Forrester

Can AI be trusted? Do people put too much faith in this nascent technology? These questions have persisted — and will continue to evolve — as AI tools become more sophisticated and their applications more complex. The answer isn’t straightforward. Trust in AI isn’t a “one size fits all” metric. It varies significantly depending on the specific use case and is shaped by cultural, demographic, and technological contexts. Forrester’s 2025 “Consumer Insights: Trust In AI” reports explore these nuances, revealing how consumer attitudes differ across North America, Europe, and Asia Pacific. Familiarity Drives Use — But Not Always Confidence Across all three regions, AI usage is climbing. In North America, 38% of US online adults have used generative AI, with 60% of those using it weekly. In Europe, nearly a third of consumers have tried genAI tools. And in APAC, adoption is highest in metro India, where over half of online adults report using it. Yet this growing familiarity doesn’t always translate into trust. Many consumers feel conflicted — adopting AI tools while simultaneously fearing their misuse. In fact, half of genAI users in both North America and Europe admit that they don’t tell others they use it, citing feelings of shame and uncertainty. Consumers are worried about misinformation, fraud, and the erosion of control — especially when they can’t tell whether AI is being used in their interactions with companies. Knowledge Breeds Polarization One of the most revealing insights from the reports is the role of AI literacy. Consumers who consider themselves knowledgeable about AI are both more trusting and more skeptical. They’re more likely to recognize its potential — but are also more attuned to its risks. In Europe, less than 30% of consumers feel knowledgeable about AI, with Gen Zers and students leading the way. In North America, only 24% of US and 20% of Canadian adults say the same. And in APAC, knowledge varies widely: Just 5% of metro Indians say they’re not knowledgeable, compared to 34% of Australians. This divide matters. Knowledgeable consumers are significantly more likely to trust AI-generated information — but they’re also more likely to believe that AI is biased or poses a societal threat. For businesses, this means that building trust isn’t just about transparency — it’s about education. Consumers Want Transparency And Governance — But Don’t Trust Institutions To Deliver It Across all three regions, consumers are calling for stronger oversight. Most want companies to disclose when AI is used in customer interactions. Many also support government regulation — especially in Europe and Canada, where privacy concerns are paramount. But trust in institutions is low. In Europe, fewer than one in five consumers trust public-sector bodies to manage AI risks. In North America, only 15% of US adults trust companies that use AI with customers. And in APAC, while demand for regulation is high, faith in both public and private institutions to deliver it is limited. Consumers are clear about what they want: protection from fraud, misuse, and unethical behavior. But they’re not convinced that governments or corporations are up to the task. Why This Matters As AI becomes more pervasive, trust will be a defining factor in its success. These reports offer a timely and data-driven look at how consumers are thinking about AI — and what organizations must do to earn their confidence. Download the full reports to explore: Regional differences in AI trust and adoption. Demographic insights by age, gender, and employment status. Consumer expectations for AI governance and risk management. Forrester clients can explore the Europe, North America, and APAC reports and connect with us via guidance sessions or inquiries. source

Die heutige Volatilität wird die Mittelmäßigkeit von Morgen sein, zumindest was die Budgeterwartungen für das nächste Jahr betrifft. Angesichts von Zöllen, Handelskriegen, Cyberbedrohungen, unterschiedlichsten Kundengruppen und wirtschaftlichen Sorgen sind Führungskräfte aus Wirtschaft und Technologie deutlich weniger optimistisch als noch vor einem Jahr, wie unsere aktuelle weltweite Umfrage unter mehr als 2.600 Führungskräften zeigt. Aber wenn uns die letzten Monate eines gelehrt haben, dann ist es, dass sich die Dinge jederzeit ändern können (und werden). Konservative Erwartungen sind zwar ein guter Ausgangspunkt, es wäre jedoch ein Fehler, sich zu sehr auf sie zu verlassen.  Die von Forrester frisch veröffentlichten 2026 Budget Planning Guides bieten datengestützte und umsetzbare Ratschläge für den Umgang mit den Unwägsamkeiten der diesjährigen Planungssaison. Die Leitfäden enthalten Insights und Empfehlungen, die Führungskräfte aus den Bereichen Technologie, Marketing, Customer Experience, Digitales und Sales Orientierungshilfe in Bezug darauf bieten, wie sie durch Investitionen, Ausgabenkürzungen oder Experimente das Wachstum ankurbeln können. (Kunden können unsere Leitfäden zur Budgetplanung für Führungskräfte aus den Bereichen Technologie, Marketing, Customer Experience, Digitales und Sales hier abrufen. Wenn Sie nicht bei uns Kunde sind, können sie hier auf ausgewählte Leitfäden zugreifen.) Jeder Leitfaden enthält rollenspezifische Empfehlungen, der Fokus liegt jedoch stets darauf, den Führungskräften dabei zu helfen, ihre Flexibilität und Anpassungsfähigkeit zu bewahren.  Die wichtigsten Maßnahmen, die 2026 ganz oben auf der Liste stehen sollten, sind unter anderem folgende:  Intensivieren Sie Ihre Programme für Datenkompetenz und die KI-Schulung von Mitarbeitern. Anekdotische, aber aussagekräftige Belege zeigen, dass weniger als 20 % aller Unternehmen Analyse-Tools aktiv einsetzen. Das muss sich ändern, denn die Schulung der Mitarbeiter im Umgang mit KI ist eine Voraussetzung für langfristigen Erfolg. Unternehmen müssen sicherstellen, dass ihre Mitarbeiter wissen, wie sie Daten und KI-Tools effektiv und ethisch nutzen können.  Fokussieren Sie sich auf Customer Insights und Datenmanagement. Führungskräfte, die in unsicheren Zeiten eine genaue Vorstellung von Ihren Kunden haben, sind anderen Führungskräften gegenüber im Vorteil. Investieren Sie in Technologie für Kundendatenmanagement und erweitern Sie Ihre Tools zum Management von Kundenfeedback durch Insights, die Sie durch Consumer Intelligence Platforms und Erstanbieter-Daten zum digitalen Verhalten gewinnen, um ein vollständigeres und aktuelles Bild von Ihren Kunden zu erhalten. Entwickeln Sie eine rigorose Datenerfassungsstrategie, die darauf basiert, welche Daten Sie brauchen, wer diese Daten besitzt und mit welchen Systemen sie integriert werden müssen.  Überdenken Sie Ihre Cloud-first-Strategie. Aufgrund neuer Regeln zu Datenhoheit und Resilienz, der wachsenden Zahl an produktionsreifen Anwendungsfällen für generative KI (genAI) sowie anderer Faktoren hat sich die Diskussion um die öffentliche Cloud von „Cloud-first“ zu „Cloud-as-necessary“ verlagert. Erwägen Sie die Möglichkeit, Workloads mit konsistenten Nutzungsprofilen und lokalisierter genAI wieder in On-Premise-Lösungen zurückzuführen oder sie dort zu belassen. So können Sie die Kosten für Daten senken, die unter staatliche oder branchenspezifische Vorschriften fallen, oder bei Szenarien mit hohem Rechenaufwand wie genAI die Latenz minimieren.  Testen Sie agentenbasierte KI für die Aufgabenautomatisierung zuerst in einer einzelnen App und dann über alle Business-Apps hinweg. Entdecken Sie das disruptive Potenzial agentenbasierter KI, indem Sie autonome KI-Agenten ausprobieren, die (irgendwann) unabhängig Aufgaben ausführen und Entscheidungen treffen können. Probieren Sie zuerst KI-Agenten aus, die Aufgaben nur auf einer Plattform automatisieren, und fügen Sie dann allmählich weitere Plattformen und Fähigkeiten hinzu. Achten Sie besonders auf die Kommunikationsprotokolle, die für die Orchestrierung von Multiplattform-Agenten verwendet werden, da sich diese Standards ständig weiterentwickeln.  Die 2026 Budget Planning Guides von Forrester beschäftigen sich detailliert mit diesen Empfehlungen und enthalten zudem weitere funktionsspezifische Insights für Ihre Planung und Ihr Budget. Mithilfe unserer Leitfäden können Sie trotz steigender Volatilität getrost dem kommenden Jahr entgegensehen. source

Gerade wenn Sie denken, dass Sie bereits alles gesehen haben – postpandemische Katerstimmung, geopolitische Konflikte und die Volatilität des globalen Markts – stehen bereits noch tiefgreifendere Veränderungen durch die von KI vorangetriebene Revolution vor der Tür. Tech-Verantwortliche haben nun die Wahl: Sie können entweder eine reaktive Haltung einnehmen und abwarten, bis der Sturm vorbeigezogen ist (was voraussichtlich nicht allzu bald geschehen wird), oder sie können aktiv die Chance ergreifen, eine Technologiestrategie und eine Roadmap zu entwickeln, die KI-Möglichkeiten nutzen und fördern, Risiken geschickt umgehen und das Geschäft vorantreiben.  Auch wenn sich bereits eine gewisse KI-Müdigkeit unter europäischen Technologie-Führungskräften bemerkbar macht, ist jetzt immer noch der richtige Zeitpunkt, um KI verantwortungsbewusst und ethisch in Ihr Unternehmen zu integrieren und über den einzelnen Anwendungsfall hinaus zu skalieren. Nutzen Sie KI-Computing und agentenbasierte Systeme für intelligente Automatisierung, schnelle Entscheidungsfindung und neu gestaltete digitale Erlebnisse. Überdenken Sie gleichzeitig Ihre Cloud-Strategie in Bezug auf Kompatibilität, Cybersicherheit und Souveränität. Um geschäftliche Anforderungen schnell in die Realität umzusetzen, ständig ansteigende Lieferantenkosten zu senken und sich von lähmenden Technologieschulden zu befreien, sollten Sie Plattformen zur Generierung von Anwendungen nutzen.  Sie stehen nicht alleine da  Es tut sicher gut, zu wissen, dass sich viele andere Unternehmen ebenso wie Sie von den neuesten Herausforderungen erschlagen fühlen. Um in dieser entscheidenden Zeit einen kühlen Kopf zu bewahren und die Strategien zu konzipieren, die Sie für die neue Ära unbedingt brauchen, sind Sie herzlich eingeladen, gemeinsam mit den führenden Experten von Forrester und Kollegen aus anderen Unternehmen am Technology & Innovation Summit EMEA teilzunehmen, der vom 8. bis 10. Oktober in London stattfindet. Bei der diesjährigen Veranstaltung werden wir Technologie- und Sicherheitsverantwortlichen die Kompetenzen, Praktiken und Plattformen vorstellen, mit denen sie das Chaos der heutigen Technologieanforderungen beherrschen und in einem volatilen Umfeld Hochleistungen erzielen können.  Auf dem Technology & Innovation Summit bieten wir über 40 ausführliche Track-Sessions, Workshops und Diskussionen, in denen wir praktische Insights und konkrete Strategien zur Umsetzung in Ihrem Unternehmen vermitteln. Ganz gleich, ob Sie Ihre KI-Strategie entwickeln, Ihre Technologieplattform modernisieren oder Ihr Unternehmen in schwierigen Zeiten absichern möchten – Sie werden mit neuen Impulsen zurückkehren, um Innovationen und den Unternehmenswert voranzutreiben. Beim diesjährigen Summit werden wir uns unter anderem den folgenden drei Themen widmen:  Übernehmen Sie wieder die Kontrolle  Angesichts der Vielzahl an aktuellen und noch kommenden Veränderungen haben viele Technologieführer das Gefühl, dass ihnen die Zügel entgleiten. Beim Technology & Innovation Summit stellen wir die strategischen Rahmen vor, die Tech-Verantwortliche brauchen, um wieder die Kontrolle zu übernehmen und den Geschäftswert zu steigern. Die Teilnehmenden werden Folgendes lernen:  Erstellung resilienter IT-Strategien und umsetzbarer Roadmaps, die sich auf Emerging Technologies stützen und den Fokus auf die transformativen Auswirkungen von KI auf Unternehmensarchitekturen und wichtige IT-Fähigkeiten legen.  Anwendung pragmatischer Ansätze für Wertschöpfung und Finanzmanagement, wie sie eine dynamische Welt erfordert.  Analyse und Antizipation aktueller und kommender Risiken, Konzepte für digitale Souveränität, KI und andere komplexe Regulierungsvorgaben sowie entschlossenes Handeln zur Absicherung Ihres Unternehmens.  Brechen Sie Silos auf  Seit vielen Jahren sind voneinander isolierte Geschäftsabläufe ein Hindernis für eine effektive Technologiebereitstellung. Technologieführer und ihre Geschäftspartner müssen sich zusammenschließen und eine Kultur der kontinuierlichen Anpassung an sich ändernde Geschäftsanforderungen schaffen. Beim Technology & Innovation Summit lernen Sie, wie Sie mithilfe moderner Tech-Strategien isolierte Kernsysteme in skalierbare Plattformen umgestalten und die neuesten Emerging Technologies für Differenzierung und Wachstum nutzen können. Wir zeigen Ihnen Best Practices auf, wie Sie technische Schulden verringern können, und erläutern die Blaupausen für den Umstieg von traditionellen Technologien auf zusammensetzbare und skalierbare Assets.  Skalieren Sie Ihre KI-Lösungen  Mit KI können Sie Ihr Geschäft völlig neu aufstellen, aber oft gestaltet sich die Skalierung über den ersten Anwendungsfall hinaus sehr schwierig. Um die Umstellung zu bewältigen, brauchen Unternehmen eine ehrgeizige Vision für die Neugestaltung der Prozesse, zusammen mit fortschrittlichen Daten- und Automatisierungsstrukturen. In London helfen wir Ihnen dabei, eine robuste Daten- und KI-Strategie zu entwickeln, eine starke Daten- und KI-Governance einzuführen und die richtigen Technologien auszuwählen, um Unternehmensdaten zu nutzen und die Prozessorchestrierung voranzutreiben. Für einen erfolgreichen Einsatz von KI müssen Sie verstehen, wie sich Transformation durch die Skalierung von KI und Emerging Technologies über einen einzelnen Anwendungsfall hinaus vorantreiben lässt, um auf diese Weise eine Kultur der kontinuierlichen Innovation für das Unternehmenswachstum zu schaffen.  Hoffentlich bis bald in London  Während ich dies schreibe, ist das Forrester-Team damit beschäftigt, alle Vorträge für den Technology & Innovation Summit EMEA vorzubereiten und zu proben. Nach dem, was ich bisher gesehen habe, verspricht es wieder eine großartige Veranstaltung zu werden. Ich hoffe sehr, dass Sie daran teilnehmen können, und freue mich darauf, Sie alle dort zu begrüßen.  source

Enterprises continue to invest heavily in software to streamline operations, enhance employee experience, and drive customer engagement, yet adoption is often the missing link between technology investments and measurable business outcomes. This is where digital adoption platforms (DAPs) come into play. DAPs help users navigate complex digital and AI-powered environments by offering contextual guidance, automation, and analytics. But despite their promise, many DAP initiatives stall or fail to scale due to fragmented ownership, inconsistent execution, and lack of strategic alignment. To overcome these challenges, forward-thinking organizations are establishing centers of enablement (COEs) dedicated to DAPs. The Problem: Siloed DAPs Deliver Fragmented Value Without a centralized strategy, different departments deploy different DAPs inconsistently, creating: Redundant efforts and wasted resources. Poor UX due to inconsistent guidance. Limited visibility into adoption metrics across the enterprise. The Solution: Strategic Alignment Through Centralization A COE creates a unified framework for DAP deployment and governance. It aligns DAP initiatives by directly supporting business objectives, such as: Improving employee productivity by reducing friction in digital workflows. Accelerating software ROI through better usage and engagement. Enhancing change management by supporting users during transitions. While centralization has clear benefits, overcentralization can inhibit creativity and effectiveness. Tailor the COE to serve your digital adoption priorities. Avoid COEs that are resource-heavy and choose hybrid models that centralize core functions and governance, but allow decentralized management for operational effectiveness. The Impact: From Point Solutions To Enterprise Enablement COEs unify ownership, governance, expertise, and best practices, transforming DAPs from tactical tools to an enterprisewide enablement layer. This becomes critical as AI-powered solutions proliferate: Employees need consistent support to work effectively with rapidly evolving technologies. A COE for DAPs helps you: Scale. Replicate successful implementations across teams and geographies through centralized framework and knowledge management. Innovate. Balance rapid experimentation with enterprise governance, ensuring compliance while meeting emerging user needs. Measure. Track adoption KPIs centrally, validate DAP goals periodically, and continuously optimize resource allocation. Organizations that invest in a DAP COE position their organizations to scale digital transformation and realize full technology investment value. Our research, Scale Your DAP Initiatives With A Functional Center Of Enablement, discusses the challenges in setting up COEs and outlines best practices to build a functional COE to scale DAPs for your enterprise. Visit my Forrester bio page and click “Follow” to receive notifications about upcoming research. Forrester clients can also schedule an inquiry or guidance session to delve deeper into this topic. source

Cybersecurity presentations are known for having pithy titles (usually, the more provocative, the better). And nobody will lose any points for dunking on a concept or term with as much saturation — and overuse in marketing — as Zero Trust. On that score, AmberWolf’s talk at DEF CON 33, titled “Zero Trust, Total Bust: Breaking Into Thousands Of Cloud-Based VPNs With One Bug,” ticks all the boxes. But what about the substance of the critique? Did the research uncover fundamental flaws in Zero Trust? Although we think the research uncovered some significant issues, calling it a “total bust” is definitely overblown. AmberWolf Identified Significant Flaws In Multiple Products Over the course of seven months, AmberWolf researchers examined Zero Trust network access (ZTNA) products from security vendors Check Point, Netskope, and Zscaler, finding multiple security issues — more specifically, identity and access management (IAM) problems: user impersonation, authentication bypass, local privilege escalation, and access to an SFTP server containing client logs and authentication material. In short, they found the same sorts of vulnerabilities that routinely appear in other software. The issue with security flaws in Zero Trust platforms themselves is that these platforms serve as foundational infrastructure and guardians responsible for access policy (authentication and authorization) enforcement to a wide variety and large number of enterprise resources instead of just one. These issues also highlight lingering implicit trust. We’ve made great strides in verifying users and endpoints, but we still rely on other systems to 1) implement and enforce policies reliably and 2) be trustworthy by virtue of being (mostly) free of critical, exploitable defects. The AmberWolf research demonstrates a breakdown in both. Zero Trust Isn’t A Product It bears repeating that Zero Trust isn’t a single thing (and it’s most definitely not a product). Zero Trust is a combination of things such as strong authentication (of users, devices, and apps/workloads), enforcement of least privilege, segmentation, data classification, and more. Each of the Zero Trust domains is intended to work on its own and in concert with the others to ensure that a failure in one control doesn’t result in a catastrophic breach. The metaphorical purpose of the architecture, in other words, is to prevent fire or — barring that — contain its spread and limit the resulting damage. Depending on any one element to achieve that goal is a textbook example of a single point of failure and antithetical to the philosophy and goals of Zero Trust. Product Security Problems Don’t Invalidate Architecture The ZTNA products that AmberWolf examined are unfortunately not the first security products to have security flaws. It’s quite a leap, however, to say that flaws in security products mean that an underlying security architecture principle is flawed. If building materials like cement and steel are defective, we don’t say that the design principles behind building a skyscraper are junk. Instead, we look at the root cause of the flaws in those materials and figure out how to avoid them in the future. If it’s a pervasive issue, it may mean a new approach to making and testing those materials; if it’s a couple of suppliers cutting corners, it may mean purchasing materials somewhere else next time. One important way for vendors to ensure the security of their products is using and consistently upgrading robust, well-tested, standards-based packages such as OpenSSL, OpenSSH, OpenAM, and more. An important corollary to “don’t roll your own crypto” should be “don’t roll your own IAM libraries” to avoid precisely the issues identified by AmberWolf’s testing. Like any software or hardware vendor, security vendors must incorporate product security principles throughout the product lifecycle to protect their customers and their brand. This starts early in the lifecycle, where security must identify strategic risks and potential threats, and continues with activities such as threat modeling, security training, pre-release application security testing, and post-deployment protections. Critically, product security teams must also help product teams build in security and IAM features (like authentication), recommend secure default configurations, and make deployment and configuration guidance available to systems integrators that work with their customers. Through it all, close coordination with the product team is key. It’s not unreasonable to hold security vendors to a higher standard when it comes to product security. CISA launched the Secure by Design pledge, with hundreds of enterprise software companies signing on and committing to building security into their products. If a vendor that you work with (security or otherwise) hasn’t signed the pledge, ask why not. If they have, ask them to share their progress against the goals. Is Cloud Delivery Better, Worse, Or Just … Different? A large and growing number of security capabilities are delivered at least partially via the cloud. That could be seen as a liability in this context. Despite the attention-grabbing claim about breaking into thousands of VPNs using a single bug, AmberWolf did no such thing — although its research clearly shows that an attack on that scale would have been possible. We say “would have been” because, although cloud delivery can sometimes result in new attack vectors, the cloud also offers benefits in terms of vulnerability remediation. Zscaler responded to and fixed the vulnerability reported by AmberWolf the same day (although there was a brief regression several days later that was also quickly repaired). As with any case of security issues in security products, responsiveness and transparency matter. Contrast this with severe, exploited vulnerabilities in on-premises infrastructure that required federal law enforcement intervention or guidance that involved literally unplugging affected systems to remediate security issues — not to mention coordinated action on the part of hundreds or thousands of organizations, as opposed to just one. Connect With Us As always, Forrester clients can connect with Sandy for product security, Andras for identity, and me for Zero Trust by setting up a guidance session or inquiry. We’ll also be in Austin, Texas, on November 5–7 with a host of our colleagues for the Forrester Security & Risk Summit. This year’s theme is “Master Risk, Conquer

In B2B marketing, a well-optimized content engine handles the complete content lifecycle — phases that include planning, production, promotion, performance, and preparedness. As an analyst, I’ve helped clients across many industries and organizational models determine how to mature their content operations and address issues, such as too much of the wrong content (consider that 65% of organizations experience 26–75% content waste). I’ve found that teams tend to demonstrate the greatest maturity in content creation itself, but their work in other phases lags. At a time when AI is transforming all phases of the content lifecycle, it’s critical for organizations to perform a status check. To provide a starting point in determining where they are in a maturity framework, we’ve just published the B2B Content Engine Maturity Assessment (subscription required), a self-assessment tool that provides ratings and recommendations. We suggest the assessment to any B2B marketing leader with teams that handle B2B content responsibilities. Here’s a snapshot: Content Planning: Build A Strategy That Delivers Questions in this section determine how effectively organizations use content planning defined by a comprehensive strategy that addresses buyer needs across pre- and post-sale journeys. Content Production: Scale With Efficiency And Accuracy Content teams must balance quality, speed, and scale in the production process. Questions here help organizations determine where they are and surface opportunities for improvement. Content Promotion: Maximize Reach And Engagement Content is only effective when it reaches its target audience. These questions uncover whether an organization is using and continuously refining a comprehensive and diverse distribution channel approach. Content Performance: Measure And Optimize Results Audience engagement is the ultimate measure of content success. Questions in this section surface how well organizations understand and optimize content engagement and meet business goals. Content Preparedness: Align Teams And Resources A mature content engine requires cross-functional alignment, with content teams equipped with tools, templates, and training to fulfill their roles efficiently. These questions help organizations determine whether they’re on the right track with their content team skills and competencies. How To Evolve Your Content Engine Forrester’s B2B Content Engine Maturity Assessment outlines three stages — beginner, intermediate, and advanced — to guide organizations in optimizing their content lifecycle. We provide suggestions for each level to help organizations understand what steps they can take to improve. Extending Impact Across Your Organization Everyone in B2B organizations depends on content. We encourage content leaders to engage stakeholders across marketing, sales, customer, and product teams to gauge how well that they feel content is contributing business value. By advancing your content engine maturity, you’ll create a scalable, efficient system that drives engagement and creates and extends business impact. If you’re a client, please take the assessment and request time to chat with me about your results. I’d love to help you plan your content engine trajectory! (Photo by Ussama Azam) source

The Forrester Wave™: Managed Detection And Response Services In Europe, Q3 2025, is live. It’s our second evaluation of the managed detection and response (MDR) space focused on the European market. It looks a bit different from our 2023 Wave, as European customers now place a greater emphasis on sovereignty, localization, speed, automation, and resilience. While some MDR providers have adapted their frameworks and service delivery models to embed these, others offer only superficial adjustments. This research used 26 different criteria to evaluate 11 vendors: Accenture, CrowdStrike, eSentire, ESET, EY, Kudelski Security, NCC Group, Obrela, Orange Cyberdefense, Sophos, and WithSecure. What You Should Look For Beyond standard needs such as faster detection and response, European CISOs also lean on their MDR providers to tackle tripartite pressures: complex regulation, economic volatility, and agile threat actors. The market has moved beyond one where extended detection and response was once considered a differentiator. European security leaders today also expect their MDR providers to enable operational resilience, as they lack the internal capabilities to deal with today’s region-specific, advanced and persistent threats, as well as with coordinating cross-border response efforts. As you compile a shortlist or consider a renewal: Ensure that your provider can meet all your sovereignty needs. Having data centers in the EU is hardly sufficient in today’s regulatory and geopolitical climate. Firms in regulated industries — such as healthcare, finance, and the public sector — with strict sovereignty and localization requirements need to be especially vigilant. Avoid regulatory exposure by choosing an MDR provider that can demonstrate where data is processed, data pathways and access mechanisms, analyst locations and language capabilities, and how cross-border containment actions are carried out. Carefully evaluate vendors’ claims of AI as the panacea for all MDR problems. MDR vendors have positioned AI as the panacea for all that ails security, and while their use of AI does shorten incident timelines, there are nuances to be considered when evaluating an MDR vendor’s AI capabilities. Use our evaluation to determine what exactly a provider does with AI and how that’s relevant (or not) to your organization’s needs. Favor vendors that can demonstrate how AI enables containment actions and configuration updates with appropriate human oversight. See and test how detection, response, and forensics are integrated. Choose providers that are able to weave endpoint coverage data, threat intelligence, and other telemetry into a useful tapestry of insights that inform your security strategy and reduce delays in containment and response. Test a provider’s ability to meet these objectives by asking them to walk you through a real incident, demonstrating how telemetry was collected, how quickly containment was executed, and whether forensics required a separate handoff. Forrester security and risk clients who have questions about the European MDR market can schedule a guidance session with me here. source

Two weeks ago, President Trump announced America By Design, a new federal initiative to improve Americans’ experiences using government services, such as when renewing a passport, applying for a small business loan, or filing taxes. It includes updating the government’s design language and the websites and physical sites that have a major impact on Americans’ everyday lives. Trump has appointed the country’s first chief design officer, Airbnb cofounder Joe Gebbia, and created a National Design Studio to help agencies implement changes, with initial results expected by July 4, 2026. What’s Promising About This New Initiative? Here’s what’s encouraging about America By Design: It mandates that public experiences become more usable. Prioritizing design is a significant shift in a space where design often takes a back seat to competing priorities. Mandating that agencies work with skilled designers to improve experiences sends a signal that design is essential. Mandates have had a powerful effect on making experiences accessible, for example, so mandating better design could very well lead to positive results for Americans. It may drive broader adoption of the government’s design system. The U.S. Web Design System was launched in 2015 by 18F and the U.S. Digital Service, but its use does not appear to be widespread — although some agencies such as the VA and the NIH Library have adopted it. The new chief design officer has an opportunity to treat the design system as a product, which means funding cross-discipline teams of designers and developers, creating a contribution model, and establishing telemetry and metrics to track usage and effectiveness. It renews (at least part of) the attention that Trump gave to CX in his first term. The first Trump administration continued the White House’s spotlight on customer experience (CX), supported by the bipartisan 21st Century IDEA Act. That law called for public websites to be accessible, searchable, secure, mobile-ready, and efficient at meeting users’ needs. Additionally, CX initiatives and metrics were tracked at performance.gov, including actions taken by high-impact service providers to improve critical government services — such as checking for Medicaid eligibility and applying for and receiving disaster aid. Performance.gov has laid dormant under the current administration, but this executive order may presage the release of the President’s Management Agenda (which drives what gets managed and reported) and, with it, renewed tracking of digital service performance at the touchpoint and journey level. Why We’re Not Convinced That This Spells Good News For Design It’s unlikely that this initiative will create meaningful improvements for Americans because: It’s overly focused on aesthetics rather than the true purpose of design. Joe Gebbia’s post on X comparing government services to the “beautifully designed” Apple Store experience is a parity trap and a classic example of low design literacy. Apple’s designs show a balance of form and function, understanding that a beautiful but unusable design is bad design. When designers deeply understand user needs, they create experiences that are effective, intuitive, and emotionally resonant. Beauty is the outcome of empathy and curiosity, not the goal. If the initiative prioritizes visual appearance over usability, meaningful service improvements will not follow. It risks lowering the standard for quality design. The government has historically set the floor for what good design is, not the ceiling — especially in areas like accessibility. Yet accessibility isn’t mentioned in the executive order, and ironically, the America By Design website is inaccessible, with issues such as poor color contrast and a flag animation that can’t be paused. Despite feedback from experts, to date, these problems remain unfixed. While the legal foundation for accessibility is still strong, there’s a risk here: If the standards developed and mandated under this order are adopted, sacrificing accessibility in pursuit of questionable aesthetics, many Americans will be shut out. If the private sector follows suit, the risk could be magnified to levels that digitally disenfranchise millions of Americans. The government already had (and fired) strong design talent. That talent sat in 18F and the U.S. Digital Service (before it was renamed and retasked to become DOGE); both shut down earlier this year. The new chief design officer is tasked with recruiting private-sector designers, but there’s no acknowledgement of past designers’ contributions to improving government services or plans to recover lost expertise. Design is most successful when it’s embedded in the organization and informed by domain knowledge, so regaining that insight and knowledge will be critical to the initiative’s success. Get In Touch Good design isn’t a nice-to-have; it’s mission-critical for government services, and it’s a foundation for winning and serving customers in the private sector. We’re here to help Forrester clients of all sectors; there’s no time like the present to set up a conversation about experience design best practices. source

I have the honor of opening Forrester’s B2B Summit EMEA in October and B2B Summit APAC in November with a keynote that tackles one of the most urgent challenges facing B2B organizations today: buying mayhem. The challenge is so urgent, in fact, that we’ve incorporated it into our event theme: “Master Buying Mayhem.” More than a catchy title, it’s a call to action — B2B buying is evolving faster than ever, and many vendors are falling behind. The good news is we’ve seen what happens when companies embrace change: The results are transformative — and it’s time for more organizations to follow suit. In my keynote, I’ll unveil exclusive insights from Forrester’s Buyers’ Journey Survey, 2025, revealing how buying behaviors are shifting and what that means for your go-to-market strategy. One of the most powerful concepts we’ve developed from this data is the rise of buying networks — a new reality that redefines how buyers make decisions and how providers must support them. Here’s a preview of what you’ll learn: The rise of the new buyer.Today’s B2B buyers are younger, more empowered, and more uncertain. They’re navigating complex internal dynamics and struggling to find vendors who truly understand their needs. Traditional sales tactics? They’re losing trust fast. Trust has a new home.Buyers are turning to third-party sources — peers, analysts, and customer reviews — long before they engage with vendors. If you’re not part of that conversation, you’re already behind. GenAI and agent-based buying are here.These tech-savvy buyers aren’t waiting for vendors to catch up. They’re using generative AI (genAI) and intelligent agents to research, compare, and short-list providers — often before you even know they’re in the market. But my keynote is just the beginning. Throughout Summit, you’ll have the chance to dive deeper into these trends and strategies through interactive roundtables, hands-on workshops, certification programs, and dynamic panel discussions. And of course, Forrester’s team of expert analysts will be there to guide you with actionable insights on how to: Build customer insights and trust. Evolve your go-to-market leadership and strategy. Transform your revenue process. Innovate execution with technology. If you’re ready to lead the change — and not just react to it — this is the event you can’t afford to miss. I hope to see you in London next month or in Singapore in November. source

Don’t believe me? Hear me out …  You’re probably used to tech transformation stories outlining the experience and infrastructure challenges of replatforming and evaluating ROI, project teams, budget, and time constraints. I thought I would be writing that story, too. But as I investigated what drove a large consumer packaged goods (CPG) brand to totally overhaul its tech approach towards a more modern composable strategy espoused by the MACH Alliance, I found a much more poignant narrative. This Is Not Your Manager’s Transformation Betsy Summers and I analyzed the subtle forces that nudged a major CPG company through its transformation in our new report, Case Study: A Transformation To Composable Tech Highlights The Power Of Mindset. We found clues that a leader’s mindset is a significant driver of transformation success through statements such as, “They supported our belief and guided us down this path of wielding a MACH architecture, and then together we made believers of my stakeholders.” Transformations come at a price; the price of change is to believe. According to what we discovered in this case study, growth mindset and the microservices-based, API-first, cloud-native software-as-a-service, headless (MACH) strategy seem to be analogous, kindred spirits. The Power Of Belief Ours is just a new telling of an all too often forgotten truth: Credo ut intelligam. Humans must believe something before they can understand it. You can learn how to build … … a digital experience technology ecosystem … … to engage customers … … across an explosion of immersive channels … … by first believing that … … cloud-native SaaS from multiple vendors … … works for enterprises like yours. If you need someone to guide you through reasons to believe that you can do this too, let’s talk. Schedule an inquiry or guidance session with Betsy Summers to understand coaching and coaching mindset or with Joe Cicman to understand composable tech. Together, we offer a refreshed perspective on how to drive the selection of your digital experience providers that aligns with your strategic commitment to the pursuit of continuously improving business results through technology. Forrester clients can read the reports linked below. source