As AI becomes more embedded in fundamental business processes, organizations can no longer settle for “secure enough.” Learn how AI is redefining the CISO role — and actions that they can take today.

For AI to have a positive impact, CISOs need to fill a growing gap: AI action outcomes must be correct, auditable, and safeguarded from malicious or accidental corruption. This means leading through change to get to a future where AI is engineered from the start with proper guardrails and controls with clear accounting through a chain of autonomous decisions, regardless of who or what initiated them. This is no easy feat for CISOs who must balance protecting the existing organization while gearing up security to provide assurance for an AI-powered future. This report helps CISOs understand AI’s current and future impact on their responsibilities and prepare for a role based on trust and assurance.

You can use business continuity management (BCM) software to reduce the impact of catastrophic disruptions on critical customer services, proactively improve resilience, and dynamically respond to the specifics of any disruption. But to realize these benefits, you’ll first have to select from a diverse set of vendors that vary by size, type of offering, geography, and use case differentiation. Business continuity and resilience leads should use this report to understand the value they can expect from a BCM software vendor, learn how vendors differ, and investigate options based on size and market focus.

Whether your program targets business continuity, operational resilience, or business resilience goals, metrics that prove the program is successful are difficult to create. Organizations spend resources on these efforts whether an incident occurs or not. Therefore, resilience leaders need success metrics that measure the effectiveness of the response after a critical event and how well the program functions continually. Resilience leaders can use this report to create or benchmark their metrics based on the type of program they have now or want to have in the future.

For leaders in security, risk, and privacy, this year has been different, with a new level of volatility fueled by geopolitics, new regulatory hurdles, relentless AI disruption, and looming quantum threats. Learn how Forrester’s Security & Risk Summit 2025 can empower you to stay ahead of the chaos, take the right risks, and secure your organization.

This week the UN court said countries must address the “urgent and existential threat” of climate change. It’s easy to see from weather events why this is more urgent than ever before.

This past year, I was describing what a “twofer” was to my colleague Jinan Budge in Australia. I casually dropped this term for getting two things for the price of one during a conversation. In addition to talking about how weird lingo can be, it also led to me proposing that what we were talking […]

Forrester is delighted to announce the opening call for our annual Security & Risk Enterprise Leadership Award. This award recognizes organizations that have transformed their security, privacy, and risk management functions into capabilities that fuel the organization’s reputation for trust and its long-term success.

Complying with operational resilience mandates is difficult. The mandates are both directional, giving organizations the ability to tailor their operational resilience to their specific needs, and prescriptive, with very specific requirements that all must meet. Compliance will require supporting technology, and there isn’t a single technology that will cover all requirements. Instead, it will demand a thoughtful combination of technologies. Resilience pros, technology pros, and risk pros should use this report to identify the foundational technologies to ensure long-term operational stability and resilience.

Since the introduction of ISO 222301 in 2012, not much has changed in the way of best practices for business continuity (BC). However, worldwide operational resilience mandates have created a new set of best practices that raise expectations for overall resilience. Resilience pros can use this report to benchmark their own program, make a business case for improvements, and learn how expectations for resilience are changing practices.