CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
Regulatory fines fall dramatically in 2025
US federal regulatory penalties plummeted 83% over the course of 2025, dropping to $654 million in the second half of the year from nearly $4 billion during the first half, according to an analysis by Wolters Kluwer Compliance Solutions.
The new analysis, part of the company’s regulatory index, said that while dollar figures fell, the number of violations remained relatively flat, though it warned companies are not out of the woods.
“Fewer federal actions paired with dramatically lower penalties weaken traditional deterrence signals,” said Chuck Ross, VP of investment compliance solutions and compliance program management at Wolters Kluwer Compliance Solutions. “Organizations now face greater exposure across a fragmented mix of state enforcement regimes and private lawsuits.”
Majority of organizations have had recent breach involving AI
More than three-quarters (76%) of cyber leaders say their organizations experienced a security incident involving AI applications or models over the past two years, according to a new report from Kroll.
The survey of 1,000 cybersecurity decision-makers and other senior leaders also found that most companies are increasing their cyber budgets — 80% are spending more in 2026. Meanwhile, though, many continue to make other cuts, including in headcount (25%) and outsourced security (23%).
And despite acknowledging the risks of AI, 48% say they have little to no organizational governance on AI tool and service adoption, while on average, respondents said about 40% of their company’s workforce is using AI.
A few other key findings:
- 94% view cybersecurity as a core or top risk; 48% call it their top risk
- 72% frequently experience misalignment between cybersecurity and business priorities
- Top investment areas: cloud and third-party security 59%, cyber training/education 58%, data backup and recovery 57%, threat detection 56%
60% of organizations expect audit, ERM to increase integration
Coordination between internal audit and risk management is increasingly important in organizations, suggests a new report from the Internal Audit Foundation, Baker Tilly and Wolters Kluwer, with 60% of surveyed organizations expecting further integration between the two functions in the next five years.
Drawing on surveys of 3,000 internal audit and risk professionals worldwide, the report also found that about 90% of respondents say coordination between audit and ERM is beneficial, including improving risk coverage (28%), reducing duplicative effort (26%), strengthening organizational alignment (20%) and enhancing board communication (11%).
Barriers to collaboration included limited resources or competing priorities (40%), differences in objectives or perspectives (34%) and siloed processes (31%).
