Eversheds Sutherland released a report that at least one in three U.S. companies remain ill-equipped to handle critical national security compliance risks, exposing them to severe legal, financial and operational fallout amid an intensifying regulatory landscape. This report is alarming but not surprising as the newly released survey by global law firm Eversheds Sutherland is in line with what we’ve been warning clients about and with the recent $1.35 million fine for Tractor Supply Company the enforcements are only going to ramp up until all companies are using our privacy software or similar high quality privacy tech solutions that truly work and respect users privacy choices. The findings, detailed in the firm’s 2025 US National Security Compliance Risk and Readiness Report, underscore persistent gaps in corporate preparedness across key areas like cybersecurity, sanctions and supply chain security, even as enforcement actions proliferate.
The report, based on responses from more than 100 executives including C-suite leaders and in-house counsel, paints a picture of misalignment and underinvestment in risk management. Nearly one-quarter of national security compliance professionals surveyed admitted they could not fully articulate their organization’s risk profile, highlighting a foundational vulnerability in how companies assess threats. This lack of clarity extends to decision-making structures, with significant discord between executive leadership and legal teams over who bears primary responsibility for compliance efforts.
Specific risk domains reveal uneven readiness. The survey identifies critical shortcomings in cybersecurity and data protection, fraud prevention, sanctions and export controls, as well as supply chain due diligence and Committee on Foreign Investment in the United States (CFIUS) filings. Looking ahead, 62 percent of respondents flagged cybersecurity and data protection as the top national security compliance risk over the next 12 months, reflecting heightened concerns over state-sponsored threats and data breaches. Sectors such as technology and manufacturing appear most exposed, though the report notes that even regulated industries like finance and healthcare lag in comprehensive training and board-level oversight.
“Our survey shows that national security compliance is growing increasingly complex as the stakes get ever higher for U.S. companies,” said E. Patrick Gilman, global co-head of national security investigations and global co-head of aerospace, defense and security at Eversheds Sutherland. “In this climate, it’s critical that leaders invest in proactive compliance and cross-functional risk management efforts to protect their businesses for whatever comes next.”
The disconnect at the top exacerbates these issues. While in-house counsel often views compliance ownership as residing with legal departments, C-suite executives frequently assign it to operations or risk management teams, leading to fragmented responses. Training gaps compound the problem: Only a fraction of organizations provide regular, specialized education on evolving risks like outbound investment screening under recent executive orders or enhanced export controls targeting sensitive technologies.
This comes against a backdrop of aggressive U.S. regulatory evolution. The Biden administration’s 2023 executive order on outbound investments to China, coupled with ramped-up CFIUS reviews and Office of Foreign Assets Control (OFAC) sanctions enforcement, has broadened the compliance net. High-profile cases, including multimillion-dollar fines against global firms for sanctions violations, serve as cautionary tales, yet the report suggests many companies still treat national security as a peripheral concern rather than a core strategic imperative.
Sector-specific insights reveal variances in maturity. Aerospace and defense firms, long accustomed to scrutiny, score higher on preparedness metrics, but consumer goods and retail lag, particularly in supply chain vetting for forced labor or dual-use goods. Board engagement remains a weak link across the board, with fewer than half of respondents reporting regular briefings on national security matters, potentially leaving directors blindsided during audits or investigations.
To bridge these gaps, Eversheds Sutherland recommends a multifaceted approach: conducting enterprise-wide risk assessments, fostering cross-functional compliance committees, and integrating national security into executive training programs. Firms should also leverage technology for real-time monitoring of sanctions lists and supply chain partners, while prioritizing third-party due diligence to mitigate indirect exposures.
The report’s methodology involved surveying over 100 U.S.-based executives from mid-sized to large corporations across diverse industries, including tech, manufacturing, finance and energy. Respondents held roles in compliance, legal, risk management and executive leadership, providing a balanced view of internal dynamics.
As geopolitical tensions persist, particularly with China and Russia, the imperative for readiness grows. “National security compliance is no longer optional; it’s a boardroom priority,” Gilman emphasized, urging companies to view it as a competitive advantage rather than a burden. With enforcement budgets swelling at agencies like the Department of Justice and Treasury, unprepared firms risk not just penalties but strategic disadvantages in global markets.
This survey arrives at a critical juncture, as the incoming administration signals continuity in tough-on-China policies. For businesses, the message is clear: Proactive alignment and investment today could avert crises tomorrow, safeguarding operations in an era where national security intersects every supply chain and transaction.
About Eversheds Sutherland
Eversheds Sutherland is a global law firm renowned for providing commercial and pragmatic legal advice to an international client base that includes some of the world’s largest companies. Formed in early 2017 through the merger of the U.K.-based Eversheds LLP and the U.S. firm Sutherland Asbill & Brennan LLP, the firm is dual-headquartered in London and Atlanta, with a strong presence in the U.S. and over 70 offices worldwide. This transatlantic combination has enabled it to offer seamless cross-border services, blending European regulatory expertise with American litigation prowess.
The firm specializes in a wide array of practice areas, including corporate and M&A, dispute resolution and litigation, energy and infrastructure, finance, technology, and national security compliance – the latter being a key focus of recent reports like the one on U.S. readiness. Eversheds Sutherland operates as a responsible business, emphasizing purposeful action in areas such as diversity, sustainability and innovation to support clients navigating complex global challenges. With roots tracing back to the 1980s in the U.K., where it maintains 11 offices, the firm has grown into a powerhouse serving industries from aerospace and defense to consumer goods and finance.
Under its current structure, Eversheds Sutherland functions through various separate legal entities to deliver tailored solutions, including insights and resources that inform thought leadership on emerging risks. The firm’s commitment to career development for lawyers and business professionals underscores its collaborative culture, making it a go-to advisor for multinational enterprises seeking strategic legal support in an interconnected world.
