Forrester

B2B marketing leaders are surprisingly bullish about next year’s budgets. Forrester’s Budget Planning Survey, 2025, showed that 83% of B2B marketing decision-makers expect increased investment over the next 12 months, with 40% anticipating at least a 5% boost. But as news headlines continually remind us, these are extraordinarily volatile times. Regardless of budget expectations, leaders must be strategic and focused. In our recent webinar for B2B CMOs and senior marketing leaders, Ian Bruce, Rani Salehi, and I described key actions to take to successfully navigate the coming year. These are not mere recommendations — the stakes for senior marketing leaders have never been higher. New Forrester analysis shows that representation and tenure of CMOs (particularly B2B CMOs) among Fortune 500 companies continues to fall, driven by business volatility and lingering questions about marketing’s value within the C-suite. CMOs are facing unprecedented levels of scrutiny. The way to win in this precarious climate is by being shrewd and proactive. While I encourage you to watch the full webinar for more context and examples, here are five key action items. 1. Ruthlessly Prioritize Market Segments You should already be routinely prioritizing market segments as part of the annual planning process. In times of volatility, the need is especially acute. Effective prioritization requires more layered and nuanced segmentation than might be typical. Take ownership of driving segmentation decisions across verticals, regions, routes to market, and buying personas. Your deep understanding of buyer behaviors positions you to work with your sales leadership counterpart and guide these critical choices. Bring your CEO and CFO along in this process, using both historical and forecasted data to support your recommendations. 2. Embrace Strategic Divestment Growth isn’t always about adding more. In fact, focus really matters to ensure that you have the necessary resources for your big growth bets. Sometimes the smartest move is actually strategically walking away from unstable or less profitable markets or initiatives. But that’s often easier said than done. The key is to be pragmatic and focused on where you can win. Proactively involve your sales and finance counterparts and the CEO in these conversations, too. Keep in mind that divestment doesn’t necessarily mean a complete exit — consider partial withdrawal strategies such as pausing new logo acquisition while maintaining a smaller focus on retention and renewal marketing. This approach preserves existing relationships while freeing capacity for higher-potential growth opportunities. 3. Build Buyer Preference Nearly half (41%) of B2B buying decision-makers have a favorite vendor at the start of their purchasing process, according to Forrester’s Buyers’ Journey Survey, 2024. If you’re not that one vendor, it will be hard to break through (and you might just be used as pricing leverage). Your goal should be to capture pole position before the purchase preferences begin. Focus on driving that preference for your brand and offerings continuously, marry brand and demand marketing efforts for maximum impact, and build sales and marketing playbooks based on preference positioning. With external influencers holding increasing sway over B2B buying decisions in a risk-averse climate, invest in knowing who they are and winning them over to your brand, as well. 4. Stay Ahead Of AI Marketing is an entry point for AI at most companies. That positions you to play a leading role in your company’s AI transformation — and it also ramps up the pressure to show tangible business gains. Prioritize upskilling your team in areas where AI can have the greatest or fastest impact, such as content creation, personalization, and email sequencing. Take a strategic look at marketing’s tasks and workflows to interrogate what’s well suited for AI and what’s best left to human judgment. Ensure that you’re using the AI capabilities that are already embedded in your current tech stack — many marketing technologies now incorporate AI features for advertising, social intelligence, and more. 5. Strengthen Your Bond With Your CIO It’s no secret that marketing is ever more technology-dependent. Recent Forrester research shows that top AI adopters have something in common: a strong CMO-CIO relationship. Your level of CIO collaboration can determine whether AI initiatives succeed or stagnate. A solid partnership helps ensure that your organization has the right tools and gets the most out of them — and that you have effective safeguards in place. This research also found that top AI adopters have their data houses in order. Because clean, organized data is the foundation of effective AI systems, work with your technology team to establish data readiness before rolling out business-critical AI initiatives. Bring A Business Partner To Work With You Side By Side When it comes to budget planning, now is not the time to go it alone. Watch the full webinar to hear these and other recommendations in full detail, and don’t hesitate to reach out to us for more help and tailored advice to equip your marketing function to drive growth in 2026. source

After rejecting the “stop the clock” lobbying efforts from the tech industry, the EU is moving forward as planned with the next phase of the EU AI Act. If your company operates AI systems in the EU or uses AI-generated insights on the EU market, you need to pay close attention — especially to the rules concerning general-purpose AI (GPAI) providers. This accountability includes providers of genAI models. But the impact doesn’t stop there. Any organization using genAI — whether through direct purchase or embedded in other technologies — will likely face ripple effects across their value chains and third-party risk management programs. Despite speculation about possible delays, the EU has held firm on its timeline and released a range of tools to help companies prepare. Every company, not only GPAI providers, must be familiar with: EU guidelines on the scope of GPAI providers’ requirements. The EU has defined key terms — such as what qualifies as a “general-purpose AI model” — and introduced a training‑compute threshold as a practical benchmark. These elements are very useful for every company looking to clarify critical concepts of the regulation, such as which significant modifications trigger provider obligations, how to interpret the meaning of “general-purpose” AI, etc. Developed through extensive consultation, the guidelines are not legally binding but reflect the European Commission’s enforcement interpretation and are intended to guide providers in preparing for regulatory obligations. The EU code of practice for GPAI providers. This is a voluntary framework designed to help companies align with the upcoming requirements of the EU AI Act ahead of formal enforcement. The code outlines practical steps GPAI providers can take to improve transparency, safety, and accountability in their AI systems. It includes guidance on model documentation, risk mitigation, and responsible deployment practices. Major AI companies such as OpenAI, Mistral, and Anthropic have already signed on, signaling growing industry support for trustworthy and harmonized AI governance in the EU. For companies that use GPAI models and systems, the code of practice is useful in guiding updates to party risk management frameworks for GPAI providers. Template for transparency of training data for GPAI providers. This is a mandatory template requiring all GPAI providers to publish a public summary of the major sources’ data used to train their models. This summary must cover training content across all stages — from pre‑training to fine‑tuning — and include types of data such as public and private datasets, web‑scraped content, and user‑generated and synthetic data. Companies using GPAI must obtain these summaries via providers’ websites and distribution channels and expect them to be updated every six months (at least) if the provider uses substantial new datasets. The EU AI Act isn’t just a regional regulation — it’s the only binding global framework for trustworthy AI. Whether you like it or not, it’s set to influence AI governance, risk management, and compliance practices around the world. And while the act isn’t perfect, it offers practical steps toward building more responsible AI systems — including stronger data governance, privacy, security, and risk oversight. At the heart of this is the act’s AI risk pyramid, which gives companies a structured way to evaluate and mitigate the risks of their AI use cases. If you have any questions about compliance readiness and best practices, what the EU AI Act means for your AI strategy, and how to use it to build trustworthy AI, schedule a guidance session with me. Be sure to keep following my latest research, as new reports on software offerings designed to help companies meet the requirements of AI regulations are on the way! source

As software development accelerates through AI and generative technologies, testing is under pressure to keep pace. The rise of TuringBots and AI-generated code has collapsed traditional development cycles, introducing new complexities and risks. Yet many testing practices remain manual, fragmented, and slow. Without a strategic shift, testing threatens to become the bottleneck of the software delivery lifecycle, undermining speed, quality, and business agility. Organizations need to rethink how they approach testing — not just as a technical checkpoint but as a continuous, intelligent process that aligns with modern development increasingly based on generative, agentic AI. This is why we shifted our research from continuous automation platforms to autonomous testing platforms, as announced in this blog post a few months ago. Who Offers What To Support Your Autonomous Testing Strategy To help technology leaders and QA professionals make sense of this dynamic space, Forrester just published The Autonomous Testing Platforms Landscape, Q3 2025. This report profiles 31 vendors and defines the emerging category of autonomous testing platforms (ATPs) — solutions that combine traditional automation with AI and genAI agents to perform increasingly autonomous testing tasks. The report offers a comprehensive view of how ATPs are evolving, what business value they deliver, and how buyers can evaluate platforms based on core and extended use cases. It’s a valuable resource for anyone looking to modernize their testing strategy and align it with the pace of innovation in software development. What Autonomous Testing Platforms Bring To The Table Accelerate time to value through AI-driven test automation. ATPs reduce the time required to design, generate, and maintain test cases by automating traditionally manual tasks. They enable self-healing for brittle tests, optimize execution, and generate tests directly from requirements. Reduce strategic risk and improve governance. AI-powered platforms support risk-based orchestration, intelligent test scoping, and real-time analytics. They prioritize testing based on business impact and historical defect patterns, ensuring that critical paths are validated. Democratize testing and foster cross-team collaboration. With no-code/low-code interfaces and natural language test authoring, ATPs empower nontechnical users to “vibe-test.” Business stakeholders, product managers, and developers can all participate in defining and validating tests, leading to broader coverage and better alignment with business goals. Start addressing the testing of AI applications. As AI inserts itself into production enterprise applications (AI-infused apps, or AIIAs), these also need to be tested, which means we now need to test whether the AIIA is hallucinating, not being accurate, or not meeting original intent — these are all additional capabilities that testing tool platforms need to address. A Market In Transition — And Why It Matters The ATP market is rapidly evolving but still maturing. While many vendors claim AI-native capabilities, buyers must distinguish between genuine innovation and marketing hype. Core features such as DevOps integration and UI testing are now table stakes; differentiation lies in agentic testing, business outcome validation, and intent-based test creation. Organizations face challenges typical of a market in flux: fragmented toolchains, skill gaps, unclear ROI, and resistance to change. The emergence of agentic AI — systems that autonomously discover, generate, and execute tests — is redefining the role of testers and the architecture of testing platforms. This shift demands new frameworks, governance models, and cross-functional collaboration. Take The Next Step Toward Autonomous Testing If your organization is grappling with the speed and complexity of modern software delivery, now is the time to explore autonomous testing. The Autonomous Testing Platforms Landscape, Q3 2025, provides the clarity and structure needed to evaluate vendors, align testing with business outcomes, and prepare for the future of AI-driven quality assurance. We are just about to kick off the next step in this research, which is the Forrester Wave™ evaluation covering autonomous testing platforms (set to publish in Q4 2025) that will pick and compare the leading 15 players featured in the landscape. Reach out to schedule an inquiry or guidance session if you are updating your testing strategy and just want to keep up with the new requirements and opportunities that genAI and agents are creating. source

AI is reshaping the future of digital experiences. With rapid advancements in AI, chatbots and virtual assistants are becoming more conversational, intuitive, and impactful. Organizations are racing to harness these innovations to enhance CX and boost operational efficiency. However, the path to transformation isn’t without its hurdles — navigating complex technologies and managing associated risks remain critical challenges. To explore how one organization is tackling this journey, I interviewed Siddhartha Chatterjee, global chief data and AI officer at Club Med. Club Med is a global travel and tourism operator headquartered in Paris. The company has leveraged genAI for conversational experiences and has been on an AI transformation journey. We also welcomed Siddhartha for an exclusive fireside chat at Forrester’s CX EMEA Summit on June 4, 2025. There, he shared how Club Med designed, implemented, and continuously refined its conversational AI strategy — offering a rare, behind-the-scenes look at a real-world transformation in the travel and hospitality industry. AI Leadership And Organization Aurelie: Could you please tell us about your role at Club Med? Siddhartha: My role is quite broad, akin to that of a chief data and AI officer with a strong focus on transformation. I have the privilege of working in an organization where marketing, digital, data, and AI are all integrated under one umbrella. I’m responsible for end-to-end data and AI initiatives, including infrastructure and IT, development and sourcing of AI and data use cases, data governance and compliance, and enhancing digital experiences across platforms. Revolutionizing Customer Engagement With Conversational AI Aurelie: What sparked the conversational AI initiative? Siddhartha: The development of our WhatsApp chatbot was a very bold move. Our goal was to improve customer service efficiency. Since WhatsApp is widely used in Brazil — second only to India, with nearly 80% of customers using it to ask questions — we integrated our LLM-based AI directly into WhatsApp. At the time (early 2024), this was a novel approach. Within three months, we fully automated 30% of customer interactions (50% partially) — and improved customer satisfaction. Our vision is to enable the entire booking journey within WhatsApp, leveraging asynchronous messaging for both customers and service providers. AI enables us to provide near-instant responses. Inspired by innovations like JioMart in India, we’re working with Meta to expand this model in Europe, where adoption of WhatsApp for business is growing. We believe messaging is the future of customer engagement, but we remain omnichannel — offering consistent experiences across app, web, phone, and messaging. Ultimately, great CX is about how well services are delivered. We take a data-driven approach, constantly analyzing customer feedback and call center data to identify pain points and improve. We work with a range of vendors to ensure customer data privacy and security.   Enhancing Efficiency And Experience With A Multi-Agent AI System Aurelie: There are many use cases for conversational AI, such as customer service, marketing, sales. Which use cases have delivered the most value for you and your customers? Siddhartha: Automating responses has significantly improved both customer and sales agent experiences. Previously, agents acted like “human APIs,” manually retrieving information from databases — an inefficient use of their time. Now, a chatbot handles routine queries, freeing agents to focus on delivering a premium, emotionally engaging customer experience. One key metric: thanks to AI, the average first-response time on WhatsApp dropped by 3.5 hours, from around 4–6 hours to just 30–40 minutes. AI responses are nearly instant (4–5 seconds) with 95% answer accuracy, increasing satisfaction rates to 85%. The remaining 5% of answers that we want to improve aren’t hallucinations but could be more complete. This success is due to a multi-agent AI system: One agent interprets the question, a second retrieves relevant data, a third generates the response in Club Med’s tone, and a fourth checks relevance. Human testers then score answers as perfect, partially complete, or incorrect. This rigorous evaluation process enables continuous improvement and confident scaling. Smart Scaling: Localizing And Expanding The AI Assistant Across Markets Aurelie: How has your conversational assistant evolved since its inception? Siddhartha: We launched in Brazil in Q1 2024. As of Q2 2025, our AI assistant is live in 12 markets, each with unique languages, questions, and localized product details. Due to data limitations, some queries still go to human agents. We’re now adding a commercial information agent to handle localized promotions and building a booking agent that can place nonpayment holds on trips, streamlining the path from inquiry to booking. We prioritize markets based on WhatsApp adoption and volume. Initially, we launched WhatsApp and AI together in Brazil and Belgium. Now, every WhatsApp rollout includes AI, with a two-week gap to analyze local queries for better performance. Our AI was built after analyzing call center data across markets, identifying two key question categories: product and pricing. The first two agents — product information and pricing — cover about 70% of customer queries. Pricing is complex, requiring real-time API calls and contextual explanations (e.g., why one resort costs more than another). Once a customer receives product and pricing info, we generate a prefilled booking link: This eliminates the need to manually search and input details, making the booking process much faster and more seamless. Measuring Success Aurelie: How do you define and measure success for your conversational AI initiatives? Are there any metrics or KPIs you focus on? Can you share a case where conversational AI helped reduce costs or improve efficiency in a measurable way? Siddhartha: We track several KPIs to evaluate our AI tools. First, productivity: Are internal teams becoming more efficient? Then, the automation rate: What percentage of business processes are fully automated (e.g., 32% in WhatsApp, 75% for IT ticket routing)? We measure customer satisfaction, especially for customer-facing tools, and we monitor CSAT and Net Promoter Score℠ (NPS). And we also measure cost avoidance: Rather than cutting costs, we focus on avoiding future expenses through AI-driven efficiencies. We also benchmark a lot. For example, we were impressed by how Trip.com in China implemented conversational AI. They shared that

Forrester’s Technology Strategy Impact Award celebrates technology teams that have mastered the art of high-performance IT. The 2025 APAC winners prove that when technology organizations nail alignment, trust, and adaptivity, they don’t just support the business — they accelerate it. Congratulations to this year’s winners — FWD Group and YCH Group — as well as to AIA Group, our 2025 runner-up. Each organization built the technology and business capabilities that their business strategy demanded, then executed with the precision and agility that separates market leaders from the pack. FWD Group: Transforming Insurance Through High-Performance IT FWD Group is a pan-Asian life and health insurer operating in 10 of the region’s fastest-growing markets. With a bold vision of changing the way people feel about insurance, FWD has adopted a customer-led and tech-enabled approach in its business. Through its cloud-first strategy, AI-powered platforms, and a relentless focus on customer experience, FWD has transformed itself into a high-performance IT organization that is agile, trusted, and aligned to deliver measurable business impact in several ways: Strategic alignment that drives measurable business outcomes. FWD’s IT team operates as a strategic partner, codeveloping priorities with business leaders and aligning initiatives through robust portfolio management. Platforms such as FWD Cube, a digital sales enablement platform, and FWD Opus, an operations management platform, are tightly integrated with business goals, delivering tangible results including a 40% increase in average active agents and a 13% rise in monthly average APE (annual premium equivalent) in Thailand from October 2023 to June 2024. Adaptivity through continuous learning and agile execution. With over 22,000 cloud training courses completed and more than 960 certifications earned, FWD has built a culture of continuous learning. Its six Centers of Excellence rapidly pilot and scale emerging technologies like generative AI, while agile practices and real-time feedback loops, such as the voice-of-the-customer program, ensure swift responsiveness to market and customer needs. Trust built on security, resilience, and responsible innovation. FWD’s Zero Trust architecture, ISO 27001-aligned cybersecurity framework, and Responsible AI Standard ensure secure, ethical, and resilient operations. With 100% penetration testing on customer-facing apps and 98% completion of security training across all business units, FWD has earned stakeholder confidence and industry recognition, including the Cyber Security Excellence Award and Cloud Network Security Award. YCH Group: Redefining Logistics Through High-Performance IT YCH Group is a Singapore-based logistics company executing a major technology transformation across Asia Pacific. The company operates integrated supply chain solutions, partnering with Y3 Technologies Pte Ltd through initiatives like Supply Chain City® and SuperPortTM, deploying automation, AI, internet of things, and data platforms to modernize warehousing, distribution, and trade finance operations. By integrating robotics-enabled facilities with autonomous logistics systems, YCH is advancing a digitally connected, intelligent supply chain that serves customers across multiple industries in the region. YCH’s key tenets of its high-performance technology strategy that underpins this success are: Strategic tech-business alignment at scale. YCH’s IT strategy is tightly integrated with its business vision, ensuring that every technology investment — from robotics to cloud adoption — directly supports growth, efficiency, and sustainability. Through structured planning, agile governance, and real-time feedback loops, YCH has delivered transformative business outcomes such as a major reduction in order processing time and improved fulfillment accuracy. Adaptivity through modular architecture and agile execution. YCH’s modular, cloud-native architecture and dynamic portfolio management enable rapid responses to market shifts. From pandemic-era pivots to AI-based demand forecasting, its agile innovation model — including digital innovation cells and Y3’s technological strengths — ensures continuous learning and fast-tracked execution across the enterprise. Trust built on resilience, security, and results. YCH’s tech organization has earned the trust of global partners by delivering secure, resilient, and high-performing digital infrastructure. With ISO 27001 certification, secured architecture, and 99.95% uptime, the IT team provides operational continuity and data protection at scale. Its ability to codesign and integrate complex systems was instrumental in securing a regional business expansion with a global luxury brand — a testament to the IT team’s role as a trusted enabler of growth, innovation, and long-term partnerships across the supply chain ecosystem. AIA Group: Scaling Innovation With Purpose And Precision Our runner-up, AIA Group, is the largest independent publicly listed pan-Asian life and health insurer and has undergone a sweeping digital transformation across its 18 markets through its Technology, Digital, and Analytics (TDA) program. With over $800 million invested since 2020, AIA has built a future-ready technology foundation that is now powering one of the most ambitious genAI strategies in the insurance industry. Enterprisewide alignment with strategic growth drivers. AIA’s TDA program is embedded at the core of its corporate strategy, directly supporting its mission to help people live healthier, longer, better lives. With senior leadership accountability, shared KPIs, and a centralized governance model, AIA ensures that every technology initiative — from AI-powered underwriting to digital distribution — is tightly aligned with business outcomes. Adaptivity through cloud, talent, and genAI at scale. The insurer’s cloud-first strategy has enabled 90% cloud adoption companywide, laying a strong foundation for agility and innovation. Infrastructure automation has accelerated technology deployment by 90%, significantly boosting operational efficiency. With over 14,000 hours of learning logged in 2024 and the launch of the AIA Tech Academy in 2025, AIA has built a future-ready workforce capable of scaling genAI across the insurance value chain — from customer service to software development. Trust anchored in responsible AI and cyber resilience. AIA’s Responsible AI Standard, AI Council, and over 9,500 data quality rules ensure ethical, secure, and transparent AI deployment. With ISO 27001 certification and 99.9% system availability, AIA has earned the confidence of customers and regulators alike — enabling 85% of customer interactions to flow via straight-through processing and delivering over $180 million in annualized efficiencies. Congratulations to all three companies, and thanks to all of the companies that submitted entries this year. Hope to see you all at Technology & Innovation Summit APAC in Sydney on August 19, where we’ll celebrate our winners in a special keynote session. source

For the last 12 years, I’ve been asking audiences a simple question: “How do you want to feel when you leave work every day?” And every time, the answers are the same: “I want to feel accomplished — like I got something done” or “I want to feel like my work today made a difference.” The consistency of these answers reveals the simple truth: Employees want to work at places where they can succeed. And when they succeed, it builds energy and momentum. Employee Experience Peaks When People Have Good Days At Work Arguably the most important insight from all my years studying employee experience (EX) through the work of scientists, EX leaders, and practitioners is that EX peaks when people have good days at work — days when they’re succeeding not just in their work but also in their careers and their personal lives. The Problem: A Flurry Of AI Enablement Initiatives And Struggling Projects Predictably, demand for new AI-driven capabilities is surging, creating a two-part problem for tech leaders. On one hand, employees and teams are experimenting with AI-driven capabilities — with or without permission, guidance, and support from their employers. On the other hand, this limits what they can accomplish because they typically can’t use company data and systems in their experiments. Yet this is where differentiation and competitive advantage will come from. The Solution: An AI-Enabled Digital Employee Experience (DEX) Strategy An AI-enabled digital employee experience strategy provides a framework that encourages experimentation while directing limited company resources — such as access to internal systems and data — toward projects that will have the most impact on business outcomes. Companies with AI-empowered workforces can respond more quickly to market changes, customer needs, and competitive threats. The ability to rapidly analyze situations, generate solutions, and communicate effectively across the organization becomes a sustainable competitive advantage. A digital employee experience (DEX) strategy combines organizational capabilities with a supporting process that’s easy to follow and delivers results, including: Accelerated innovation cycles. When employees can rapidly prototype ideas, conduct research, and test concepts using AI assistance, the organization’s innovation velocity increases rapidly. The time from idea to initial validation shrinks from weeks to hours, enabling more experimental approaches and faster iteration cycles. Distributed strategic thinking. Traditionally, strategic analysis was centralized in planning departments or executive teams, but generative AI enables the distribution of strategic thinking throughout the organization. For example, frontline employees can contribute market insights, operational improvements, and customer intelligence that can inform high-level decision-making. Quality standardization without bureaucracy. AI can help ensure consistent quality and compliance without creating bureaucratic bottlenecks. Employees receive real-time guidance on best practices, regulatory requirements, and organizational standards — reducing the need for multiple approval layers while maintaining governance. Come See Us In November This is the opportunity of a lifetime for technology leaders to do career-defining work in helping their companies channel energy and limited resources into AI projects wisely. To help them do this, I’ll be leading a breakout session on AI-enabled DEX at Forrester’s Technology & Innovation Summit North America this November. I’ll share our latest learnings that you can use to develop a practical strategy that works for your organization. I’ll also share real examples from companies around the world and offer insights into the latest tools and techniques, such as AI-powered deep listening, incubator teams, and more. I’ll also give you a model that you can adapt to your organization’s needs. source

Forrester’s Priorities Survey, 2025, presents some interesting food for thought. We asked 700 tech leaders about visibility into IT spend across their organization, as well as where in their organization IT finance sits. What we found is that only about 60% of enterprises have IT finance teams that sit in an IT organization, with the other 40% sitting in finance. Enterprises with IT finance teams reporting into an IT org, however, were 18% more likely to have high visibility into tech spend than those where IT finance reported into a finance org. Visibility Is Critical To Spend Management Visibility is a key factor in Forrester’s IT Spend Management Framework, a model for achieving IT spend management maturity and defining the success of your IT finance function. The model focuses on the visibility, control, and optimization of IT spend — in that order. Visibility is the first piece; without it, you can’t understand what costs need to be controlled, and only once you have control over your costs can you begin optimizing them. We’ve even designed an assessment that you can take right now to see if you are at a beginner, intermediate, or advanced level. This all underscores how critical a deep relationship between IT finance and IT itself is to successful IT spend management. The closer the IT finance team is to IT, the deeper its understanding of what drives IT costs, how to control them, and how to optimize them. This is not isolated to just finance’s and IT’s visibility into IT costs. Embedded IT finance teams are better equipped to communicate the story behind IT investments across all functions of the enterprise. This universal visibility is critical for any CIO trying to demonstrate the value that their IT organization adds to the enterprise. Drive Embeddedness To Improve Visibility Does this mean CFOs and CIOs should drop everything and reorg? Probably not — every company situation is unique, but this does present a strategic imperative to foster closer collaboration between IT finance and IT. Embeddedness in IT not only enhances visibility but also empowers teams to drive cross-functional insights essential for mature financial management. Some ideas of how to enhance embeddedness include: Build stakeholder personas. Spend a “day in the life” with stakeholders up and down the IT organization, getting to know how they work and what’s important to them. Then, create and maintain personas to inform reporting and decision-making. Sit in on important user groups. Identify groups within IT where financial topics can be part of the agenda (for example, sitting in on a project management council or weekly staff meetings). These are easy ways to learn what’s important to IT stakeholders and identify the financial topics that may need more support. Educate finance on IT. Identify tools or capabilities in IT that can add value for the finance organization. Then, partner with IT SMEs to deliver an overview during a finance town hall or staff meeting. Encourage three-way meetings. Include IT finance in meetings between the IT lead and the business to review key strategic objectives. Involving IT finance fosters better connectivity between the spend being incurred and the business benefit of the investment. Let’s Talk About Embeddedness In Your Enterprise Want to learn more about your IT spend management maturity or how to improve IT spend visibility, control, and optimization in your own enterprise? Forrester clients can take the IT Spend Management Maturity Assessment and set up a guidance session with me to review your results and the recommendations that Forrester can provide. source

Microsoft announced that it will gradually retire password management capabilities (i.e., the ability for a user to use Microsoft Authenticator to import, remember, and fill in passwords in mobile browsers) in its Microsoft Authenticator application. Users cannot add new passwords and fill website forms with stored passwords, and starting August 1, 2025, all stored passwords will be no longer be accessible in the Authenticator app. Before August 1, 2025, users can manually export passwords (but not saved payment data) from the Authenticator app. This move will have three immediate effects: Further reduce user reliance on passwords. Because of phishing, decryption, cracking, snooping, keystroke logging, replay, and availability of passwords in the dark web, passwords’ value is converging to minimal to zero when it comes to preventing unauthorized access and protecting valuable data. This move should help users rely on passwords less and less, especially for any new account signups. Promote stronger passwordless authentication methods. FIDO Passkeys, internet backchannel-based push messages, and device-side one time password (OTP) generation are all stronger authentication methods than passwords. Removing password storage from Authenticator will require users to adopt stronger authentication methods, which is a good thing. Migrate password management to the Edge browser. To meaningfully compete with Google’s Chrome and Firefox’s built-in password managers, Microsoft is promoting its Edge browser to consumers and continues to offer password management within Edge. This may also allow Microsoft to exert greater influence on the user experience and, beyond the authentication flow control, also promote the use of its integrated Copilot genAI. An unexpected side effect of the announcement will be renewed focus on independent password management solutions, such as 1Password, Keeper Security, Dashlane, KeePass, Bitwarden, and others. As these solutions can also manage and synchronize FIDO Passkeys across multiple operating systems and browser types, these tools may gain unexpected importance and adoption, keeping in mind that these password wallets remain a tempting honey pot for hackers. source

Nearly every day, I’m asked about pricing challenges, most of them stemming from the complexities and constant evolution of AI. Pricing models are evolving nearly as quickly as AI technologies. AI Is Driving The Evolution Of B2B Pricing Models Usage-based pricing is rapidly gaining momentum as an alternative to traditional flat-fee and subscription models. This shift reflects the reality that value doesn’t always scale with user count. For example, security tools often deliver value based on endpoints or data volume, not the number of users. APIs and AI agents are accelerating the shift away from user-based pricing by delivering value through automation, integration, and scale rather than human interaction. APIs create value based on call volume or task automation, not user count. Similarly, AI agents now perform tasks autonomously, reducing the relevance of user-based metrics. As AI continues to decouple usage from value, buyers will increasingly favor outcome-based pricing. In light of these changes, organizations should reassess their pricing models to ensure that they align with how value is delivered. The Evolving Range Of B2B Pricing Models In my new report, Rethinking Pricing: How To Choose Models That Reflect AI-Era Value, I provide an overview of different B2B pricing models, the pros and cons of each model for both customers and providers, as well as recommendations on when each model is best suited. Below is a recap of the pros and cons of each for suppliers. Fixed/Subscription Pricing Definition: Charges a set amount monthly or annually, regardless of usage. Often seat-based. Pros: Predictable cash flow Enables deeper user engagement Allows for new paradigm or new concept offerings to demonstrate value Cons: Must help customers identify users who will realize value Customers may not see the connection to value AI automation will replace users and thus seats Usage-Based Pricing  Definition: Tracks a customer’s usage of the offering and bills accordingly. May also track events (e.g., API calls). Pros: Broaden market potential Unlock revenue from heavy users No revenue ceiling Shortened procurement cycle Cons: Can generate viral adoption without the artificial barrier of users Less predictable revenue Susceptible to revenue loss during downturns Billing systems and sales compensation must be more complex Sales and success teams must drive adoption for “nice to have”/less established offerings May promote “spend anxiety” among customers Hybrid Pricing Definition: Base subscription plus usage-based charges. Could be over and above the base allocation. Can also combine subscription and outcome-based charges. Pros: Ensures a baseline of predictable revenue Scales with heavy usage Ease customers into usage-based spending Encourages adoption and provides upsell opportunity Cons: Harder to communicate and manage Billing systems must be more complex Sales and success teams must track consumption to prevent surprises More challenging for sales compensation Adds complexity to the sales process Outcome-Based Pricing Definition: Ties pricing to tangible success metrics. Can be structured as event-based (e.g., charging per resolved customer support call). Pros: Builds customer trust Provides a strong incentive for increasing product quality Competitive differentiation Cons: Must define and track customer KPIs Can be complex to measure and monitor Potentially higher risk Longer sales cycle For custom guidance on which pricing model will work best and implementation tips for AI offerings, set up an inquiry with analyst Lisa Singer. source

Vulnerability management is undergoing a seismic shift. The risk based prioritization from vulnerability risk management (VRM) has combined with attack surface management (ASM) to form exposure management and continuous security testing — two emerging practices that prioritize visibility and prioritization over remediation and response. While these newer market segments have yet to achieve widespread adoption, their emergence has reshaped the vulnerability management space. But their emphasis on visibility and prioritization neglects the third principle of proactive security: Remediation. This is where unified vulnerability management (UVM) solutions come into play, because UVM solutions don’t just aggregate vulnerability findings, they unify remediation efforts. UVM: More Than Aggregation UVM isn’t simply about consolidating data; it represents the unification of remediation efforts across diverse systems and teams. UVM solutions serve as centralized repositories for vulnerability findings, enabling streamlined orchestration of response efforts and providing enhanced tracking of remediation progress. But while the vulnerability management market continues to evolve, some challenges persist. To understand how organizations can optimize their vulnerability management approach, it’s crucial to examine what has changed and what remains constant. What’s Changed In Vulnerability Management? Preferred Sources of Vulnerability Assessments The way organizations gather vulnerability data has changed. Organizations increasingly rely on existing tools — such as endpoint security agents, network vulnerability scanning platforms, and SecOps systems — to maximize efficiency. The focus has shifted toward leveraging existing sources for visibility and integrating them into UVM to enable comprehensive assessments across diverse asset classes like cloud environments, applications, and IoT devices. While some UVM vendors provide their own assessments, others require ingestions from third-party vulnerability assessment providers to orchestrate response efforts. Prioritization Strategies Exposure management is redefining how vulnerabilities are prioritized. Traditional common vulnerabilities and exposures-based prioritization is evolving into strategies informed by attack path analysis and validation, which evaluates weaknesses along potential attack paths. Continuous security testing further validates which vulnerabilities are exploitable, ensuring vulnerabilities are exploitable to validate true exposure. UVM solutions must adapt to support these advanced prioritization methods, whether natively or through integration with exposure management platforms and continuous security testing solutions. Additionally, the use of commercial vulnerability intelligence — beyond public feeds such as CISA’s Known Exploited Vulnerabilities — is becoming essential for organizations seeking to stay ahead of known threats. What Has Stayed The Same In Vulnerability Management? Remediation Processes Despite advancements in prioritization and visibility, remediation processes remain a persistent challenge. While UVM solutions can initiate and monitor workflows for vulnerability notification, patch management, and remediation actions, they cannot fix broken processes on their own. Organizations still require strong patch management practices and active commitment from remediation owners — including IT, cloud, and development teams — to reduce exposure risks effectively. UVM solutions offer recommendations and prioritize actions, but the responsibility to execute and conclude remediation efforts lies with the organization. Many vulnerability management teams still rely on IT service management (ITSM) platforms to track vulnerability response, while fewer use UVM directly to manage workflows. Automation features, such as auto-deploying patches, remain underutilized, with most organizations favoring automated ticket creation and notification systems over fully automated remediation. Ensure your remediation strategy aligns with your organizational preferences and characteristics. For example, if you’re a development-heavy organization, then generating remediation tickets into your developers’ preferred ITSM for visibility is likely best. But if your organization responds well to centralized dashboards and gamification, then consider UVM solutions as the book of records for remediations. Experiment with auto remediation safely as these capabilities are still evolving. Consider unique factors from your local environment, such as high memory utilization, unusual configurations, or group policy objects for auto remediation plans. Auto remediation doesn’t mean blindly patching — it’s an opportunity to streamline patch test and rollout plans. Forrester clients can read the full report, The Forrester Wave™: Unified Vulnerability Solutions, Q3 2025, now! Use this report for more insights on the market and the 10 vendors that matter most. If you have any questions about the changes happening in the UVM market, book an inquiry or guidance session with me. source