Rising Cybersecurity Threats and AI Governance Issues Highlighted in FICCI–EY Risk Survey
Recent findings from the FICCI–EY Risk Survey 2026, released on February 8, illustrate escalating risks that Indian businesses face, chiefly stemming from cybersecurity breaches, inadequate governance of artificial intelligence (AI), and increasing scrutiny under India’s data protection laws. These issues have emerged as critical concerns for organizations, emphasizing the evolving nature of digital risk from mere IT problems to central board-level priorities.
The survey reveals that 61% of participants pinpoint cyber-attacks and data breaches as significant threats that jeopardize both financial stability and reputational integrity. This shift highlights that cyber readiness has become essential for maintaining trust and business continuity in today’s landscape. The report cautions that incidents like ransomware attacks, phishing schemes, and threats to critical infrastructure are escalating in complexity and frequency.
Additionally, as AI becomes more integral to business operations, concerns about governance and oversight are intensifying. Close to 60% of senior executives indicated that insufficient adoption of emerging technologies, including AI, has adversely affected operational efficiency. Simultaneously, over 54% acknowledged that risks associated with AI—such as ethical dilemmas—were not being mitigated effectively within their organizations.
The survey underscores a pivotal shift, stating that AI risk is now fundamentally a business risk rather than merely a technological concern. The findings spotlight a range of potential threats that include data poisoning, model drift, hallucinations, and the emergence of “shadow AI,” where employees utilize unregulated AI tools for sensitive tasks without proper oversight.
Moreover, the advent of agentic AI systems, which can execute decisions with minimal human intervention, introduces new legal complexities and compliance challenges, particularly concerning contractual and payment processes executed without oversight.
Regulatory pressures surrounding data protection are exacerbating the threats posed by both AI and cybersecurity risks. The survey indicates that a considerable 56% of respondents see increasing scrutiny over data privacy as a pressing risk, while 67% emphasize that frequent regulatory changes demand immediate attention from management teams and boards. The bolstering of frameworks like India’s Digital Personal Data Protection (DPDP) Act forces companies to reevaluate their governance structures, internal controls, and third-party oversight mechanisms.
The report highlights the necessity for robust regulatory compliance, suggesting that poorly managed governance or delayed adherence can lead to severe financial repercussions, reputational damage, and diminished investor confidence. This confluence of risks outlines a rapidly converging threat ecosystem; cyber threats, AI governance failures, and data privacy oversights carry the potential to disrupt operations and erode long-standing credibility.
To effectively navigate these challenges, organizations must embrace an integrated, enterprise-wide risk management approach that aligns strategy, operations, and governance. Companies are urged to break down siloed controls as their reliance on digital technologies deepens, adapting to a landscape where cyber threats and governance failures increasingly intertwine.
In light of such findings, business owners must remain vigilant, leveraging frameworks such as the MITRE ATT&CK Matrix to better understand potential adversary tactics and techniques involved in these threats. By addressing aspects like initial access, persistence, and privilege escalation, organizations can formulate stronger defenses against the ever-evolving scope of cybersecurity risks.