Forrester analyzed the top global breaches and worst privacy abuses of 2025 and identified key trends and lessons learned. With more than 10.6 billion records exposed in the top 35 breaches alone and almost $2.8 billion in fines levied on the top 35 violators, lessons abound for security teams. Join us as we review some of the most important breaches of 2025 and discuss ways your security team can protect against them.Key takeaways: Understand the key breaches and lessons from the past year.Learn how to augment your security and privacy strategies accordingly.Target audience level: all levels

As we move further into 2026, the security landscape continues to evolve in parallel with ongoing global uncertainty. Our latest report, “Top Recommendations For Your Security Program, 2026,” provides timely guidance for security leaders as they navigate another precarious year for their roles, programs, and organizations. Join us in this webinar to go over highlights from our 2026 recommendations and hear directly from the analysts making these calls.Key takeaways: Learn the most important recommendations for your security strategy in 2026 and our rationale behind them.Leverage our research and insights to guide your security program strategy.Understand how to prioritize changes in areas including AI and data governance, security budgets and staffing, post-quantum security, and critical infrastructure in the coming year.Target audience level: intermediate

The application and product security landscape is evolving as threat actors demonstrate greater sophistication, placing increased demands on security programs.

Schneider Electric transformed security, privacy, and risk management from compliance functions into strategic enablers of trust and growth. By embedding trust into its culture, product lifecycle, and risk governance, Schneider Electric aligned cybersecurity with business objectives, strengthened resilience, and positioned privacy as a market differentiator. This case study explores how Schneider Electric operationalized trust to win Forrester’s 2024 Security & Risk Enterprise Leadership Award and deliver measurable business impact.

“What coding?” Vibe coding is the cute term for using genAI systems to create, debug, or update programming code. People can use it without knowing how to write a line of code themselves. What this means: Lots of people are generating code they don’t understand. It’s not just developers using these tools to code faster; for example, it’s schoolteachers writing their […]

Agentic AI expands your attack surface from apps and users to autonomous actors who plan, decide, and act across tools, data, and systems. Forrester’s Agentic AI Guardrails For Information Security (AEGIS) framework helps security leaders apply guardrails across six domains: governance, risk, and compliance; identity and access management; data security and privacy; application security; threat management; and Zero Trust architecture principles.In this webinar, we translate AEGIS from framework to technology reality. We walk through the technology control points and categories that security teams can deploy to enforce least agency, reduce Key takeaways: Reframe AI security from protecting apps and users to governing autonomous agents using AEGIS-aligned guardrails.Identify the critical technology control points, including AI runtime security, LLM gateways and firewalls, red teaming, model context protocol (MCP) security, and AI supply chain controls.Map AI security technology categories to the six AEGIS domains to clarify ownership, reduce overlap, and prioritize spend.Apply a phased, actionable roadmap that translates AEGIS from framework to deployable controls delivering continuous assurance.Target audience level: all levels

On top of an already challenging discipline, AI accelerates insecure code creation, multiplies attack surfaces, and introduces new risks that application security must address. But fragmented tooling, limited visibility of dependencies, and emerging compliance requirements make it even more difficult to manage. This report identifies the 10 most critical application security trends in 2026. Security and development professionals should use this report to modify their application security strategy and practices to successfully respond.

Quantum security requirements will hit organizations in places you did and didn’t expect — from the security team looking to upgrade its PKI to the development team making sure upcoming releases are quantum safe to the infrastructure team looking at hardware refreshes and legacy IoT devices. Organizations must mobilize across security, infrastructure, development, innovation, risk, and procurement to ensure their systems, data, and customer commitments remain secure in a post quantum world.In this fireside chat, we break down what Q day readiness truly requires, why timelines are shrinking, and how technology leaders can coordinate an effective, enterprisewide migration strategy. Whether you're leading security, infrastructure, product development, or risk governance, this session will help you chart a path toward quantum safe resilience.Key takeaways: Understand why quantum security timelines have accelerated — and what NIST’s deprecation deadlines mean for your organization.Learn the essential roles of your cross‑functional Q‑day team and how to coordinate enterprisewide cryptographic discovery and migration.Gain actionable guidance on preparing infrastructure, identity systems, third‑party ecosystems, and development pipelines for post‑quantum cryptography.Target audience level: beginner

Firms that want to secure applications are challenged by understaffed security teams and lack of security awareness among developers. Developer security champions are developers who act as a security point of contact within their team and embed application security where it’s needed most. Programs to create and support champions require investment and planning. Security pros should use this report to make the case for a developer security champions program, put the right leadership in place, identify and train developer security champions, support and reward their champions, and measure success.

2025 was another year defined by massive data breaches and privacy fines, with over 10.6 billion records exposed and nearly $2.8 billion in penalties among the year’s most notable incidents. In our newest report, Lessons Learned From The World’s Biggest Data Breaches And Privacy Abuses, 2025, we analyzed the top 35 breaches and most notable […]