CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
Most companies confident they can meet recovery objectives, but less than 40% did
Businesses are confident they can recover from a major disruption, but that confidence could be misplaced, according to a survey by GRC software provider Optro, formerly AuditBoard.
More than nine out of 10 of business leaders (92%) said they were confident they can meet recovery objectives during a major disruption, but only 39% actually met those targets during their most significant incidents, the survey found.
Optro surveyed 506 risk, IT, security, audit, compliance and business continuity leaders at organizations with revenues of at least $100 million.
As expected, disruptions are bad for businesses. Just over 90% reported customer impacts from disruptions with 17% saying they experienced significant customer loss or churn.
Other findings include:
- 76% experienced a vendor-related disruption in the past two years.
- Only 31% conduct continuity testing with critical third-party providers.
- 54% took longer than their defined recovery window during their most significant disruptions.
- 42% of companies invested between $1 million and almost $5 million in AI over the past year, but only 26% have a formal AI governance program and 30% have never tested an agentic AI failure scenario.
Less than two-thirds of mid-market companies require review of AI output
Mid-market companies are deploying AI without establishing data strategy, governance and change management needed to effectively scale such deployments, according to a new survey by CPA and advisory firm Kaufman Rossin.
Kaufman Rossin surveyed 100 senior decision-makers across US industries and conducted eight in-depth interviews.
The survey found that 83% of mid-market firms are testing or deploying AI, but 64% only have acceptable-use policies for generative AI. Less than two-thirds (57%) require human-in-the-loop review before external use of AI-generated output.
Of the respondents, 40% said they had restrictions or bans on AI in place, while only 21% reported performing general holistic AI risk assessments.
Other findings include:
- About 40% of respondents said resistance to change, legacy integration, AI talent shortage and cybersecurity and privacy concerns are the top barriers to AI deployment.
- Most mid-market companies surveyed aren’t reporting return on investment as the value of AI (only 44% did), but time saved (82%) and reduced costs (61%) are where companies measure value.
- 70% of mid-market companies surveyed reported using generative AI tools, with ChatGPT leading the way at 89% of companies using it, 76% for Copilot and 47% for Gemini.
European banks increasingly report Scope 3 emissions
European financial institutions increasingly reported their part in creating greenhouse gases through financing emission-producing companies from 2021 to 2024, according to an analysis by Clarity AI, a sustainability and fintech platform.
In a review of nearly 1,600 financial institution disclosures, Clarity AI found that the share of European financial institutions reporting financed emissions rose from 24% to 80% over that period. Reporting of Scope 3 emissions under the European sustainability reporting standards (ESRS) also grew sharply, nearly tripling over the same timeframe.
“European financial institutions appear to be getting more carbon intensive, largely because they are reporting more completely, not because they are getting dirtier,” Clarity AI said.
The study comes as the European Union debates scaling back sustainability reporting requirements in the ESRS, Clarity AI noted, warning that doing so risks reversing the trend toward greater transparency and could leave the EU behind other regions globally in reporting completeness.
Two-thirds of organizations hit with AI identity attacks
Nearly two-thirds of organizations had an AI identity related security incident in the past 12 months, according to a survey by FusionAuth, a customer identity and access management platform.
Of the 312 security and technology leaders surveyed, 65% reported a confirmed AI identity related security issue, the survey said.
The survey points out what it called a “counterintuitive crisis” with 84% of organizations saying they’re “extremely confident” in their AI security but also reporting a confirmed AI identity incident. Only 12% of respondents emerged without an incident with 23% reporting a near-miss, the survey found.
Other findings include:
- 88% said AI deployment is outpacing their identity and security infrastructure.
- 80% reported employees were connecting to AI tools without security or IT review, also known as using “shadow AI.”
- 93% said AI is already a trigger for evaluating identity infrastructure.
