Forrester

Last week, I joined 127,000 of our closest friends in Germany for the Hannover Messe trade fair, which once again showcased all that’s new and interesting in the smart manufacturing world. Events like this always exist in a bit of a bubble, but the reality gap between lovely spring sunshine, beautiful cherry blossoms, and breathless AI boosterism inside the showground and tariffs, uncertainty, and lengthening sales cycles outside felt particularly wide this year.   So What Did We See? Robots everywhere. Big and small, fixed and mobile, wheeled and legged: In some halls, utilitarian autonomous mobile robots were the point, and prospective buyers dug deeply into questions of carrying capacity, connectivity, range, and fleet management. Elsewhere, the flash of a robot leg (or four) drew crowds to the booths of the Bundeswehr (Germany’s army), Siemens, and other giants of the industrial world. In line with Forrester’s prediction, humanoid robots were a rarer beast. In a week of searching, I saw two (from Unitree and Sanctuary AI), and only one (Unitree’s G1) had legs. Forrester’s advice, to focus on the use case rather than the form factor, remains as relevant as ever. AI everywhere, too. Last year, I commented that “everyone had an AI story, even if few made much sense.” There was still plenty of that in 2025, but I also saw some evidence that AI was being put to practical use. Almost everyone had a chatbot to show, and some of them were quite clever. PTC showed a nice enrichment of the CodeBeamer asset lifecycle management application, using Microsoft’s AI tools to reduce ambiguity and contradiction in formal statements of requirements during product design and manufacture. Siemens enriched its existing AI offerings with a new industrial foundation model, trained on domain-specific concepts and able to process engineering diagrams as well as the text and images that more general-purpose tools manipulate. Embodied or physical AI. Interesting things happen when robots and AI get together, and some early indications of that were also on show. Sanctuary AI’s humanoid robot on the Microsoft booth might have been legless, but it had very clever hands and an impressive ability to respond to its environment. A small robotic arm on the TCS booth looked much like all the other robotic arms at the show, except for the scrawled signature of NVIDIA CEO Jensen Huang. Behind the scenes, his company’s Cosmos model helped the TCS team train the arm to cope with a wide set of situations. I’ll be diving more deeply into both in some embodied or physical AI research this year. Virtual PLCs. Audi, Intel, and Siemens have all been talking about different aspects of a project to virtualize line-side programmable logic controllers (PLCs) for several years, but industry conservatism, network latency, the control loop, and an engineer’s understandable desire to see — and touch — the little box of tricks responsible for keeping their multimillion-Euro industrial process moving smoothly conspire to slow the virtualization of operational technology workflows. Audi and Siemens have taken the solution into production, with Audi’s car body assembly line in Neckarsulm now controlled by virtual PLCs (TÜV-certified as fail-safe) installed on standard IT infrastructure in a data center 10 kilometers from the plant. According to Siemens, a further 40 customers are evaluating the solution. Unified namespace. The unified namespace (or UNS) was mentioned at a lot of booths this year, but it’s a term that risks becoming too diluted to be useful. Some (like Automation, HiveMQ, Litmus, and Sight Machine) mostly used the term in the pure sense originally intended by Walker Reynolds. Others were less precise and really just talked about pouring data from different systems into a single data lake: There’s not much unification happening there! Both can be useful, but the extra work to add context, semantics, and structure provides the real differentiation that makes a true UNS special. More data hubs and fabrics. We talk about the digital industrial platform at Forrester (new report on the topic coming very soon), and one important aspect of this is providing a way to more easily share data across application, organization, or workflow silos. There’s some overlap with the UNS, but we also see vendors offering their own software solutions. Autodesk Forge, AVEVA Connect, Hexagon Nexus, and others are addressing this challenge, and new options like GE Vernova’s Proficy Data Hub and HiveMQ’s Pulse were being promoted at the show and should be generally available later this year. Merck combines physical and digital to improve quality and traceability. It’s a pretty specific use case, but it popped up on at least two stands. Merck launched the M-Trust “cyber-physical trust platform” at CES in January, which ties digital product information to specific attributes of a unique physical product such as specific pigments embedded in the ink used to print its label. There’s a lot to explore here in terms of ensuring trust and authenticity up and down the supply chain and making the solution cost-effective for cheaper products. But integrations like those on show in Hannover help: On the Zebra stand, the special reader required to spot inclusions in ink and paint was embedded into a regular Zebra handheld scanner, and Siemens Merck showcased the SmartFacturing Studio that supports modular production of pharmaceuticals with a lot of help from Siemens hardware, software, and the Xcelerator platform. This touches on some similar ideas to the digital product passport, which I also saw good examples of and will be exploring in more depth in a report later this year. Oh, Canada! There’s usually a partner country at Hannover Messe. They’re selected months ahead of the show and normally don’t make that much of an impression after some of their senior politicians, diplomats, or executives say worthy things at the launch press conference. This year’s choice, Canada, was fortuitous and well placed to connect with broader concerns around tariffs and geopolitics. Canadian startups, companies, and high school robotics teams made the most of the opportunity to show their capabilities and

The good: 93% of VP+ B2C marketing and advertising decision-makers say they have a formal marketing operations function, according to Forrester’s Q1 2025 CMO Pulse Survey. The bad: Many B2C marketing operations functions are usually limited to a handful of marketing disciplines (or sometimes just a single discipline). For example, in Forrester’s Marketing Survey, 2025, B2C marketing operations functions are mainly responsible for marketing technology and strategy management (top-ranked response, at 54%), followed by planning and budget management (second place, 42%). The beauty: For B2C marketing operations functions to mature, they must shift from tactical problem-solvers to integral business decision-makers that enable all of marketing — and not just a portion of marketing. Consider that B2C marketing operations functions can be responsible for a wide range of critical marketing elements and disciplines across: Planning and budgeting management: aligning cross-functional revenue planning with marketing investments Customer data strategy and management: owning marketing data strategy, stewardship, and team enablement Creative development and asset management: driving creative ideation to execution for marketing content Marketing technology strategy and management: establishing a martech vision and guiding roadmap development Measurement and analytics management: overseeing metrics interpretation, analysis, insight, and forecast modeling Process design and agile marketing management: enabling organizational agility and adaptability Marketing operations team design: designing the marketing operations function to ensure that the function can accomplish its responsibilities (note that this isn’t a job for the marketing operations function itself) Where to begin? If you’re a Forrester client, be sure to check out our latest tools, adapted from our B2B marketing research, to help you further your B2C marketing operations function. More questions? Schedule a guidance session or inquiry with us! source

Generative AI (genAI) and agentic workflows are roiling technology services markets, overturning the 15-year stability of the prevailing business model. The era defined by time-and-materials pricing, agnostic technology positions, and people-driven business growth is no longer viable. Since the peak growth seen in 2021, which followed years of consistency post-Great Recession, it has become an entirely different story. Starting in 2022, four powerful forces began converging to disrupt the services status quo, forcing providers toward radically different choices and reshaping the sector to deliver what enterprises need now. These forces are: Consolidation and scaling of the core. For 15 years, technology has expanded into every nook and cranny of business, often funded as standalone projects. Now CFOs are pausing discretionary projects and asking their organizations to get more value from existing tech investments. IT responds by transforming the core, scaling platforms, consolidating redundant unused systems, and retiring tech debt. This will lay the foundation for investments in technology-driven growth. For service providers, this shows up as strong “large deal” bookings and weak discretionary bookings. This force could drag on for years. Ecosystems, alliances, and solutions. Enterprises depend on technology partners. Rapid innovation, complex ecosystems, and talent gaps make in-house execution impractical. For service providers, this means that alliance partners are now critical contributors to success. They must develop deep specializations and integrate platforms into solutions. Accenture, Deloitte, and others have long had partner-centric businesses. Others are newly energized: IBM Consulting, which in the past rarely mentioned partners, said that partners were involved in 40% of its deals in 2024. This force will gain even more potency as firms invest in AI computing. The AI effect. As pure knowledge businesses, service providers are on the front lines of genAI-powered disruption. GenAI-powered digital assistants supplement service providers’ teams’ work, augmenting their knowledge, skills, and experience as well as automating their tasks. The impact is more work completed in less time with fewer people — a huge deflationary force in a business that charges by the hour. This force is pushing providers to invest billions in genAI tooling, renegotiate contract deliverables, and build solutions and managed services. Tech’s labor/capital imbalance. Machinery is more predictable and reliable than manual labor. But IT remains a people-constrained activity, where people and skills are gating factors to successful outcomes. In this context, service providers have high motivation to use machinery to make their employees more productive. They invest in reusable software, data, and model assets; preassemble solutions and platforms; and automate as much work as possible, thus shifting the balance away from people and toward capital. The rise of agentic systems and new services-as-software businesses will accelerate this trend. Only Bold Providers Will Survive: Embrace Context And Co-Innovation To compete and establish a new long-term value proposition, providers must cannibalize their existing time-and-materials commercial models, riding the cost curve down and reskilling their workforce while reinventing their offerings and business models for the era of AI computing. Providers with scale and strong balance sheets will thrive and reinvent themselves as post-AI service providers, reconstructed to thrive in the AI computing era; smaller or less nimble providers will struggle. Technology Executives Should Run A New Services Playbook As the ground shifts when it comes to the role and contributions of service providers, technology executives should begin playing by some new rules: Ask for lower costs and faster delivery for complex projects. Factor a provider’s delivery and operating platforms into your selection process. Ask procurement to investigate value-based pricing for service contracts. Retire tech debt and rationalize apps to fund your core transformations. For the in-depth report, click here. source

AI is now embedded across nearly every domain of business and life. I’m starting to call this phenomenon the AI effect: the rapid spread of AI into everything, everywhere. It’s a shift that is both promising and pressing — exciting in potential but overwhelming in pace. Clients are increasingly anxious to know what the future holds. Specifically, leaders are asking AI value questions: Are we investing wisely? Are we getting value? How do we measure ROI? Three Ways That AI Is Already Reshaping The World In our vision report Change The Interface; Change The World, we define AI computing and predict how it will change the world. That future is now arriving in three critical ways: Creating AI-advantaged humans. AI-powered personal agents are beginning to act on behalf of individuals. For example, Genspark enables users to have AI make phone calls and automate many other routing tasks — signaling the early emergence of digital doubles. Reinventing the knowledge economy. AI is beginning to unlock and scale human expertise, leading to new business models powered by agentic productivity. Thoughtful AI, a claims automation startup, sells its AI agents based on the number of people that you won’t need to hire. Disrupting tech markets. The surge in demand for AI compute is giving rise to the AI cloud. Google Cloud Platform, once a distant third, is now the fastest-growing public cloud provider — driven in part by AI platform demand and differentiated infrastructure. These effects are building on each other, creating acceleration. I’m currently planning a report on the current and future state of AI computing to explore these trends in depth. What Clients Are Wrestling With Right Now In guidance sessions, I’m helping clients navigate the velocity of AI change. Here are the core challenges I’m seeing: AI value optimization. Clients are under pressure to prove ROI beyond pilots and prototypes. The challenge is balancing fast-moving tech with investment justification and long-term value realization. Getting ready for agentic AI. There’s confusion between automation, AI agents, and agentic systems. Our latest research defines these terms, but clients want more: how to assess maturity, build data readiness, and operationalize AI across teams. AI risk and governance. AI safety has become a board-level concern. Every major vendor is releasing a responsible AI scaling policy as they see that the raw power of emerging agentic systems needs advanced controls. Clients are starting to notice this and are asking me questions about how to prepare. The artificial general intelligence (AGI) question. With public predictions about AGI accelerating, clients are asking about it in my “future of AI” guidance sessions. While a breakthrough could happen anytime, true AGI is not imminent, especially as we see transformer architecture begin to hit a wall (see the latest disappointing Llama 4 results). What’s already emerging is a class of domain-specific super agents that are multimodal and multimodel (e.g., the Genspark example above). These conversations are also shaping my research agenda: separating hype from reality and guiding clients toward practical next steps that prepare them for the future. What’s Next: Building For Scale And Trust As clients move from vision to execution, one theme is becoming central: trust — trust in data, trust in models, and trust in outcomes. Without it, scaling AI — especially in high-stakes domains — stalls. As I highlight in my upcoming report, “The Top 10 Emerging Technologies In 2025,” trust will be the deciding factor in whether organizations realize the full value of the AI effect. That’s why Forrester Decisions for Data, AI & Analytics was created: to offer clients more than just vision but also best practices, how-tos, and templates to thrive in this volatile and chaotic time. Let’s Continue The Conversation If you’re a Forrester client, I encourage you to book a guidance session or inquiry. I’d be glad to share more of our latest thinking and help shape your strategy. If you’re not a client but have a compelling story or challenge, let’s connect. I’d welcome the opportunity to learn from you — and will happily share what we’re learning in return. Please read Change The Interface; Change The World, Turn Your Proprietary Knowledge Into AI Advantage, and Agentic AI Is Rising And Will Reforge Businesses That Embrace It for more forward-looking insight and practical advice on how to prepare for the future. Stay tuned for more research on our top emerging technologies for 2025, AI value, AI computing, and AGI. source

AI is rapidly driving innovation in today’s digital landscape. And at the core of any AI implementation is the infrastructure required to make the transformation. The seamless integration of the various components — such as hardware, software, networking, and computing capabilities — into one comprehensive system requires robust integration services. As a result, the AI technical services and system integrators market has been gaining traction as AI use cases begin to expand across more business capabilities. Defining AI Technical Services AI technical services include the delivery of repeatable and scalable AI solutions, encompassing AI and data infrastructure, governance, training, and innovation for an organization. The goal is to create a unified system that not only supports current needs but is also scalable and flexible enough to adapt to evolving future demands. Keeping Up With The Current Landscape To keep up with the current landscape, we have kicked off “The AI Technical Services Landscape, Q2 2025,” which will establish the initial evaluation of the AI system integrator services market. In this Landscape report, we will primarily cover services/capabilities of global system integrators that make AI scalable and reliable. This includes but is not limited to discussion on cloud services, AI architecture optimization, agentic AI lifecycle services, edge AI solutions, and AI innovation. Why Is This Important? AI use cases and applications are widespread across diverse industries. As organizations begin to optimize with AI, they need to maintain the lifecycle (i.e., support, development, training, and maintenance) of their AI solutions. AI technical services help support the lifecycle maintenance of AI solutions ranging from custom AI solution development with peak efficiency to ensuring ethical and regulatory compliance. By understanding the AI technical services landscape, organizations can take a proactive approach with their AI solutions lifecycle and maximize the value and impact of AI. If you’re a Forrester client and are interested in discussing AI solutions or having a conversation about this dynamic landscape, schedule a guidance session with me. source

Litigation has become the default method for companies to resolve disagreements, force accountability, and establish recourse for everything from breach-related failures to contractual disagreements. A recent lawsuit filed by VMware (now owned by Broadcom) against its customer, Siemens’ US operations, for alleged use of unlicensed software is not unique and should serve as a stark reminder that poorly governed software licenses and assets come with a risk to both sides and will impact the technologies we depend on. The Siemens-Broadcom Saga: He Said/She Said Broadcom is accusing Siemens of using multiple VMware products without proper licenses. This “aha!” discovery that thousands of software licenses were illegally downloaded was only brought to VMware’s attention, however, after Siemens provided a list of installed software that it insisted was “eligible for the one-year extension of Support Services,” even though some of those installs could not be associated with an active software license. Siemens had threatened legal action if it did not receive those extensions, and VMware countered with the observation of the license violations. Both sides hold responsibility for guarding legal license use, so it’s an oopsie on both sides. The result is a legal battle certain to cost both companies millions in attorney fees and litigation costs, along with a legal discovery process that could unearth more licensing violations — not to mention potentially compromise Siemens’ ability to get support services for the duration of the lawsuit. Pay Attention To The Details, As Mistakes Have Consequences “True-ups” are often negotiating tools for vendors. They can start with a request for a software audit but often then lead to finding unlicensed software that the business either needs to pay for or discontinue use of. The intersection of infrastructure software, virtualization, and massive operational scale can mean large areas of unaccounted expense from true-ups where a business has no choice but to pay or disrupt the business. For example: IBM raked in millions from WebSphere licensing when businesses started virtualizing its WebSphere servers because the licensing was based on the software’s access to all the physical CPUs in the virtualized cluster. Until customers set up subcapacity licensing and the software agents to track it, they were on the hook for the additional licensing costs. Oracle customers have run into similar issues when running Oracle Database on HCI clusters due to Oracle’s licensing parameters. Efforts to get better utilization through virtualization while also avoiding these licensing issues have driven many organizations to adopt disaggregated HCI or even to create targeted smaller clusters for Oracle use. VMware’s licensing changes are affecting many, as the piecemeal licensing that businesses were used to is converted to a bundled platform license where they then incur the charge for platform components that they haven’t used in the past, often duplicating the functionality of existing infrastructure investments. These are just a few examples. Pick a large software vendor and you can find similar stories. Finding license violations is a common tactic for vendors to identify what they see as unrealized income and can mean hundreds of thousands to millions of dollars in license costs for an enterprise customer. License changes, product bundling changes, and major infrastructure paradigm shifts can introduce a mismatch between what someone has paid for and what they should have paid for. Additionally, automated deployment, especially if the software is a key component of your tech stack, can lead to overuse at scale and create a big licensing risk for your company. Accurate tracking is a must to manage that risk, but be careful with vendor-supplied license management tools. Those tools can be a way for a vendor to see the license overuse before you do. Assume that your license use is part of a negotiation; treat it that way, and manage that negotiating resource appropriately. Lessons For Software Vendors And Their Consumers As your ecosystem of software and services becomes larger and more complex, it’s time to revisit the basics of how you can prevent disruption to business operations and avoid the negative optics of a similar situation at your company. Focus on effective vendor management and licensing best practices. To do this, consumers of software must: Conduct regular license audits. Regularly review and audit software licenses to ensure compliance and avoid unlicensed usage. Audits should not be your crutch, however. For automated deployments, use valid license checks before deploying rather than just auditing the environment after the fact. Even better, create deployed license thresholds so that when you are close to reaching the limits of what you have already purchased, an alert can be sent to procurement or a tech leader to address the situation before it slows down your operations. Use tech to manage software licenses. It’s your responsibility to know how many software licenses are deployed in your environment. Implement tooling to track and manage your software licenses efficiently, check that the numbers match up with what you have contracted and paid for, and educate employees about the importance of software licensing and compliance to prevent inadvertent violations. In addition to the idea of adding license checks to deployment automation, you can also automate new license provisioning and hopefully retirement if your vendor provides a mechanism for it. Rethink procurement and contracting processes. Software is constantly changing, and your procurement practices need to keep up with new trends in bundling and packaging. Develop and enforce clear policies for software procurement, encourage procurement to ask hard questions around inadvertent violations, and ensure that contract language protects your company’s position if noncompliance is unintentional. Software vendors must: Set thresholds for noncompliance. Not all software licensing violations are by an egregious amount or a result of flagrant disregard of the contractual agreement. Understand what leeway you’re willing to provide and make it clear in the contract that overage can’t exceed a certain percentage or number of licenses. Provide a time frame for violations to be resolved, such as a 30- or 60-day period after notice is given. Don’t ignore contract governance. Most companies spend their time and

One of the most interesting aspects of my role as a Forrester analyst is hearing marketers ask questions about how others in their position or industry are approaching measurement. A common fear I hear is that “everyone else” in a client’s competitive set has figured things out and the client brand is being left behind. To help assuage these fears, we recently analyzed data from Forrester’s Marketing Survey, 2024, to uncover the state of B2C marketing measurement. While marketing measurement is still a work in progress for most companies, marketer confidence in their ability to measure marketing’s business value accurately and consistently is high. Fewer than 5% of marketers say that they have not been able to prove the long-term impact of marketing. But between data deprecation, fragmentation of channels, and increasing consumer complexity, marketing analytics and measurement isn’t getting any easier. Here are three takeaways from our analysis: Marketers manage a broad set of metrics. Revenue growth remains the top metric used by marketers to gauge both the business impact of marketing and the performance of individual marketing initiatives, but they are also being asked to track customer outcomes (i.e., satisfaction, loyalty, retention, profitability) and increase brand value. Twenty-nine percent of marketers say they routinely use brand value to measure and attribute the incremental business value of marketing, up from 19% in 2023. Tools and resources are major drivers of measurement confidence. The marketers who are most confident in their ability to measure marketing’s incremental business value are also the most confident in the ability of their tools, teams, and data to meet their needs for timely insights. This portends a potential future split between the haves and have-nots, where ability to accurately measure is dependent on investing today in measurement technology, data, and teams. Brands that are not yet investing in creating a measurement-informed culture will only find it more difficult to catch up going forward. Data issues remain the top marketing measurement challenge. Data challenges continue to make marketers’ measurement jobs tougher. Too many unconnected data sources and inconsistent levels of quality among data sources hold them back from making use of measurement and analytics, and B2C marketers continue to lose trust in third-party data, which impacts their ability to measure granular audience segments. Sixty-eight percent of marketers are reevaluating their third-party data partnerships. For more detailed insights into how B2C marketers are thinking about measurement, read our recent report, The State Of B2C Marketing Measurement, 2024. In the coming months, I’ll also be publishing reports on data requirements for marketing measurement, how to build strong measurement teams, best practices for extracting value from your marketing mix model, and how generative AI is impacting the marketing measurement landscape. If you would like to discuss your own approach to marketing measurement and how to prepare for the future, schedule a guidance session here. source

In the ever-evolving landscape of global trade, the recent imposition of new tariffs and sanctions is leaving many business leaders concerned about the future of their supply chain strategies. Navigating through the complexities of today’s global trade environment presents a multifaceted challenge for businesses. While, in the short term, consumers will bear the brunt as importers include tariffs in their prices, this moment also presents an opportunity for supply chain leaders to diversify and digitize their supply chains for greater resilience. In earlier research, we outlined three steps that business leaders should take to digitally transform their supply chains. Tariffs are just one element shaping global trade flows, especially in a world of increasing regulation and compliance mediated by shared data about materials, methods, and treatment of labor. Meanwhile, the COVID-19 pandemic and the ongoing war in Ukraine demonstrate that the location of manufacturing still matters and that companies need to diversify their supply chains to maintain an optimal balance between cost and flexibility. In another recent blog, we already discussed how prospective tariffs might impact supply chain processes and supporting applications. Industries That Are Being Challenged To Scale Up Domestic Production Face The Greatest Risk Manufacturing: Manufacturers in automotive, pharmaceutical, and consumer electronics are most heavily impacted by tariffs. COVID-19 demonstrated the risks of exclusive reliance on global supply chains, susceptible equally to disruption from war, pestilence, or tariffs. Manufacturers like Ford and General Motors consider all risks including exposure to tariffs in their sourcing strategies and use local suppliers to mitigate risk. Other manufacturers such as HP build optionality into their supply chain strategies. This buys options on production capacity in case a particular product offering takes off, but it also avoids outright commitment to subcontractor capacity in case of weaker demand. You can actually measure the business value of your supply chain optionality using Forrester’s Total Economic Impact™ (TEI) methodology. Agriculture: The agricultural sector suffered from tariffs imposed on US exports such as soybeans, dairy, and pork. China, one of the largest markets for US agricultural products, retaliated against earlier US tariffs by imposing its own duties on these goods, significantly reducing demand. Some farmers sought new markets, while others cut production or shifted to alternative crops. The ripple effect of tariffs on agriculture extends beyond farmers, affecting global supply chains and consumer prices. The situation is exacerbated by the current export challenges faced by Ukraine, historically known as the breadbasket of the world. Semiconductor-dependent industries: The US’s efforts to curb China’s strength in embedded electronic components, together with the EU’s sovereign cloud initiatives, force global manufacturers to manage a technology stack for each imperial block. Manufacturers must carefully choose their markets of operation. For example, the Dutch tool maker ASML obtained exemption from US sanctions only after negotiations between their governments. Meanwhile, Chinese firms placed $16 billion orders with NVIDIA ahead of tighter export regulations. Life sciences: The pharmaceutical and life sciences sector faces its own set of challenges with the US pushing toward domestic production of critical drug ingredients. The adoption of advanced supply chain tools, such as TraceLink, reflects the industry’s move toward greater transparency and resilience. The Role Of Logistics And Freight Suppliers Will Further Increase In a climate fraught with trade uncertainties and slowdowns, logistics and freight suppliers emerge as crucial navigators. Their expertise in customs clearance and compliance becomes invaluable, guiding businesses through challenging terrain. Continual maintenance of enterprise master data (for example, ship-to and ship-from addresses) helps master attributes such as sustainability or country of origin. The adoption of global trade management solutions like those provided by SAP and Oracle exemplifies the strategic measures that companies can take to ensure smooth operations amid the complexities of global trade. I look forward to hearing your viewpoint on how to best deal with current uncertainty and flourish in the next four years. In the meantime, please book a guidance session to discuss how you can leverage our research and tools to create better supply chain resilience. I also want to thank Forrester Research Associate Lorenzo Annicchiarico, who contributed to this blog. source

In February 2025, I transitioned to the role of vice president and research director for international security and risk. With the change, I’m extending my remit from successfully leading our APAC Security & Risk Forrester Decisions business to our well-established EMEA function. I also move from an individual contributor role to one where I’m leading a team of extraordinary people, and I’m now responsible for our collective research agenda across EMEA and APAC. As I deep-dive into our backgrounds, existing research, and capabilities, I feel a sense of pride, hope, and joy at the opportunity ahead. As a team, we cover a multitude of security and risk priorities (see figure below). We’re also geographically distributed across six countries in EMEA and APAC — no one else is as uniquely positioned to add this level of global perspective to our research and our clients. In my excitement and anticipation, I’d like to introduce you to our newly formed team and our 2025 priorities: Paul returns to the analyst chair, supporting Forrester’s global enterprise and cyber risk management and maturity assessment. Luckily for us, Paul McKay made the decision to get back in the analyst chair as VP and principal analyst, working with Alla Valente and Cody Scott to globally support cyber risk management research. Paul has already delivered some hard–hitting research and blogs that have the potential to move our clients to do important things. This includes refreshing Forrester’s Information Security Maturity Model (FISMM) and an informative blog outlining the key risks in the 2025 WEF Global Risks Report. Paul will also be working on key technology and service markets, including governance, risk and compliance (GRC) platforms. He’ll also reclaim his prior cyber risk ratings coverage, leading a Forrester Wave™ evaluation in 2026, and he’ll evaluate risk consulting services. Tope leans into his background to deliver pragmatic Zero Trust, managed detection and response, and digital identity research. With an international background in security architecture, penetration testing, and advisory, Tope Olufon’s research reflects this background, leading Forrester’s efforts in the managed detection and response (MDR) space in Europe and soon to publish a new landscape and Wave evaluation in 2025. He works with our Zero Trust (ZT) colleagues with a focus on making ZT pragmatic, delivering our research on How To Build A Zero Trust Roadmap. Tope is currently writing research on how to think like an attacker in order to use offensive security techniques to uplift ZT capabilities. Leaping off his research on Europe’s fragmented, but hopeful, digital identity landscape, Tope will continue to drive our research on digital identity market trends and their practical applications in the workplace. Madelein sets herself a broad and ambitious agenda, covering security org structure, consulting services, resilience regs, and API security. Madelein van der Hout has an ambitious agenda for 2025. She is ramping up to lead Forrester’s research on security organizational structure and operating models, a highly requested topic by our clients. (Heads up: We’ll be calling out for research interviews shortly.) She continues to lead Wave evaluation efforts on cybersecurity consulting in Europe, with a new Wave report to be published this year. Madelein will support Amy DeMartine’s research on operational resilience in 2024, focusing on regulations and mandates, especially DORA — a hot topic for our clients. She also has plans to double-click into her 2024 API security coverage with Sandy Carielli, giving our clients a well–needed API security roadmap. Enza and Meng enrich our international research, leading on privacy, trust, AI regs, identity and access management, and threat intel. Enza Iannopollo joined Forrester around the same time as I did, and it’s been an honor following her career path in becoming one of the world’s most sought–after experts on privacy and trust ethics — one of the rare people who earns standing ovations at privacy keynotes. She has led significant research on the EU AI Act, how sellers can trust the use of generative AI, and synthetic data. Meng Liu heralds from a payments background, expanding his coverage in recent years to adjacent areas in fraud management, anti-money laundering, and identity verification in collaboration with Andras Cser. Meng saw his research as a natural transition to security and risk and will collaborate with Jitin Shabadu to expand his coverage in APAC to threat intelligence, especially given its adjacency to fraud-related issues such as impersonation and deepfake detections. Meng will also collaborate with Geoff Cairns to expand our most requested topics in APAC: identity and access management (IAM). My career purpose of human-centered security, security culture, and security leadership will continue. I will still contribute to research that aligns to my purpose, which is making security human-centered, as well as focusing on the security and risk priority to lead a high-performing security organization and culture. In this capacity, I will lead markets and research on topics such as human risk management and security culture, as well as some select security and CISO leadership and career path research. Inevitably, I will have to relinquish some deeply loved parts of my agenda, which are critical to our clients, to very capable hands. Madelein will update our research on security champions networks, the CISO’s guide to successfully leading change, and human risk management metrics. Jess Burn will take over my plans for research on leadership and human skills in security to complement her existing cybersecurity skills body of work. As a team, we continue to be relentlessly committed to our clients, our research, and each other. With our global security and risk colleagues, we look forward to serving you in the above capacities. Forrester security and risk clients who have questions about the following risk, security, or privacy-related topics can connect via inquiry or guidance session to our experts: Human-centered security, security culture, security leadership, or human risk management: Jinan Budge GRC, cyber risk ratings, risk services, or enterprise and cyber risk management: Paul McKay Building ZT roadmaps, MDR, or digital identity: Tope Olufon Security org structures, consulting services in Europe, resilience regulations, or API security: Madelein van der Hout Privacy, trust, AI regs and ethics, or

In today’s unpredictable economic climate, chief information security officers (CISOs) face familiar — but intensified — challenges. From US government funding cuts to global geopolitical instability, organizations must operate in an environment that is more volatile than ever. Our latest Forrester report, Security Leaders: How To Thrive Through Volatility, provides actionable insights for CISOs to navigate these turbulent times. Here are a few of the key lessons and what they mean for you. Optimize Costs Without Compromising Security Prioritize customer-facing security initiatives: Economic volatility doesn’t mean that you should slash your security budget indiscriminately. Instead, focus on initiatives that directly affect your customers. According to Forrester’s Q4 Tech Pulse Survey, 2024, two-thirds of IT decision-makers say that customer requirements dictate their security plans. Cutting security spending now could hurt customer retention and harm your revenue, something that could take years to recover from. Defend your security budget by emphasizing the importance of customer-facing security measures such as DDoS protection and customer identity and access management (CIAM). Leverage flexible pricing options: Renegotiating contracts with existing vendors can be challenging, but many security vendors now offer “flex” pricing options. These allow you to swap in and out of various products and services while maintaining a minimum annual spending commitment. This flexibility can help you adapt your spending to current needs without sacrificing security. CrowdStrike Falcon Flex and Trend Micro’s credit-based licensing are two examples of this flex pricing options. Embrace Change Management Be a visible change leader: In rapidly changing times, CISOs must provide stability and clarity. Effective change leaders follow a cadence of activities, including clarifying vision, resolving uncertainty, and celebrating successes. Build a strong foundation by addressing capabilities, culture, career paths, communication, and, where possible, transparency to reduce anxiety. Foster continuous learning: Cultivate a culture of continuous learning to adapt quickly to new technologies and challenges. Provide time and resources for upskilling and promote practices that encourage process improvement. In addition, participate in peer discussions and forums with other CISOs and practitioners to gain insight into how other leaders and their teams are handling these issues. Double Down On Enterprise Risk Management Address insider threats: Focus on insider risk management, especially if your organization is undergoing reorganizations or layoffs. Protect sensitive intellectual property with strong identity and access management, data security, and insider risk controls. Manage ecosystem risks: Your organization’s security depends on your partners’ practices. Document requirements, apply appropriate oversight, and link them to resilience. Navigate heightened protectionism and regulatory frameworks to ensure continued operations. Conclusion Navigating economic volatility requires flexibility, strategic spending, and a strong focus on risk management. By following the actionable advice in our report, CISOs can help their organizations thrive even in uncertain times. For a deeper dive into these strategies, read our full report, Security Leaders: How To Thrive Through Volatility. source