Forrester analyzed the top global breaches and worst privacy abuses of 2025 and identified key trends and lessons learned. With more than 10.6 billion records exposed in the top 35 breaches alone and almost $2.8 billion in fines levied on the top 35 violators, lessons abound for security teams. Join us as we review some of the most important breaches of 2025 and discuss ways your security team can protect against them.Key takeaways: Understand the key breaches and lessons from the past year.Learn how to augment your security and privacy strategies accordingly.Target audience level: all levels

Anthropic’s Project Glasswing and Claude Mythos Preview prove that autonomous zero-day discovery now operates at scale. We evaluate the immediate, medium-term, and structural consequences for security teams, vendors, insurers, regulators, and future careers.

Anthropic, along with 11 other companies, recently announced Project Glasswing — an initiative that aims to secure software in the wake of advances in AI capabilities, most notably Anthropic’s Claude Mythos Preview frontier model. Project Glasswing is made up of a who’s who of tech companies, cybersecurity vendors, and others: Amazon Web Services, Anthropic, Apple, […]

RSAC Conference 2026 has come and gone. Gone, too, are the petting zoos of yesteryear, replaced this year by — of all things — pop-up tattoo parlors. Or as one attendee observed, “We’ve traded livestock for live needles.” This year’s attendance of over 43,500 was flat compared to 2025, but the sessions and exhibit floor […]

Tech executives welcoming a new CISO to the organization should consider themselves enablers, first and foremost, and help the CISO unlock opportunities by capitalizing on the momentum that a new leader taking the reins can create. CISOs who fail to execute well in their first 90 days risk alienating stakeholders and isolating themselves. They must understand what the organization does, what its growth areas are, how security propels its goals, and which leaders and stakeholders are involved. This report shows tech leaders how to increase the likelihood of success by helping CISOs gain situational awareness, cultivate relationships, and establish the guiding principles of the security culture they want.

Forrester analyzed the top global breaches and worst privacy abuses of 2025 and identified key trends and lessons learned. With more than 10.6 billion records exposed in the top 35 breaches alone and almost $2.8 billion in fines levied on the top violators, lessons abound for security teams. Security and privacy leaders should use this report to understand the key breaches and lessons from the past year and augment their security and privacy strategies accordingly.

The energy and momentum created when a new leader takes the reins unlocks opportunities, but if CISOs don’t handle their first 90 days well, they risk alienating stakeholders and isolating themselves. To be effective, they must tackle three tasks in the first 90 days: establish competence by gaining situational awareness, cultivate relationships by showing empathy, and demonstrate integrity in the guiding principles of the security culture they want. In this report, we look at why it’s crucial for a new CISO to understand what the organization does, where it’s growing, who are the leaders involved, and how the security team and program can help.

The annual RSAC Conference in San Francisco is the cybersecurity industry’s biggest event of the year. For the analysts attending, RSAC Conference week provides an opportunity to learn about cybersecurity trends and topics, meet with vendors and clients, and share our insights and observations. It’s also an excellent opportunity to meet our daily step goals […]

Insider risk is an ongoing concern for organizations today. Common consequences include fraud, privacy abuses, intellectual property theft, and infrastructure damage. According to security decision-makers in Forrester’s Security Survey, 2025 who experienced a breach in the past 12 months, 22% of breaches with a known cause resulted from an internal incident. Thirty-two percent who experienced an internal incident described it as accidental, but 47% blamed malicious intent and 21% noted both inadvertent misuse and malicious intent. This data snapshot underscores the importance of carefully building insider risk management programs that account for employee privacy and due process.

Of the biggest challenges security decision-makers faced in 2025, the changing/evolving nature of external security threats was the most common, just edging out these other interlinking challenges: 1) lack of visibility and influence within the organization, 2) complexity of the IT environment, 3) lack of comprehensive vulnerability and exposure remediation prioritization strategy, and 4) the changing/evolving nature of internal security threats. This data snapshot underscores how the dynamic nature of the external threat environment amplifies challenges in the internal ecosystem; security leaders must show how protecting against these threats allows the business to operate and grow.