Forrester

Once upon a time, there was a customer experience (CX) leader who tried to get funding for a project but couldn’t explain the benefits in ways that the executive team actually cared about. The executives smiled and nodded and sent them away empty-handed. THE END. Sounds less like a fairy tale and more like a horror story, right? In reality, it’s an all-too-common occurrence. Proving CX ROI often comes up in conversations with both current and prospective Forrester clients. It’s a source of frustration for both the people trying to get investments and those who hold the purse strings. We’ve both experienced that moment of talking about the ROI of CX with the highest executives in a company and having them literally lean forward when they realize that CX could help them improve their top and bottom line. It’s a revelation for them when the story is told in such a way that they can clearly see how CX can be more than just “the right thing to do” and that its benefits can support the firm’s strategy and longevity. And yet we also recall the conversations that we have basically weekly (and, during our events, daily) with CX leaders who are talking about improvements and projects in terms that haven’t earned that kind of engaged attention from executives. They describe how improvements will boost CX-specific metrics (such as satisfaction or likelihood to recommend) but don’t connect the dots for executives so that the story has a happy ending for everybody. But fear not: Forrester has the solution! Join us at CX Summit North America next month in Nashville, where we’ll host a workshop, “Build Your CX ROI Story.” You will learn how to tell your story in a way that connects CX and business outcomes — and we’ll show off tools that Forrester clients can use today to make the process as easy as 1-2-3. We hope to see you there! source

Over the last week, several of my colleagues have forwarded me recently published articles about the “end of nice management.” No, I’m not going to link them because I’m not here to spread bad advice. These writers claim with glee that organizations are rolling back remote work, eliminating inclusive practices, and returning to command-and-control leadership. Let’s be clear: Flexible work is not “nice.” Psychological safety is not “nice.” Empathy is not “nice.” All of these things are evidence-based leadership strategies that drive better performance, higher engagement, and lower attrition. Don’t believe me? Costco’s stock is up 8.5% over the last six months, while Target’s is down 21.8%. There are plenty of other examples, but there is also nuance to every headline that’s beyond the scope of a post like this. Here’s the TL;DR: We moved away from command-and-control leadership, not because it wasn’t “nice” but because it didn’t work. When work evolved from repetitive, well-understood, task-oriented jobs to knowledge-based, problem-solving jobs, it changed the way leaders lead because what motivates creativity is not the same as what motivates task-oriented work. We have academic studies from brilliant researchers including Teresa Amabile, Amy Edmondson, Adam Grant, Nicholas Bloom, and plenty of others providing abundant evidence that leaders who create psychologically safe, flexible, empathetic work environments drive better business outcomes. So next time you read about organizations moving away from “nice,” what they’re really doing is voluntarily choosing to lower their own performance and demotivate their talent. How nice. source

Software composition analysis (SCA) stepped out from behind the long shadow of static application security testing (SAST)/dynamic application security testing to prove its worth years ago. And thanks to ambitious bad actors, the complex software supply chain, and generative AI (genAI) coding assistants accelerating overall code volume, SCA solutions are essential to clean up the supply chain and bolster application security. SCA is also an application security (AppSec) darling for its ability to generate a software bill of materials (SBOM). With the EU’s Cyber Resilience Act finalized, the proposed US Department of Defense Software Fast Track Initiative requiring SBOMs, and governments such as Australia releasing guidelines for software development that include SBOMs, more software suppliers around the world will need to provide SBOMs to win and maintain business. Advanced SCA tools go beyond just generating an SBOM; they continuously monitor for newly disclosed vulnerabilities for proactive alerts and will ingest third-party SBOMs to identify the risk of incorporating a third-party component. Opportunistic attacks that take advantage of newly introduced vulnerabilities and unpatched software require patience and timing. But attackers can be proactive by directly poisoning open-source and third-party components. These types of attacks, such as dependency confusion and typo squatting, were already on the rise. But now, “slopsquatting” happens when AI hallucinates package names that developers must add. Additionally, bad actors willing to play the long game, typically affiliated with nation states, will bully their way into maintaining obscure but widely used open-source software dependencies such as XZ Utils to bury malicious code and target downstream recipients. SCA solutions provide insight into open-source component health during selection and actively block malicious packages from being downloaded. Clearly, SCA is the AppSec hero we need. Enterprises have been eager to embed and utilize AI in the customer-facing applications that they build. In Forrester’s 2024 survey of business and technology professionals, 33% reported using genAI in production applications. This means a whole new world of application dependencies consisting of AI models, third-party APIs, and open-source dependencies. Python is a popular language for AI applications, as is the PyPI package manager for open-source dependencies. Bad actors did not waste any time in uploading legitimate-looking but malicious packages that were downloaded hundreds of times by developers building AI applications. Poisoned AI models could be pulled down from Hugging Face and other public repositories. At the time of The Forrester Wave™: Software Composition Analysis Software, Q4 2024 evaluation, only a few SCA vendors were scanning AI models or creating AI bills of materials, but this functionality is needed broadly and quickly. When thinking about purchasing or upgrading your SCA software, consider key insights we gathered from talking with SCA vendor customers to get the tool you not only deserve but also need: Evaluate more than one vendor. This may seem obvious, but SCA software differs in functionality and the quality of output. Some software is primarily focused on open-source components, while others go beyond and assess third-party components and even inner-source components (those shared components written by your organization). The quality of the results also differs based on language and ability to detect vulnerabilities in transitive dependencies. Most reference customers evaluated three vendors’ software as part of the purchasing process (see figure below). Don’t settle. You’re going to be in it for the long haul. Customer references have been with their vendor on average for over 3.5 years. And they are happy! Twenty-two of 28 references rate their vendor at a nine or 10. If you have an SCA solution and you are not satisfied, it’s worth your time to revisit this at the next renewal period. Keep an eye out for the extras. SCA software vendors have expanded their offering to cover more of the software supply chain, such as offering malicious package detection and package firewall protection, infrastructure as code and container image scanning, and secrets detection. Depending on the vendor and its pricing and packaging model, these capabilities could be add-ons to the base price. Static reachability (the ability to determine whether the vulnerable function is called by the first-party code) should be table stakes for SCA solutions, but some vendors require you to also purchase their static SAST solution to get this level of insight.   Be your company’s hero and select an SCA software solution that helps secure your software supply chain by utilizing Forrester’s Buyer’s Guide: Software Composition Analysis Software, 2025, and The Forrester Wave™: Software Composition Analysis Software, Q4 2024. For more insights, schedule a guidance session or inquiry with me. Protecting your brand, your customers’ data, and your revenue is worth the effort. source

Over the past year, B2B event teams have faced mounting challenges. A volatile economic and political climate has intensified existing pressures around inflation, budgets, and staffing. At the same time, competition for attendees and sponsors has grown fiercer, with leaders struggling to attract both the quantity and quality of participants needed to meet their goals. Attendee behavior is also shifting — people are registering later and expecting more interactive, personalized experiences. As a result, planning and executing successful events has become increasingly complex. In fact, Forrester data shows that overall event satisfaction dropped by 8% from 2024 to 2025, as teams struggled to adapt. To help leaders navigate this evolving landscape, Forrester’s Q1 2025 State Of B2B Events Survey gathered insights from more than 250 event decision-makers to uncover key trends. The findings show that:   Budgets and resources are strained. For the second consecutive year, budgets are flat or down for two-thirds of event teams. Even among the 19% of organizations that have seen budgets increase, the reality is that due to inflation, they’re almost certainly flat or down in real terms. The B2B event mix continues to evolve. As budgets tighten, the B2B event mix is shifting. Marketers are prioritizing smaller hosted events, with 59% planning more of these events over the next 12 months. In contrast, the number of organizations planning more hosted large events fell 12% year-on-year as marketers shifted resources and focus onto smaller events. Teams prioritize the basics. More than 90% of organizations are focused on the core objectives of getting the right audience to their events, demonstrating ROI, and improving post-event follow-up. However, this focus on fundamentals has led to a deprioritization of longer-term considerations such as inclusivity, accessibility, and sustainability, which have fallen in importance year-on-year and rank lowest on the priority list. B2B event technology is a missed opportunity. More than a quarter (28%) of the largest organizations have deployed six or more event technology platforms, while just one in five has fully integrated their primary platform into their broader sales and marketing tech stack. Yet, data shows that when organizations do integrate, overall event satisfaction increases significantly. AI uptake remains low. Despite AI’s potential to enhance productivity, attendee personalization, data analytics, and content repurposing, the majority of organizations are still in learning mode. Using AI for content creation is the number one current use case, with 39% of marketers currently making use of it here, but a growing number plan to use AI much more extensively over the next 12 months. B2B events are planned and run in functional silos. In many organizations, events are planned by disparate teams, resulting in fragmented planning and suboptimal attendee experiences. However, the data shows that when a centralized team runs the majority of the events, overall event satisfaction levels rise significantly.   Forrester clients can listen to an on-demand webinar where we dig into the B2B event survey findings in more detail or request a guidance session to better understand what the trends mean for their teams and organization. source

I passed a barefoot man strolling down a sidewalk on a chilly day in May. His hair was short. He was clean-shaven, wearing a multicolored blanket hoody. He exuded serenity as he grounded himself in the concrete beneath his feet, granting his chi permission to exchange greetings with the earth. Through that lens, every day, all 8 billion of us could be grounding (also known as “earthing” by believers — all I know is that it feels good in the summertime). There is little competition for grounding with the earth. But in the corporate world, grounding AI agents in reality rather than hallucinations is neither natural nor free. It will cost money and establish the foundations for your future. Already, the battle for grounding your AI agents in the proprietary knowledge that differentiates your business has begun. Every company that expects its AI agents to work must invest in its knowledge capacity — the knowledge infrastructure — to ground them. Just as you train employees, you will ground AI agents in your proprietary knowledge assets to represent and differentiate your business. That knowledge infrastructure consists of structured databases (systems of record, managed for rigorous quality and consistency), content stores (unstructured documents, wikis, emails — the world of knowledge management), vector databases storing unstructured doc “embeddings” (multidimensional fingerprints, essentially), and graph databases hosting interlinked information. All four are essential ingredients to ground agents in the reality of data rather than the musings and hallucinations of a language model. To build AI agents that work, companies must commit their knowledge assets to a vendor that can translate those assets into AI-ready language models, retrieval-augmented generation, and agent guardrails. Every AI agent platform vendor — hyperscalers such as AWS, Google, and Microsoft; software giants like Salesforce, SAP, ServiceNow, and Workday; automation anchors such as Appian, Pegasystems, and UiPath; model providers like NVIDIA and OpenAI; and many others — want you to host your knowledge assets (documents, conversations, audio, video) to ground agents that work. All want to host your knowledge infrastructure. And that means a battle is forming among vendors from every direction to host the knowledge that grounds your AI strategy. Three questions frame the hard choices you face in creating your AI grounding strategy: Where will you host your AI agents? Framework: Host your agents in platforms closest to your data and the systems that they interact with. For example, we would recommend that you host your B2B sales agents in your AI-ready CRM. Where will you put your knowledge assets? Framework: If latency or real-time performance matters, it’s the same advice: put your AI agents as close to your knowledge assets as possible. If you care less about response times and more about costs, you can host your knowledge assets in a common infrastructure that feeds more than one AI agent platform. How do you optimize your knowledge infrastructure for performance and cost? Framework: Prepare to selectively replicate knowledge assets across clouds or runtimes so they can ground agents in different processes and systems. Be prepared to invest in storage governance, software, security, and synchronization to optimize agent performance. Thank you to Charlie Betz, Rowan Curran, Leslie Joseph, and Charlie Dai for their help with this post. source

Flexibility Is Key To Successful Training Service Offerings Each B2B sales organization faces unique challenges in terms of changing buyer expectations, organizational/go-to-market structures and roles, and sales competency gaps. For this reason, sales training service providers must take a flexible approach to sales skills and methodology training. Leading providers take a variety of approaches to customization, including consulting with B2B customers up front to conduct extensive discovery prior to designing a learning plan, shadowing top performers on sales teams to understand what works for them, and leveraging AI to better understand top seller behavior and to develop personalized learning plans at the individual level. Our Three Key Findings: Learning Reinforcement, Buyer Focus, And AI Capabilities Are Critical Characteristics Of Leading Vendors Sales training can’t be “one and done.” Sales knowledge transfer and the mastery of competencies are too critical to be relegated to a single half-day classroom session. Top training vendors follow a comprehensive learning strategy that includes heavy doses of long-term reinforcement. These vendors take the time to arm sales coaches to sustain the change, provide tools that quiz sellers on individual knowledge gaps over time, and make their content available in the flow of the sales process so that reinforcement can be provided in real time and just in time. Sales methodologies must focus on modern buyers. Buyers are increasingly demanding more competent, knowledgeable B2B sellers and higher-quality buyer/seller interactions. Buyers are evolving — they are completing more of the buyer’s journey independently through digital means and buying in larger buying networks. Buyers are also increasingly from generations made up of digital natives (Millennials and Gen Zers) who have a different perspective on the buying process from their Gen X and Boomer counterparts. Forrester data shows that buyers are often not engaging with sellers until they are almost 70% of the way through a traditional buying process — preferring to self-serve and leverage AI to learn about a provider’s offerings. Training providers that recognize this shift in buyer behavior and demographics and adjust their methodologies to prepare sellers to meet buyers where they are will increasingly hold an advantage. AI should be leveraged to deliver personalization at scale. Sales training providers have progressed beyond offering simple online course catalogs to leveraging AI capabilities in various ways to support learning. Some use generative AI (genAI) to develop outlines for personalized learning pathways. Others leverage AI for live role-play simulations with sellers who wish to practice new skills or messaging. AI is also used to score these role-plays or to score recorded customer interactions, augmenting the bandwidth of frontline sales coaches. The AI is then used to recommend next actions to sales coaches or sellers. Enterprises should explore the AI capabilities of the vendors within their sales tech stack (including sales training providers) and experiment with solutions. At a minimum, the innovations delivered by the most forward-thinking of these training vendors may lead to personalized, just-in-time learning at scale, which is the adult-learning holy grail. What’s Next? We hope sales training providers will recognize that buyer preferences are changing before it’s too late. The expectations that buyers hold for seller interaction is changing, and so must sales methodology. If buyers are increasingly preferring self-service in the early stages of the sales process, how must seller behavior and associated sales motions adapt? Can we still rely on the ability and access to consult, prove value, and build relationships across the buying group in the early stages of an opportunity? Maybe not — so how does the methodology change to adapt? source

I recently attended an event the payments vendor Checkout.com hosted in Abu Dhabi, and I couldn’t resist the urge to share a little bit what I learned about digital commerce and payments in the United Arab Emirates (UAE). Here is some of what I learned:   The UAE has the core features that propel a digital economy. The UAE has a young population (median age is 31.2 years – versus 38.9 years in the US). It has a strong: Digital infrastructure. It ranks highest in the world in mobile and broadband internet speeds.   Government backing. UAE’s “Project 2030” is a broad progress initiative which includes commerce, transportation, and payments.   Digital payments ecosystem. Per Project 2030 goals, the UAE aims to be 75% cashless by 2026, 100% by 2031.   AI champion in government. The UAE has the world’s first government minister for AI. His full title is Minister of State for Artificial Intelligence, Digital Economy, and Remote Work Applications.  The UAE and other Gulf Cooperation Council (GCC) countries have already digitized rapidly. According to Dr. Saeeda Jaffar, SVP and Group GCC Country Manager for Visa, 70% of all commerce in the region is digital versus offline. Prior to the COVID-19 pandemic, that ratio was flipped, Jaffar noted. Jaffar explained that, “[digital commerce] has more than doubled in last five years. [It is growing] at a rate unparalleled in most other regions.” In GCC, 98% of all in-person card payments are now contactless. Consider that, per Forrester’s June 2024 Consumer Benchmark Survey, only 70% of US online adults have used their card for a contactless payment in the last three months.  It has a uniquely global population which influences commerce experiences. The UAE is a small country with population at about 10 million (similar to Portugal or Sweden or the US state of Michigan). What’s remarkable, however, is that 88% of the population is made up of immigrants or expatriates. The countries with the highest emigres to the UAE are India, Bangladesh, and Pakistan. These citizens bring their commerce habits, shopping expectations, and payments loyalties with them.   Another astounding figure: Dubai welcomed an impressive 18.7 million international visitors in 2024 (by contrast, New York City’s international travelers in 2024 numbered 13 million). Dubai-based money movement app du Pay, for example, is translated into six languages. And Dubai-based Careem, a local ride-hailing-slash-superapp, has the option to send verification codes to users via WhatsApp, versus SMS, thereby improving the chances that tourists without cellular data can register and use its services.  The digital ecosystem is a mix of global and local players. Careem gave US-based Uber a run for its money in the region before Uber acquired it (Careem still runs as a wholly owned subsidiary). Germany’s Delivery Hero acquired Kuwait-based food delivery service Talabat in 2015, which still dominates food delivery in the UAE (and a number of other countries across the region). However, UK’s Deliveroo has the exclusive for the massively viral Dubai Chocolatier FIX’s distribution (which skyrocketed to the top of Deliveroo’s 100 Report). Perhaps most famously, the government-backed messaging and communications app Botim challenges WhatsApp in the country (the government even restricted WhatsApp and other VoIP companies’ video and voice calling).   Wealth inequality is a major issue – and a purpose-driver for fintech solutions. The UAE had the most fintech startups of any other country on Forbes’ 2025 Middle East Fintech 50 List. This concentration is perhaps, in part, because of the government’s emphasis on becoming cashless, but also perhaps out of necessity. Of the 55 countries covered in the UBS 2024 Global Wealth Report, UAE ranks third highest in wealth inequality (after South Africa and Brazil, and tied with Saudi Arabia). Dubai in particular, has seen an influx of affluent immigrants, in part due to the country’s low personal tax rate. The UAE also has a large immigrant workforce, who support families in their home countries with their earnings. As such, the UAE is usually among the top ten countries for remittance origination.  As you can see, the UAE is a fascinating country and in an especially fast-paced and interesting moment in its history and development. These observations are not meant to be a comprehensive view of e-commerce in the UAE, but I hope you find them as interesting as I do!  source

Risk management is extremely important in volatile times. Many organizations are working on scenario planning exercises to understand how to pivot in the coming months in hopes of preparing for the twists and turns that lie ahead. One new risk that organizations are considering? Emergency communications services. Organizations that rely on emergency services and telecommunications providers want to understand the current risk profile, especially with all the change underway among DOGE actions. We have been fielding these questions from agencies, citizens, and other government-related organizations. This blog seeks to answer: Are emergency communications services dodging DOGE impact? The answer? It depends on scope. Here’s what we believe are the direct impacts, the indirect ones, and the collateral-impact angles that one might explore when answering this question. Directly Related Impact The federal government doesn’t operate 911 call centers directly. Instead, these services are mostly run by state and local agencies through public safety answering points (PSAPs). There is no evidence of contract cancellations directly impacting the PSAPs for 911 emergency services. The National Highway Traffic Safety Administration at the Department of Transportation experienced a 4% reduction in workforce but largely within its autonomous vehicle safety group. There were also reductions in NG911 implementation. How city, municipality, and county budgets get adjusted here based on DOGE cuts to other line items are also unknown currently. We do see it as very unlikely that these services would be subject to reductions, especially given NG911 implementation changes at the federal level in 2022. Expanding the scope with regards to services classified as non-emergency, the Substance Abuse and Mental Health Services Administration was impacted by the federal cuts, as was the 988 Suicide and Crisis Lifeline, including the Veterans Crisis Line. Millions of Americans could be affected. For leaders understanding risk, this could impact one of your employees. Many argue that such services are also an emergency line for them. Indirectly Related Impact As part of broader efforts to improve spending efficiency, the new administration paused the Broadband Equity, Access, and Deployment (BEAD) Program, later resumed it, and is now proposing reforms — causing further delays in funding and service rollout. This program is meant to bridge the unserved and underserved Americans who could eventually get access to over-the-top VoIP phone services with 911 emergency calling capabilities. In a recent twist, a BEAD reform could expand applicability beyond fiber services, looking into satellite communications for the purpose of speeding the service delivery, but this could have a devastating effect on businesses and their technical staff who are already invested in helping states and territories build fiber networks. That economic uncertainty within these groups may impact these services if they are relied on today. Collateral Impact Considering the overall budget cuts and the raising telecommunication costs for plain old telephone service (POTS) lines, agencies and departments have an uphill quest to assess, plan, and mitigate the risks of losing connectivity for critical systems such as elevators, emergency calling boxes, fire alarms, burglar alarms, access gates, medical alerts, and dispatch systems. The most recent FCC reform will allow providers without a standalone voice offering to provide POTS replacement alternatives. The transition to a new technology alternative presents a significant risk if the new voice service doesn’t match the POTS reliability standards and impacts a human life in case of an emergency. If you are a risk leader, consider each of these layers as you scenario-plan. Do you concur with my view? I’d love to hear your feedback. Need more guidance? Engage with me via an inquiry call by emailing [email protected]. source

Last week, identity verification and authentication startup World (which was cofounded by OpenAI cofounder Sam Altman) announced that it is broadening operations of its Orb device in the US. source

Every few decades, something fundamental shifts in IT, not just in what we deliver but in how we think about delivering it. Over the past few years, generative AI has done more than captivate headlines — it has woken a sleeping giant: the long-overdue dream of continuous, intelligence-driven improvement in enterprise operations. And this August at Forrester’s Technology & Innovation Summit APAC in Sydney, I’ll be presenting a keynote to argue that IT is poised to lead, not follow, this transformation. Why did I choose the metaphor of a “sleeping giant” to describe this shift? Because the foundational concepts have always been with us: continuous improvement, knowledge management, feedback loops, and so forth. But until now, they’ve been too brittle, too fragmented, and too limited by human capability to scale. Now, generative AI paired with graph data and AI agents offers a new control plane for the digital enterprise. This keynote will explore how these new capabilities are reshaping how we manage IT, govern change, and close the gap between architecture intent and operating reality. A New Paradigm To really put this shift in context, I began to ask some “big” questions. What if IT’s core responsibility isn’t just delivering services but designing and optimizing the enterprise’s learning loops? What if every ticket, every log file, every artifact in the digital exhaust becomes a signal for improvement? That’s the potential we’re seeing emerge. The convergence of vector databases, retrieval-augmented generation (RAG), knowledge graphs, and autonomous agents is not just theoretical — it’s rapidly becoming operational, and I see increasing evidence of this every week in my work with clients. At the keynote, I’ll share what this looks like, including live examples of how generative agents are already supporting architecture workflows, risk analysis, and technical debt remediation. From Episodic Oversight To Real-Time Intelligence In the old world, architects reviewed changes in periodic meetings, using static documents and informed by stale data. In the new world, the architecture is operational — it’s enriched by telemetry, backed by graph models, and interpreted in real time by AI agents. We’ve entered the age of the architecture operating system: a continuously updated graph of the enterprise where agents harvest data, identify issues, and react with the full context of integrated enterprise knowledge. The learning loop, long fragmented and attenuated, is being knitted together and accelerating. This is more than automation — it’s augmentation. And it demands a rethinking of enterprise roles, tools, and platforms. Ownership Matters: Who Controls The Graph? A major theme of my recent work has been the battle for control of IT’s knowledge graph. Vendors are racing to embed graph capabilities into their platforms. ServiceNow, Atlassian, SAP, Salesforce, Microsoft, and many more are all vying to become the authoritative source of truth. But the real question is: Will you govern your graph or be governed by someone else’s? The knowledge graph and associated ontology — and the agents acting within them — is fast becoming the new strategic battleground for digital leadership. Owning that structure means owning the rules through which change happens, risks are evaluated, and AI is trusted. Your Invitation To A New Era To be clear, this isn’t the introduction of a framework. It’s an invitation to a fundamentally different way of thinking about IT’s role: as a steward of intent and intelligent control, not just a provider of capacity. If you’re in IT strategy, architecture, finance, operations, or digital leadership — or simply wondering how to steer your enterprise through the noise — this keynote is for you. We’ll unpack what’s real, what’s hype, and how to get started. The sleeping giant is not just awake. It’s reasoning. It’s learning. It’s ready. Join me at Technology & Innovation Summit APAC in Sydney, and let’s explore how to lead, not follow, this moment. source