Heidi Shey

Learn some valuable lessons about insider risk management from the New York Knicks and the Toronto Raptors. Really.

Learn some of the key data security trends of the year including the causes of breaches, types of data being compromised, and post-breach effects and impact.

Cyber insurance is a common tool for risk transfer today. It’s also a key driver for cybersecurity program investment today. But who has cyber insurance and what benefits do organizations see from it? Analyzing Forrester data on cyber insurance adoption and breach response trends, we find that: Most organizations do not have standalone cyber insurance […]

As security threats increase, data protection and security practices continue to merge. Data resilience firm Rubrik recently announced its acquisition of Laminar, a data security posture management (DSPM) vendor. Together, they aim to enable consistent and unified data security posture visibility that spans on-premises and cloud-based environments. Modern Data Resilience Is Increasingly A Cybersecurity Issue […]

The European Policy Centre recently published a quantum cybersecurity agenda for Europe in July 2023. This is yet another example of raising awareness and issuing calls to action for post-quantum security preparations. This follows the World Economic Forum and Deloitte issuing a perspective on transitioning to a quantum-secure economy in 2022. Also in late 2022, […]

This week, we are thrilled to release new research: Build Trust And Lasting Emotional Bonds With Empathy. This report delves into empathy, one of the most critical of the seven levers of trust defined in the trust imperative.   Forrester defines empathy as: The perception that an organization is emotionally connected to its customers, employees, […]

Thales announced its agreement to acquire Imperva from private equity firm Thoma Bravo for $3.6 billion, expecting to add $500 million of revenue and expand its data and application security offerings as a result. The overall cybersecurity portfolio will then be structured across three key areas: identity (Thales), data security (Thales and Imperva), and application […]

Data loss prevention (DLP) strategy and approach is an evergreen topic in the ongoing guidance sessions I have with clients, where I hear: 1) We must have this, we already have it, and we are not happy with what we currently have; 2) We have this, and we don’t want it anymore; or 3) We […]

There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.

The countdown begins! I’ve confirmed the last 1:1 meeting spot on my calendar. The Forrester team is preparing for a panel discussion and topic tables at our client meet-and-greet event. I’m glad that track sessions and keynotes will also be available on demand. I aim to attend a few in person, but I know I’ll […]

This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.

Forrester predicted that in 2023, a Global 500 firm will be exposed for burning out its cybersecurity employees. In 2022, we saw at a very practical level in Australia that weaknesses in our cyberdefenses can impact society at mass levels. Impacts of breaches at Optus, Medibank, EnergyAustralia, and MyDeal include fines, exposure of millions of […]

Earlier this month, Apple announced several important new data protection features for general availability in 2023 that have numerous implications for security teams in all industries and geographies. Here is the Forrester security and risk team’s collective analysis of these new features. Quick Summary The announcement is not particularly noteworthy in terms of the newly […]

On top of the usual challenges, in 2023, security pros will see more risk coming from internal forces, such as enabling anywhere work and the future of the office. Learn more in our 2023 predictions.

What’s within an employee chat? More than emojis. Employee communications via chat, voice calls, and videoconferencing can include customers’ personal information, insights about business operations, or other highly sensitive material. Consumer apps aren’t suited for such purposes. They lack enterprise controls for management and compliance, have privacy policies and terms of use that can change […]

Learn how to redefine data security in an age of multicloud, anywhere work, edge computing, and changing privacy regulations.

On July 6, 2022, the Travelers Property Casualty Company of America (Travelers Insurance) filed a suit in an Illinois federal court against International Control Services, Inc. (ICS) asking for policy rescission and declaratory judgment against ICS. Travelers alleges that ICS misrepresented its use of multifactor authentication (MFA) on its policy application, which should be sufficient […]

Last week, we wondered if early reports indicating that NIST would announce the winners of its post-quantum cryptography competition would come to fruition anytime soon. Happily, they have. After an evaluation process that began with a call for nominations in 2016 and culled dozens of potential post-quantum (PQ) cryptographic algorithms down to seven finalists and […]

While we wait to learn the winners, here's a bit of history.