As the world moves forward, some things really should stay behind — like 80s shoulder pads, popcorn ceilings, and fondue fountains at weddings. However, other things are classics and beg to be brought back. One such example is old research I led way back in 2011, which generated significant interest from — and value for — our clients. As my recently formed International Security & Risk research team ramped up, we agreed to revive it.
It is with a lot of excitement that I’d like to introduce the Executive Spotlight: Top Priorities For APAC And EMEA Security & Risk Leaders, 1H 2025. In this research, we identify the top priorities that matter to our clients in APAC and EMEA, based on hundreds of requests for guidance from our security & risk (S&R) Forrester Decision clients in the first half of 2025 (see the figure below). Not only does this help us fine-tune our future research agenda and activities, but our clients are always interested in what their peers are doing with the view to validating or improving their own priorities, shaping their cybersecurity strategies, and learning from others. In my career I’ve learned to never underestimate the power of taking the time to share and learn from others. In this blog, I will share with you some key insights:
-
-
-
- AI security tops the priority charts, followed by governance and human-centered priorities. It comes as no surprise that across APAC and EMEA, AI has topped the list of priorities, followed by governance, risk, and compliance (GRC); human risk management; third-party risk management; and quantum security. Leaning into the governance and human-centered elements of a security program helps to shape a more holistic approach that’s focused on oversight, governance, people, process, and technology.
-
-
-
-
-
- APAC clients diverged slightly, with a unique focus on quantum security. Quantum security was the third top requested guidance topic in APAC. The interest is unsurprising with China leading in quantum-secure communications, operationalizing national-scale quantum networks like satellite-based “unhackable” links. Furthermore, many other APAC governments are investing heavily in quantum capabilities, while setting regulatory expectations for quantum-safe practices. In parallel, threat actors in the region are intensifying “harvest now, decrypt later” tactics.
-
-
-
-
-
- We uncovered notable absences from the priority hit list. Globally, Forrester’s S&R clients are getting involved in programs like AI ethics and governance; however, this hasn’t yet trickled to our APAC and EMEA S&R leaders. With regulatory pressure mounting — as well as the need to align security to the rest of the AI risk management strategy — S&R leaders must become more involved. We were also surprised that enhancing security operations capabilities wasn’t top on the hit list.
-
-
My team and I are relentlessly committed to our clients, our research, and each other. With our global S&R colleagues, we look forward to serving you in the above capacities. Forrester’s APAC and EMEA S&R clients who have questions about risk, security, or privacy-related topics can connect via inquiry or guidance session to our experts: Jinan Budge, Paul McKay, Tope Olufon, Madelein van der Hout, Enza Iannopollo, and Meng Liu.