Key Issues in Corporate Governance in 2025: Navigating Emerging Risks, AI, and Cybersecurity

Corporate directors and officers always have a tremendous amount on which to focus, including the critical corporate governance responsibilities that their positions carry with them. They must follow company bylaws, be mindful of their fiduciary duties, and stay focused on key company objectives and critical compliance issues pertinent to the company’s business operations. 2025 brings some newer challenges to supplement those perennial concerns.

In performing one of their core functions, risk management, boards of directors (and executive officers) now have an even broader and more complex universe of issues to navigate. Those issues, in turn, affect other core functions, such as selection of key management personnel and self-evaluation of board composition and processes. What constitutes an optimal skill set for a director and officer continues to evolve, sometimes now at stunning speed.

The range of issues that boards and officers are expected to oversee has expanded to include high-stakes topics such as cybersecurity risk management, the impact of artificial intelligence on business strategies, and, for some businesses, climate-related disclosures and planning. As a consequence, directors and officers with expertise in these areas are in high demand. But most companies have typically prioritized experience in their industries, or in leadership positions at other companies – rather than expertise in comparatively narrow, emerging subject matter areas – when selecting or nominating directors.

The expansion of board responsibilities has led to a heightened focus by shareholders not merely on directors’ backgrounds and skill sets, but also on how much time they can reasonably be expected to devote to the board of the shareholders’ company. “Serial” directors, those who serve in oversight capacities at numerous other businesses, have increasingly faced headwinds in shareholder elections in recent years. Though the wisdom and aggregated experience of directors and executive officers cannot lightly be discounted, the magnitude of
various newer challenges – and the types of knowledge needed to help guide a company through them successfully – makes a careful reassessment of board composition advisable.

In 2025, Generative AI is likely to require boardroom discussions and have an impact on broader corporate operations. Company leaders across a multitude of industries will need to consider their companies’ readiness and adaptability in the face of this evolving technology, anticipate forthcoming regulations as best they can, and consider the impact of AI on hiring and retention of employees. Organizations need AI policies that advance the right talent and structure to cultivate this new technology.

Another issue that threatens to outpace companies’ ability to respond and protect themselves, is the explosion of technology-driven financial fraud, including cybercrime. A particular challenge in 2025 will be building a corporate culture that both minimizes the likelihood of a serious data breach and roots out bad actors. This is of course easier said than done, but certainly includes recurring training of employees to take steps that reduce the likelihood of exposure to data breaches and cybertheft, and greater limitations on the numbers of employees, business partners and vendors with access to company systems, much less the company’s most sensitive data.

Boards should focus intensely on legal and regulatory compliance practices pertinent to financial fraud issues. A thorough understanding of the organization’s compliance and cultural challenges enhances oversight. Collaborating more extensively with top managers at the company on initiatives to combat cybercrime, may become a necessity.

The cost to businesses of breaches of their networks is projected to rise from $9.22 trillion in 2024 to $13.82 trillion by 2028. Unprepared organizations could face potentially irreparable damage at the hands of cybercriminals.

In the coming year, and beyond, boards must remain vigilant. Infrastructure and data upgrades of all sizes must be considered high-risk. Business technology consultants recommend that companies implement software and configuration changes carefully and strategically in order to prevent widespread disruption or damaging breaches.

On a more positive data-related note, anticipated continued improvements in businesses’ data storage, retrieval and retention, will likely enable shorter board meetings and more agile, informed boards and executive management teams. Outdated reporting structures at many companies have made it difficult for boards to harness and distribute the information company leaders need to make key decisions. Many boards are now embracing a trend in corporate governance: better dashboards, the visual representations of key performance indicators, metrics and critical data points in a single interface. Centralizing risk data to monitor and mitigate risk frequently has the potential to allow for more proactive boards. 

As technology evolves, cybersecurity threatens performance, and geopolitical events causes disruptions and erode predictability, boards and business executives will need to be more than responsive. They need to be resourceful, proactive, vigilant and easily informed. Augmenting leadership and oversight teams with persons with the skills necessary to confront these huge emerging challenges is one way to meet the moment. An upgrade of data infrastructure that improves ease of access to key company performance indicators is another. 

*This was republished with permission from Association of Corporate Counsel. Click to access the publication.