The Security Priorities APAC And EMEA Leaders Doubled Down On — And Deprioritized — In H2 2025

2026-03-17 · Source: Featured Blogs - Forrester · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Software Development & Engineering · Depth: Advanced, short

Summary

In the second half of 2025, Security and Risk (S&R) leaders in APAC and EMEA reprioritized their focus, with Governance, Risk, and Compliance (GRC) emerging as the top priority due to accelerating regulatory obligations and geopolitical instability, surpassing AI. AI risk management evolved from safe generative AI adoption to securing "agentic AI" systems, necessitating guardrails and red-teaming strategies. Concurrently, API and software supply chain security surged in urgency, driven by API sprawl, SBOM mandates like the EU's Cyber Resilience Act, and stalled DevSecOps advancement. Regional differences persist, with EMEA heavily prioritizing Third-Party Risk Management (TPRM) due to regulations such as DORA, NIS2, and GDPR, while APAC's priorities are more fragmented across numerous themes. Leaders are advised to leverage FAIR-based quantification, regulatory intelligence, continuous control monitoring, and Forrester's AEGIS framework for agentic AI.

Key takeaway

APAC and EMEA S&R leaders in H2 2025 are prioritizing Governance, Risk, and Compliance (GRC) over AI, with AI risk management shifting to securing agentic AI systems. This demands designing guardrails against excessive autonomy, red-teaming AI, and leveraging frameworks like Forrester's AEGIS for policy-as-code controls. Concurrently, API and software supply chain security, driven by SBOM mandates, requires embedding security earlier and managing component risk in AI/ML pipelines.

Topics

• GRC
• Agentic AI Security
• Software Supply Chain Security
• API Security
• Third-Party Risk Management

Best for: VP of Engineering/Data, Director of AI/ML, AI Architect, CTO, Executive, Consultant

Related on AIssential

• Gartner SRM 2026 Signals a Cybersecurity Shift From Prevention to Resilience — Cybersecurity success now hinges on resilience, identity modernization, and AI agent governance, not solely prevention.
• The find out stage of AI is just supply chain and password protection​​​​‌‍​‍​‍‌‍‌​‍‌‍‍‌‌‍‌‌‍‍‌‌‍‍​‍​‍​‍‍​‍​‍‌​‌‍​‌‌‍‍‌‍‍‌‌‌​‌‍‌​‍‍‌‍‍‌‌‍​‍​‍​‍​​‍​‍‌‍‍​‌​‍‌‍‌‌‌‍‌‍​‍​‍​‍‍​‍​‍‌‍‍​‌‌​‌‌​‌​​‌​​‍‍​‍​‍‌‍​‌‍‌‌​​‍‍‌​‌‌​‌‍​‌‌‍​‌‍‍‌‍‌‌‍‌‍‌‌‌​‍‌‍‌‍‌‍​‌‍‌‌​‍‍‌‍​‌‍​‍‌‍‍‌‌‍‍‌‌​‌‍‌‌‌‍‍‌‌​​‍‌‍‌‌‌‍‌​‌‍‍‌‌‌​​‍‌‍‌‌‍‌‍‌​‌‍‌‌​‌‌​​‌​‍‌‍‌‌‌​‌‍‌‌‌‍‍‌‌​‌‍​‌‌‌​‌‍‍‌‌‍‌‍‍​‍‌‍‍‌‌‍‌​​‌‌‍‌‍‌‍​‌​‍‌​​‌‌‍‌‍​‌‍‌‍​‌​‍​​‍‌​‌​‌‍​‍‌‍‌‍​​​​‍‌​‌​‌‍​‌​‌​‌‍​‌​‍‌‌‍​‌‌‍​​​​​‌​‍‌​‍​‌‍‌‌​‌‌‍‌‌‌‍‌‍‌‍‌​‌‍‌‌​‌​​‍​​​‌‌‌‍‌‍​‍‌‌​‌‍‌‌​​‌‍‌‌​‌‌‍​‍‌‍​‌‍‌‍‌‌‌​​‌‍‌​‌‌​​‍‌​​‌‍​‌‌‌​‌‍‍​​‌‌‌​‌‍‍‌‌‌​‌‍​‌‍‌‌​‌‍​‍‌‍​‌‌​‌‍‌‌‌‌‌‌‌​‍‌‍​​‌‌‍‍​‌‌​‌‌​‌​​‌​​‍‌‌​​‌​​‌​‍‌‌​​‍‌​‌‍​‍‌‌​​‍‌​‌‍‌‍​‌‍‌‌​​‍‍‌​‌‌​‌‍​‌‌‍​‌‍‍‌‍‌‌‍‌‍‌‌‌​‍‌‍‌‍‌‍​‌‍‌‌​‍‍‌‍​‌‍​‍‌‍‌‍‍‌‌‍‌​​‌‌‍‌‍‌‍​‌​‍‌​​‌‌‍‌‍​‌‍‌‍​‌​‍​​‍‌​‌​‌‍​‍‌‍‌‍​​​​‍‌​‌​‌‍​‌​‌​‌‍​‌​‍‌‌‍​‌‌‍​​​​​‌​‍‌​‍​‌‍‌‌​‌‌‍‌‌‌‍‌‍‌‍‌​‌‍‌‌​‌​​‍​​​‌‌‌‍‌‍​‍‌‍‌‌​‌‍‌‌​​‌‍‌‌​‌‌‍​‍‌‍​‌‍‌‍‌‌‌​​‌‍‌​‌‌​​‍‌‍‌​​‌‍​‌‌‌​‌‍‍​​‌‌‌​‌‍‍‌‌‌​‌‍​‌‍‌‌​‍‌‍‌​​‌‍‌‌‌​‍‌​‌​​‌‍‌‌‌‍​‌‌​‌‍‍‌‌‌‍‌‍‌‌​‌‌​​‌‌‌‌‍​‍‌‍​‌‍‍‌‌​‌‍‍​‌‍‌‌‌‍‌​​‍​‍‌‌ — Securing and governing AI agentic systems requires robust supply chain management and advanced identity protection.
• Mend.io Releases AI Security Governance Framework Covering Asset Inventory, Risk Tiering, AI Supply Chain Security, and Maturity Model — Mend.io's framework provides a structured approach to AI security governance, from inventory to maturity.
• Cybersecurity in the Age of Digital Acceleration: Securing Intelligence, Assets, and Trust — Cybersecurity must evolve to protect intelligence, assets, and trust within an increasingly autonomous and AI-driven digital world.
• IBM 2026 X-Force Threat Index: AI-Driven Attacks are Escalating as Basic Security Gaps Leave Enterprises Exposed — AI tools are accelerating cyberattacks by enabling faster vulnerability exploitation and lowering barriers to entry for threat actors.
• Announcing The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026 — Workforce identity security is evolving into a comprehensive control plane, integrating AI-driven intelligence and agentic AI support.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Featured Blogs - Forrester.