Survey Exposes National Security Blind Spots in Corporate America

A report by Eversheds Sutherland uncovers sharp gaps in national security compliance readiness as U.S. companies struggle to keep pace with rising risk and regulation.

Oct. 8, 2025

3 min read

Many organizations are reassessing their compliance strategies as evolving national security regulations and cyber threats reshape corporate risk management.

At least one in three U.S. companies are not fully prepared to address key national security compliance risks despite significant legal, financial and operational consequences, according to Eversheds Sutherland’s newly released “2025 U.S. National Security Compliance Risk and Readiness Report.”

Nearly one-quarter of national security compliance professionals surveyed said they cannot fully articulate their company’s national security risk profile.

The report highlights preparedness gaps amid an evolving compliance landscape shaped by geopolitical conflict, global trade disputes, competition over advanced technologies and increasing cyberattacks.

Eversheds Sutherland surveyed more than 100 executives and in-house legal leaders in May and June. Respondents represented industries including financial services, manufacturing, technology, logistics, healthcare, defense, consumer and energy. Company revenues ranged from under $100 million to over $10 billion, with nearly half between $100 million and $999 million.

The findings show a lack of alignment among decision makers on issues such as cybersecurity and data protection, fraud prevention, sanctions and export controls, and supply chain security. Executives and in-house counsel expressed differing views on risk management and ownership of national security compliance, with each group asserting primary responsibility.

“Our survey shows that national security compliance is growing increasingly complex as the stakes get ever higher for US companies,” stated E. Patrick Gilman, Global Co-Head of National Security Investigations and Global Co-Head Aerospace, Defense and Security at Eversheds Sutherland. “In this climate, it’s critical that leaders invest in proactive compliance and cross-functional risk management efforts to protect their businesses for whatever comes next.”

Key findings include:

Cybersecurity and data protection challenges: 84% of organizations report moderate or high degrees of compliance risk in these areas, but only 66% consider themselves “very prepared.”
Heightened risk for global operators: U.S. companies with international operations showed greater activity across all areas of national security compliance than US-only organizations, with wide gaps in economic sanctions and export controls (59% vs. 30%), anti-bribery and corruption (48% vs. 20%), and outbound investment screening (39% vs. 18%).
Limited investment in compliance tactics: Many companies have not increased board or executive oversight (72%), added budget to compliance programs (56%), or engaged external advisors (55%).
Uncertainty over enforcement priorities: Some organizations appear to underestimate risks from agencies such as the Committee on Foreign Investment in the United States, the Office of Foreign Assets Control, and the Bureau of Industry and Security.

“National security compliance is increasingly becoming a board-level concern, as the consequences of missteps continue to rapidly escalate,” said Michael Bahar, Co-Head of Global Litigation and Co-Lead of Global Data Privacy, Security and Technology. “Critically, however, getting it right can enable greater innovation and larger global market share.”

The full report is available for download here.