Cody Scott

Senior Analyst

Forrester Bio

Author Insights

Blog

Predictions 2025: Security And Risk Pros Will Brace For Regulations And Resilience

Cody Scott October 1, 2024
With cybercrime expected to cost $12 trillion in 2025, regulators will take a more active role in protecting consumer data while organizations pivot to adopt more proactive security measures to limit material impacts. Find out more in our 2025 predictions for cybersecurity, risk, and privacy.
Blog

The Shakedown From Black Hat USA, 2024

Sandy Carielli August 14, 2024
What happens when five security analysts gather at a security conference in Las Vegas? Stuff gets broke. Find out more in this review of the recent BlackHat USA event.
Blog

Build The Business Case For Cyber Risk Quantification To Reset Risk Management

Cody Scott June 5, 2024
An organization’s single biggest risk is not knowing how much risk it has. That's why cyber risk quantification is on the rise. Learn the basics of how to build a CRQ business case in this post.
Blog

Announcing The Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2024

Cody Scott May 22, 2024
The cyber risk ratings kitchen is heating up and our new Wave report gives insight into the 10 vendors that matter most. Get a preview here.
Blog

The New Chief Artificial Intelligence Officer Role Balances AI Champion And Risk Manager

Alla Valente April 3, 2024
US federal agencies must now have a chief artificial intelligence officer responsible for operationalizing the safe use of AI. Learn more about this move and the implications in this blog post.
Blog

GenAI: GRC Enters Accelerator Era, And Not A Minute Too Soon!

Alla Valente April 2, 2024
Generative AI offers an opportunity for risk management to reinvent itself from the department of “no” to the discipline of “go.” Find out how in this blog post.
Blog

Lessons In Risk Management From NASA’s Space Security: Best Practices Guide

Cody Scott January 17, 2024
Learn how NASA's Space Security Best Practices Guide benefits not only NASA’s space missions, but any security risk management professional.
Blog

The DoD Releases CMMC 2.0 As Its Holiday Gift To The Public

Cody Scott January 3, 2024
Get four key takeaways from the DoD's proposed rules for updating the Cybersecurity Maturity Model Certification (CMMC) program.
Blog

Announcing The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q4 2023

Cody Scott December 7, 2023
Read this report for more insight on the GRC market that has been 20 years in the making and the 15 vendors that matter most.
Blog

The Busy Security Leader’s Guide To The National Cybersecurity Strategy Implementation Plan

Allie Mellen July 14, 2023
Security and risk leaders beware, the Biden Administration released the next major step in its plan to implement the National Cybersecurity Strategy (NCS) on July 13, 2023. The National Cybersecurity Strategy Implementation Plan (NCSIP) includes 65 federal initiatives across five pillars aimed at increasing cybersecurity investment, assigning federal agencies to specific initiatives, and giving timelines […]
Blog

Wonder Twin Powers, Activate! Cyber Risk Ratings And Third-Party Risk Platforms Are More Powerful Together

Alla Valente May 2, 2023
Third-party risk management and cyber risk ratings fight better together, making security and risk professionals the beneficiaries of the alliance.
Blog

This Earth Day, Take Control Of Climate Risk

Cody Scott April 21, 2023
Climate events occur more frequently every year. Treat this Earth Day as a call to action, and add climate risks to your systemic risk purview.
Blog

Get A Head Start On The National Cybersecurity Strategy

Jeff Pollard March 2, 2023
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog

Call It What You Want, Cyber Risk Quantification Is Now A Must

Cody Scott February 3, 2023
What do Live Nation’s Taylor Swift ticketing debacle and cyber risk have in common? Bad assumptions. Whether you confidently believe that you can anticipate record ticket demand or believe that your payment processing infrastructure is secure enough to handle it, that belief is based on an assumption, and that assumption is based on the past […]
Blog

Groundhog Day, SEC Style: Proposed Rule On Cybersecurity Risk Governance Has All The Pain Of SOX With Fewer Financial Penalties

Alla Valente February 2, 2023
There’s a significant shift ahead for how public firms and their boards treat cybersecurity risk. The last two years increased the amount of cybersecurity oversight in terms of regulations and guidelines. Voluntary “recommendations” such as the National Institute of Standards and Technology’s guidelines for AI offer a starting point for safer use of artificial intelligence, […]