CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
Organizations spend more time on AI risk management as governance gaps widen
Organizations are dedicating 37% more time to managing AI-related risks compared to 12 months ago, as rapid AI adoption exposes critical gaps in traditional oversight processes, according to a survey by governance platform provider OneTrust. The study of 1,250 governance executives from North America and Europe found that 73% report AI has revealed gaps in visibility, collaboration and policy enforcement.
Advanced AI adopters spend twice as much time managing AI risk as organizations still experimenting with the technology, reflecting the increased oversight requirements that come with mature AI deployments. Meanwhile, 82% of leaders say AI risks have accelerated timelines for modernizing governance processes.
Nearly half of respondents (44%) cite governance reviews happening too late in the process as the primary barrier to effective AI oversight. Manual compliance reviews (42%) and approval bottlenecks (36%) also rank among top challenges.
Other key findings:
- 60% of organizations report advanced or mature AI usage across operations.
- 98% plan to increase governance budgets next year, with an average increase of 24%.
Most cybersecurity leaders fear nation-state attacks in next 12 months
Nearly 80% of cybersecurity leaders are concerned their organizations could be targeted by nation-state cyberattacks in the next 12 months, reflecting heightened anxiety about geopolitical cyber risks, according to a survey by cybersecurity provider VikingCloud. The survey of 200 cybersecurity professionals found that 76% believe recent or proposed cuts to US federal cybersecurity programs could increase their organization’s risk exposure.
Organizations report that both attack frequency (71%) and severity (61%) have increased in the past year, with 59% experiencing at least one successful cyberattack during that period. Among those targeted, 58% suspect attackers used AI, while 36% say over a quarter of their incidents were caused by insider threats, either accidental or malicious.
A notable finding reveals significant underreporting of cybersecurity incidents. Nearly half (48%) of cybersecurity leaders didn’t report material incidents to executive leadership or boards in the past year, with 86% of these leaders failing to report multiple breaches. The primary reasons cited were concerns about punitive leadership reactions (40%) and potential financial or reputational damage if incidents became public (44%).
Other key findings:
- 68% of organizations express only moderate confidence in detecting AI-driven threats in real time.
- 51% have increased security training in the past year, up 46% from 2024.
- 96% report using AI to automate routine cybersecurity tasks.
Multiple PFAS chemicals detected in 82% of affected manufacturer supply chains
Supply chain management company Assent has identified 695 unique PFAS chemicals across global manufacturing supply chains, marking a 30% increase over six months as regulations around “forever chemicals” continue to expand worldwide. The analysis of 4.5 million supplier declarations found that 3% of analyzed parts contain at least one intentionally added PFAS.
More than 80% of Assent’s clients have detected PFAS in their supply chains, with PTFE (Polytetrafluoroethylene) appearing in over 50% of positive PFAS declarations due to its non-stick properties valuable in manufacturing processes and consumer products. Among businesses with PFAS already present, 82% have received declarations containing multiple PFAS chemicals, highlighting compound risk for manufacturers.
The findings come as hundreds of PFAS regulations have been proposed or enacted globally due to health and environmental concerns. The EU and US states including California, New York, Colorado and Maine have enacted bans on PFAS use in consumer goods, while companies have settled related lawsuits for amounts exceeding $11 billion. The EPA this week upheld regulations keeping polluters responsible for PFAS cleanup costs under Superfund law, despite chemical industry opposition and internal pressure to reverse the rule, the New York Times reported.
Other key findings:
- The top three most declared PFAS are PTFE (53.7%), PVDF polymer (15%), and tridecafluorooctyl methacrylate (6.9%).
- PFOA salt ranks fourth at 3.3% of positive declarations.
“The business consequences of using PFAS, whether in the past or present, are unprecedented in terms of chemical regulations,” said Cally Edgren, vice president of regulatory and sustainability at Assent.
