Cody Scott

A coalition of over 40 chief information security officers (CISOs) from leading companies, including Salesforce, Microsoft, AWS, Mastercard, and Siemens, sent a letter to the G7 and OECD, urging them to take action on aligning international cybersecurity regulations.

The recent introduction of US-imposed tariffs has shaken global trade. While economists and financial analysts debate whether this on-again/off-again trade war fits into their model for geopolitical, economic, or supply chain risks, the result is the same: uncertainty and chaos sure to shake up business strategy for the foreseeable future. This new era of volatility […]

Government agencies at the federal, state, and local levels must prepare for a future where they experience uncertainty, headcount reductions, contract cancellations, and budget cuts. This is gut-wrenchingly difficult to process, yet remaining leaders must figure out how to move forward to serve the mission. For public sector cybersecurity leaders, this is even more paramount. […]

Get the highlights from the World Economic Forum’s 2025 Global Risks Report and find out what it means for global risk leaders.

Forrester's security and risk research team breaks down the key highlights and implications of former US President Joe Biden’s 2025 Executive Order (EO) 14144 on strengthening security, improving accountability for software and cloud service providers, and promoting innovation, including use of emerging technologies.

Learn how the Forrester Continuous Risk Management Model can replace outdated risk management methods in this preview of a session at the upcoming Security & Risk Summit.

With cybercrime expected to cost $12 trillion in 2025, regulators will take a more active role in protecting consumer data while organizations pivot to adopt more proactive security measures to limit material impacts. Find out more in our 2025 predictions for cybersecurity, risk, and privacy.

What happens when five security analysts gather at a security conference in Las Vegas? Stuff gets broke. Find out more in this review of the recent BlackHat USA event.

An organization’s single biggest risk is not knowing how much risk it has. That's why cyber risk quantification is on the rise. Learn the basics of how to build a CRQ business case in this post.

The cyber risk ratings kitchen is heating up and our new Wave report gives insight into the 10 vendors that matter most. Get a preview here.

US federal agencies must now have a chief artificial intelligence officer responsible for operationalizing the safe use of AI. Learn more about this move and the implications in this blog post.

Generative AI offers an opportunity for risk management to reinvent itself from the department of “no” to the discipline of “go.” Find out how in this blog post.

Learn how NASA's Space Security Best Practices Guide benefits not only NASA’s space missions, but any security risk management professional.

Get four key takeaways from the DoD's proposed rules for updating the Cybersecurity Maturity Model Certification (CMMC) program.

Read this report for more insight on the GRC market that has been 20 years in the making and the 15 vendors that matter most.

Security and risk leaders beware, the Biden Administration released the next major step in its plan to implement the National Cybersecurity Strategy (NCS) on July 13, 2023. The National Cybersecurity Strategy Implementation Plan (NCSIP) includes 65 federal initiatives across five pillars aimed at increasing cybersecurity investment, assigning federal agencies to specific initiatives, and giving timelines […]

Third-party risk management and cyber risk ratings fight better together, making security and risk professionals the beneficiaries of the alliance.

Climate events occur more frequently every year. Treat this Earth Day as a call to action, and add climate risks to your systemic risk purview.

This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.