Forrester

In an era of rapid technological change (hello, AI), CIOs must cultivate relationships that inspire new behaviors and promote technological innovation and transparency. Gone are the days of technology being a function operating in the background of an organization. Technology is now fully in the spotlight, central to most business strategies. But it’s not technology alone that drives digital transformation: A transformation is only successful if it is accompanied by change within the organization. This is where the modern CIO network comes into play. Change Starts At The Top Horizontal alignment across the C-suite is vital for effective change. Trust, transparency, and collaboration at the top filter down throughout the organization, spreading across and dismantling traditional silos through organizational structures that reflect alignment, strategy, and agility. The C-suite itself must refuse to remain static, with the requirements of established roles constantly shifting and new roles emerging to reflect changing market conditions. This requires a closer and new kind of partnership between the CIO and the C-suite. Challenge The Status Quo Chief financial officer, chief human resources officer, chief legal officer — these are well-established positions within the C-suite. Yet the way that the CIO has traditionally partnered with them must radically change for transformational success. Take, for example, the partnership between the CFO and the CIO. Historically, this has been a relationship defined by annual budget cycles and project-based approvals, an approach that is now wholly outdated. Instead, focus on sprint-based budget cycles and outcome-based approvals. Nurture agility for quick responses to market changes. Or look to the relationship with the chief legal officer. The rapid rise of AI has radically transformed this partnership from a limited, largely reactive one to an embedded partnership. The CLO and CIO work alongside each other, fostering a culture of innovation and governance. Specialized Roles Expand The C-Suite Emerging themes such as AI and sustainability require an expansion of the C-suite to address these critical skill gaps. These roles are typically a temporary fix while the established C-suite gains expertise on these specialized topics. Temporary or not, the partnership with these roles is vital, as they are typically created to address changing market conditions. The chief AI officer (CAIO) is one such emerging role that is gaining traction. Organizations are facing pressure from their investors and boardrooms to simultaneously innovate with generative AI but also do so in a responsible and ethical way. The rapid adoption of AI has required many organizations to add a CAIO to their C-suite. The CIO and CAIO roles naturally intersect; for instance, the CIO might implement secure data pipelines that comply with the CAIO’s requirements for responsible data usage within AI. Let’s Connect Interested in learning more about the modern CIO network and how effective partnerships can drive successful transformation throughout your organization? Forrester clients can read our newly updated research on the topic here: The Modern CIO Network For Digital Transformation. Connect with me for an inquiry or guidance session. This blog was written with the assistance of Senior Research Associate Hannah Murphy. source

It’s a new media agency landscape. The last six months have witnessed more change in media agencies than what’s occurred over the last six years. Among the events reshaping the media agency landscape are GroupM’s consolidation into WPP Media, Omnicom’s acquisition of IPG, Vivendi’s spin-off of Havas Group, large advertisers such as Amazon, Coca-Cola, Johnson & Johnson, and Mars changing agencies, big tech’s integration of AI into consumer and business user experience, and AI removing a forecasted 33,000 US advertising and marketing jobs. Moves like these are realigning the contours of the media business along three macrodimensions: the power of budget leverage, the precision of technology in media activation, and the production of advertising content.   Power: Buying Power Emerges As Balancing Power Size and scale matter most for media agencies. Media agency buying power involves clout with publishers such as Google, Meta, or News Corp, early access to emerging technologies from partners, media budget under management, headcount, and footprint. Yet some question agencies’ motivations for leveraging scale. The most salient example is principal-based media, where agencies purchase up-front media inventory at deep discounts and resell the inventory to their clients with a markup. While controversial, principal-based media uses buying power to develop marketer value: discounted rates, exclusives, and guaranteed outcomes. A second example is the concentration of buying power within fewer, larger players. The big six agency holding companies are becoming the big three. Omnicom Group’s proposed merger with Interpublic Group would make the new Omnicom the largest global media buyer, followed by the newly rebranded WPP Media and Publicis. Buying power serves as an important counterbalance to the growing industrial data and technology complex from large cloud, tech, and AI providers. Put plainly, agencies act as important checks to large, powerful tech companies. It was agencies that led the YouTube boycott over brand safety episodes. Agencies raised the alarm with the disruption of Apple’s App Tracking Transparency in iOS. Agencies exerted pressure on TikTok to increase transparency centers and moderation teams to address data privacy concerns. And agencies act as intermediaries between X and its efforts to use the US court system to increase its own advertising commitments. Precision: Media Activation Moves From Manual To Automation The technology that facilitates scale is just as important. There is a growing concentration of machine learning and generative AI tools inside media agencies. Examples include audience planning, advanced analytics, cross-platform optimization, media mix measurement, and budget scenario tools. Most large agencies wield proprietary technology, such as Havas Media’s Converged, Horizon Media’s blu., Omnicom’s Omni, PMG’s Alli, Tinuiti’s Bliss Point, or WPP Media’s Open Media Studio. At the same time, tech companies like Google, Microsoft, or Perplexity integrate more artificial intelligence into their experience, especially search and ad manager tools. The consequences are twofold. The growing technology stack inside agencies facilitates workforce automation, changing the way services are delivered. Ad Age reports that US advertising jobs have experienced six consecutive months of contraction — while total US employment holds steady. Advertising employees are rightfully nervous. According to Forrester’s March 2025 Consumer Pulse Survey, some 61% of US workers are concerned about job displacement from AI. Our research forecasts that 7.5% (33,000) US advertising, CX, and marketing jobs will be automated by 2030. Secondly, AI rewires consumer behavior. Research from Jellyfish indicates that over half over Gen Zers and Millennials say that large language models such as ChatGPT and similar AI tools have directly influenced their brand and product choices. AI shifts search media to answers media. The impact on web traffic for publisher sites will have a profound effect on how and where media is bought, starting now. Production: The Lines Blur Between Content And Context Move over, brand and performance. Here comes the newest marketing mash-up, matching production assets to media impressions. The first-party, third-party, and proprietary data signals inside media agency technology not only power activation but also content creation by producing images, video, copy, and offers to match audience segments. Companies that can effectively scale their asset production to the level of media’s detailed understanding of audiences — their interests, behaviors, preferred channels, etc. — will create more relevent marketing. Mondelēz International has pursued this strategy with several of its brands and is seeing up to 70% increases in ad engagement as results of the increased localization and personalization. If you’re a Forrester client interested in learning more about the evolution of media agencies and media management, you can read The Forrester Wave™: Media Management Services, Q4 2024, or set up a guidance session with Jay Pattisall. Finally, be on the lookout for daily content at this blog during Cannes Lions week and for our upcoming keynote, “The Network Effect Of AI Amplifies How Employees Create Powerful Experiences,” on June 25 at Forrester’s CX Summit North America. source

Thirty-two percent of public-sector leaders say that they will invest more in government shared services in 2025, according to Forrester data. The stakes are high: Efficiency, cost-effectiveness, innovation, and agility all hinge on selecting the right model. But can a shared services model really deliver all these benefits, or is a service provider approach more effective? In practice, these models are often blurred, and many government entities find themselves struggling to maintain balance between centralization and flexibility. Just ask the 61% of public-sector technology leaders who told us that IT shared services in their organizations need to improve! In its ideal form, shared services represent a centralization strategy: one that reduces redundancy, standardizes processes, and enables cost savings across multiple agencies. By consolidating core operations such as finance, HR, or IT services into a single, efficient unit, governments aim to streamline processes and cut down on waste. But without rigorous management, shared services can devolve into a service provider model, losing sight of their core mission and sacrificing the efficiencies they were designed to deliver. The Challenge: Service Provider Behaviors In Shared Services A key factor in the failure of shared services is when government entities lose sight of their primary objective: internal efficiency. When centralized units begin treating individual departments as external clients, offering tailored solutions to each, they risk slipping into a service provider mindset. The problem with this shift is twofold: It undermines the intended cost efficiency and introduces significant complexity. This was evident in Australia’s Department of Human Services (DHS), where a promising centralization effort deteriorated into fragmented execution. By giving in to individual departmental demands, DHS lost the cohesion and rigor essential for shared services success, leading to disjointed systems, integration failures, and mounting costs. Similarly, Shared Services Canada was created to streamline IT and administrative services for the federal government, but its struggles to keep pace with technological advances, and communication breakdowns, have turned it into a fragmented service provider, plagued by complexity and inefficiencies. A Different Path: When A Service Provider Model Succeeds A service provider model can offer more flexibility. By focusing on the specific needs of each agency when a model customizes its offerings, diverse needs are met with high-quality, specialized solutions. It works best when agility is paramount and when the government agency in question needs to innovate or respond rapidly to changing requirements. Singapore’s GovTech, which has become a key player in the country’s digital transformation, is a good example. Its focus on customized services has enabled it to drive significant modernization, delivering innovative, scalable solutions that align with the evolving needs of the Singapore agencies while staying nimble enough to support multiple clients. Similarly, as part of the Department of Homeland Security, the US’s Cybersecurity and Infrastructure Security Agency (CISA) operates a shared services center under the Cybersecurity Quality Service Management Office program. Providing standardized cybersecurity services to federal agencies, this initiative bolsters security posture while maintaining high levels of compliance. CISA’s ability to adapt and provide tailored cybersecurity services to different departments demonstrates how a service provider model can work effectively in complex environments. Choosing Between A Shared Service Or Service Provider Model As governments consider adopting these models, it’s essential to understand the core attributes that drive success. To prioritize the success of each model: Use shared services for cost efficiency and standardization. Here, the focus is on centralization of key administrative functions while ensuring operational efficiency. This means a laser focus on standardization across agencies to limit redundancy and maintain cost efficiencies. A clear governance structure with accountability for all participating agencies is needed for alignment and to minimize fragmentation. Maintaining a focus on shared goals rather than departmental differentiation is critical, with strong cross-agency collaboration reinforcing this model. Create service providers for complex needs requiring agility and innovation. Here, the objective is customization of services tailored to the unique needs of each agency. High levels of flexibility allow agencies to adapt to evolving demands and technological advancements, with service-level agreements providing clear, measurable outcomes and client satisfaction. An emphasis on innovation and cutting-edge solutions that support the evolving needs of government agencies is the hallmark of an effective service. Stick To Your Operating Principles Understanding the difference between shared services and service providers is crucial for effective implementation of these common machinery-of-government patterns. This means ensuring that, whichever approach is chosen, clear operating principles are established and communicated to both the customers and employees. These principles should embody the value that customers can expect to derive from the products and services offered. Specifically: In the case of shared services, this means supporting enabling IT investment that focuses on stabilizing, operating, and protecting service delivery, plus consistently meeting commitments, which creates trust internally and externally. For service providers, this means (with the former focused on streamlining processes, delivering insights, and optimizing mission outcomes and the latter focused on breakthrough innovation) replacing instincts with insights and inspiring new ways to achieve outcomes with emerging technology. Often in collaboration with the agency’s own IT function, service providers will also support investments during cocreation activity — where existing and emerging technologies are made widely available to civil servants to help them creatively tackle complex social and environmental challenges. Success lies in recognizing the right model for the right customer goals — and staying committed to them. I’d love to hear how your agency engages with these models. Forrester clients can schedule a guidance session to discuss how to improve use of these models. (This blog post was written in collaboration with Chiara Bragato, senior research associate, as part of Forrester’s research and continuous guidance for public-sector and government leaders.) source

Infosecurity Europe 2025 celebrated its 30th anniversary in London, with 338 exhibitors and over 13,000 attendees. After the high-energy, hyper-branded chaos of RSA Conference in San Francisco, the contrast couldn’t have been starker. For one, there were no goats and puppies to distract from the real agenda, earning the honour for not having petting zoos on site during its 30 year existence, and the following noteworthy trends: A modest, direct and forward-looking event floor, agenda and theme. Where RSA overwhelms with scale, spectacle, and sensory overload, Infosecurity stays true to its European character: modest in presentation, straightforward in messages. This year’s show floor was notable with the absence of many established cybersecurity brands replaced with smaller vendors including a welcome return of many more early stage start-ups than we have seen in prior years. The conference centered on the theme “Building a Safer Cyber World”, a forward-looking call for smarter collaboration, technological integration, and adaptive defense strategies. The agenda reflected growing urgency around protecting critical infrastructure in a volatile and geopolitically influenced cyber landscape. Cybersecurity is intrinsically linked to national resilience. Multiple sessions and conversations with visitors and vendors stressed the convergence of threats, geopolitics and critical infrastructure. Foreign technology dependence emerged as a recurring concern. Paul Chichester’s National Cyber Security Centre’s (NCSC) Director of Operations highlighted that nationally significant attacks doubled in the past year. Rory Stewart further honed in on how the erosion of the rules-based global order is leading to unpredictable cyber escalations. The message from the floor: geopolitics and digital sovereignty are a must have, not optional extras, in your cybersecurity strategy. UX in cybersecurity matters. There was an underlying recognition of the importance of user experience which became evident through the product demos, the conversations with multiple media platforms, and the insights shared during the Forrester roundtable at the conference. The discussions explored how cybersecurity would sorely benefit from simplification, the use of modern UX design principles and elevating the importance of AX or Analyst Experience in order to reducing cognitive burden on both cybersecurity professionals and end-users . Emphasis on professional development and diversity. Progress on diversity in cybersecurity has frankly been slow, with  women representing only 18% and ethnic minorities accounting for 29% of the total workforce according to the latest ISC2 data. Still, this year’s programming had a few refreshing angles that stood out, focusing on building human-centered skills. Abadesi Osunsadev, founder of Hustle Crew, delivered a powerful talk titled “Taking Up Space: How to Lead the Charge in Cybersecurity,” urging attendees to embrace individuality as a strength. Rik Ferguson, VP Security Intelligence at Forescout addressed  the importance of active allyship to drive meaningful change within organizations including his own experience of being an ally.   As with all matters relating to hiring, retaining and advancing women in cybersecurity, substantive and authentic actions that create real change is what matters, and we look forward to the conference focusing more on these outcomes in future events. Forrester clients who wish to dive deeper into our perspectives on Infosecurity Europe 2025 can book a guidance session with either of us.   source

From a cybersecurity perspective, when you bring up the need to protect your organization’s endpoints, most people will think of computer assets: laptops, desktops, servers, and maybe smartphones and tablets. Today, these endpoints include devices within your buildings and campuses like security cameras, door locks, HVAC, elevators, solar arrays, and a host of other IoT/industrial IoT (IIoT) or building management system (BMS) devices. The threats targeting the traditional endpoints of desktops, servers, and mobile devices are after your business data, either to steal it for resale to other malicious actors — or even data brokers who will resell it again — or to prevent you from accessing it and holding that access for ransom. The goal is money. When it comes to IoT/IIoT/BMS devices, the goals of the attackers are different, mainly because these devices rarely have enough business data on them to make an attack worthwhile. But if we go past that first level of reasoning, we uncover a few motives why attacking these devices is still valuable for skilled hackers or nation-state advanced persistent threats (APTs). The most obvious effect from attacking weaknesses within BMSes like HVAC or elevators is the ability to take them offline. A data center that is not properly cooled and ventilated may have to shut down immediately or risk damaging the boards inside the computers. Shutting down the movement of employees can cripple your teams and customers and create a host of operational issues. Modern battery or generator backup units are also IoT/IIoT devices and can be exposed to cyberthreats. Disrupting the power to your building or campus while your power backup is compromised means your ability to operate is in the hands of the threat actor. Multiple stories and research have shown that the power grid is susceptible to cyberattacks, but this also includes other power delivery systems like solar arrays. But that’s just one level beyond data theft. Let’s keep going deeper. When it comes to security systems like cameras, door locks, or motion sensors, these internet-connected devices within most buildings today allow for centralized control and incorporate cloud orchestration solutions and AI engines to provide analytics to the business on the overall state of your physical security infrastructure. A simple attack would be to take the devices offline, but a more sophisticated attack against cameras is to mirror the feed, sending it to the malicious actor so they can monitor the movements within the building, possibly targeting individuals or look for those weakness in monitoring so they can recreate “Mission: Impossible” and dangle from the ceiling on a wire. They could manipulate physical access control systems to expand the access to sensitive areas for a fraudulent access card. They could increase the sensitivity of motion sensors so they regularly trip alarms, creating “alert fatigue”; security operations analysts can get so desensitized to the endless flood of low-priority or false-positive alerts from particular desktops that they start ignoring that endpoint, which can mean a truly malicious action is missed — giving a physical attacker access to unauthorized areas. And still, the rabbit hole goes deeper. Another threat to the business from IoT/IIoT/BMS devices is not what can happen on the device itself, but the access that device has to other parts of your IT or operational technology (OT) infrastructure. Controlling the device allows an attacker to leverage device vulnerabilities to access the device’s OS or firmware. But often, because security of these devices can be compromised, an attacker can use the device as a network probe and look for other IT endpoints that this IoT/IIoT/BMS device may have access to. If enough resources are available like memory and CPU, the attacker can start scanning those other endpoints for vulnerabilities. This lateral movement is how attackers move from an uninteresting target like a fish tank thermometer into a database server to extract the information of high rollers at a casino. This all sounds terrible, and we should shut off all computer systems and head for the forests, right? Sounds peaceful until you realize how nice it is to have AC, lights, and power. Instead, we should apply the same principles that we apply to IT and ensure we’re following the least privileged access ideal that is core to the Zero Trust model. And as we utilize endpoint security solutions for our common IT endpoints in our infrastructure, we should utilize IoT security solutions for those IoT/IIoT/BMS endpoints in our infrastructure and across our buildings. Forrester clients who want to discuss how best to secure these IoT/IIoT/BMS devices within their facilities and across their campuses should schedule an inquiry or guidance session with me where we can dive deeper into this topic. source

The (mostly) new Medallia executive team showed up to its inaugural Experience World Tour 2025 in London with a bullish vision for an AI-fueled, predictive CX management platform that puts the insights that frontline employees need directly into their hands. The question is less so about whether Medallia can build out its vision (it probably can) and more about whether clients are ready for it (they probably aren’t). Some strong use cases from large, complex, and reassuringly European organizations such as Decathlon, DHL, Jaguar Land Rover, Three, and Volkswagen Group highlighted what determined CX teams can achieve by building beyond feedback and insights to put a platform like Medallia at the heart of their CX efforts. But the feel I got from most conversations I had with users is that the level of executive support, proactivity, investment, and certainty of business case needed to hit those mainstage highs is still aspirational for most CX teams. In terms of Medallia’s vision, three messages stood out: A drive to action. Medallia’s rallying cry of “data to insight to action” resonates with our own predictions and continued advice. CX teams must move beyond being passive insights providers to help solve problems that result in driving revenue, saving money, or reducing risk. And they need to be able to measure the results in terms that the C-suite can understand. A clearly articulated AI strategy. Medallia CPO Fabrice Martin showcased a range of existing and future roadmap AI tools that all aim to drive simplicity and put actionable insights into the hands of business owners like contact center agents, store and regional managers, and product development teams. It all fits together and aims to solve problems, rather than just be AI for AI’s sake. A bias toward predictive CX. The mantra of “stop looking backwards at lagging metrics and start building predictive models to head off issues” came across in Medallia’s roadmap and case studies such as those from Generali’s business in Australia. But thoughtfully, none of this was positioned as “easy.” The need for robust data governance, carefully built algorithms, and strong governance was apparent. No one positioned AI as magic, more as an accelerator. Emotion Is The Golden Thread But happily for me, having spent three days last week at Forrester’s own CX Summit EMEA championing the importance of emotion as the key driver of CX quality, the same story came out here. Julia Murphy, head of CX at Three, talked about evoking emotion in storytelling around key customer moments to build executive support. Gabriela Vargas from Decathlon shared how certain approaches — such as offering video chat appointments to explain complex products like exercise bikes or a thoughtful rewards program that offers perks like coaching sessions or nutrition advice to customers who they can identify as marathon runners — cement emotional engagement in digital experiences. If anything was missing, it was a reminder of the importance of journeys. Customers’ experiences come to life through journeys. Journeys help us understand, and focus on, customer goals. They illuminate the “why” of why customers come to us. The focus of the day was firmly on fixing problems, removing detractors, and even anticipating who might become a detractor — fixing broken moments. Journeys help us see moments in context, and more specifically, future-state journeys propel us beyond just fixing problems and into a divergent space of innovation — designing new things, the world of “what if.” So yes, proactively fix the issues, but CX teams: I beg you, don’t forget to dream. source

Driven by budget uncertainty, workforce shifts, and the accelerating pace of technology, our government clients are navigating radical change. While I’ve always tracked public sector cloud adoption, in 2025 I’ve made it a point to focus on government sessions at every event I attend. So far this year, I’ve gathered stories from two Boston-based conferences: IBM Think and Red Hat Summit. Expect more from Broadcom Explore, KubeCon, and AWS re:Invent later this year. Every organization from every level of government and in every industry from around the world can learn from these stories; they show that when faced with unprecedented volatility, that’s exactly when tech leaders need to seize the opportunity to modernize, optimize their tech stack, and double down on their AI ambitions. CALHEERS (California): A Healthcare Lifeline For MillionsCALHEERS supports over 17 million Medi-Cal users and 2 million exchange participants. Built in just 13 months by Deloitte, it now runs on a containerized Red Hat OpenShift architecture with multicloud flexibility across AWS, Azure, and Google Cloud. The system integrates more than 12 open-source tools, interfaces with 18 carriers, and maintains strict SLAs and KPIs. A standout moment: when a service center outage during peak season necessitated the spin up of a new contact center over a weekend — handling 25,000 calls without disruption. Navantia: Modernizing Naval Defense With Open SourceNavantia, Spain’s naval contractor, is modernizing its software development using RHEL, OpenShift, and Ansible. By unifying siloed projects and enabling air-gapped deployments via ruggedized laptops, they’ve created a secure, agile DevSecOps environment for mission-critical systems — even at sea. City Of Austin: Responsible AI For Safer, Smarter CitiesAustin is piloting AI with time-bound, ethical oversight. Use cases like permit review automation and 24/7 police report filing are grounded in real-world impact. Its governance framework includes lifecycle management, bias monitoring, and community education — treating AI as a tool to improve resident experiences, not an end in itself. New York Power Authority (NYPA): AI For Critical InfrastructureNYPA is embedding AI into its broader tech strategy to enhance efficiency and workforce capability. With a focus on digital literacy and upskilling, it’s aligning IT and business roles without expanding headcount. This approach emphasizes responsible adoption, cross-functional collaboration, and data readiness. Riverside County, CA: Human-Centered Data IntegrationRiverside County is taking a people-first approach to digital transformation, starting with the workforce as the foundation for long-term success. As the county works to establish an integrated data hub across departments, leaders like Jennifer Claar are prioritizing staff readiness and engagement — recognizing that technology alone won’t solve systemic challenges. With over 10 disconnected systems in the Department of Social Services alone, the goal is to streamline operations and improve service delivery. However, rather than imposing solutions, the county is working closely with teams to understand how technology can enhance their day-to-day work. This collaborative, human-centered strategy is helping to build trust, reduce resistance, and lay the groundwork for scalable innovation. City Of Boston: AI Innovation With PurposeBoston is using AI to improve services like mattress pickup and permitting while navigating federal uncertainty with agile governance. CIO Daniel Chenok emphasizes workforce empowerment through skills-based hiring and upskilling, embedding AI into broader strategies to build trust and resilience. Over 15 years, I’ve worked with hundreds of agencies worldwide, learning from leaders like Claudia Plattner and Michael Jabbour. And yes, editing The Rise Of JWCC Is A New Hope For Multicloud was as fun as it sounds. So I can say confidently that the public sector has been a steady force in cloud innovation — from early milestones like USA.gov’s cloud-based unemployment stats to transformative efforts like Kessel Run at the US Air Force. To learn more, please reach out for a guidance session with me or one of our two leads on government cloud research: Devin Dickerson and Sam Higgins. Their latest work: source

A postsale digital experience (PDX) helps customers succeed through self-directed activity, guides them to gain more value from current investments, and reduces churn risk. Sound straightforward? Think again. If creating customer digital experiences was easy, we would see far more in practice than we do. One of the biggest challenges in designing, launching, and maintaining an effective PDX is coordinating across the five main areas that boost engagement to create a single, seamless, customer-centered destination. Without coordination and accountability, PDX can quickly degenerate into a mishmash of training and support content, dissimilar user interfaces, disconnected tools, broken links, and outdated or conflicting information. In short order, it starts to look like grandma’s attic. Does your B2B digital CX resemble grandma’s attic?(Image by joakant from Pixabay)       Postsale B2B Digital Experience Directly Impacts Loyalty To keep and grow existing customers, B2B companies must focus on creating a postsale experience where customers attain value. Customer marketing, customer success, and customer advocacy must coordinate with each other — and other internal stakeholders in sales, support, education, and events — to ensure that the customer’s digital experience is reliable, meets their needs, justifies the investment, and leaves them feeling positive. Our research shows that producing an experience with these qualities creates and sustains loyalty among B2B buyers. And in these volatile times, customer loyalty breeds retention, expansion, and endorsement that, in turn, help to grow the business. A Great PDX Depends On Clearly Defined Roles And Responsibilities Customer marketing, customer success, and customer advocacy teams perform distinct yet complementary roles to optimize the relationship between customers and their company. Teams that align and coordinate well toward this goal: Adhere to a consistent view of the customer’s postsale journey toward value. Forrester publishes frameworks that provide the structure against which teams can align the processes, metrics, and technology/data needed to support the postsale journey and retain customers. These, along with agreements about customer personas served, make focusing on one view of the postsale journey simpler and more consistent. Contribute to business and customer outcomes through a functional lens. The PDX is one area where common responsibilities for delivering on customer outcomes also depends on achieving the specific contributions of each team toward: 1) engaging the value network that shapes the overall customer experience; 2) ensuring that adoption maximizes value gained from the offering; 3) confirming that customers have achieved measurable value; 4) creating advocates who enhance the business’s reputation and growth; and 5) identifying new opportunities to increase revenue through current-account expansion. Involve peer functions in specifying PDX objectives and capabilities. Top postsale teams cross departmental lines fluidly, make cross-functional collaboration a requirement, and avoid exposing reporting structures to customers — especially when designing the PDX. Celebrate outcomes that align with customer value. Each function will own specific KPIs related to the objectives and operations of the PDX. Leading teams make sure that digital experience activity and outcome measures reflect shared customer value goals such as adoption, learning, customer health, and customer goal achievements. They also ensure that KPIs complement, rather than conflict. Plan, execute, and report on the PDX’s impact on the business. While activity measures such as successful onboarding completion, case study production, and webinar attendance are helpful barometers, postsale teams must look at how the PDX contributes to not only efficiency and scale but also to business impact, such as retention, revenue, and reputation. Is a new or updated customer digital experience in your future? Feel free to set up some time with Forrester to discuss how to optimize it for your customers’ needs and your business goals. source

Place AI In The Business Model To Help Brands Thrive AI reshapes the way marketing agencies deliver value — increasing productivity, accelerating the speed of insights, assisting creative ideation, amplifying production velocity, and sharpening media and search activation. But they are not being compensated for the value creation. It’s an AI cost center crisis. It’s reasonable to conclude that AI creativity is now the rule and no longer the exception. One agency increases speed to market by 80% or higher compared to its non-AI projects. Other agencies reduce production costs between 40% and 50%. And global brands that apply AI to end-to-end marketing delivery increase advertising performance up to 70%. The diversity of use cases and multidimensional benefits illustrate the advancement from AI pilots to AI proficiency. Marketing agencies such as Monks, Omnicom, Publicis Groupe, and WPP build AI into their offerings and leverage partnerships from Adobe, Amazon, Google and NVIDIA. Marketing Agencies Are Missing AI Monetization Opportunities Yet AI marketing capabilities are absent from the brand-agency remuneration. Most agencies fund the costs to develop and maintain AI marketing capabilities. According to our latest research, conducted in partnership with the 4As, 75% of marketing agencies bear the costs, with generative AI capabilities funded directly by the agency without passing the costs to clients. That’s an astounding 83% increase from 2024, revealing that as marketing agencies become more adept at intelligent creativity, they become less likely to financially benefit from it. The current services-based commercial model between brand and marketing agencies threatens the long-term sustainability of growth for both agencies and brands. IPG saw a 4% reduction in US revenues. S4 Capital saw a double-digit decline in net revenues during fiscal year 2024. Advantage Solutions reports an 8.5% decline in revenues in 2024. And newly rebranded WPP Media informed its US employees that up to 45% will be impacted by its restructuring. When it comes to brands, there’s little secret that today’s marketing mantra remains “do more with less.” Major retail, manufacturing, and services brands are looking to remove marketing costs and overall opex using AI technology. Zalando, H&M, Mondelēz, and Shopify have all made significant shifts toward AI to provide their companies further efficiency. Without a healthy marketing services industry to support them, brands’ ambition to maintain efficiency and improve growth are less likely. Reimagine The Brand/Agency Relationship The solution to the cost center crisis? Incorporate AI into a new commercial model between marketing agencies and brands. Implement a two-pronged approach: transparency and transformation. Increase transparency by 1) monetizing AI-enhanced marketing, thereby removing opaque cost-of-business contracts and deliverables and 2) sharing the value of AI with clients. Brands should compensate for that value. This will require a transformation of the agency/partner commercial model. Forrester advocates for an evolved remuneration model we call the human/technology equivalent to replace the current full-time-equivalent (FTE)-based services model. In this solution, the cost of technologies such as predictive, generative, and agentic AI are permanently coupled with the hourly costs of the experts who wield them. This fundamentally modernizes marketing partnerships by focusing them on value, outcomes, and growth, rather than scopes, FTEs, and billable hours. In our latest report, The State Of Generative AI Inside US Marketing Agencies, 2025, we detail an explosion of AI growth within agencies, including objectives, use cases, benefits, barriers, partnerships, and remuneration. This reveals significant opportunities for how brands can leverage the emerging capabilities of marketing partners for their own growth. If you’re a Forrester client interested in learning more about what the current state of play means for the future of the client-agency relationship, set up a guidance session with Jay Pattisall. Finally, be on the lookout for daily content at this blog during Cannes Lions week and for our upcoming keynote, “The Network Effect Of AI Amplifies How Employees Create Powerful Experiences,” on June 25 at Forrester’s CX Summit North America. source

Microsoft, CrowdStrike, Palo Alto Networks, and Mandiant recently announced a new initiative to create an aggregate and standardized glossary of threat actors. While threat actor nicknames like Fancy Bear or Caramel Tsunami inject a sense of drama into the cyber space, transforming oftentimes tedious work into a narrative of secret superheroes versus villains, it doesn’t do much for the security teams working to understand the threat environment and how it impacts their defenses. Up until now, different vendors used their own naming conventions to classify threat actor groups. For example: CrowdStrike uses an adjective-animal naming convention.e.g., Fancy Bear, Putter Panda Mandiant employs a three-letter acronym prefix attributed to the threat actor type followed by a numerical system.e.g., APT29, FIN6 Palo Alto Networks (Unit 42) uses thematic names.e.g., Cloaked Ursa, SilverTerrier Microsoft leads with a weather/geology-based approach.e.g., Amethyst Rain, Cotton Sandstorm These naming styles lack consistency, obscure attribution, and fail to provide immediate context. For example, a Russian-linked espionage group, when analyzed by these vendors, is often broken down in similar but not identical ways. Some focus on tactics, tehchniques, and procedures (TTPs), others highlight associated tools (rather than how they’re used) or malware families, and some rely heavily on proprietary telemetry from their vendor ecosystem. This leads to the naming of this espionage group as APT29 by Mandiant, Cozy Bear by CrowdStrike, Midnight Blizzard by Microsoft, and Cloaked Ursa by Unit 42. This nuance becomes more significant when factoring in the evolution of a threat actor over time (from both a technological and tactical standpoint) or when multiple threat actors reorganize (i.e., either merge or fragment). This complexity makes it difficult for security and risk leaders to validate whether their controls and mechanisms can detect or defend against a known adversary when names differ across vendors. It further undermines situational awareness, as a detection from one vendor may not be linked to another’s report on the same actor. This causes friction for security professionals, forcing them to build internal ontology/taxonomy maps or rely on vendor-supplied translations. This creates operational drag and inefficiencies across both customers and vendors, which this joint initiative aims to reduce. Your Work Begins Where Standardization Ends As organizations begin to evaluate the impact of this new threat-actor naming normalization initiative, it’s important to ground expectations in operational reality. While the intent has value, its success depends on how well it can be integrated. Security leaders need to know that: Naming normalization enhances threat intel workflows. Naming normalization becomes useful when it streamlines threat hunting, correlation, and threat intelligence enrichment. Most security teams rarely act on the name of a threat actor, as concrete indicators, TTPs, and contextual information on the impact on the organization’s technology stack, geography, or industry matter a lot more. Naming methodologies must be abstracted. Expect vendors to continue using their own analytic frameworks for adversaries — driven by their telemetry, proprietary tooling, and in-house expertise. The naming standards must allow for flexibility; without this, it could cause them to act as another source of friction rather than clarity. The taxonomy should support exceptions without breaking down. Integrate open mapping and extensibility to ensure consistency in standardization efforts. If security and risk leaders build internal reporting and tooling around the new standardized naming convention, it must include a way to translate the aliases of actors for nonparticipating vendors. If not accounted for, security leaders would end up with a dual system, and the same fragmentation issue would persist. Interoperability and continuous mapping are nonnegotiable for this initiative to work operationally. This is something we will learn over time as this standardization approach matures. This is a positive step for the industry, but there’s nothing game-changing here. Most organizations today rarely use naming conventions to drive actions by themselves. Consistent naming may help threat intel teams communicate better and reduce confusion over time, but it won’t improve your security posture on its own. Standardization Is Incomplete Without Open Mapping And Shared Infrastructure If vendors are serious about this initiative, the next step is clear: Create a standardized naming schema and open-source API that maps threat actor aliases to a single meaningful identifier that is collaboratively maintained and accessible to all. In the long term, it would make more sense for this effort to be led by a neutral and trusted entity rather than a vendor (or group of vendors) that might have alternate incentives outside of cyber, such as branding/marketing. This would truly enable the broader community to operationalize this effort, contribute meaningfully, and drive real intelligence maturity across the board. Let’s Connect Forrester clients who have questions about this topic or anything related to threat intelligence can book an inquiry or guidance session with me. source