A significant international presence at RSAC 2025 signaled the continued importance of the US as a global export platform for cybersecurity. Countries including Belgium, Canada, Germany, Ireland, Italy, the Netherlands, Saudi Arabia, Singapore, South Korea, Spain, and the UK showcased national pavilions and cybersecurity companies on the show floor, as well as organizing trade missions and hosting a dedicated ecosystem event. Israel and the United Arab Emirates played a leading role in an international “cyber drill,” with the UAE also co-leading the Counter Ransomware Initiative, a testament to the growing spirit of global cyber collaboration. In addition to Forrester’s take from earlier in the month, a webinar of RSAC key themes, and a look at the conference’s Innovation Sandbox, in this blog, Madelein van der Hout and I provide our perspective as international visitors to the event and delve into what mattered most to the international CISOs we spoke with:

  • US and Israel firms dominate the Innovation Sandbox and the expo floor. The US startup ecosystem remains exceptionally strong, with nine out of 10 RSAC 2025 Innovation Sandbox finalists founded in the United States (in spite of founders sometimes originating from outside the US). Knostic maintains close ties to Israel’s Unit 8200 cyber startup ecosystem and operates an additional office there; CalypsoAI is co-headquartered in Dublin; and MIND was founded and headquartered in the United Kingdom. Despite nice warm words of their own governments’ support and political goodwill, international vendors continue to turn to the US because it provides the depth of capital, VC ecosystem, and risk-taking culture that is vital to their growth and success.
  • International vendors foresee cybersecurity trade benefits. Fourteen percent of expo stands were sponsored by international trade pavilions, with RSAC continuing to be seen as a prime stage for international vendors to present their solutions to a global audience. For example, the governments of the Netherlands and Canada held trade missions, where 35 organizations, including 10 Ontario-based companies, showcased Dutch and Canadian cybersecurity innovation, supported trade promotion, and innovation. Clearly, the US still represents significant export potential for international vendors in spite of recent volatility. This is largely because the US has not (yet) imposed tariffs for software, and there is sentiment from international cybersecurity vendors and CISOs that these vendors can potentially model the benefits of continued trade.
  • International regulations yield global impact. Our discussions revealed that operational resilience regulations, such as DORA, that provide a direct link to enable businesses to operate mean that many global organizations adopt elements of these regulations even if they are not required to comply. This signals that, when well crafted and underpinned by concepts with clear business benefits, cybersecurity regulations can still be a force for good beyond those to whom it is directly applicable.
  • Critical infrastructure, geopolitics, and cyber warfare take center stage and deeply matter to the international audience. Beyond the neon lights and noisy booths, which are unlike any international security event, RSAC 2025 had some serious undercurrents — ones that resonated deeply with the international security leaders we spoke with. The global cybersecurity landscape is shifting fast, and critical infrastructure is squarely in the crosshairs. More than 100 sessions were dedicated to protecting critical infrastructure, underscoring its rising importance amid escalating geopolitical tensions and increasing threats. At the broader conference, there were 21 sessions covering cyber warfare as a topic. Dmitri Alperovitch’s keynote highlighted that the intersection of cybersecurity and geopolitics is shaping the most serious threats we face today and the need for urgent, coordinated action to strengthen cyber defences.

Forrester clients who wish to dive deeper into our perspectives on RSAC can book a guidance session with either of us. Readers should also check out Forrester’s security and risk team’s wider take on the overall conference here and the 2025 Innovation Sandbox contest here.