Boards Increasingly Tout AI Expertise

CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.

Corporate boards triple AI oversight assignments as technology governance takes priority

The number of S&P 500 companies disclosing that they have designated a committee with artificial intelligence (AI) oversight responsibilities more than tripled in 2025, according to EY’s proxy season review. Audit committees are the primary choice for AI oversight, though technology committees, nominating and governance committees and others sometimes oversee AI functions, EY’s analysis found.

Nearly half of Fortune 100 companies cited AI in their descriptions of director qualifications this year, almost double the 26% doing so in 2024. The specifics of directors’ AI experience varied significantly, ranging from CEO of a company undertaking AI growth initiatives to completing a certification in AI ethics to serving on the board of an AI company. The prevalence of technology committees has grown from 8% in 2019 to 13% in 2025.

The focus on technology governance comes as other committee responsibilities shift. The portion of S&P 500 companies with a sustainability committee decreased slightly from 12% in 2024 to 11% this year, with responsibilities typically shifting to nominating and governance committees. Most notably, there was a 76% drop in S&P 500 companies that mention DEI-related terms in descriptions of their compensation committee’s responsibilities.

Other key findings:

• Around 400 shareholder proposals went to a vote this season at S&P 1500 companies, a 24% decline from the same period in 2024, largely due to new SEC guidance that made it easier for companies to exclude environmental and social shareholder proposals from proxy ballots.
• Only 7% of environmental and social proposals exceeded the 30% support threshold, down from 19% in 2024.
• Average support for say-on-pay proposals at S&P 1500 companies was 92%, in line with 2024 results.

AI deployment outpaces governance with only 25% of organizations fully implementing programs

Just 25% of organizations have fully implemented AI governance programs despite widespread awareness of AI risks and regulations, according to research from AuditBoard, a governance software provider. The survey of over 400 governance, risk and compliance professionals reveals a gap between policy development and operational implementation as companies integrate AI tools into business processes.

While 86% of respondents said their organization is aware of upcoming AI regulations, most efforts remain focused on policy drafting rather than execution. The barriers identified were primarily organizational: lack of clear ownership (44%), insufficient internal expertise (39%) and resource constraints (34%). Only 15% cited lack of tools as the main problem.

The research also highlighted a confidence gap in oversight capabilities. While 92% of respondents expressed confidence in their visibility into third-party AI use, only 67% conduct formal AI-specific risk assessments for third-party models or vendors, leaving roughly one-third of organizations relying on external AI systems without clear risk understanding.

Other findings:

• Over 80% of respondents said their organizations are “very” or “extremely” concerned about AI risks.
• Organizations are prioritizing automation of advanced governance tasks like usage monitoring (51%) while foundational controls remain incomplete.
• Most organizations (52%) plan to continue prioritizing policy development over the next 12 months rather than enforcement mechanisms.

The survey included professionals from companies with at least $100 million in annual revenue across the US, Canada, Germany and the UK.

Compliance & risk practitioners report AI productivity gains despite organizational readiness gaps

Most compliance and risk practitioners (96%) report time savings from using AI in the past year and 94% experienced productivity increases, according to a new survey by financial reporting platform Workiva. However, only about one-third of respondents have critical elements in place to fully and securely leverage AI’s potential, revealing a gap between adoption and organizational readiness.

The survey of finance, accounting, compliance and risk professionals found that while teams are achieving measurable returns on AI investments, foundational governance elements remain underdeveloped. Just 36% of organizations have high-quality data systems, AI governance and security policies and role-specific training in place.

Practitioners who expressed confidence in their organization’s AI capabilities were roughly twice as likely to report having these foundational elements compared to those lacking confidence. The biggest barriers to AI adoption were reliability of outputs (49%) and security or legal concerns (45%), indicating that governance challenges are limiting broader implementation.

Other key findings:

• Practitioners were twice as likely as executives to express doubt about their company’s ability to use AI effectively, suggesting a disconnect between leadership confidence and operational reality.
• Organizations with strong AI governance reported higher confidence levels in their AI initiatives across multiple metrics.

The findings align with other recent research showing that while AI adoption is accelerating across corporate functions, governance frameworks are struggling to keep pace with implementation.

Most US companies maintain sustainability investments despite regulatory uncertainty

A clear majority (87%) of US companies have maintained or increased their investment in business sustainability efforts this year, even as lawmakers threaten to roll back ESG regulations, according to new research from EcoVadis, a sustainability ratings company. The survey of 400 executives at companies with over $1 billion in revenue suggests a strategic shift: Companies continue to prioritize sustainability behind the scenes while reducing public promotion of these efforts.

The findings suggest executives view sustainability as essential for competitiveness and resilience rather than merely regulatory compliance. Sixty-five percent of respondents say supply chain sustainability provides a competitive advantage through risk reduction, enhanced resilience, brand improvements and cost savings. Additionally, 62% of directors and vice presidents and 59% of C-suite leaders report that sustainability efforts help attract and retain customers.

A notable trend is emerging around “greenhushing,” with 31% of executives increasing sustainability investments while reducing public communications about them. Another 8% have stopped discussing their commitments publicly but continue investing according to plan. Only 7% have actively cut back sustainability efforts.

Other key findings:

• Nearly half (47%) of C-suite respondents believe eliminating ESG regulations would increase supply chain disruptions.
• Only 13% of companies are on track to comply with deadlines across four major regulations: the EU’s CSRD and CBAM, California’s SB-253 and Canada’s Modern Slavery Act.
• A third of executives admit to knowingly reporting ESG data based on estimates they knew were inaccurate to meet compliance, marketing or investor expectations.

“Even as the debate over business sustainability heats up, executives are focused on the reality — sustainability is what keeps supply chains running and customers on board,” said Pierre-François Thaler, co-founder and co-CEO of EcoVadis.

Investment professionals see economic volatility as opportunity despite mounting challenges

Over 70% of US investment professionals view the current economic outlook as an investment opportunity, according to a report by law firm Barnes & Thornburg. The survey of 121 limited partners, general partners and service providers also found that 66% see the availability of capital as an opportunity and 64% view the regulatory environment favorably.

However, challenges are mounting alongside optimism. Limited partners are notably more concerned about financing terms (67% vs. 50% in 2024), transparency requirements (52% vs. 36%) and ESG issues (44% vs. 14%) compared to last year. General partners report increased concerns about fundraising (51% vs. 40%) and returns (51% vs. 31%), the report found.

Other key findings:

• Cybersecurity and data management emerged as the top compliance priority for both LPs and GPs, followed by artificial intelligence oversight.
• Ninety-six percent of LPs say succession planning is important, but fewer than half of GPs currently have a plan in place.
• Seventy-nine percent of respondents expect fund organizational expenses to rise in 2025, partly due to increased legal costs from navigating regulatory changes.
• Private investment activity is expected to increase across most industries, led by financial services (77%), technology (76%) and energy (75%).

“While many GPs came into this year very optimistic about expected fundraising, for many managers that optimism has been tempered so far, in part due to market volatility and economic uncertainty,” said Scott L. Beal, co-chair of Barnes & Thornburg’s private funds and asset management practice.

Nearly half of UK workers check emails outside secure environments

Almost half (45%) of UK adults have accessed work emails while on holiday, commuting or in public places such as cafes, potentially exposing themselves to cybersecurity risks through unsecured WiFi networks, according to a survey commissioned by email security provider Zivver. The poll of 2,100 UK adults highlights security vulnerabilities as flexible working arrangements become more common.

Younger workers are more likely to check emails outside the workplace, with 67% of those 18-24 and 68% of those 25-34 accessing work emails remotely, compared to 47% of workers 45-54. 

The survey also revealed gaps in phishing detection capabilities across age groups. Only 28% of respondents said they were very confident in spotting phishing emails, with confidence declining significantly with age. While 44% of 18- to 24-year-olds felt very confident identifying phishing attempts, only 13% of those 65 and above shared that confidence.

Financial data dominates breach content with 93% of incidents exposing corporate records

Financial documents appeared in 93% of the data breach incidents analyzed and accounted for 41% of all exposed files, making them the most frequently breached content type, according to Lab 1’s analysis of 1,297 data breach incidents involving 141 million files. The prevalence of financial data exposure creates significant risks for fraud, extortion and regulatory violations across corporate environments.

Human resources data appeared in 82% of incidents, often containing payroll information, resumes and employee personal identifiable information that can enable sophisticated social engineering attacks, the analysis found. The combination of HR and financial data creates particular vulnerabilities for AI-enabled fraud, as narrative-rich datasets can be used to generate synthetic identities or deepfake content for targeted attacks against organizations.

Code files were exposed in 87% of incidents, representing 17% of all breached files analyzed. XML and JSON files constituted the majority of leaked code, frequently serving as configuration files that can reveal hardcoded secrets, environment variables or backend system architectures. 

Other key findings:

• The median data breach exposed files from 482 distinct organizations, indicating significant third-party concentration risk across supply chains.
• Cryptographic private keys were exposed in 18% of incidents, enabling attackers to bypass authentication and access secure systems.
• System logs appeared in 79% of incidents, providing attackers with technical information about system configurations and potential vulnerabilities.

The research was conducted by Lab 1, a data breach intelligence platform, using machine learning to analyze publicly available breach datasets from ransomware and cyber incidents.