top of page
Search

NAVEX 2025 State of Risk & Compliance Report

  • Writer: Katarzyna Celińska
    Katarzyna Celińska
  • Oct 13
  • 2 min read

The 2025 edition of the NAVEX Report provides a data-driven look into the current state of risk and compliance.

 

Program Maturity

57% of respondents rated their programs as Managing or Optimizing.

49% said compliance is led either by an independent function.

56% reported experiencing at least one compliance issue in the past three years.

 

Third-Party and Supply Chain Risk

Only 58% of organizations screen third parties for regulatory compliance, and 54% for cybersecurity and data protection.

84% agreed that their third-party due diligence program reduces legal, financial, and reputational risks.

 

AI Governance and Risk

65% of compliance teams are involved in AI-related decision-making.

IT departments (39%) most often lead AI policy development, followed by Information Security (10%).

 

The most common AI-related concerns overall:

1️⃣ Inappropriate use of others’ intellectual property (37%)

2️⃣ Incorrect AI outputs (27%)

3️⃣ Data loss (23%)

4️⃣ Algorithmic bias (10%)

 

ree

Risk Management and Assessment

30% of organizations have a centralized, integrated risk management program, while 44% are still developing integration.

93% said compliance is engaged in risk assessment and management, but only 61% use assessment results to improve their programs.

70% reported that risk assessments are “current and subject to periodic review” — unchanged from 2024 despite global geopolitical shifts.

Only 24% rated their risk assessment process as “effective.”

 

Leadership and Ethics

73% said senior executives encourage ethics and compliance, and 60% said they model proper behavior.

64% of boards receive periodic compliance reports, while 52% have formal oversight of compliance programs.

 

Training and Technology

76% of organizations have a formal risk and compliance training plan.

Top training topics for the next two years: Ethics, Privacy, Cybersecurity, and AI.

 

This is a really complex report, full of valuable details and honest data — but some findings struck me hard. 3/5 respondents rank their programs among the most mature, yet the deeper findings simply don’t support that claim. It’s a great example of compliance confidence outpacing capability.

For instance:

28% faced a privacy/ cyber breach, and 18% faced a third-party ethics failure, yet 40% don’t even screen their vendors. This shows that thirdparty and supply chain risks, especially in cybersecurity, privacy, and manufacturing, are still underestimated. And it’s not about “doing it” — it’s about doing it correctly.

AI is another area where this report reveals a gap. The top #AIrisks show that compliance teams still lack a technical understanding of how AI actually works.

Another major weakness is #riskmanagement integration. Risk management is not a register — it’s the daily decision-making process based on the best available data.



 
 
 

Stay in touch

kontakt@itgrc.pl

BW ADVISORY sp. z o.o. 

ul. Boczańska 25
03-156 Warszawa
NIP: 525-281-83-52

Privacy policy

  • LinkedIn
  • Youtube
bottom of page