At Least One in Three US Companies Unprepared to Tackle National Security Compliance Risks, Eversheds Sutherland Report Finds

Nearly a quarter of the national security compliance professionals surveyed cannot fully articulate their company’s national security risk profile, potentially complicating efforts to prioritize resources.

These critical preparedness gaps come at a time when US companies are facing a rapidly evolving national security compliance landscape shaped by conflict, global trade disputes, intense competition over advanced technologies, and relentless cyberattacks. To gauge the most urgent challenges and how companies are responding, Eversheds Sutherland in May and June 2025 surveyed more than 100 executives and in-house legal leaders involved in national security compliance at US-based companies across industries including financial services; industrial and manufacturing; financial institutions; technology, media and telecoms; logistics and transportation; life sciences and healthcare; aerospace and defense; consumer; and energy. Respondent organizations ranged from less than $100 million in annual revenue to more than $10 billion, with nearly half between $100 million to $999 million. 

The findings reveal critical gaps in both preparedness and alignment among key decision makers on compliance issues such as cybersecurity and data protection, fraud prevention, sanctions and export controls, and supply chain security. Executives and in-house counsel have notably different perspectives on risk management tactics, and which functions have ownership over national security compliance, with each claiming their function holds primary responsibility.

“Our survey shows that national security compliance is growing increasingly complex as the stakes get ever higher for US companies,” said E. Patrick Gilman, Global Co-Head of National Security Investigations and Global Co-Head Aerospace, Defense and Security at Eversheds Sutherland. “In this climate, it’s critical that leaders invest in proactive compliance and cross-functional risk management efforts to protect their businesses for whatever comes next.” 

Other key findings from the survey report include:

• Cybersecurity and data protection present near-universal challenges: 84% of organizations report cybersecurity and data protection present moderate or high degrees of compliance risk for their organizations, but only 66% are “very prepared” to address them today.
• Companies operating outside the US face heightened compliance burdens: US organizations with international operations were more active across all areas of national security compliance over the past year compared to their US-only counterparts, with notable disparities in economic sanctions and export controls (59% versus 30%), anti-bribery and corruption (48% versus 20%), and outbound investment screening (39% versus 18%).
• More than half of companies neglect essential compliance tactics: Even though companies are deploying a range of tactics when it comes to mitigating or remediating national security compliance risks, many have opted not to increase board or executive oversight of these issues (72%), add budget to support compliance efforts (56%) or engage external legal or compliance advisors (55%). 
• Compliance professionals are divided on future enforcement priorities: Some companies appear to be underestimating their compliance risks from regulators like the Committee on Foreign Investment in the United States, the Office of Foreign Assets Control, and the Bureau of Industry and Security even as their national security purviews continue to expand.

“National security compliance is increasingly becoming a board-level concern, as the consequences of missteps continue to rapidly escalate” said Michael Bahar, Co-Head of Global Litigation and Co-Lead of Global Data Privacy, Security and Technology. “Critically, however, getting it right can enable greater innovation and larger global market share.”

For more information, read the 2025 US National Security Compliance Risk and Readiness Report

Access full report