Paul McKay

Senior Analyst

Forrester Bio

Paul McKay

Author Insights

BLOG

Cybersecurity Risk Ratings Are Here To Stay — Learn To Work With Them

Paul McKay July 31, 2019
Cybersecurity risk rating solutions are a polarizing topic for security leaders. We meet promoters and detractors in roughly equal measure in the customers that we speak to. Positive client sentiment cites the ability to continuously monitor their third parties, and the simplicity of the quantifiable risk score is popular. Security leaders tell us it is […]
Read More
BLOG

Infosecurity Europe 2019: Incremental Evolution Rather Than Revolution

Paul McKay June 7, 2019
I have spent the last three days attending Infosecurity Europe 2019, the largest security trade show in the UK and Europe. As ever, before coming I have tried to predict the big theme or trends that CISOs should take note of. However, the show is very similar to last year, with incremental evolution of products […]
Read More
BLOG

PSD2 Security Requirements Are Restricting Fintech Innovation

Paul McKay May 30, 2019
I have recently released a new report looking at the second phase of the Payment Services Directive (PSD2) and its security requirements along with my colleagues Jacob Morgan and Andras Cser. Banks and financial institutions are currently hard at work building APIs and testing their Strong Customer Authentication (SCA) solutions. Banks need to comply with […]
Read More
BLOG

Research Announcement — Forrester Wave™ For Q4 Of 2019: European Cybersecurity Consulting Service Providers

Paul McKay May 7, 2019
We are currently considering the list of vendor participants that we are planning to invite to a prescreener for our upcoming Forrester Wave™ evaluation in Q4 of this year on European cybersecurity consulting service providers. If you provide cybersecurity consulting services to customers headquartered in Europe and you operate in more than one key European […]
Read More
BLOG

Zero Trust Goes Mainstream In Europe

Paul McKay April 25, 2019
Over the Easter weekend, we released a new research report looking at implementing Zero Trust in Europe. When we started, we knew that a one-size-fits-all approach would not work in Europe. In addition, general awareness of the Zero Trust security model is much lower in Europe than in the US. Unheard of 12 months ago […]
Read More
BLOG

Cunning Plans Are In Short Supply In 2019 Brexit Britain

Paul McKay January 22, 2019
With no Brexit deal signed, European CISOs should be ready to face chaos. Here are five key concerns CISOs must consider and prepare for.
Read More
BLOG

The Forrester Wave™: Managed Security Services Providers (MSSPs), Europe, Q4 2018

Paul McKay November 19, 2018
I published my first Forrester Wave™ today, covering the managed security services provider (MSSP) market in Europe. The culmination of four months of hard work by not just us but all the vendors involved, this is to my knowledge our first analysis focused on the needs of the European market for MSSPs. Here are some […]
Read More
BLOG

Forrester’s Cyber Predictions For 2019: The European Take

Paul McKay November 5, 2018
Today, my team published Forrester’s predictions for the cybersecurity industry in 2019. We listed five key trends that we think will impact the industry over the next 12 months. Here is my take on how three of these trends will play out in the European cybersecurity market: Economic espionage in Europe will increase due to […]
Read More
BLOG

European Intelligence Announcement Shows The Importance Of Assessing Geopolitical Risks

Paul McKay October 5, 2018
Today, we in Europe woke up to headlines about attempted cyberattacks by Unit 26165 of Russia’s GRU intelligence service. In a world where the attribution of cyberattacks is a notoriously difficult task, the UK, the Netherlands, and the US made a joint announcement of the foiling of an attempt by four hackers linked to Unit […]
Read More
BLOG

Come And Join Us To Learn How Security Can Safeguard Your Digital Investments And Help You Serve Your Customers Effectively

Paul McKay September 13, 2018
Security is one of those words that is associated with hackers, reputational failures, and fear, uncertainty, and doubt. I disagree: Security, when done properly, can be one of the biggest investments you make. It is crucial to building customer trust and safeguarding digital investments. Furthermore, responding well to a breach can enhance shareholder value and […]
Read More
BLOG

Brexit Paper Increases Chances Of No-Deal Outcome For Security

Paul McKay July 13, 2018
On Thursday afternoon, the UK government published its white paper, “The United Kingdom’s exit from and new partnership with the European Union.” The last-minute changes, following a spate of Cabinet resignations late in the day, resulted in the publication being delivered to the House of Commons as MPs were timetabled to debate it. This led […]
Read More
BLOG

All The Fun Of The Fair: Some Initial Thoughts On Infosecurity Europe 2018

Paul McKay June 11, 2018
Last week, I attended Infosecurity Europe 2018, the largest event of its kind in Europe. The event is a carnival of the cybersecurity industry, with promotion of every information security product imaginable. There are also more conference training tracks than your average railway. The show gives a good indication of the key issues that are […]
Read More
BLOG

Nothing Is Agreed Until Everything Is Agreed . . .

Paul McKay May 22, 2018
The European Union has always stated when it comes to Brexit: “Nothing is agreed until everything is agreed.” Time is running out to come to agreement on a wide range of issues, including security and defense cooperation. In my first report for Forrester — Brace Your Security Organization For Post-Brexit Challenges — I look at the […]
Read More
BLOG

IETF Takes GDPR Influence A Little Too Far In Its Draft Standard For Logging For Internet-Facing Servers

Paul McKay May 16, 2018
The General Data Protection Regulation (GDPR) is responsible for a lot of changes to privacy policies and standards, leaving everyone rushing to be ready for GDPR day on May 25, 2018. The Internet Engineering Task Force (IETF) has also been busy recently updating some of its standards in response to the GDPR. One change that has […]
Read More
BLOG

Just When You Think You've Sorted GDPR . . . A New EU Cyber Regulation Comes Into Force Today

Paul McKay May 9, 2018
Today (May 9, 2018) is the deadline for the new Network and Information Security (NIS) Directive to be transposed into EU member states’ national legislation. This new regulation is aimed at creating a base level of security for organizations that are operating essential services within the EU. The primary sectors covered by this regulation are: […]
Read More
BLOG

Just When You Think You’ve Sorted GDPR . . . A New EU Cyber Regulation Comes Into Force Today

Paul McKay May 9, 2018
Today (May 9, 2018) is the deadline for the new Network and Information Security (NIS) Directive to be transposed into EU member states’ national legislation. This new regulation is aimed at creating a base level of security for organizations that are operating essential services within the EU. The primary sectors covered by this regulation are: […]
Read More
BLOG

TIBER-EU Framework Offers An Opportunity To Improve FinServ Cyber Resilience

Paul McKay May 8, 2018
The European Central Bank yesterday launched its TIBER-EU (Threat Intelligence-Based Ethical Red Teaming for the European Union) framework for financial institutions regulated within the EU. In short, there is a new voluntary framework for threat intelligence-led red-teaming exercises that has been published by the European Central Bank (the Central Bank for eurozone economies). The framework […]
Read More