For this report, RSAC combined studies of CISOs conducted in Q2 2025 with session attendance and exhibitor visit data from RSAC Conference to understand CISOs’ priorities for 2025-2026. We use that data to offer recommendations to senior cybersecurity leaders, such as: 1) European CISOs who’ve been less concerned about personal liability for breaches should get indemnified now; and 2) Don’t expect today’s low cybersecurity staff turnover to last. RSAC’s analysis also has implications for cybersecurity suppliers—CISO buyers are looking to improve identity management with AI and to implement passwordless authentication.