CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
71% of employers say DEI policy changes have affected their business
DEI and immigration policies are the top workplace disruptors for employers one year into the second Trump Administration, according to survey data from Littler, an employment and labor law firm. Nearly three-quarters (71%) of respondents said DEI policy changes had affected their businesses and 65% said the same of immigration, more than twice the share who cited any other policy area. The survey of 306 in-house lawyers, HR professionals and C-suite executives was conducted by Littler’s Workplace Policy Institute.
Immigration policy shifts have yielded real staffing consequences: 63% of respondents — and 75% of large employers — reported workforce staffing challenges as a direct result of the administration’s immigration policies. That figure surpasses the 58% who had expressed concern about such hurdles in a Littler survey conducted in early 2025. Some respondents described concrete organizational responses, including reducing immigration sponsorships and ending H-1B visa sponsorship altogether.
Broader regulatory and economic uncertainty is also reshaping workforce decisions. About one-third (36%) of respondents — and 42% of those from large employers — say their organizations made workforce reductions over the past year, while 30% paused or reduced hiring. Manufacturing employers reported an outsized impact, with more than 4 in 10 citing both workforce reductions (41%) and paused or reduced hiring (43%).
Other key findings:
- Nearly 9 in 10 employers (89%) reported impacts from state and local legislative changes, with more than half saying the effects were large or moderate in scale.
- Among those affected by state and local changes, the most commonly cited areas were paid leave (67%), pay equity and pay transparency (51%), data privacy (47%) and AI use in the employment process (41% overall, rising to 57% among large employers).
- Large employers reported outsized impacts overall, with 86% citing effects from DEI policy changes and 79% from immigration.
- Technology and retail/hospitality organizations were the most affected by immigration shifts, with 81% of respondents in each sector reporting business impacts.
Cyberattacks surpass inflation and recession as top business concern for small and midsize businesses
Nearly 3 in 4 small and midsize businesses (SMB) say cyber incidents are the threats most likely to negatively affect their operations in 2026 — ranking above inflation, recession and workforce challenges for the first time — according to a survey of 200 SMB owners and cyber leaders across North America published by VikingCloud, a cybersecurity and compliance company.
AI is a primary driver of heightened concern: 42% of respondents say AI-driven attack speed makes traditional patching and response times effectively obsolete, while 35% say AI is enabling adaptive and evasive malware, the survey found. The financial exposure is significant: 40% of respondents say an attack costing $100,000 or less could put them out of business.
Despite the escalating threat environment, governance and preparedness gaps remain widespread. Only 34% of SMBs have invested in vulnerability scanning, 32% in penetration testing and 32% in security awareness training, even as 34% acknowledge their cybersecurity technology is already outdated.
Other key findings:
- In the past 12 months, SMBs experienced Wi-Fi or network disruptions (73%), website downtime (58%) and third-party or vendor outages (55%).
- In the past year, SMBs prioritized employee hiring, raises and bonuses (42%) and non-essential software subscriptions (42%) over new cybersecurity investment.
Most UK employers not yet committed to menopause action plans as compliance deadline approaches
Only 29% of organizations have committed to publishing a menopause action plan in 2026 or 2027 — as required under the UK Employment Rights Act for employers with more than 250 staff — and 74% of HR and compliance professionals surveyed believe menopause needs stronger legal protection at work, according to a poll of 276 HR and compliance professionals by compliance training provider VinciWorks.
Just 3% of organizations currently publish a menopause action plan annually, while 39% said they were unsure when or whether they would publish one and 8% said they have no plans to do so, according to the survey. Voluntary publication begins in April 2026, with mandatory compliance for larger employers taking effect in 2027.
The compliance stakes are consequential. Once published, a menopause action plan becomes a public document employees can reference in litigation. Employment tribunals involving menopause discrimination have awarded claimants tens of thousands of pounds in recent years.
Other key findings:
- 61% of respondents support menopause leave becoming a legal right, though 28% remain undecided. The Employment Rights Act extended several new leave categories but did not include menopause leave.
- Just 18% of respondents believe their organization’s menopause training is effective, and 40% say their organization provides no training at all but would like to.
Internal operations, not regulation, seen as top threat to defensible eDiscovery
Nearly 90% of legal and technology professionals identify internal challenges — including budget constraints, limited expertise and lack of centralized governance — as the biggest barriers to defensible, cost-efficient discovery, while just 10% point to regulatory uncertainty, according to research from legal technology provider Exterro.
The findings draw on two surveys of more than 400 legal, IT, data governance and security professionals, one conducted via live polling at an Exterro-hosted event. They arrive as AI moves rapidly from experimentation to standard practice in legal operations: 47% of teams are already using AI in eDiscovery and nearly 80% are using or preparing to adopt it.
Governance is emerging as the necessary companion to that adoption. When asked what will most influence their eDiscovery strategy in 2026, respondents most frequently selected AI and automation alongside data governance and retention — together accounting for nearly 60% of responses. Separately, 97% of respondents agreed that communication between legal and IT directly impacts the speed, accuracy and defensibility of eDiscovery, with no respondent disagreeing.
