Cody Scott
Senior Analyst
Speaking At
Author Insights
Blog
Predictions 2025: Security And Risk Pros Will Brace For Regulations And Resilience
With cybercrime expected to cost $12 trillion in 2025, regulators will take a more active role in protecting consumer data while organizations pivot to adopt more proactive security measures to limit material impacts. Find out more in our 2025 predictions for cybersecurity, risk, and privacy.
Blog
The Shakedown From Black Hat USA, 2024
What happens when five security analysts gather at a security conference in Las Vegas? Stuff gets broke. Find out more in this review of the recent BlackHat USA event.
Blog
Build The Business Case For Cyber Risk Quantification To Reset Risk Management
An organization’s single biggest risk is not knowing how much risk it has. That's why cyber risk quantification is on the rise. Learn the basics of how to build a CRQ business case in this post.
Blog
Announcing The Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2024
The cyber risk ratings kitchen is heating up and our new Wave report gives insight into the 10 vendors that matter most. Get a preview here.
Blog
The New Chief Artificial Intelligence Officer Role Balances AI Champion And Risk Manager
US federal agencies must now have a chief artificial intelligence officer responsible for operationalizing the safe use of AI. Learn more about this move and the implications in this blog post.
Blog
GenAI: GRC Enters Accelerator Era, And Not A Minute Too Soon!
Generative AI offers an opportunity for risk management to reinvent itself from the department of “no” to the discipline of “go.” Find out how in this blog post.
Blog
Lessons In Risk Management From NASA’s Space Security: Best Practices Guide
Learn how NASA's Space Security Best Practices Guide benefits not only NASA’s space missions, but any security risk management professional.
Blog
The DoD Releases CMMC 2.0 As Its Holiday Gift To The Public
Get four key takeaways from the DoD's proposed rules for updating the Cybersecurity Maturity Model Certification (CMMC) program.
Blog
Announcing The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q4 2023
Read this report for more insight on the GRC market that has been 20 years in the making and the 15 vendors that matter most.
Blog
The Busy Security Leader’s Guide To The National Cybersecurity Strategy Implementation Plan
Security and risk leaders beware, the Biden Administration released the next major step in its plan to implement the National Cybersecurity Strategy (NCS) on July 13, 2023. The National Cybersecurity Strategy Implementation Plan (NCSIP) includes 65 federal initiatives across five pillars aimed at increasing cybersecurity investment, assigning federal agencies to specific initiatives, and giving timelines […]
Blog
Wonder Twin Powers, Activate! Cyber Risk Ratings And Third-Party Risk Platforms Are More Powerful Together
Third-party risk management and cyber risk ratings fight better together, making security and risk professionals the beneficiaries of the alliance.
Blog
This Earth Day, Take Control Of Climate Risk
Climate events occur more frequently every year. Treat this Earth Day as a call to action, and add climate risks to your systemic risk purview.
Blog
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog
Call It What You Want, Cyber Risk Quantification Is Now A Must
What do Live Nation’s Taylor Swift ticketing debacle and cyber risk have in common? Bad assumptions. Whether you confidently believe that you can anticipate record ticket demand or believe that your payment processing infrastructure is secure enough to handle it, that belief is based on an assumption, and that assumption is based on the past […]
Blog
Groundhog Day, SEC Style: Proposed Rule On Cybersecurity Risk Governance Has All The Pain Of SOX With Fewer Financial Penalties
There’s a significant shift ahead for how public firms and their boards treat cybersecurity risk. The last two years increased the amount of cybersecurity oversight in terms of regulations and guidelines. Voluntary “recommendations” such as the National Institute of Standards and Technology’s guidelines for AI offer a starting point for safer use of artificial intelligence, […]