2026 Really Is This Risky: Our Top Recommendations For CISOs
Summary
Forrester's "Top Recommendations For Your Security Program, 2026" report addresses the persistent volatility faced by security leaders due to economic pressure, geopolitical instability, rapid AI adoption, and technology consolidation. The report provides 12 recommendations, with four highlighted: managing changing budget dynamics, navigating AI-driven disruption, adapting to shifting security technology power, and preparing for intensifying geopolitical risk. It advises CISOs to treat AI security as a business cost rather than a security budget item, prioritize AI governance by identifying and assessing AI risks, protect organizations from security technology failures by diversifying vendors and planning for outages, and rehearse high-impact geopolitical scenarios to ensure deliberate decision-making during disruptions. This guidance aims to help CISOs, CIOs, and technology leaders align security strategy with business priorities in an unstable environment.
Key takeaway
For CISOs grappling with budget constraints and rapid AI adoption, you should advocate for AI security costs to be integrated directly into enterprise AI investment budgets. This approach aligns funding with risk ownership, protecting your foundational security programs from being weakened by new AI initiatives. Additionally, prioritize comprehensive AI governance by identifying, assessing, and communicating AI risks across the business to ensure shared accountability.
Key insights
Security leaders must build flexible programs to navigate persistent volatility from AI, budget shifts, tech consolidation, and geopolitics.
Principles
- AI security is a business risk, not a CISO tax.
- AI governance requires visibility and shared accountability.
- Assume vendor failures and plan for resilience.
Method
Shift AI security costs to enterprise AI investments. Prioritize AI system visibility and embed risk management. Diversify security tech and plan for outages. Rehearse high-impact geopolitical scenarios.
In practice
- Embed AI security costs into enterprise AI budgets.
- Inventory AI systems and integrate AI risk management.
- Demand vendor accountability and diversify security platforms.
Topics
- AI Security
- AI Governance
- Cybersecurity Strategy
- Vendor Risk Management
- Geopolitical Risk
Best for: Executive, AI Security Engineer, Security Engineer, CTO
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Featured Blogs - Forrester.