CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
47% of leaders rank cybersecurity as most significant business challenge
Fewer than one-third of business leaders globally feel “very prepared” to handle the range of challenges they may face in 2025, according to Kroll’s “Global Business Sentiment Survey” of 1,200 business leaders worldwide.
The survey by the financial and risk advisory firm found that cybersecurity threats rank as the most significant business challenge for 47% of organizations, followed by AI developments and integration at 43%. Nearly three-quarters of organizations report increased cybersecurity and data privacy concerns, with malware cited as the most common threat at 44% and AI-powered exploits at 28%.
Despite widespread belief that AI will deliver measurable returns, only 41% of companies have AI policies in place and just 34% have implemented continuous monitoring. The survey also revealed significant gaps in regulatory preparedness, with only 12% of companies feeling “completely prepared” to address the global patchwork of data privacy laws.
Other key findings:
- Fewer than 1 in 10 business leaders express full confidence in their company’s financial health, though 70% expect some degree of improvement.
- One in three respondents ranked geopolitical tensions among their top business challenges, with US, UK and European companies most likely to see it as a major concern.
- Only 28% of business leaders feel “very prepared” to address geopolitical tensions and trade disruption.
- At least 40% of business leaders are increasing budgets and expanding teams for AI integration, cybersecurity challenges and data privacy concerns.
Data center operators lag on comprehensive climate strategies despite rising emissions
Only half of major data center companies are taking strong action to reduce construction-related emissions, according to new research from Clarity AI that analyzed the climate strategies of eight global operators, including Microsoft, Amazon, Google and Meta.
The analysis by the sustainability tech company found that while all data center companies engage in renewable energy procurement and most focus on energy efficiency improvements, significant gaps remain in applying the full range of available decarbonization measures. Data centers are among the few sectors projected to see an increase in emissions through 2030, with the largest growth projected in a high-AI adoption scenario, according to the International Energy Agency.
Clarity AI’s assessment of companies operating over 1,000 data centers worldwide — representing about 16% of all global facilities — revealed that embodied carbon from construction materials and infrastructure remains a blind spot. Only four of the eight companies analyzed showed strong evidence of efforts to reduce these emissions, primarily through low-carbon building materials. Practices like modular construction, prefabrication and infrastructure reuse were rarely reported across the board.
Other key findings:
- All eight companies engage in impactful renewable energy procurement, with six showing strong evidence of prioritizing long-term power purchase agreements.
- Six companies disclosed strong efforts on energy efficiency, particularly in cooling systems and water-saving technologies, though colocation providers were more likely than tech companies to use AI for energy optimization.
- All companies demonstrated efforts to enable hardware reuse, but only Microsoft disclosed a quantified target for reusing and recycling servers across its cloud hardware fleet.
- Limited evidence showed companies proactively engaging with electric utilities or prioritizing data center locations based on grid carbon intensity.
The research evaluated sustainability disclosures from tech giants Microsoft, Amazon, Google and Meta alongside colocation providers Equinix, Digital Realty, NTT Data and CyrusOne. Among the companies analyzed, Scope 2 and Scope 3 emissions increased by an average of 8%-11% annually between 2020 and 2023, coinciding with rapid adoption of generative AI and cloud computing.
Over a quarter of US businesses lack AI governance policies, survey finds
More than a quarter of US businesses have only recently implemented their first AI risk strategy, and nearly a quarter have no AI governance policy in place, according to a survey by cybersecurity consultancy CyXcel.
The research found that 39% of US organizations name AI among their top three risks. However, 20% of companies surveyed are not prepared for AI data poisoning attacks, and 19% are unprepared for deepfake or cloning security incidents.
The survey, which included 400 cybersecurity workers, found that 27% of businesses have only just implemented their first AI risk strategy, while 23% lack any AI governance policy.
“Organizations want to use AI but are worried about risks – especially as many do not have a policy and governance process in place,” said Megha Kumar, CyXcel’s chief product officer.
Unapproved medical product promotion tops $58B in corporate fines, analysis finds
Violations for off-label or unapproved promotion of medical products cost US companies $58 billion in fines between 2020 and 2024, according to an analysis by risk management software company Protecht.
Protecht analyzed data from Good Jobs First’s violation tracker, which compiles corporate penalty information from more than 450 federal and state agencies. The Washington-based nonprofit, which promotes corporate accountability in economic development, is funded by labor unions and left-leaning foundations.
The analysis found medical promotion violations averaged $761 million per offense across just 76 cases, making them the costliest corporate violations despite being relatively rare. Workplace safety violations were most common at nearly 76,000 cases but averaged only $18,000 per fine.
The analysis did not identify which specific regulatory agencies issued the penalties or distinguish between different types of enforcement actions.
