Announcing Forrester’s 2024 Security & Risk Enterprise Leadership Award Winner And Finalist
Forrester’s Security & Risk Enterprise Leadership Award recognizes organizations that have transformed their security, privacy, and risk management functions into capabilities that build a trusted and resilient business and fuel the organization’s long-term success.
Congratulations to Schneider Electric, this year’s winner, and our finalist, Piedmont.
Schneider Electric Earns And Sustains Trust By Creating Safe, Secure, And Resilient Digital Ecosystems
Schneider Electric is a global leader in energy management and automation, with a presence in over 100 countries. As our winner, Schneider Electric stands out for its comprehensive and structured approach to trust, privacy, and talent management in its security and risk program. Its Trust Charter, aligned with the company’s code of conduct, shapes employee behavior and attitudes. Dedicated employee events such as Trust Week further enhance the organization’s “trust IQ.” Privacy is treated as a distinct value beyond compliance, with strong “privacy by design” and awareness initiatives. Schneider Electric’s Cybersecurity Talent Development initiative promotes upskilling and reskilling, addressing both current and future needs. The company aims to enhance resilience by continuing to raise the bar on cyber defense and strengthening its capabilities to respond to incidents. In detail, our judges were particularly impressed with Schneider Electric for its:
- Trust Charter and Trust Center. The Trust Charter integrates ethics, safety, sustainability, quality, cybersecurity, and governance, demonstrating a holistic approach to security and risk management. The Trust Center is designed to address a growing number of cybersecurity, product security, and data protection-related requests from customers and stakeholders. It serves as a one-stop shop for all global incoming queries, ensuring that responses are validated, standardized, and qualitative.
- Strong enterprise commitment to product security and privacy. Schneider Electric’s focus on product security came through loud and clear, with cybersecurity and product security equally presented to the board in a dedicated meeting. Examples include its emphasis on embedding security into R&D and the overall development lifecycle, a dedicated Trust Center team to address common security and privacy concerns and customer requests within a specific timeframe, and regular CISO-to-CISO conversations with customers to foster trust and maintain transparency.
- Detailed focus on cybersecurity talent management. Schneider ensures that it looks outside of security for emerging talent within other functions. This creates clear role descriptions and enables career and training paths to move into different roles within security. The organization not only has a strong focus on upskilling and reskilling employees but also offers specific training and a cyber badge distinction for all employees interfacing with customers.
- Embedded approach to Zero Trust principles and cyber resilience. Schneider Electric embraces the principles of Zero Trust in its IT core and, of course, in product security. As attacks on manufacturing and critical infrastructure increase, breaches are inevitable. What sets companies apart is their readiness and response to these incidents. Schneider Electric places a strong emphasis on continuous improvement and conducting global cyber crisis simulations multiple times a year, which further enhances its resilience strategy.
- Robust third-party risk management. Finally, our judges noted that Schneider Electric’s third-party risk management program extends assessments to fourth+ parties and requires attestations and critical executive-level discussions with suppliers.
Piedmont Prioritizes The Protection Of Patient Data
What impressed us with Piedmont’s submission was its clear commitment to making a positive difference in every life the company touches by implementing robust security and risk management strategies. Piedmont has established a comprehensive information security team that focuses on several areas. These include developing clear policies, implementing rigorous controls such as multifactor authentication and encryption, and ensuring that security and privacy are shared responsibilities across departments. Regular risk assessments, continuous training, and strong leadership support are key components of the program, which aims to protect patient data, stay ahead of emerging threats, and foster a culture of accountability and trust. Strengths of Piedmont’s security and risk program include:
- Comprehensive controls. In an industry known for underfunding essential security technology, Piedmont has implemented multifactor authentication, encryption, secure remote access, patching, and antimalware protection across the enterprise.
- Shared responsibility. Security and privacy are viewed as shared responsibilities across various departments, ensuring that risk is addressed and that controls are implemented throughout processes.
- Continuous improvement. Regular risk assessments, proactive threat identification, and continuous training and awareness education help maintain a high level of security and adaptability to emerging threats.
You can learn more about Schneider Electric’s approach to building business resiliency through enterprise security and risk leadership at Forrester’s Security & Risk Summit, taking place in Baltimore and digitally on December 9–11, 2024. Presenters from Schneider Electric will be there to share more about its approach in a keynote session.
We look forward to your stories on how your security and risk teams are building trust and driving business performance. Get ready to submit your entry in next year’s Security & Risk Enterprise Leadership Award in 2025!