At least on-third of U.S. companies are not fully prepared to address key national security compliance risks facing their organizations despite the notable legal, financial and operational consequences, according to Eversheds Sutherland’s 2025 US National Security Compliance Risk and Readiness Report.
Nearly one-quarter of the national security compliance professionals surveyed cannot fully articulate their company’s national security risk profile, potentially complicating efforts to prioritize resources.
“Our survey shows that national security compliance is growing increasingly complex as the stakes get ever higher for U.S. companies,” says E. Patrick Gilman, global co-head of national security investigations and global co-head aerospace, defense and security at Eversheds Sutherland. “In this climate, it’s critical that leaders invest in proactive compliance and cross-functional risk management efforts to protect their businesses for whatever comes next.”
Key takeaways:
· The findings reveal critical gaps in both preparedness and alignment among key decision makers on compliance issues such as cybersecurity and data protection, fraud prevention, sanctions and export controls, and supply chain security.
· Executives and in-house counsel have notably different perspectives on risk management tactics, and which functions have ownership over national security compliance, with each claiming their function holds primary responsibility.
- 84% of organizations report cybersecurity and data protection present moderate or high degrees of compliance risk for their organizations, but only 66% are “very prepared” to address them today.
- U.S. organizations with international operations were more active across all areas of national security compliance over the past year compared to their U.S.-only counterparts, with notable disparities in economic sanctions and export controls (59% vs. 30%), anti-bribery and corruption (48% vs. 20%), and outbound investment screening (39% vs. 18%).
- Even though companies are deploying a range of tactics when it comes to mitigating or remediating national security compliance risks, many have opted not to increase board or executive oversight of these issues (72%), add budget to support compliance efforts (56%) or engage external legal or compliance advisors (55%).
- Some companies appear to be underestimating their compliance risks from regulators like the Committee on Foreign Investment in the United States, the Office of Foreign Assets Control, and the Bureau of Industry and Security even as their national security purviews continue to expand.
