Forrester

Microsoft announced that it will gradually retire password management capabilities (i.e., the ability for a user to use Microsoft Authenticator to import, remember, and fill in passwords in mobile browsers) in its Microsoft Authenticator application. Users cannot add new passwords and fill website forms with stored passwords, and starting August 1, 2025, all stored passwords will be no longer be accessible in the Authenticator app. Before August 1, 2025, users can manually export passwords (but not saved payment data) from the Authenticator app. This move will have three immediate effects: Further reduce user reliance on passwords. Because of phishing, decryption, cracking, snooping, keystroke logging, replay, and availability of passwords in the dark web, passwords’ value is converging to minimal to zero when it comes to preventing unauthorized access and protecting valuable data. This move should help users rely on passwords less and less, especially for any new account signups. Promote stronger passwordless authentication methods. FIDO Passkeys, internet backchannel-based push messages, and device-side one time password (OTP) generation are all stronger authentication methods than passwords. Removing password storage from Authenticator will require users to adopt stronger authentication methods, which is a good thing. Migrate password management to the Edge browser. To meaningfully compete with Google’s Chrome and Firefox’s built-in password managers, Microsoft is promoting its Edge browser to consumers and continues to offer password management within Edge. This may also allow Microsoft to exert greater influence on the user experience and, beyond the authentication flow control, also promote the use of its integrated Copilot genAI. An unexpected side effect of the announcement will be renewed focus on independent password management solutions, such as 1Password, Keeper Security, Dashlane, KeePass, Bitwarden, and others. As these solutions can also manage and synchronize FIDO Passkeys across multiple operating systems and browser types, these tools may gain unexpected importance and adoption, keeping in mind that these password wallets remain a tempting honey pot for hackers. source

Many leaders in security, risk, and privacy have seen some things. But this year has been marked with … something different. A different level of volatility has reigned, including geopolitically motivated attacks, new regulatory hurdles, relentless AI disruption, and looming quantum threats. Security, risk, and privacy leaders must be empowered to look around the corner to stay ahead of the chaos and equip their teams with the insights and knowledge to take the right risks, secure their organizations, and propel the organization forward. Forrester’s Security & Risk Summit 2025 is designed to empower you. You will not only learn from visionary keynotes, but also breakout sessions, workshops, roundtables, and special programs that will give you the right insights to bolster your security, risk, and privacy programs. You’ll get the right practical strategies, roadmaps, case studies, and tools to accelerate your current tactical plans and prepare you to tackle what’s next in the face of churn. Here are some of the topics we’ll cover at the Summit in our keynote presentations: The Agentic Enterprise Is Right Around The Corner. Are You Ready? Security and risk are often the barrier to what organizations want to do with generative AI (genAI). Twenty-seven percent of enterprise AI decision makers say that data privacy and security concerns are the greatest barriers to adoption of AI in their organization, while 20% say governance and risk. Now is not the time to be the blocker of this change. Even if it’s difficult to secure what the organization wants to do with genAI, agentic AI is the next wave. And it’s coming soon. The near future will bring even more disruption that will stress your current controls to the limit. Jeff Pollard and Jess Burn will present the road forward on the skills, staffing, and controls you need to meet the genAI challenge today and the agentic AI challenge tomorrow. Can You Deprioritize Quantum Security? Organizations that pigeonhole the danger that quantum computing presents as only a “steal now, encrypt later” problem might believe this is a problem to solve in the future. But quantum computing threatens the very foundation of today’s cryptographic foundations. All digital signatures that the internet uses will become suspect. You won’t be able to confirm that signed emails, documents, and code haven’t been tampered with. Then what? Sandy Carielli will tackle this problem head-on and show how making a few critical, risk-based architectural choices today can start you on the way to a quantum-safe future. And The Winner Is … You? Application for our annual Security & Risk Enterprise Leadership Award is still open! However, all nominations must be submitted by August 13, 2025. This award recognizes organizations that have transformed their security, privacy, and risk management functions into capabilities that fuel the organization’s reputation for trust and its long-term success. This award celebrates the organization rather than a single individual, rewards based on the program’s impact to the business, and recognizes that while no organization is perfect, all can improve. Joseph Blankenship will be at the event to hand out this award and host the award winner for a conversation on the mainstage to pass on highlights from their journey. This could be you! Start your application today! See You In Austin There is opportunity, even in times of chaos, when you have the right strategy, insights, and connections. Bring your team to Forrester’s Security & Risk Summit in Austin on November 5–7, 2025, to not only hear the valuable information from the keynotes but also to experience the breadth of tracks focused on practical guidance and tactical execution. See you there! source

AI is reshaping the future of digital experiences. With rapid advancements in AI, chatbots and virtual assistants are becoming more conversational, intuitive, and impactful. Organizations are racing to harness these innovations to enhance CX and boost operational efficiency. However, the path to transformation isn’t without its hurdles – navigating complex technologies and managing associated risks remain critical challenges. To explore how one organization is tackling this journey, I interviewed Siddhartha Chatterjee, global chief data and AI officer at Club Med. Club Med is a global travel and tourism operator headquartered in Paris. The company has leveraged genAI for conversational experiences and has been on an AI transformation journey. We also welcomed Siddhartha for an exclusive fireside chat at Forrester CX EMEA Summit on June 4, 2025. There, he shared how Club Med designed, implemented, and continuously refined its conversational AI strategy – offering a rare, behind-the-scenes look at a real-world transformation in the travel and hospitality industry. AI Leadership And Organization Aurelie: Could you please tell us about your role at Club Med? Siddhartha: My role is quite broad, akin to that of a chief data and AI officer with a strong focus on transformation. I have the privilege of working in an organization where marketing, digital, data, and AI are all integrated under one umbrella. I’m responsible for end-to-end data and AI initiatives, including infrastructure and IT, development and sourcing of AI and data use cases, data governance and compliance, and enhancing digital experiences across platforms. Revolutionizing Customer Engagement With Conversational AI Aurélie: What sparked the conversational AI initiative? Siddhartha: The development of our WhatsApp chatbot was a very bold move. Our goal was to improve customer service efficiency. Since WhatsApp is widely used in Brazil – second only to India, with nearly 80% of customers using it to ask questions – we integrated our LLM-based AI directly into WhatsApp. At the time (early 2024), this was a novel approach. Within three months, we fully automated 30% of customer interactions (50% partially) – and improved customer satisfaction. Our vision is to enable the entire booking journey within WhatsApp, leveraging asynchronous messaging for both customers and service providers. AI enables us to provide near-instant responses. Inspired by innovations like JioMart in India, we’re working with Meta to expand this model in Europe, where adoption of WhatsApp for business is growing. We believe messaging is the future of customer engagement, but we remain omnichannel – offering consistent experiences across app, web, phone, and messaging. Ultimately, great CX is about how well services are delivered. We take a data-driven approach, constantly analyzing customer feedback and call center data to identify pain points and improve. We work with a range of vendors to ensure customer data privacy and security. Enhancing Efficiency And Experience With A Multi-Agent AI System Aurelie: There are many use cases for conversational AI, such as customer service, marketing, sales. Which use cases have delivered the most value for you and your customers? Siddhartha: Automating responses has significantly improved both customer and sales agent experiences. Previously, agents acted like “human APIs,” manually retrieving information from databases – an inefficient use of their time. Now, a chatbot handles routine queries, freeing agents to focus on delivering a premium, emotionally engaging customer experience. One key metric: thanks to AI, the average first-response time on WhatsApp dropped by 3.5 hours, from around 4–6 hours to just 30–40 minutes. AI responses are nearly instant (4–5 seconds) with 95% answer accuracy, increasing satisfaction rates to 85%. The remaining 5% of answers that we want to improve aren’t hallucinations but could be more complete. This success is due to a multi-agent AI system: One agent interprets the question, a second retrieves relevant data, a third generates the response in Club Med’s tone, and a fourth checks relevance. Human testers then score answers as perfect, partially complete, or incorrect. This rigorous evaluation process enables continuous improvement and confident scaling. Smart Scaling: Localizing And Expanding The AI Assistant Across Markets Aurélie: How has your conversational assistant evolved since its inception? Siddhartha: We launched in Brazil in Q1 2024. As of Q2 2025, our AI assistant is live in 12 markets, each with unique languages, questions, and localized product details. Due to data limitations, some queries still go to human agents. We’re now adding a commercial information agent to handle localized promotions and building a booking agent that can place nonpayment holds on trips, streamlining the path from inquiry to booking. We prioritize markets based on WhatsApp adoption and volume. Initially, we launched WhatsApp and AI together in Brazil and Belgium. Now, every WhatsApp rollout includes AI, with a two-week gap to analyze local queries for better performance. Our AI was built after analyzing call center data across markets, identifying 2 key question categories: product and pricing. The first two agents — product information and pricing — cover about 70% of customer queries. Pricing is complex, requiring real-time API calls and contextual explanations (e.g., why one resort costs more than another). Once a customer receives product and pricing info, we generate a prefilled booking link: This eliminates the need to manually search and input details, making the booking process much faster and more seamless. Measuring Success Aurelie: How do you define and measure success for your conversational AI initiatives? Are there any metrics or KPIs you focus on? Can you share a case where conversational AI helped reduce costs or improve efficiency in a measurable way? Siddhartha: We track several KPIs to evaluate our AI tools. First, productivity: Are internal teams becoming more efficient? Then, the automation rate: What percentage of business processes are fully automated (e.g., 32% in WhatsApp, 75% for IT ticket routing)? We measure customer satisfaction, especially for customer-facing tools, and we monitor CSAT and Net Promoter Score℠ (NPS). And we also measure cost avoidance: Rather than cutting costs, we focus on avoiding future expenses through AI-driven efficiencies. We also benchmark a lot. For example, we were impressed by how Trip.com in China implemented conversational AI. They shared that it

Every week, I talk with B2B leaders who want to know how their organization compares to others in genAI adoption. They also want to know where to get a definitive list of genAI tools. Some already have corporate-provided tools in place, while others are juggling a few team-specific tools. For the majority, content creation is the most widespread use case. These leaders are hoping that I’ll provide a list of tools to spark ideas or help their team cut through the noise. But here’s what I tell them: before you build a shortlist, you need to understand who the tools are for and how content moves through your organization. That context is what separates a smart investment from another shiny experiment.  GenAI For Content Seems Easy, But Quickly Exposes Complex Reality GenAI is reshaping how many organizations think about the content they create. It’s used across the organization to engage audiences. And it’s where teams often start experimenting with genAI. That’s where expectations often run high for both speed and scale of adoption. However, content creation isn’t a tidy, purely centralized function. It’s a messy reality: the activities are fragmented within marketing and across departments. When leaders ask, “What tool should we buy?” they’re usually trying to make things easier. But choosing a tool before understanding how content is created today, and by whom, is the wrong starting point. That’s why a decision framework is essential.  Whether you’re choosing your first genAI tool or trying to make better use of the ones you already have, recognize that:  Content creation is a shared responsibility. It doesn’t live in just one team. Marketing, sales, product, and customer success roles all contribute to your company’s content. Before making tech decisions, map out who’s creating the content, in which format, and for which audience. Look beyond the obvious creators and talk to a range of people doing content work. Find out what tools they’re already using, official or not, what tasks take the most time, what gets duplicated, and where they feel blocked. Pay attention to cross-functional handoffs, rewrites, version control headaches, and where the quality suffers. That visibility will clarify where support is needed, and which use cases matter the most.   Tool choice depends on role, format, task, and skill level. Not everyone is a content specialist, and not every genAI tool fits every use case. A tool that works for writing long-form content may not suit design tasks or needs related to video, audio, or repurposing content across formats. The right choice depends on content modality, the type of task, and how skilled or confident the user is with genAI. You also need to consider how well the tool fits into existing workflows, supports brand governance, and meets the needs of cross-functional contributors.  Success comes from people, not platforms. GenAI won’t fix what’s fundamentally broken. It won’t untangle inefficient processes, repair collaboration gaps, or compensate for immature content operations. It can’t create strategic clarity where none exists. If your content strategy is outdated or disconnected from audience needs, adding genAI will only speed up the creation of low-impact content. To get real value, organizations must first address the underlying structure – how content is planned, created, governed, and measured – and ensure team members are ready to use these tools well. GenAI amplifies what already exists, for better or worse. Make Smarter, Context-Aware GenAI Investments For Content Creation  Once you’ve made thoughtful decisions about which genAI tools to invest in, the real work begins. Start by aligning your team around clear roles, repeatable workflows, and shared success criteria. Make sure the people using the tools understand how to apply them, and have the space to practice, experiment, and provide feedback. Work with your content experts to establish guardrails that protect brand, privacy, and quality without introducing friction. This might include shared prompt libraries, role-based tool access, and embedded brand and legal checks. Make learning part of the workflow, not a one-time event, so your teams stay confident and capable. Most importantly, treat this as a shift in how content gets created, not just who creates it. The more you ground your genAI strategy in how your organization actually works, the more value you’ll realize.   Read more about how to use a decision framework to choose the right genAI tool for content creators in the report, Make Smarter Investments In Generative AI For Content Creation (client access required). Contact us if you’d like to discuss how to build a genAI stack that reflects your content reality and helps your team drive greater success with content.   source

In Forrester’s 2025 B2B Brand And Communications Survey, CMOs and marketing leaders revealed how economic pressures and the rapid adoption of generative AI (genAI) are reshaping expectations for brand and communications investments. The budget expectations shared by our survey respondents indicate a planned strategic rebalancing — driven by AI-enabled efficiencies and a push for leaner operations. AI Drives Efficiency — And Expected Budget Pullbacks Website and digital programs remain a top priority for increased investment, but despite their central role in digital engagement, the percentage of marketers planning to increase investment has dipped slightly year over year (from 64% to 60%). The likely reason? GenAI is enabling brand and communications teams to do more with less — automating tasks, accelerating production — thus limiting or reducing the need for more investment. The same trend is even more pronounced in content and creative services. As genAI tools become more capable of generating content at scale, fewer marketers are expecting to increase program investments (44% compared with 53% last year). This shift likely reflects a broader move away from traditional creative workflows toward genAI-powered content engines. Headcount Expectations Mirror Program Budget Shifts The percentage of marketers expecting headcount increases is modest across all brand and communications areas as compared to programs. Two areas that typically show more marketers expecting headcount investments year over year — website/digital and content and creative services — show no real change this year (website/digital) and a 10-percentage point decline (content and creative services). This further underscores the likely growing reliance on technology — especially in areas where genAI can deliver speed and scale. Companies may also be playing a conservative hand in light of economic uncertainty. After all, it’s much easier to flex investments up and down with program investments and agency partners than badged employees. Brand Management Gains Strategic Importance While genAI is reshaping execution, brand still plays a central role in differentiation. Marketers looking to increase investment in brand management rose from 42% to 52% in this year’s survey, signaling a renewed focus on brand development and consistency — ensuring that the brand is brought to life in a compelling and reinforcing way across all digital and physical touchpoints. As companies bring more brand work in-house, they’re prioritizing consistency, control, and the long-term value of brand trust in a volatile market landscape. The Final Analysis In 2025, B2B marketers are rethinking how they invest in brand and communications. GenAI is enabling faster, more efficient execution — especially in digital and creative areas — while freeing up resources to focus on building brand value and ensuring compelling and consistent activation. The result is a more selective, strategic approach to brand and communications investments. Forrester clients can explore the full data in our report, B2B Brand And Communication Programs Budget And Personnel Changes, 2025. View additional research by Karen Tran or schedule a guidance session today. source

Vulnerability management is undergoing a seismic shift. The risk based prioritization from vulnerability risk management (VRM) has combined with attack surface management (ASM) to form exposure management and continuous security testing — two emerging practices that prioritize visibility and prioritization over remediation and response. While these newer market segments have yet to achieve widespread adoption, their emergence has reshaped the vulnerability management space. But their emphasis on visibility and prioritization neglects the third principle of proactive security: Remediation. This is where unified vulnerability management (UVM) solutions come into play, because UVM solutions don’t just aggregate vulnerability findings, they unify remediation efforts. UVM: More Than Aggregation UVM isn’t simply about consolidating data; it represents the unification of remediation efforts across diverse systems and teams. UVM solutions serve as centralized repositories for vulnerability findings, enabling streamlined orchestration of response efforts and providing enhanced tracking of remediation progress. But while the vulnerability management market continues to evolve, some challenges persist. To understand how organizations can optimize their vulnerability management approach, it’s crucial to examine what has changed and what remains constant. What’s Changed In Vulnerability Management? Preferred Sources of Vulnerability Assessments The way organizations gather vulnerability data has changed. Organizations increasingly rely on existing tools — such as endpoint security agents, network vulnerability scanning platforms, and SecOps systems — to maximize efficiency. The focus has shifted toward leveraging existing sources for visibility and integrating them into UVM to enable comprehensive assessments across diverse asset classes like cloud environments, applications, and IoT devices. While some UVM vendors provide their own assessments, others require ingestions from third-party vulnerability assessment providers to orchestrate response efforts. Prioritization Strategies Exposure management is redefining how vulnerabilities are prioritized. Traditional common vulnerabilities and exposures-based prioritization is evolving into strategies informed by attack path analysis and validation, which evaluates weaknesses along potential attack paths. Continuous security testing further validates which vulnerabilities are exploitable, ensuring vulnerabilities are exploitable to validate true exposure. UVM solutions must adapt to support these advanced prioritization methods, whether natively or through integration with exposure management platforms and continuous security testing solutions. Additionally, the use of commercial vulnerability intelligence — beyond public feeds like CISA’s Known Exploited Vulnerabilities — is becoming essential for organizations seeking to stay ahead of known threats. What Has Stayed The Same In Vulnerability Management? Remediation Processes Despite advancements in prioritization and visibility, remediation processes remain a persistent challenge. While UVM solutions can initiate and monitor workflows for vulnerability notification, patch management, and remediation actions, they cannot fix broken processes on their own. Organizations still require strong patch management practices and active commitment from remediation owners — including IT, cloud, and development teams — to reduce exposure risks effectively. UVM solutions offer recommendations and prioritize actions, but the responsibility to execute and conclude remediation efforts lies with the organization. Many vulnerability management teams still rely on IT service management (ITSM) platforms to track vulnerability response, while fewer use UVM directly to manage workflows. Automation features, such as auto-deploying patches, remain underutilized, with most organizations favoring automated ticket creation and notification systems over fully automated remediation. Ensure your remediation strategy aligns with your organizational preferences and characteristics. For example, if you’re a development-heavy organization, then generating remediation tickets into your developers’ preferred ITSM for visibility is likely best. But if your organization responds well to centralized dashboards and gamification, then consider UVM solutions as the book of records for remediations. Experiment with auto remediation safely as these capabilities are still evolving. Consider unique factors from your local environment, such as high memory utilization, unusual configurations, or group policy objects for auto remediation plans. Auto remediation doesn’t mean blindly patching — it’s an opportunity to streamline patch test and rollout plans. Forrester clients can read the full report, The Forrester Wave™: Unified Vulnerability Solutions, Q3 2025, now! Use this report for more insights on the market and the 10 vendors that matter most. If you have any questions about the changes happening in the UVM market, book an inquiry or guidance session with me. source

A Market At An Inflection Point Master data management (MDM) solutions provide capabilities to create unique, accurate, consistent, and qualified systems of record for shared enterprise data, such as customer, product, supplier, employee, location, asset, and organizational data. The Forrester Wave™: Master Data Management Solutions, Q2 2025, published in June, highlights a big evolution to a rather stabilized market over the past decade. In this evaluation, we evaluated 12 vendors that are redefining and leading this market, helping enterprise buyers align the right solution to their evolving data strategies. A Market Reshaped By AI, Cloud, Trust, And Democratization The MDM market is undergoing a profound transformation. Once focused on centralized control and long-term operational stability, today’s market emphasizes federation, agility, intelligence — all critical to AI readiness. Top-performing vendors demonstrated a strong balance between advanced AI/ML capabilities and a commitment to data privacy, security, governance, and regulatory compliance. Enterprises are evolving their data foundations and rethinking how MDM fits into their data strategy to support AI-driven operations and digital transformation. As they evaluate MDM solutions, AI compels them to face a new set of trade-offs and strategic considerations: AI innovation must be balanced with trust and compliance. While the fundamental capabilities such as data quality and governance remain essential, leading vendors are embedding AI/ML across the stack — from rule mining and data matching to generative enrichment and copilots. But innovation alone isn’t enough. Buyers must ensure that these capabilities are delivered with strong data governance, privacy controls, and regulatory compliance. Cloud-native agility redefines deployment expectations. Legacy MDM platforms were highly customizable but struggled with longer implementation cycles and more technical overhead. In contrast, cloud-native tools are easy to deploy and promote interoperability, enabling faster time to value, lower operational complexities, and increased AI readiness. User experience is now a strategic differentiator. As data democratization becomes a priority, end users emphasize data intelligence, self-service capabilities, and intuitive UI/UX. It is critical to empower multiple human and non-human roles across the enterprise (e.g., business users, analysts, AI copilots). A platform approach and ecosystem alignment drive long-term value. The most competitive MDM vendors are no longer standalone solutions — they offer platforms with multiple capabilities for complete enterprise data management. They are now also embedded into broader data ecosystems, including integration with hyperscalers, cloud marketplaces, data pipelines, and AI platforms. What Does This Mean For MDM Buyers? For organizations evaluating MDM platforms today — or even those with existing vendor contracts — the message is clear: It’s essential to reevaluate your needs and vendor capabilities at least every three years. The market is evolving rapidly, and staying aligned with your data strategy requires continuous reassessment. Every vendor in this Forrester Wave articulated a vision for how AI will shape the future of MDM. But the maturity and execution of that vision varied widely. While many showcased baseline AI features like AI-driven multi-attribute matching, dynamic survivorship, workflow management, knowledge graph, and multi-domain support, the most differentiated solutions: Embed copilots and intelligent UX flows. Offer generative AI for data enrichment and synthetic data creation. Leverage AI-driven data quality rule mining and governance policy automation. Provide AI-enabled, real-time observability and anomaly detection. Enable federated ownership and governance to support quick AI deployments. Deliver platforms supporting the entire AI and data management lifecycle. Let’s Continue The Conversation For a deeper dive into the market and what enterprises are looking for, Forrester clients can read the full report, The Forrester Wave™: Master Data Management Solutions, Q2 2025. If you’d like to discuss how this market is evolving, what existing users are saying about their products, or how to assess which vendor best fits your enterprise, book an inquiry or guidance session with me. source

In the past, volatility for CIOs came in waves: an economic downturn here, a security breach there, a digital transformation sprint every few years. But 2025 has been an entirely different animal — a mythical beast, if you will — that no CIO ever wanted to encounter. The Year Of “Too Much, Too Fast” In my role as a research director at Forrester, I talk to CIOs at a lot of companies about many topics, often about things that trouble them. And in conversations with CIOs across industries, a consistent theme has emerged this year: the pressure and pace is relentless. AI dominates the collective minds of all executives, and boards now expect tangible results, not just exploratory use cases. They’ve funded enough pilots and want to see real applications with real value — results that scale. Meanwhile, cybersecurity threats have become more personal, persistent, and damaging. This is the promise and the peril of advancing technology; threats advance at an accelerated rate, too. And CIOs are facing hard questions about their cloud journey and decisions — did they push too far too soon? Did they move too much? Should some of those workloads come back from the clouds, hopefully with a parachute on? 2025 has been a beast because in addition to the usual challenges (e.g., modernizing your tech, accomplishing more with less, partnering with many different business stakeholders, avoiding cyber incidents), CIOs have also had to deal with the uncertainty of tariffs, unpredictable swings in geopolitics, regulatory issues — lions, tigers and bears, oh my! The Human Cost Of Tech Volatility At the center of all of this are your people, your staff that has been feeling the same pressures you have. CIOs are increasingly concerned about whether they have the right operating model in the age of AI. Talent churn, skill mismatches, and overextended delivery teams are creating a real challenge in many tech organizations. Burnout of your best performers creates flight risks you cannot afford. This is all while there is an ever-growing drum beat of replacing human jobs with AI. How are CIOs expected to lead workforce transformation while their own teams are in a state of anxious uncertainty? They are told to reskill staff while also hitting quarterly delivery goals and tightening budgets. It is a contradiction that’s not fun to talk about — but it is one that every CIO is living. If you’ve been a tech leader a while, you know some of this is not new, but the pace has intensified. Learn From Our Panel Of Adaptable Tech Leaders To help tech leaders navigate all of this swirl, we came up with a panel entitled, “Navigating A Year Of Volatility,” at our upcoming Technology & Innovation Summit North America in Austin. We’re bringing together a diverse set of CIOs from different industries, all of whom have lived through the chaos and made tough choices in the eye of the storm. Some doubled down on automation, some tightened spending and refocused on value realization, others pivoted to AI-native roadmaps, and some have done all of the above. They’ll each discuss how much adaptability has been a crucial skill for success. But this will not just be a conversation — it will provide a blueprint for resilient leadership. If you are a technology leader or someone interested in how to navigate volatility, this panel is your chance to stop treading water. You can start building a boat that can actually sail through this relentless storm, as the current wave of volatility shows no signs of cresting anytime soon. And the CIOs who adapt fastest — with clarity, humility, a listening and learning mindset, along with a sharp grasp of reality — will emerge stronger. So join us November 2-5 in Austin at Technology & Innovation Summit North America. Because the future is not waiting. Will there be serenity? Perhaps, but not any time soon. source

IT leaders face significant challenges in developing effective performance models. The complexity of data integration, strategic misalignment, and resistance to change often hinders metric alignment with dynamic organizational needs. The Problem With Traditional Metrics Traditional approaches to performance metrics often misguide decision-making. Organizations struggle with excessive metrics, fragmented measurement systems, and outdated performance models that fail to align with strategic goals. Misalignment with strategic goals can result in fragmented systems and customer dissatisfaction when metrics overlook broader business objectives. An overreliance on activity-based metrics may lead to inefficiencies by prioritizing task completion over quality outcomes, diverting resources from strategic aims. Additionally, non-relevant KPIs, developed without adequate validation, can be inconsistent, overlooking crucial qualitative factors such as customer satisfaction. Data integrity issues further erode trust in performance models, causing inaccuracies and fragmented perspectives. Furthermore, a lack of adaptive measurements that respond to business cycles and technological changes can hinder innovation, while an excessive dependency on outdated best practices may create rigid frameworks that fail to address unique contextual needs. Forrester recommends four categories of performance model archetypes to inform decision-making: Operational health KPIs. Monitor and improve the efficiency, reliability, and performance of IT infrastructure and services. Service dashboards. Visually present KPIs to monitor end-to-end service performance and make informed decisions using real-time data. Metric maps. Diagnose and fix problems with services or processes, tracking the adoption of improvement plans. Employee experience. Measure the end user’s experience to boost morale, engagement, and retention. The Role Of Metric Maps Metric maps are a powerful tool for diagnosing and fixing problems with services or processes. They use objectives and key results to track improvements through each step of adoption, indicating early success, continued success, and outcome achievement. By integrating continuous feedback and communication, metric maps create a dynamic and responsive performance tool that supports employee growth, enhances engagement, and drives overall business success. Here is an example of a metric map for a common challenge in service management — a lack of resources to get things done. In this case, the problem statement is defined as: Incident volumes continue to increase, and the organization doesn’t have enough people to meet expectations. The objective is to increase automation and self-service to reduce incident volume and increase productivity.   But you can’t use the measurement of productivity as your North Star. It may take months to see any positive change. Instead, break down the improvement opportunity into stages of initiate, emerge, improve, and value, then identify metrics that will indicate that progress is being achieved. Effective performance modeling is critical for adaptive and resilient operations. Organizations can overcome traditional metric challenges and drive continuous improvement by prioritizing metric maps and leveraging the four performance model archetypes. Embracing adaptive measurements and fostering a performance culture will ensure that IT leaders can align metrics with dynamic organizational needs and strategic goals. Let’s Connect Have questions? That’s fantastic. Let’s connect and continue the conversation! Please reach out to me through social media or request a guidance session. Follow my blogs and research at Forrester.com. source

In technology circles, few metaphors have endured as well as Geoffrey Moore’s “Crossing the Chasm“. His framework describes the perilous gap between early adopters and the ultimate majority. This gap, in fact originally espoused by Everett Rogers, occurs where promising innovations stall due to complexity, unclear value, or the inability to scale beyond pilot projects. Diffusion of innovation stops being a sprint to a new world and enters what feels like a grinding uncertain marathon… an analogy that resonates strongly as we consider the evolution from Generative AI (Gen AI) to Agentic AI. While Gen AI’s adoption curve has been steep and accelerated, propelled by its immediacy and accessibility, the move to Agentic AI – autonomous, goal-oriented systems that can reason, plan, and act – is far less straightforward. The Complexity Gap From Gen AI To AI Agents Gen AI thrives on discrete prompts and outputs: a well-crafted question leads to a coherent answer, image, or draft. Its failure modes including hallucinations, bias, and data quality issues are visible and relatively easy to mitigate with humans in the loop or other oversight mechanisms under the banner of responsible AI. But Agentic AI and AI Agents introduces layers of complexity. These systems aren’t just generating content; they are orchestrating multi-step tasks, making autonomous decisions, and interacting with real-world systems. As my Forrester colleague, Leslie Joseph, highlights in his seminal report “Why AI Agents Fail (And How To Fix Them)” a simple Gen AI application doesn’t present the risk of inter-agent collusion, but Agentic AI does. Indeed, Agentic AI carries this and a whole host of additional failure modes including: Task orchestration risks: Poor sequencing or logic breakdowns can derail an entire process. Goal misalignment: Agents may optimize for the wrong objectives, creating unintended consequences. Error compounding: Minor flaws in early steps magnify as agents execute downstream tasks. Integration fragility: Reliance on APIs, retrieval-augmented generation, or legacy systems increases operational risk. Testing and governance challenges: Validating and auditing an agent’s decision pathways is exponentially harder than reviewing a single Gen AI output. Why The AI Adoption Timeline Will Stretch Over The Next Decade Proponents of Agentic AI argue that we’re on the cusp of mainstream deployment, but at Forrester, we believe this transition to a new mode of interaction between humans and technology will take far longer. Unlike Gen AI, which can often be trialed in isolation, Agentic AI requires robust guardrails, trust frameworks, and deep integration with enterprise workflows. It moves from “generate and review” to “plan, act, and potentially fail autonomously,” a leap that many risk-averse organizations will hesitate to take. We anticipate several years of messy experimentation and careful refinement before Agentic AI fully crosses its adoption chasm. Enterprises will need to invest heavily in new architectures, testing, security, and governance practices that are barely understood today. The “Hollow Enterprise or Hollow State” risk during outsourcing based on AI solutions is just one real and present example. This void between the promise and reality is not just about technology maturity; it’s about organizational readiness, cultural change, and the ability to manage new forms of technological and operational risk. Change means new or as yet not understood risks, risks mean fear, and fear means resistance. Now you have a kind of adoption friction that did not exist when Open AI released ChatGPT and continue allow their core offering to scale almost exponentially. The hard truth is the path from Gen AI to Agentic AI isn’t a straight line. It is a difficult leap across a canyon of complexity. And while the destination holds immense potential, getting there will require patience, discipline, and a much deeper appreciation of the risks and failure modes than are being acknowledged by the overconfident techno-optimistic narratives coming out of Silicon Valley. But this doesn’t mean we should all sit back and stare powerlessly into the chasm as if slow march to this new future is a “fait accompli”. We’re human, not AI, and as technology leaders we have agency and autonomy. We know that by adopting the principles of High-Performance IT that organizations can maximize the outcomes available using early-stage Agentic AI and prepare for those opportunities on the horizon for truly autonomous AI solutions. Want to know how? Join me at Technology & Innovation Summit APAC 2025 for my keynote “Machines, Gods and Kaos: High Performance IT…Because Prayer Isn’t A Strategy“, on Tuesday August 19th, in Sydney at the Sheraton Hyde Park or online on our Digital Events Platform. Register here. source