Heidi Shey
Principal Analyst

Author Insights
Blog
Make Cyber Insurance Work For You
Learn why cyber insurance is a major opportunity in this preview of our upcoming Security & Risk Forum.
Blog
Prevent Data Turnovers With Insider Risk Management
Learn some valuable lessons about insider risk management from the New York Knicks and the Toronto Raptors. Really.
Blog
The State Of Data Security, 2023
Learn some of the key data security trends of the year including the causes of breaches, types of data being compromised, and post-breach effects and impact.
Blog
The State Of Cyber Insurance, 2023
Cyber insurance is a common tool for risk transfer today. It’s also a key driver for cybersecurity program investment today. But who has cyber insurance and what benefits do organizations see from it? Analyzing Forrester data on cyber insurance adoption and breach response trends, we find that: Most organizations do not have standalone cyber insurance […]
Blog
Rubrik Acquires Laminar: Data Resilience And Security Join Forces
As security threats increase, data protection and security practices continue to merge. Data resilience firm Rubrik recently announced its acquisition of Laminar, a data security posture management (DSPM) vendor. Together, they aim to enable consistent and unified data security posture visibility that spans on-premises and cloud-based environments. Modern Data Resilience Is Increasingly A Cybersecurity Issue […]
Blog
Post-Quantum Security: Have You Started Your Journey?
The European Policy Centre recently published a quantum cybersecurity agenda for Europe in July 2023. This is yet another example of raising awareness and issuing calls to action for post-quantum security preparations. This follows the World Economic Forum and Deloitte issuing a perspective on transitioning to a quantum-secure economy in 2022. Also in late 2022, […]
Blog
Reap The Rewards Of Empathy, The Emotional Buoy Of Trust
This week, we are thrilled to release new research: Build Trust And Lasting Emotional Bonds With Empathy. This report delves into empathy, one of the most critical of the seven levers of trust defined in the trust imperative. Forrester defines empathy as: The perception that an organization is emotionally connected to its customers, employees, […]
Blog
Thales To Acquire Imperva: Building This Dream House Won’t Be Easy
Thales announced its agreement to acquire Imperva from private equity firm Thoma Bravo for $3.6 billion, expecting to add $500 million of revenue and expand its data and application security offerings as a result. The overall cybersecurity portfolio will then be structured across three key areas: identity (Thales), data security (Thales and Imperva), and application […]
Blog
Unpacking DLP: The Concept Versus The Control
Data loss prevention (DLP) strategy and approach is an evergreen topic in the ongoing guidance sessions I have with clients, where I hear: 1) We must have this, we already have it, and we are not happy with what we currently have; 2) We have this, and we don’t want it anymore; or 3) We […]
Blog
Insights From The 2023 RSA Conference: Generative AI, Quantum, And Innovation Sandbox
There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.
Blog
What I’m Looking For At RSA Conference 2023
The countdown begins! I’ve confirmed the last 1:1 meeting spot on my calendar. The Forrester team is preparing for a panel discussion and topic tables at our client meet-and-greet event. I’m glad that track sessions and keynotes will also be available on demand. I aim to attend a few in person, but I know I’ll […]
Blog
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog
We Need To Talk More About Burnout In Cybersecurity
Forrester predicted that in 2023, a Global 500 firm will be exposed for burning out its cybersecurity employees. In 2022, we saw at a very practical level in Australia that weaknesses in our cyberdefenses can impact society at mass levels. Impacts of breaches at Optus, Medibank, EnergyAustralia, and MyDeal include fines, exposure of millions of […]
Blog
Deciphering Apple’s Recently Announced Data Protection Features
Earlier this month, Apple announced several important new data protection features for general availability in 2023 that have numerous implications for security teams in all industries and geographies. Here is the Forrester security and risk team’s collective analysis of these new features. Quick Summary The announcement is not particularly noteworthy in terms of the newly […]
Blog
Predictions 2023: Security Pros Face Greater Internal Risks
On top of the usual challenges, in 2023, security pros will see more risk coming from internal forces, such as enabling anywhere work and the future of the office. Learn more in our 2023 predictions.
Blog
It’s More Than Just Emojis: Secure Your Communications
What’s within an employee chat? More than emojis. Employee communications via chat, voice calls, and videoconferencing can include customers’ personal information, insights about business operations, or other highly sensitive material. Consumer apps aren’t suited for such purposes. They lack enterprise controls for management and compliance, have privacy policies and terms of use that can change […]
Blog
Redefining Data Security For The Modern Age
Learn how to redefine data security in an age of multicloud, anywhere work, edge computing, and changing privacy regulations.
Blog
Who’s Responsible For Cyber Insurance Policy Misrepresentations? It Depends.
On July 6, 2022, the Travelers Property Casualty Company of America (Travelers Insurance) filed a suit in an Illinois federal court against International Control Services, Inc. (ICS) asking for policy rescission and declaratory judgment against ICS. Travelers alleges that ICS misrepresented its use of multifactor authentication (MFA) on its policy application, which should be sufficient […]
Blog
NIST PQ: “Lattice” Pick A Winner
Last week, we wondered if early reports indicating that NIST would announce the winners of its post-quantum cryptography competition would come to fruition anytime soon. Happily, they have. After an evaluation process that began with a call for nominations in 2016 and culled dozens of potential post-quantum (PQ) cryptographic algorithms down to seven finalists and […]
Blog
The Interminable Wait: The NIST Post-Quantum Competition
While we wait to learn the winners, here's a bit of history.
More posts