Volatility Is the New Stable State: Forrester's 12-Recommendation 2026 Security Program Playbook

See also (wiki): wiki/ai-cybersecurity.md · wiki/agentic-ai-governance.md · wiki/ai-budget-cfo-decisions.md · wiki/ai-sovereignty.md · wiki/ai-vendor-contracts.md

Executive Summary

• Forrester’s Jess Burn (Principal Analyst) and Jeff Pollard (VP, Principal Analyst) published “2026 Really Is This Risky: Our Top Recommendations For CISOs” on March 4, 2026 — a public preview of the client-gated Top Recommendations For Your Security Program, 2026 report. The companion webinar ran April 8, 2026. The framing sentence is the thesis: “Economic pressure, geopolitical instability, accelerating artificial intelligence adoption, and renewed technology consolidation have turned volatility into a structural condition rather than a temporary disruption.”
• The report organizes 12 recommendations across four themes. The public preview names one representative recommendation per theme: (1) Changing budget dynamics → shift AI security costs out of the security budget and into enterprise AI investments; (2) AI-driven disruption → identify, assess, and socialize AI risk; (3) Shifting security technology power → protect the organization from security-tech vendor failure; (4) Intensifying geopolitical risk → run high-impact geopolitical scenario planning rehearsed against real business dependencies.
• Burn and Pollard are prescribing a structural reframe, not a tactical checklist. The through-line is that every traditional security-program assumption — stable budgets, single-vendor consolidation, domestic operating environments, and AI as a niche control set — has broken at the same time. Programs designed for any one of those assumptions continue to work; programs designed for all four are now exposed.
• The single highest-leverage recommendation for a 200-2,000 person American company is the first one — move AI security costs out of the security budget. Every other recommendation assumes the security program has room to fund it. When AI security is a line item inside the security budget, every AI deployment the business wants to ship cannibalizes a foundational control the CISO already funded. Forrester’s prescription reverses that logic: AI security is a business cost that scales with AI adoption, and the funding should follow the adoption.
• The Burn/Pollard piece is the tactical playbook companion to Forrester’s Amy DeMartine The AI CISO (Apr 9, 2026) already anchored in the corpus. DeMartine redefines the CISO’s job from “protector of systems” to “provider of trust and assurance.” Burn/Pollard give the CISO 12 things to do about it starting Monday.

What Has Actually Changed for the 2026 Security Program

The four themes are not four independent risks. They are four ways that the same underlying condition — persistent volatility — is breaking programs designed for periodic disruption.

Budget predictability has collapsed. Inflation, trade friction, and executive enthusiasm for AI force CISOs to make tradeoffs faster and more frequently than traditional planning cycles allow. Security-as-fixed-cost-center was always fragile; in 2026 it is exposed. When the CEO commits to an agentic customer-service pilot in Q2 that was not on the Q1 security roadmap, something else in the security budget must be cut to pay for the new AI controls. That is how foundational defenses get thin.

AI governance has escaped compliance. Burn and Pollard are explicit: AI governance has “moved far beyond an ethics or compliance exercise.” AI systems evolve continuously. Regulations remain fragmented (EU AI Act Aug 2, 2026 deadlines, Colorado AI Act, California SB 1047-era disclosure rules, NYC Local Law 144). Failures escalate quickly into trust, regulatory, or executive crises. The practical problem is still upstream of all of that: most organizations lack basic visibility into where AI is used, what data it touches, and who owns the risk. A policy written against inventory the CISO does not have is a policy that cannot be enforced.

Technology consolidation has returned but the market looks different. Power is concentrating among vendors that control data, identity, cloud platforms, and AI control surfaces. Consolidation simplifies operations — one MSA, one integration, one dashboard. It also creates concentration risk most organizations underestimate. The 2024 CrowdStrike outage, the summer 2026 cloud regional incidents, and AI-vendor supply-chain compromises have all shown the same thing: a provider failure becomes a customer crisis in hours, not weeks. Treating resilience as “automatic with scale” is now the exposed assumption.

Geopolitics is no longer background noise. Data sovereignty requirements, state-aligned cyber activity, and the collapse of distance between global events and enterprise operations have turned geopolitics into a direct input to security strategy. A regional cloud isolation event or a supplier compromise from a sanctioned jurisdiction stops being a CNN story and starts being a continuity problem measured in hours.

The pattern: every assumption the 2020-era security program relied on — stable budgets, single-vendor consolidation, domestic operations, AI as a niche concern — has broken simultaneously. Programs that can flex, rebalance, and endure replace programs that optimize for steady state.

The Four Public Recommendations — What Each One Specifically Prescribes

1. Treat AI Security as a Business Cost, Not a CISO Tax

The recommendation: shift AI security costs out of the security budget.

Forrester’s argument: AI security is not a niche control set. It is a business risk that scales with AI adoption across marketing, operations, and product teams. Funding it solely from the security budget “guarantees tradeoffs that weaken core defenses.” The prescription is to embed AI security costs directly into the enterprise AI investments themselves — aligning funding with risk ownership and protecting foundational security programs.

What this looks like in practice: the business case for an agentic customer-service deployment includes the DLP cost, the non-human identity management cost, the prompt-injection monitoring cost, and the incident-response tabletop cost. The CFO sees a line item for “AI controls” inside the AI project budget, not a separate line item inside the security budget. The CISO does not have to decide between funding MFA hardware rotation and funding the new agent-monitoring tooling, because those budgets sit in different places and compete with different things.

This is the highest-leverage of the four public recommendations because it is the only one that creates the budget room for the other three.

2. Identify, Assess, and Socialize AI Risk

The recommendation: put AI governance at the center of risk management.

Forrester’s framing: “You cannot govern what you cannot inventory or explain.” The prescription is three sequential moves — prioritize visibility into AI systems, embed AI risk management into existing governance processes (not standalone committees), and communicate AI risk in business terms to non-security leadership.

What this looks like in practice: the CISO builds an AI inventory (discovery tools, shadow-AI assessments, procurement intercept at the contract layer) and ties each entry to a data-classification tag, a business owner, and a risk tier. Existing risk committees (enterprise risk, third-party risk, BCP) absorb AI risk rather than spawning new standalone AI ethics committees that produce paper deliverables. When the board asks “what’s our AI risk exposure?” the CISO can answer in dollars, incidents, and regulatory deadlines — not in control-framework acronyms.

The corpus already anchors the failure mode when this is done badly: MIT CISR’s FinCo case (van der Meulen, Jewer, Levallet, Mar 19, 2026) documents a global financial services firm that stood up comprehensive AI governance — board-sponsored policy, tiered AI Review Committees, a secure internal LLM wrapper — and ended up with more shadow AI than before governance was established. One low-risk agent prototype stalled six months in review. Forrester’s “socialize AI risk” language is the operational counterweight: governance that requires translation into business terms survives; governance written only in risk-function vocabulary produces paralysis.

3. Pressure Vendors and Plan for Their Failure

The recommendation: protect the organization from security-tech vendor failure.

Forrester’s evidence is the recent track record — vendor outages, delayed breach notifications, and supply-chain compromises that became customer crises. The prescription is three-part: avoid overreliance on single platforms; demand stronger vendor accountability (contractual SLAs, breach notification windows, supply-chain attestation); and plan for scenarios where security tooling itself is unavailable or compromised.

What this looks like in practice: a single-vendor XDR/SIEM/EDR stack becomes a two-vendor architecture with defined failover for the critical detection workloads. Contract renewals add uptime SLAs with meaningful remedies, breach notification SLAs inside the EU AI Act 15-day or GDPR 72-hour windows, and supply-chain attestations (SBOMs, subprocessor lists, model provenance). The BCP plan has a named runbook for “what do we do when the SIEM is down for 48 hours” that is rehearsed, not theoretical.

Companion files in the corpus already name the tactical mechanics: research/06-security-frontier/ai-vendor-contract-timelines.md (60–270 day LOI-to-signature), research/06-security-frontier/ai-exit-clauses-model-weight-escrow.md (OpenAI dropped to 27% enterprise share; 37% of firms use 5+ models; 90-180 day switching benchmark per Morgan Lewis), and research/06-security-frontier/cyber-insurer-ai-renewal-questions.md (the renewal questions carriers now ask about vendor concentration). Forrester’s recommendation raises the same concentration-risk thesis from the vendor-contract lens to the full security-program posture.

4. Run High-Impact Geopolitical Scenario Planning

The recommendation: rehearse disruption scenarios tied to real business dependencies.

Forrester’s framing: “The goal is not to predict the next disruption perfectly but to ensure that when it arrives, decision-making is deliberate rather than reactive.” The prescription is specific — regional cloud isolation scenarios, supplier-compromise scenarios, service-shutdown decisions. The underlying principle is that geopolitics now directly shapes continuity planning, not just regulatory filings.

What this looks like in practice: the security team runs a tabletop where a regional cloud provider becomes unavailable for 72 hours due to a sovereignty dispute, and the business has to decide which customer-facing services degrade gracefully and which ones stop entirely. Or a tabletop where a major SaaS AI vendor’s compute capacity is reallocated under a wartime executive order, and the business has to pivot to a second-source model in days. The output is not a perfect prediction; it is a decision tree with owners, thresholds, and pre-negotiated contractual options.

This theme pairs with the IBM IBV 5 Trends for 2026 finding (Pass 467, Dec 1, 2025, n=1,028 C-suite) that 93% of executives must factor AI sovereignty into 2026 strategy. Burn/Pollard names the security-program operating response; IBM IBV names the executive strategic agenda above it. See wiki/ai-sovereignty.md for the cross-concept hub.

Source Credibility

MEDIUM-HIGH. Forrester is a top-tier analyst firm with direct CISO-audience research distribution. Burn and Pollard are Forrester’s Security & Risk practice leads on program-level CISO advisory. The artifact is the public preview of a larger client-gated report (Top Recommendations For Your Security Program, 2026) — the four-theme structure and four named recommendations are visible; the other eight recommendations and any underlying survey or client-inquiry methodology are paywalled. Read the public preview as authoritative analyst framing from a firm with deep security-leader access, not as a primary-data study. Apply the same Forrester analyst caveat used on forrester-ciso-ai-driven-future-2026.md (Pass 452) and forrester-ai-cio-outcome-governance-2026.md (Pass 449): the framework is the value; the content steers toward Forrester subscription products (client inquiries, webinars, Forrester Decisions research).

This file triangulates against independent sources covering the same four themes: MIT CISR Minimum Viable Governance (van der Meulen/Jewer/Levallet, Mar 19, 2026, FinCo case + 17 leader interviews — academic, no vendor caveat), IBM IBV + Palo Alto Networks agentic-AI-cybersecurity (Pass 233, Mar 22, 2026, n=1,000 C-level — vendor co-published, caveat applied), Anthropic Trustworthy Agents in Practice (Pass 445, Apr 9, 2026 — vendor-provider caveat applied), and IBM IBV 5 Trends for 2026 (Pass 467, Dec 1, 2025, n=1,028 C-suite — vendor caveat applied).

Key Data Points

What This Means for Your Organization

The Burn/Pollard framework is the single most compact 2026 security-program reframe your CISO, CFO, and CEO can read in one sitting and walk into a 90-minute security-leadership offsite with. Three decisions fall out of it with real financial and organizational consequences.

First, the budget question. If your 2026 security budget funds AI security as a line item inside the security cost center, you have already chosen to cannibalize foundational defenses the first time the business funds a new AI initiative mid-year. The fix is a Q2 conversation with the CFO to restructure how AI controls are budgeted for future AI deployments — the AI security cost rides inside the AI project’s business case, not inside the CISO’s fixed budget. This is a finance-and-procurement change, not a security-architecture change, and it is the only change on this list the CISO cannot execute alone. Brief your CFO before the next AI business case lands on the procurement desk.

Second, the vendor-concentration question. The CISO who renewed an all-in-one XDR/SIEM/EDR/SASE contract in 2024 to consolidate costs is now the CISO whose entire detection stack goes offline when that vendor has a bad morning. The fix is a scheduled vendor-risk review that specifically models three-day and seven-day outages for each single-vendor critical function, pairs that with the BCP plan, and captures the delta in the next renewal. Your contract review window matters; see the companion corpus files on AI vendor contract timelines and model-weight escrow for the tactical mechanics.

Third, the scenario-planning question. If your last continuity tabletop tested a ransomware event against a 2022 threat model, you are overdue. A 2026-appropriate tabletop tests a regional cloud isolation event during a sovereignty dispute, an AI-vendor supply-chain compromise that poisons your agent reasoning, and a service-shutdown decision made under a 48-hour regulatory clock. The point is not to rehearse every scenario; it is to rehearse the decision-making muscle so that when the novel scenario arrives, the team already knows who decides what.

If this raised questions specific to your organization’s 2026 security-program build — particularly the budget-restructure conversation with your CFO — I’d welcome the conversation: brandon@brandonsneider.com

Sources

• Jess Burn and Jeff Pollard, “2026 Really Is This Risky: Our Top Recommendations For CISOs,” Forrester (blog), March 4, 2026. URL: https://www.forrester.com/blogs/2026-really-is-this-risky-our-top-recommendations-for-cisos/ — MEDIUM-HIGH credibility, Forrester analyst caveat: public preview of the client-gated Top Recommendations For Your Security Program, 2026 report; four of twelve recommendations visible in the preview. Authors are Forrester Security & Risk practice leads with direct CISO-advisory distribution.
• Amy DeMartine, “CISOs Have Plenty Of Work To Do In An AI-Driven Future” (The AI CISO), Forrester (blog), April 9, 2026. URL: https://www.forrester.com/blogs/cisos-have-plenty-of-work-to-do-in-an-ai-driven-future/ — MEDIUM-HIGH credibility, Forrester analyst caveat: companion CISO role-redefinition POV; cited via research/04-consulting-firms/forrester-ciso-ai-driven-future-2026.md.
• Nick van der Meulen, Tanya Jewer, Nathalie Levallet, “Minimum Viable Governance for Generative AI,” MIT CISR Research Briefing No. XXVI-3, March 19, 2026. URL: https://cisr.mit.edu/publication/2026_0301_GenAIGovernance_VanderMeulenJewerLevallet — HIGH credibility, academic: FinCo case + 17 leader interviews; the governance-paralysis failure mode Forrester’s recommendation 2 exists to prevent.
• IBM Institute for Business Value, “5 Trends for 2026: Capture Fleeting Opportunities With Confidence,” December 1, 2025. URL: https://www.ibm.com/thought-leadership/institute-business-value/en-us/report/business-trends-2026 — HIGH credibility, IBM Consulting vendor caveat: n=1,028 C-suite; AI sovereignty as a 2026 executive-strategic theme triangulating with Burn/Pollard recommendation 4.
• IBM Institute for Business Value + Palo Alto Networks, “Agentic AI Is the New Attack Surface,” March 22, 2026. URL: https://www.ibm.com/thought-leadership/institute-business-value/en-us/report/agentic-ai-cybersecurity — MEDIUM credibility, vendor co-published: n=1,000 C-level; agentic-sprawl threat evidence triangulating with Burn/Pollard recommendation 2.
• Forrester Q4 2025 AI Pulse Survey (via DeMartine Apr 9, 2026): 56% of generative AI decision-makers cite agentic sprawl as a current challenge. Client-gated methodology.

Brandon Sneider | brandon@brandonsneider.com April 2026