If you are a CISO at a critical-infrastructure organization in Bulgaria, France, Luxembourg, the Netherlands, Poland, Spain, or Sweden, your Critical Entities Resilience (CER) Directive enforcement clock just shortened. On May 7, 2026, the European Commission referred all seven member states to the Court of Justice of the European Union for failing to transpose the CER Directive more […]

The cybersecurity industry continues to focus almost exclusively on technology. This comes at the expense of people — the heart of cyberdefense — as high expectations and limited resources cause stress and harm their well-being. Even as burnout continues to wreak havoc on workers’ productivity, retention, and mental and physical health, the discussion remains subdued. CISOs who hope to support their teams must better understand the nuances of this epidemic, which they can’t mitigate with exhortations to meditate or practice yoga. This report examines burnout in cybersecurity and guides CISOs on how to address it based on their teams’ profiles and the causes of their burnout.

Forrester’s Cybersecurity Strategy Development Template helps security and risk leaders develop and articulate a clear and actionable cybersecurity strategy that aligns with business objectives, stakeholder expectations, and external requirements. It provides a structured approach to capture the critical elements of your cybersecurity strategy in one concise artifact, whether you are creating or iterating a concise strategy on a page or shaping a broader strategic framework. By providing a series of targeted questions for leaders to answer about each critical element of their security strategy, the template facilitates the strategy development process.

Forrester’s Cybersecurity Roadmap Template is a strategic planning tool for security and risk leaders to outline key initiatives, milestones, and responsibilities across short-, mid- and long-term horizons, aligning people, processes, and technology. It offers strategic clarity, prioritization of resources, alignment across stakeholders, and visibility into interdependencies. Security leaders can use this template to track progress, manage complexity, and demonstrate how security efforts support broader business objectives.

For AI to have a positive impact, CISOs need to fill a growing gap: AI action outcomes must be correct, auditable, and safeguarded from malicious or accidental corruption. This means leading through change to get to a future where AI is engineered from the start with proper guardrails and controls with clear accounting through a chain of autonomous decisions, regardless of who or what initiated them. This is no easy feat for CISOs who must balance protecting the existing organization while gearing up security to provide assurance for an AI-powered future. This report helps CISOs understand AI’s current and future impact on their responsibilities and prepare for a role based on trust and assurance.

RSAC Conference 2026 has come and gone. Gone, too, are the petting zoos of yesteryear, replaced this year by — of all things — pop-up tattoo parlors. Or as one attendee observed, “We’ve traded livestock for live needles.” This year’s attendance of over 43,500 was flat compared to 2025, but the sessions and exhibit floor […]

Security organizational design sits at the intersection of strategy and circumstance. External pressures force change, while internal constraints limit redesign.

In the second half of 2025, security and risk (S&R) leaders in APAC and EMEA continued to grapple with familiar pressures, but they reprioritized how they address them. While AI; governance, risk, and compliance (GRC); and third-party risk management (TPRM) stayed stubbornly on top of the charts, application security and security organization structure resurfaced with […]

Every year, Forrester fields hundreds of requests for guidance on security and risk (S&R) topics from Forrester Decisions clients, who are C-level executives from companies across the globe. We analyzed more than 250 requests that we received in the second half of 2025 from clients in Asia Pacific (APAC) and EMEA; this executive spotlight identifies the top priorities for those clients. It’s no surprise that questions related to AI risk and security dominated. S&R leaders can use this report to understand the business value that they can realize by tackling each of these priorities and how best to do so.

Organizational models dictate the behaviors, collaboration patterns, and unwritten rules that shape how security teams operate. How you design your security organization, including placement, structure, alignment, collaboration, and perception, determines whether security accelerates or hinders business outcomes. The oversight center cybersecurity organizational model sets policies, defines controls, and monitors risk. This report highlights the components, practicalities, and potential drawbacks of this model, helping leaders make an informed decision about how to structure their security organization.