Reintroducing A Classic: The S&R Executive Spotlight

As the world moves forward, some things really should stay behind — like eighties shoulder pads, popcorn ceilings, and fondue fountains at weddings. However, other things are classics and beg to be brought back. One such example is old research I led all the way back in 2011, which generated significant interest from, and value for, our clients.  As my recently formed International Security & Risk research team ramped up, we agreed to revive it.  

It is with a lot of excitement that I’d like to introduce the Executive Spotlight: Top Priorities For APAC And EMEA Security & Risk Leaders, 1H 2025 (for Forrester clients only). In this research, we identify the top priorities that matter to our clients in APAC and EMEA, based on hundreds of requests for guidance from our Security & Risk (S&R) Forrester Decision (FD) clients in the first half of 2025 (see the figure below).  Not only does this help us fine-tune our future research agenda and activities, but our clients are always interested in what their peers are doing with the view to validate or improve their own priorities, shape their cybersecurity strategies and learn from others.  In my career I’ve learned to never underestimate the power of taking the time to share and learn from others. In this blog, I will share with you some key insights: 

• • • • Everything AI security tops the priority charts, followed by governance and human-centered priorities. It comes as no surprise that across APAC and EMEA, AI has topped the list of priorities, followed by governance, risk and compliance (GRC), human risk management (HRM), third party risk management (TPRM) and quantum security.  Leaning into governance and human-centered elements of a security program helps to shape a more holistic approach focused on oversight, governance, people, process and technology.    

• • • • APAC clients diverged slightly, with a unique focus on quantum.  Quantum was the third top requested guidance in APAC. The interest is unsurprising with China leading in quantum-secure communications, operationalizing national-scale quantum networks including satellite-based “unhackable” links, as well as many other APAC governments investing heavily in quantum capabilities, while setting regulatory expectations for quantum-safe practices. In parallel, threat actors in the region are intensifying “harvest now, decrypt later” tactics. 

• • • • We uncovered notable absences from the priority hit list.  Globally, Forrester’s S&R clients are getting involved in programs such as AI ethics and governance, though this has not yet trickled to our APAC and EMEA S&R leaders. With regulatory pressure mounting as well as the need to align security to the rest of the AI risk management strategy, security and risk leaders must become more involved. We were also surprised not to see enhancing security operations capabilities on the top of the hit list.   

My team and I continue to be relentlessly committed to our clients, our research, and each other. With our global security and risk colleagues, we look forward to serving you in the above capacities. Forrester APAC and EMEA security and risk clients who have questions about t risk, security, or privacy-related topics can connect via inquiry or guidance session to our experts Jinan Budge, Paul McKay, Tope Olufon, Madelein van der Hout, Enza Iannopollo and Meng Liu.