CCI staff share recent surveys, reports and analysis on risk, compliance, governance, infosec and leadership issues. Share details of your survey with us: editor@corporatecomplianceinsights.com.
GenAI emerging as efficiency tool for resource-constrained risk teams
Enterprise risk management (ERM) teams can enhance their efficiency and improve risk insights by implementing generative AI in five key areas, a new Gartner analysis finds: communicator, notetaker, researcher, librarian and trainer. These applications enable resource-constrained teams to expand capabilities without significant investments.
“GenAI offers ERM teams a unique opportunity to expand their capabilities without significant investments,” said Joel Backaler, director analyst in the Gartner assurance practice.
As a communicator, GenAI can draft consistent emails, risk reports and policies while maintaining organizational tone. Acting as a notetaker, it captures real-time information during risk workshops, allowing team members to focus on nonverbal cues and deeper insights.
GenAI can also serve as a researcher by analyzing large volumes of text to identify risk patterns and extract key insights from recordings and interviews. When used as a librarian, it creates a central resource center where stakeholders can access policy documents and historical data through natural language queries, reducing direct inquiries to ERM teams. Finally, as a trainer, GenAI delivers scalable, interactive learning experiences for new risk owners, teaching foundational risk management practices, Gartner’s analysts said.
“Using GenAI as a communicator allows ERM teams to maintain a consistent voice while freeing up time for more strategic initiatives,” Backaler noted, emphasizing how these applications help teams operate more efficiently without sacrificing quality.
Global M&A disputes expected to rise in 2025 despite market rebound
Dealmakers worldwide anticipate an increase in mergers and acquisitions (M&A) disputes in 2025 despite expectations of improved market performance, according to a new report from BRG. The consulting firm’s “M&A Disputes Report 2025” identifies rising geopolitical tensions, antitrust scrutiny and economic volatility as key factors likely to drive disputes in the coming months.
Deal terms designed to control performance fluctuations in an uncertain economic environment contributed to increased dispute exposure in 2024, with purchase price agreements, put/call options and indemnity provisions being the most common contractual factors in disputes. Looking ahead, nearly one-third of respondents expect earnout provisions to be a prominent source of disputes this year.
Financial services emerged as the sector with the highest increase in M&A dispute activity, with 43% of respondents reporting a rise in disputes — up 10 percentage points from last year’s report. Nearly half of surveyed dealmakers anticipate further increases in financial services disputes in 2025 as M&A activity accelerates and regulations ease.
Other key findings:
- The EMEA region is expected to experience the most dispute activity due to ongoing regulatory challenges, continuing its position as the leading region driving increased dispute volumes.
- Private equity involvement in deals is increasing dispute risks, with PE firms becoming more comfortable with litigation to enforce contract provisions despite maintaining high due diligence standards.
“While geopolitical, economic, regulatory and contractual dispute factors may vary across regions and industries, BRG’s research has revealed time and time again the importance of having a comprehensive dispute mitigation strategy when pursuing M&A deals in this complex environment,” said Tri MacDonald, BRG principal executive officer and president.
Workplace serious injuries and fatalities decline 16%
Serious injuries and fatalities (SIF) in the workplace decreased by 16% from 2022 to 2023, reaching the lowest total since 2017, according to a report from ISN. The contractor management company analyzed OSHA 300 logs submitted by approximately 3,300 contractors through the company’s platform, examining self-reported recordable incidents from 2017 to 2023 and identifying 19,900 potential SIF cases.
This downward trend coincides with an industry-wide shift toward high-consequence event prevention and safety culture initiatives that focus on improving protective processes rather than modifying worker behavior, the company said. Despite these improvements, certain hazards remain persistent, with contact with objects or equipment continuing to account for 60% of injuries throughout the study period.
Construction and transportation industries continue to face elevated SIF rates, with construction contractors experiencing over 1,200 SIF cases and 43 fatalities in 2023, while the transportation industry reported more than 1,000 SIF cases with a 30% SIF rate increase from 2021 to 2023.
Other key findings:
- In 2023, 90% of amputations affected hands, fingers or wrists, consistent with OSHA’s severe-injury trends.
- Smaller and mid-sized companies experience greater variability in safety performance, likely due to resource limitations and workforce turnover.
“A strong safety culture is the foundation of an effective safety program and organizations need reliable insights to drive meaningful change,” said Marie Anderson, chief customer success officer and head of review and verification services at ISN, which provides contractor and supplier information management services and offers safety culture assessment products.
Ransomware attacks surge 50% in February amid shift to data theft
Ransomware attacks reached an all-time monthly high in February with 886 incidents, marking a 50% increase from January 2025 and a 119% rise compared to February 2024, according to NCC Group’s February report. The dramatic uptick signals an evolving focus on data theft and extortion rather than traditional system encryption.
The threat group Cl0p emerged as the most aggressive actor, responsible for 37% of all February attacks (330), representing a 460% increase from January, according to the analysis by NCC Group, a global cybersecurity and risk mitigation firm. This unusual spike resulted from the bulk release of victims following zero-day exploitations in Cleo file transfer software that occurred in 2024. Experts caution that Cl0p’s numbers may be inflated as the group attempts to garner attention.
Consumer goods became the most targeted sector for the first time in 14 months, accounting for 31% of all attacks (278), displacing Industrials, which fell to second place despite seeing its own increase from 149 to 191 attacks. North America remained the primary target, suffering 65% of global attacks (574), followed by Europe with 18% (159).
Other key findings:
- RansomHub, Akira and Play followed Cl0p as the most active threat groups with 87, 77 and 43 attacks, respectively.
- Combined, North America and Europe accounted for 83% of all global ransomware attacks.
“Ransomware victim numbers hit record highs in February, surging 50% compared to January 2025, with Cl0p leading the charge,” said Matt Hull, head of threat intelligence at NCC Group. “Unlike traditional ransomware operations, Cl0p’s activity wasn’t about encrypting systems—it was about stealing data at scale.”
