growing need for regular monitoring, workplace safety checks and health assessments to meet regulatory requirements.
The survey shows that 67% of respondents agree or strongly agree regulatory changes need to be addressed. In addition, 56% highlight increased scrutiny around data privacy as a substantial risk. A further 42% point to exposure to improper conduct or unethical behavior, while 40% indicate that their compliance frameworks struggle to keep pace with regulatory shifts. Lastly, 39% note that gaps in technology, budget or resources limit their ability to manage compliance demands.
Business leaders should acknowledge that regulatory and compliance risk is a core business challenge and not a formality. Strong board oversight, disciplined controls and proactive compliance planning are essential to protect profitability, trust and long-term credibility.
Operational and business continuity risks
Increasing pressure on continuity and resilience
In today’s environment of constant disruption, operational resilience and business continuity have become fundamental to how organizations protect performance and earn stakeholder confidence. Businesses now face a wider and faster-moving set of risks, from physical events and supply chain shocks to technology outages and communication breakdowns, that can interrupt operations without warning. As leaders work to steer their organizations through this uncertainty, resilience is emerging as a defining capability to enable preparedness, respond with clarity and maintain momentum even when the unexpected strikes. It is now a strategic necessity over a defensive discipline.
The last few years have shown, with uncomfortable clarity, how quickly a single failure can cascade into widespread disruption. When the 2024 global IT outage, triggered by a faulty security update, brought many airlines, hospitals, ports and retailers to a standstill within hours, it exposed the deep interconnectedness and fragility of modern operations. Many organizations that had invested early in backup systems and isolation protocols, particularly in aviation and financial services, were able to restore services within the day. Several others took days to recover, facing mounting losses, customer grievances and, in some cases, regulatory scrutiny. Similarly the Suez Canal blockage in 2021 and successive climate-induced floods in Asia disrupted supply chains worldwide, hitting sectors like electronics, pharmaceuticals and auto manufacturing the most. Companies with diversified supplier bases and flexible logistics models recovered faster, while those relying on single-source dependencies struggled for months.
Around the world, governments and regulators have responded decisively. Acts such as the EU’s Digital Operational Resilience Act (DORA), the UK’s stringent operational resilience requirements and Australia’s CPS 230 have mandated impact tolerance thresholds, rigorous scenario testing and stronger third-party oversight, signaling to businesses worldwide that resilience is no longer optional. In India, a similar regulatory direction is evident through the Reserve Bank of India’s Guidance Note on Operational Risk Management in 2024, which aligns with Basel principles and requires regulated entities to define robust resilience practices.
Such developments indicate a clearly evolving strategic priority for business leaders: organizations that endure are those that anticipate strain, build capacity before it is tested and treat resilience as a core business capability. Ultimately, preparedness becomes the quiet advantage that separates businesses that merely cope from those that continue to lead.
Converging risks and performance
A shifting business outlook
Organizations are operating in a period of sustained disruption where multiple forces are reshaping how risk is experienced, managed and prioritized. Rather than emerging in isolation, today’s risks are converging across technology, markets, regulation, geopolitics and the workforce, creating a more complex and tightly connected operating environment. As a result, shocks in one area increasingly spill over into others, amplifying business impact.
Digital dependence has pushed cyber risk to the forefront, turning security incidents into immediate threats to operations, customer trust and enterprise value. At the same time, rapidly shifting customer expectations are redefining competitiveness, forcing organizations to adapt products, services and delivery models at speed. Geopolitical uncertainty continues to influence trade dynamics and supply chains, while frequent regulatory change is increasing compliance intensity and execution risk.
Economic conditions and workforce pressures add further strain. Skills shortages, reskilling challenges and talent availability are affecting productivity and growth plans, particularly as new technologies reshape roles and operating models. Emerging technologies themselves introduce disruption, requiring organizations to balance innovation with control and governance. Climate and resource constraints, once seen as longer-term concerns, are increasingly shaping resilience planning and strategic decisions.
Together, these dynamics signal a fundamental shift in the risk landscape. Managing risk now requires integrated, enterprise-wide approaches that connect strategy, operations and governance. Organizations that strengthen resilience, improve visibility across risks and align decision-making accordingly will be better positioned to navigate uncertainty and sustain performance.
The survey highlights a risk landscape dominated by cyber threats, shifting customer expectations and geopolitical uncertainty, closely followed by regulatory change. Economic pressure, workforce challenges and technology disruption continue to affect execution capability, while climate risk is emerging as a longer- term concern. Together, these risks demand integrated decision-making and stronger enterprise resilience.
The message for business leaders is that today’s risk landscape is no longer dominated by a single threat. Cyber, regulatory, geopolitical, workforce and customer- related risks are converging to shape performance and resilience. Managing these interconnected risks requires integrated oversight, faster decision-making and stronger coordination across the enterprise to protect value, trust and long-term growth.
