CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
Generative AI expanding, but most professionals aren’t being trained on how to use it
Organizational adoption of generative AI among professional services has increased to 22%, nearly doubling from 12% last year, according to new research from Thomson Reuters. The survey of nearly 1,800 global professionals across legal, tax, accounting, corporate risk and government sectors shows growing acceptance of AI technology despite remaining implementation challenges.
Tax and accounting professionals demonstrated the most dramatic shift in attitudes toward AI, with 71% now believing the technology should be applied to their daily work, up from 52% in 2024. Tax firms have seen enterprise AI adoption nearly triple year-over-year from 8% to 21%, with 79% expecting significant integration by 2027.
Despite increasing interest, integration remains spotty, with 64% of corporate professionals receiving no training on using generative AI for industry work, even as 95% anticipate the technology becoming central to their organization’s workflow within five years.
Other key findings:
- Law firm AI adoption has grown from 14% to 26%, with 45% either currently using AI or planning to make it central to their workflow within one year.
- 77% of clients want tax firms to use AI, yet 59% don’t know if their firms are actually using it.
- The most common AI applications in tax and accounting are tax research (77%), tax return preparation (63%) and tax advisory (62%).
- Despite 89% of law firm professionals believing AI can be applied to industry work, 48% still lack formal AI policies.
“GenAI is transforming business by breaking down silos and cutting through information overload,” said Laura Clayton McDonnell, president of the Corporates Segment at Thomson Reuters. “It is an essential tool for enhancing efficiency and decision-making.”
Only 29% of organizations consistently meet cyber compliance standards
Just 29% of organizations report their compliance programs consistently meet internal and external standards, according to new research from Swimlane. The survey of 500 IT and security decision-makers across the US and UK reveals fragmented workflows and manual evidence gathering are creating significant compliance challenges.
The study highlights that 96% of organizations struggle to keep pace with growing regulatory requirements, with most companies relying on three or more disconnected tools to gather audit evidence. On average, just 39% of the audit evidence process is automated, leaving substantial room for human error in compliance documentation.
Poor collaboration between governance, risk and compliance teams and security departments is exacerbating the problem, with 90% of organizations concerned that these disconnects are undermining audit preparation.
Other key findings:
- Over half of organizations (54%) spend more than five hours weekly on manual compliance tasks.
- 62% report their audit evidence-gathering process is at least occasionally error-prone.
- Organizations cite financial penalties (39%), security breaches (36%) and reputational damage (36%) as the top risks of noncompliance.
“The burden of compliance weighs heavy on security and GRC teams, and the pain is growing faster than teams can adapt,” said Michael Lyborg, chief information security officer at Swimlane. “Until now, everything has been massive spreadsheets. Without better coordination and smarter workflows, even well-intentioned programs will fall short.”
The research was conducted in March 2025 among IT and cybersecurity decision-makers at enterprise companies with at least 1,000 employees.
