Forrester’s Technology & Innovation Summit EMEA 2025 brought together over 400 of Europe’s most forward-thinking technology leaders from 28 countries, as well as Forrester analysts who collectively travelled for 44,750kms.  At a time when innovation feels as exhilarating as it is exhausting, in an era defined by AI-led disruption, economic volatility, and rising regulatory pressure, the mood in London was one of cautious confidence. While other global events dazzle with spectacle, Forrester’s T&I Summit stayed true to its pragmatism, structure, and sharply focused on accelerating the right kind of progress, where ethics, transparency, and trust enable sustainable innovation at scale. The companies that thrive won’t be those moving fastest, but those moving wisely  balancing experimentation with accountability. 

The overarching theme, “Mastering Tech Mayhem,” resonated throughout the sessions. As the summit unfolded, one thing became clear: Yesterday’s unlikely fears, uncertainties, and doubts have morphed into today’s chaotic reality — geopolitical strife, tariffs, trade wars, regulatory hurdles, and AI dominate public discourse. The security and risk track deconstructed and anticipated current and emerging risks, how to address digital sovereignty, AI, and other regulatory complexities head on, and act decisively to secure your organization. It highlighted the importance of building a security and risk culture that unites stakeholders, who together can respond to challenges with a steady hand.  To truly meet your need for innovation, move beyond speed and scale to resilience, security, risk and tech leaders learned that: 

  • Cybersecurity threats in 2025 and beyond require preparation and a steady hand. We paused and deconstructed 2025’s cybersecurity landscape.  AI — predictive, generative, and agentic — is rewriting the rulebook.  Societal, economic, and technological uncertainty adds to the complexity. Insider risk is rising as workforce stress leads to unexpected behavior. Deepfakes have surged, with a 1500% increase in parts of Europe due to AI  breaking language barriers for both defenders and attackers, and deepfakes are now used to bypass biometrics. Our CISO guest speakers, Nick Jones and Simon Strickland, shared how to prepare and respond to this landscape, from an elevated focus on human risk management, insider risk programs, and deepfake detection and defense.  We were reminded of the criticality of human skills: negotiation, influence and personal resilience.     
  • Innovation without ethics is short-lived. Compliance is essential for trustworthy AI, but it is only the first step. Frameworks such as Forrester’s Enterprise Agentic Guardrails for Information Security (AEGIS) help security and tech leaders design, govern, and manage AI agents and their infrastructure. Forrester’s “Minimum Viable Sovereignty” pragmatic, risk-based approach balances budgets, business goals, and legal to tackle AI sovereignty. Remember – even the most advanced technology is useless without trust. A sound approach to trustworthy AI considers customer trust attitudes, shaped by expectations and risk perception.  Adopt responsible AI frameworks that strengthen accountability for AI initiatives, align AI systems with business intent, values, and goals and design cognitive empathy in AI systems.
  • Reducing your risk means you have to think like an attacker. Security and tech leaders face a reshaped landscape of AI, automation, and regulation. They must evolve from compliance-driven testing to adversary-driven readiness – defenses that reflect how real attackers operate, considering the attackers’ core goals: to modify, destroy, or steal data. Amidst this chaos, leaders need to urgently consider the three fundamental objectives all threat actors have: to modify, destroy or steal data. To defend against these objectives, you will to distill meaningful behavioral patterns from background data clutter, using  active hunting of your technology ecosystem as an intelligence source. Actively perform structured security assessments such as red and purple teaming to reduce uncertainty through preparation and continuous testing. 
  • Digital sovereignty moves from a data protection to a business continuity issue. Once an extension to GDPR and privacy concerns, digital sovereignty is now a theme with its own dignity which is top of mind for CIOs, CISOs, and every tech leader in EMEA. Organizations are worrying about their digital sovereignty posture with regard to risks like the “kill switch” and  broader dependencies on foreign jurisdictions through their vendors and service providers. Tech leaders want to know what are the perils they have not even thought about, and how to protect their IT stack without bleeding out their budgets. To do this successfully, take a deep breath and not leave gut feelings influence your sovereignty strategy.  And do not try to boil the ocean, but rather work towards achieving the minimum viable sovereignty (MVS)
  • Maturity assessments must incorporate risk quantification. Maturity assessments are not a new topic in cybersecurity, with utilization by security organizations for over twenty years. Clients use them to measure the maturity of their capabilities, and while helpful, they do not answer a fundamental question: “What cybersecurity investments do I prioritize to maximize my risk reduction outcomes?”.  The “Mature and Justify Your Security Program” presentation outlined that maturity assessments alone are not enough, and that risk quantification can add a whole new dimension to a classic recipe, as firms like Netflix have found. For organizations approaching a defined maturity level, using risk quantification helps with many of the limitations of maturity assessments, by adding how maturity improvements link to financial risk reduction outcomes.
  • Your security organization structure must be adaptive. The structure of your security organization defines your team’s agility, influence, and business value. Once a subset of IT, cybersecurity is now a strategic driver of growth and trust. With AI reshaping risks and roles, structure matters more than ever. Organizations typically follow 5 archetypes: centralized, federated, oversight-driven, business or product-centric, each with unique strengths and trade-offs. CISOs should design deliberately, aligning security with business ambition. AI accelerates this evolution, introducing governance leads, automated operations, and adaptive roles. Tech leaders should consider that the challenge isn’t choosing a model but creating one that evolves with ambition, technology, and regulation.  To be successful, security structures must be dynamic, not static giving you the ability to spin up new teams without a full overhaul.  

We remain deeply dedicated to our clients, our research, and our shared mission. Together with our global Security & Risk colleagues, we look forward to supporting you across the focus areas above. For questions concerning topics in this blog please connect with our experts Jinan BudgePaul McKay, Tope OlufonEnza Iannopollo Dario Maisto and Madelein van der Hout,  through an inquiry or guidance session.