CCI workers share current surveys, reviews and evaluation on threat, compliance, governance, infosec and management points. Share particulars of your survey with us: editor@corporatecomplianceinsights.com.
Company boards triple AI oversight assignments as expertise governance takes precedence
The variety of S&P 500 corporations disclosing that they’ve designated a committee with synthetic intelligence (AI) oversight tasks greater than tripled in 2025, based on EY’s proxy season assessment. Audit committees are the first selection for AI oversight, although expertise committees, nominating and governance committees and others typically oversee AI capabilities, EY’s evaluation discovered.
Almost half of Fortune 100 corporations cited AI of their descriptions of director {qualifications} this 12 months, virtually double the 26% doing so in 2024. The specifics of administrators’ AI expertise various considerably, starting from CEO of an organization endeavor AI development initiatives to finishing a certification in AI ethics to serving on the board of an AI firm. The prevalence of expertise committees has grown from 8% in 2019 to 13% in 2025.
The give attention to expertise governance comes as different committee tasks shift. The portion of S&P 500 corporations with a sustainability committee decreased barely from 12% in 2024 to 11% this 12 months, with tasks sometimes shifting to nominating and governance committees. Most notably, there was a 76% drop in S&P 500 corporations that point out DEI-related phrases in descriptions of their compensation committee’s tasks.
Different key findings:
- Round 400 shareholder proposals went to a vote this season at S&P 1500 corporations, a 24% decline from the identical interval in 2024, largely as a consequence of new SEC steering that made it simpler for corporations to exclude environmental and social shareholder proposals from proxy ballots.
- Solely 7% of environmental and social proposals exceeded the 30% assist threshold, down from 19% in 2024.
- Common assist for say-on-pay proposals at S&P 1500 corporations was 92%, consistent with 2024 outcomes.
AI deployment outpaces governance with solely 25% of organizations totally implementing packages
Simply 25% of organizations have totally applied AI governance packages regardless of widespread consciousness of AI dangers and laws, based on analysis from AuditBoard, a governance software program supplier. The survey of over 400 governance, threat and compliance professionals reveals a spot between coverage improvement and operational implementation as corporations combine AI instruments into enterprise processes.
Whereas 86% of respondents stated their group is conscious of upcoming AI laws, most efforts stay centered on coverage drafting quite than execution. The limitations recognized have been primarily organizational: lack of clear possession (44%), inadequate inside experience (39%) and useful resource constraints (34%). Solely 15% cited lack of instruments as the principle downside.
The analysis additionally highlighted a confidence hole in oversight capabilities. Whereas 92% of respondents expressed confidence of their visibility into third-party AI use, solely 67% conduct formal AI-specific threat assessments for third-party fashions or distributors, leaving roughly one-third of organizations counting on exterior AI methods with out clear threat understanding.
Different findings:
- Over 80% of respondents stated their organizations are “very” or “extraordinarily” involved about AI dangers.
- Organizations are prioritizing automation of superior governance duties like utilization monitoring (51%) whereas foundational controls stay incomplete.
- Most organizations (52%) plan to proceed prioritizing coverage improvement over the following 12 months quite than enforcement mechanisms.
The survey included professionals from corporations with at the very least $100 million in annual income throughout the US, Canada, Germany and the UK.
Compliance & threat practitioners report AI productiveness good points regardless of organizational readiness gaps
Most compliance and threat practitioners (96%) report time financial savings from utilizing AI up to now 12 months and 94% skilled productiveness will increase, based on a brand new survey by monetary reporting platform Workiva. Nonetheless, solely about one-third of respondents have important components in place to completely and securely leverage AI’s potential, revealing a spot between adoption and organizational readiness.
The survey of finance, accounting, compliance and threat professionals discovered that whereas groups are reaching measurable returns on AI investments, foundational governance components stay underdeveloped. Simply 36% of organizations have high-quality knowledge methods, AI governance and safety insurance policies and role-specific coaching in place.
Practitioners who expressed confidence of their group’s AI capabilities have been roughly twice as prone to report having these foundational components in comparison with these missing confidence. The largest limitations to AI adoption have been reliability of outputs (49%) and safety or authorized issues (45%), indicating that governance challenges are limiting broader implementation.
Different key findings:
- Practitioners have been twice as seemingly as executives to precise doubt about their firm’s capability to make use of AI successfully, suggesting a disconnect between management confidence and operational actuality.
- Organizations with robust AI governance reported larger confidence ranges of their AI initiatives throughout a number of metrics.
The findings align with different current analysis displaying that whereas AI adoption is accelerating throughout company capabilities, governance frameworks are struggling to maintain tempo with implementation.
Most US corporations preserve sustainability investments regardless of regulatory uncertainty
A transparent majority (87%) of US corporations have maintained or elevated their funding in enterprise sustainability efforts this 12 months, whilst lawmakers threaten to roll again ESG laws, based on new analysis from EcoVadis, a sustainability scores firm. The survey of 400 executives at corporations with over $1 billion in income suggests a strategic shift: Corporations proceed to prioritize sustainability behind the scenes whereas decreasing public promotion of those efforts.
The findings recommend executives view sustainability as important for competitiveness and resilience quite than merely regulatory compliance. Sixty-five % of respondents say provide chain sustainability offers a aggressive benefit by way of threat discount, enhanced resilience, model enhancements and price financial savings. Moreover, 62% of administrators and vice presidents and 59% of C-suite leaders report that sustainability efforts assist entice and retain prospects.
A notable pattern is rising round “greenhushing,” with 31% of executives growing sustainability investments whereas decreasing public communications about them. One other 8% have stopped discussing their commitments publicly however proceed investing based on plan. Solely 7% have actively in the reduction of sustainability efforts.
Different key findings:
- Almost half (47%) of C-suite respondents consider eliminating ESG laws would improve provide chain disruptions.
- Solely 13% of corporations are on observe to adjust to deadlines throughout 4 main laws: the EU’s CSRD and CBAM, California’s SB-253 and Canada’s Trendy Slavery Act.
- A 3rd of executives admit to knowingly reporting ESG knowledge primarily based on estimates they knew have been inaccurate to satisfy compliance, advertising or investor expectations.
“At the same time as the talk over enterprise sustainability heats up, executives are centered on the fact — sustainability is what retains provide chains operating and prospects on board,” stated Pierre-François Thaler, co-founder and co-CEO of EcoVadis.
Funding professionals see financial volatility as alternative regardless of mounting challenges
Over 70% of US funding professionals view the present financial outlook as an funding alternative, based on a report by legislation agency Barnes & Thornburg. The survey of 121 restricted companions, basic companions and repair suppliers additionally discovered that 66% see the provision of capital as a chance and 64% view the regulatory setting favorably.
Nonetheless, challenges are mounting alongside optimism. Restricted companions are notably extra involved about financing phrases (67% vs. 50% in 2024), transparency necessities (52% vs. 36%) and ESG points (44% vs. 14%) in comparison with final 12 months. Basic companions report elevated issues about fundraising (51% vs. 40%) and returns (51% vs. 31%), the report discovered.
Different key findings:
- Cybersecurity and knowledge administration emerged as the highest compliance precedence for each LPs and GPs, adopted by synthetic intelligence oversight.
- Ninety-six % of LPs say succession planning is necessary, however fewer than half of GPs presently have a plan in place.
- Seventy-nine % of respondents anticipate fund organizational bills to rise in 2025, partly as a consequence of elevated authorized prices from navigating regulatory modifications.
- Personal funding exercise is anticipated to extend throughout most industries, led by monetary providers (77%), expertise (76%) and power (75%).
“Whereas many GPs got here into this 12 months very optimistic about anticipated fundraising, for a lot of managers that optimism has been tempered thus far, partially as a consequence of market volatility and financial uncertainty,” stated Scott L. Beal, co-chair of Barnes & Thornburg’s non-public funds and asset administration follow.
Almost half of UK staff test emails exterior safe environments
Virtually half (45%) of UK adults have accessed work emails whereas on vacation, commuting or in public locations reminiscent of cafes, doubtlessly exposing themselves to cybersecurity dangers by way of unsecured WiFi networks, based on a survey commissioned by electronic mail safety supplier Zivver. The ballot of two,100 UK adults highlights safety vulnerabilities as versatile working preparations turn into extra widespread.
Youthful staff usually tend to test emails exterior the office, with 67% of these 18-24 and 68% of these 25-34 accessing work emails remotely, in comparison with 47% of staff 45-54.
The survey additionally revealed gaps in phishing detection capabilities throughout age teams. Solely 28% of respondents stated they have been very assured in recognizing phishing emails, with confidence declining considerably with age. Whereas 44% of 18- to 24-year-olds felt very assured figuring out phishing makes an attempt, solely 13% of these 65 and above shared that confidence.
Monetary knowledge dominates breach content material with 93% of incidents exposing company data
Monetary paperwork appeared in 93% of the knowledge breach incidents analyzed and accounted for 41% of all uncovered recordsdata, making them probably the most incessantly breached content material kind, based on Lab 1’s evaluation of 1,297 knowledge breach incidents involving 141 million recordsdata. The prevalence of monetary knowledge publicity creates important dangers for fraud, extortion and regulatory violations throughout company environments.
Human sources knowledge appeared in 82% of incidents, usually containing payroll data, resumes and worker private identifiable data that may allow subtle social engineering assaults, the evaluation discovered. The mix of HR and monetary knowledge creates specific vulnerabilities for AI-enabled fraud, as narrative-rich datasets can be utilized to generate artificial identities or deepfake content material for focused assaults towards organizations.
Code recordsdata have been uncovered in 87% of incidents, representing 17% of all breached recordsdata analyzed. XML and JSON recordsdata constituted the vast majority of leaked code, incessantly serving as configuration recordsdata that may reveal hardcoded secrets and techniques, setting variables or backend system architectures.
Different key findings:
- The median knowledge breach uncovered recordsdata from 482 distinct organizations, indicating important third-party focus threat throughout provide chains.
- Cryptographic non-public keys have been uncovered in 18% of incidents, enabling attackers to bypass authentication and entry safe methods.
- System logs appeared in 79% of incidents, offering attackers with technical details about system configurations and potential vulnerabilities.
The analysis was carried out by Lab 1, an information breach intelligence platform, utilizing machine studying to research publicly obtainable breach datasets from ransomware and cyber incidents.
CCI workers share current surveys, reviews and evaluation on threat, compliance, governance, infosec and management points. Share particulars of your survey with us: editor@corporatecomplianceinsights.com.
Company boards triple AI oversight assignments as expertise governance takes precedence
The variety of S&P 500 corporations disclosing that they’ve designated a committee with synthetic intelligence (AI) oversight tasks greater than tripled in 2025, based on EY’s proxy season assessment. Audit committees are the first selection for AI oversight, although expertise committees, nominating and governance committees and others typically oversee AI capabilities, EY’s evaluation discovered.
Almost half of Fortune 100 corporations cited AI of their descriptions of director {qualifications} this 12 months, virtually double the 26% doing so in 2024. The specifics of administrators’ AI expertise various considerably, starting from CEO of an organization endeavor AI development initiatives to finishing a certification in AI ethics to serving on the board of an AI firm. The prevalence of expertise committees has grown from 8% in 2019 to 13% in 2025.
The give attention to expertise governance comes as different committee tasks shift. The portion of S&P 500 corporations with a sustainability committee decreased barely from 12% in 2024 to 11% this 12 months, with tasks sometimes shifting to nominating and governance committees. Most notably, there was a 76% drop in S&P 500 corporations that point out DEI-related phrases in descriptions of their compensation committee’s tasks.
Different key findings:
- Round 400 shareholder proposals went to a vote this season at S&P 1500 corporations, a 24% decline from the identical interval in 2024, largely as a consequence of new SEC steering that made it simpler for corporations to exclude environmental and social shareholder proposals from proxy ballots.
- Solely 7% of environmental and social proposals exceeded the 30% assist threshold, down from 19% in 2024.
- Common assist for say-on-pay proposals at S&P 1500 corporations was 92%, consistent with 2024 outcomes.
AI deployment outpaces governance with solely 25% of organizations totally implementing packages
Simply 25% of organizations have totally applied AI governance packages regardless of widespread consciousness of AI dangers and laws, based on analysis from AuditBoard, a governance software program supplier. The survey of over 400 governance, threat and compliance professionals reveals a spot between coverage improvement and operational implementation as corporations combine AI instruments into enterprise processes.
Whereas 86% of respondents stated their group is conscious of upcoming AI laws, most efforts stay centered on coverage drafting quite than execution. The limitations recognized have been primarily organizational: lack of clear possession (44%), inadequate inside experience (39%) and useful resource constraints (34%). Solely 15% cited lack of instruments as the principle downside.
The analysis additionally highlighted a confidence hole in oversight capabilities. Whereas 92% of respondents expressed confidence of their visibility into third-party AI use, solely 67% conduct formal AI-specific threat assessments for third-party fashions or distributors, leaving roughly one-third of organizations counting on exterior AI methods with out clear threat understanding.
Different findings:
- Over 80% of respondents stated their organizations are “very” or “extraordinarily” involved about AI dangers.
- Organizations are prioritizing automation of superior governance duties like utilization monitoring (51%) whereas foundational controls stay incomplete.
- Most organizations (52%) plan to proceed prioritizing coverage improvement over the following 12 months quite than enforcement mechanisms.
The survey included professionals from corporations with at the very least $100 million in annual income throughout the US, Canada, Germany and the UK.
Compliance & threat practitioners report AI productiveness good points regardless of organizational readiness gaps
Most compliance and threat practitioners (96%) report time financial savings from utilizing AI up to now 12 months and 94% skilled productiveness will increase, based on a brand new survey by monetary reporting platform Workiva. Nonetheless, solely about one-third of respondents have important components in place to completely and securely leverage AI’s potential, revealing a spot between adoption and organizational readiness.
The survey of finance, accounting, compliance and threat professionals discovered that whereas groups are reaching measurable returns on AI investments, foundational governance components stay underdeveloped. Simply 36% of organizations have high-quality knowledge methods, AI governance and safety insurance policies and role-specific coaching in place.
Practitioners who expressed confidence of their group’s AI capabilities have been roughly twice as prone to report having these foundational components in comparison with these missing confidence. The largest limitations to AI adoption have been reliability of outputs (49%) and safety or authorized issues (45%), indicating that governance challenges are limiting broader implementation.
Different key findings:
- Practitioners have been twice as seemingly as executives to precise doubt about their firm’s capability to make use of AI successfully, suggesting a disconnect between management confidence and operational actuality.
- Organizations with robust AI governance reported larger confidence ranges of their AI initiatives throughout a number of metrics.
The findings align with different current analysis displaying that whereas AI adoption is accelerating throughout company capabilities, governance frameworks are struggling to maintain tempo with implementation.
Most US corporations preserve sustainability investments regardless of regulatory uncertainty
A transparent majority (87%) of US corporations have maintained or elevated their funding in enterprise sustainability efforts this 12 months, whilst lawmakers threaten to roll again ESG laws, based on new analysis from EcoVadis, a sustainability scores firm. The survey of 400 executives at corporations with over $1 billion in income suggests a strategic shift: Corporations proceed to prioritize sustainability behind the scenes whereas decreasing public promotion of those efforts.
The findings recommend executives view sustainability as important for competitiveness and resilience quite than merely regulatory compliance. Sixty-five % of respondents say provide chain sustainability offers a aggressive benefit by way of threat discount, enhanced resilience, model enhancements and price financial savings. Moreover, 62% of administrators and vice presidents and 59% of C-suite leaders report that sustainability efforts assist entice and retain prospects.
A notable pattern is rising round “greenhushing,” with 31% of executives growing sustainability investments whereas decreasing public communications about them. One other 8% have stopped discussing their commitments publicly however proceed investing based on plan. Solely 7% have actively in the reduction of sustainability efforts.
Different key findings:
- Almost half (47%) of C-suite respondents consider eliminating ESG laws would improve provide chain disruptions.
- Solely 13% of corporations are on observe to adjust to deadlines throughout 4 main laws: the EU’s CSRD and CBAM, California’s SB-253 and Canada’s Trendy Slavery Act.
- A 3rd of executives admit to knowingly reporting ESG knowledge primarily based on estimates they knew have been inaccurate to satisfy compliance, advertising or investor expectations.
“At the same time as the talk over enterprise sustainability heats up, executives are centered on the fact — sustainability is what retains provide chains operating and prospects on board,” stated Pierre-François Thaler, co-founder and co-CEO of EcoVadis.
Funding professionals see financial volatility as alternative regardless of mounting challenges
Over 70% of US funding professionals view the present financial outlook as an funding alternative, based on a report by legislation agency Barnes & Thornburg. The survey of 121 restricted companions, basic companions and repair suppliers additionally discovered that 66% see the provision of capital as a chance and 64% view the regulatory setting favorably.
Nonetheless, challenges are mounting alongside optimism. Restricted companions are notably extra involved about financing phrases (67% vs. 50% in 2024), transparency necessities (52% vs. 36%) and ESG points (44% vs. 14%) in comparison with final 12 months. Basic companions report elevated issues about fundraising (51% vs. 40%) and returns (51% vs. 31%), the report discovered.
Different key findings:
- Cybersecurity and knowledge administration emerged as the highest compliance precedence for each LPs and GPs, adopted by synthetic intelligence oversight.
- Ninety-six % of LPs say succession planning is necessary, however fewer than half of GPs presently have a plan in place.
- Seventy-nine % of respondents anticipate fund organizational bills to rise in 2025, partly as a consequence of elevated authorized prices from navigating regulatory modifications.
- Personal funding exercise is anticipated to extend throughout most industries, led by monetary providers (77%), expertise (76%) and power (75%).
“Whereas many GPs got here into this 12 months very optimistic about anticipated fundraising, for a lot of managers that optimism has been tempered thus far, partially as a consequence of market volatility and financial uncertainty,” stated Scott L. Beal, co-chair of Barnes & Thornburg’s non-public funds and asset administration follow.
Almost half of UK staff test emails exterior safe environments
Virtually half (45%) of UK adults have accessed work emails whereas on vacation, commuting or in public locations reminiscent of cafes, doubtlessly exposing themselves to cybersecurity dangers by way of unsecured WiFi networks, based on a survey commissioned by electronic mail safety supplier Zivver. The ballot of two,100 UK adults highlights safety vulnerabilities as versatile working preparations turn into extra widespread.
Youthful staff usually tend to test emails exterior the office, with 67% of these 18-24 and 68% of these 25-34 accessing work emails remotely, in comparison with 47% of staff 45-54.
The survey additionally revealed gaps in phishing detection capabilities throughout age teams. Solely 28% of respondents stated they have been very assured in recognizing phishing emails, with confidence declining considerably with age. Whereas 44% of 18- to 24-year-olds felt very assured figuring out phishing makes an attempt, solely 13% of these 65 and above shared that confidence.
Monetary knowledge dominates breach content material with 93% of incidents exposing company data
Monetary paperwork appeared in 93% of the knowledge breach incidents analyzed and accounted for 41% of all uncovered recordsdata, making them probably the most incessantly breached content material kind, based on Lab 1’s evaluation of 1,297 knowledge breach incidents involving 141 million recordsdata. The prevalence of monetary knowledge publicity creates important dangers for fraud, extortion and regulatory violations throughout company environments.
Human sources knowledge appeared in 82% of incidents, usually containing payroll data, resumes and worker private identifiable data that may allow subtle social engineering assaults, the evaluation discovered. The mix of HR and monetary knowledge creates specific vulnerabilities for AI-enabled fraud, as narrative-rich datasets can be utilized to generate artificial identities or deepfake content material for focused assaults towards organizations.
Code recordsdata have been uncovered in 87% of incidents, representing 17% of all breached recordsdata analyzed. XML and JSON recordsdata constituted the vast majority of leaked code, incessantly serving as configuration recordsdata that may reveal hardcoded secrets and techniques, setting variables or backend system architectures.
Different key findings:
- The median knowledge breach uncovered recordsdata from 482 distinct organizations, indicating important third-party focus threat throughout provide chains.
- Cryptographic non-public keys have been uncovered in 18% of incidents, enabling attackers to bypass authentication and entry safe methods.
- System logs appeared in 79% of incidents, offering attackers with technical details about system configurations and potential vulnerabilities.
The analysis was carried out by Lab 1, an information breach intelligence platform, utilizing machine studying to research publicly obtainable breach datasets from ransomware and cyber incidents.
