A significant international presence at RSAC 2025 signalled the continued importance of the U.S. as a global export platform for cybersecurity. Countries including The Netherlands, Belgium, Germany, Ireland, Italy, Spain, the UK, Korea, Singapore, and Saudi Arabia showcased national pavilions and cybersecurity companies on the show floor. Trade missions were organized by the UK, Netherlands & Belgium (jointly), and Canada, while Ireland hosted a dedicated ecosystem event. The UAE and Israel played a leading role in the International Cyber Drill, with the UAE also co-leading the Counter Ransomware Initiative (CRI)a testament to the growing spirit of global cyber collaboration. In addition to last week’s take and webinar of RSAC key themes and the innovation sandbox, in this blog, Madelein van der Hout and I provide our perspective as international visitors to the event, and what mattered most to international CISOs we spoke to:
- US and Israel firms dominate Innovation Sandbox and the expo floor. The U.S. start-up ecosystem remains exceptionally strong, with nine out of ten RSAC 2025 Innovation Sandbox finalists founded in the United States, in spite of founders sometimes originating from outside of the US. Knostic maintains close ties to Israel’s Unit 8200 cyber start-up ecosystem and operates an additional office there, CalypsoAI is co-headquartered in Dublin, while MIND was founded and headquartered in the United Kingdom. Despite nice warm words of their own governments’ support and political goodwill, international vendors continue to turn to the US because it provides the depth of capital, VC ecosystem and the risk-taking culture that is vital to their growth and success.
- International vendors foresee cybersecurity trade benefits. Fourteen percent of expo stands were sponsored by international trade pavilions, with RSAC continuing to be seen as a prime stage for international vendors to present their solutions to a global audience. For example, the governments of the Netherlands and Canada held trade missions, where 35-organization and 10 Ontario-based companies showcased Dutch and Canadian cybersecurity innovation, supported trade promotion and innovation. Clearly, the US still represents significant export potential for international vendors in spite of recent volatility. This is largely because the US has not (yet) imposed tariffs for software, and there is a sentiment by international cybersecurity vendors and CISOs that these vendors can potentially model the benefits of continued trade.
- International regulations yield global impact. Our discussions revealed that operational resilience regulations such as DORA, with their focus on operational resilience, and direct link to enabling the business to operate meant that many global organizations adopt elements of those regulations, even if they are not required to comply. This signals that when well crafted, and underpinned by concepts with clear business benefits, cybersecurity regulations can still be a force for good beyond those it is directly applicable to.
- Critical infrastructure, geopolitics and cyber warfare take centre stage, and deeply matter to the international audience. Beyond the neon lights and noisy booths, which is unlike any international security event, RSAC 2025 had some serious undercurrents —ones that resonated deeply with the international security leaders we spoke with. The global cybersecurity landscape is shifting fast, and critical infrastructure is squarely in the crosshairs. More than 100 sessions were dedicated to protecting critical infrastructure, underscoring its rising importance amid escalating geopolitical tensions and increasing threats. At the broader conference there were twenty-one sessions covering cyber warfare as a topic. Dmitri Alperovich keynote highlighted that the intersection of cybersecurity and geopolitics is shaping the most serious threats we face today and the need for urgent, coordinated action to strengthen cyber defences.
Forrester clients who wish to dive deeper into our perspectives on RSAC can book a guidance session with either of us. Readers should also check out Forrester’s Security & Risk team’s wider take on the conference overall here, and the 2025 Innovation Sandbox contest here.
