Skip to main content
Photo of Paul McKay

Paul McKay

Principal Analyst

Find Paul on:

Paul is a principal analyst on the Security and Risk team. He works with organizations to help them shape and deliver their cybersecurity strategies to support the delivery of their core business vision. Paul’s research coverage includes cybersecurity risk ratings solutions and cyber risk quantification; CISO and security leadership research in the European market; and European security service providers, focusing on managed security service providers and security consultancies.

Paul is frequently asked to comment on areas relevant to his research coverage and has been quoted in publications such as the Wall Street Journal, Fortune, ZDNet, SC Magazine, Handelsblatt, City A.M., and Infosecurity Magazine.

Previous Work Experience

Prior to joining the security and risk team, Paul worked in the consulting industry providing cybersecurity advisory services to clients in all industries in the UK and Europe at firms including EY, Deloitte, and Accenture.

Paul was awarded the 2018 Institute of Industry Analyst Relations Newcomer of the Year Award.

Education

Paul holds an MSc in software and systems security from the University of Oxford and a BSc (Hons) in computer science and mathematics from the University of St Andrews. Paul has been admitted as a Fellow of the British Computer Society and is a registered European and Chartered Engineer through FEANI and the Engineering Council UK.

Paul is a principal analyst on the Security and Risk team. He works with organizations to help them shape and deliver their cybersecurity strategies to support the delivery of their core business vision. Paul’s research coverage includes cybersecurity risk ratings solutions and cyber risk quantification; CISO and security leadership research in the European market; and European security service providers, focusing on managed security service providers and security consultancies.

Paul is frequently asked to comment on areas relevant to his research coverage and has been quoted in publications such as the Wall Street Journal, Fortune, ZDNet, SC Magazine, Handelsblatt, City A.M., and Infosecurity Magazine.

Previous Work Experience

Prior to joining the security and risk team, Paul worked in the consulting industry providing cybersecurity advisory services to clients in all industries in the UK and Europe at firms including EY, Deloitte, and Accenture.

Paul was awarded the 2018 Institute of Industry Analyst Relations Newcomer of the Year Award.

Education

Paul holds an MSc in software and systems security from the University of Oxford and a BSc (Hons) in computer science and mathematics from the University of St Andrews. Paul has been admitted as a Fellow of the British Computer Society and is a registered European and Chartered Engineer through FEANI and the Engineering Council UK.

Paul McKay's Most Recent Research

Research

A CISO's First 100 Days

Few Wins But Big Losses At Stake Early In Your Tenure
March 31st, 2021 | Jeff Pollard , Paul McKay , Jinan Budge

The energy and momentum created when a new leader takes the reins unlocks opportunities, but if CISOs don't handle their first 100 days well, they risk...

20 min read
Research

Forrester Infographic: European Security Budgets In 2021

March 24th, 2021 | Paul McKay

In 2021, security leaders continue to invest differentially in new security controls delivered from the cloud and will rely on security service providers...

1 min read
Research

UK CISO Career Paths

UK CISOs' Tenure Is Shorter Than Their Peers In America, Hurting Their Ability To Build Sustainable Enterprise Security Programs
March 24th, 2021 | Paul McKay

Forrester analyzed the career backgrounds of 74 CISOs with public profiles working for the UK Financial Times Stock Exchange 100 Index (FTSE 100) to understand...

6 min read
Research

EU Cybersecurity Regulations Scanner, 2021

EU Proposes Major Revisions Of Its Cyber Regulations And Invests In Homegrown European Security Solutions
March 22nd, 2021 | Paul McKay

At the end of 2020, the EU announced a new EU cybersecurity strategy package. As well as a new EU cyberstrategy, it proposes big changes to the NIS Directive...

10 min read
Research

Top Recommendations For Your Security Program, 2021

March 16th, 2021 | Sean Ryan , Jess Burn , Jeff Pollard

Following the mad scramble in 2020 to secure the remote workforce during the global pandemic, 2021 is a time for security leaders to assess their current...

11 min read