CISO Trends
The chief information security officer (CISO) role is growing in importance and remit. Discover the latest trends and analysis for CISOs and information security leaders.
Insights
Blog
Weaponized Insiders Can Result In Big Consequences
The US Department of the Treasury recently announced that it is canceling all of its contracts, reportedly valued at $21 million, with technology provider Booz Allen Hamilton (BAH) due to an insider incident that occurred between 2018 and 2020. The incident resulted in the theft of tax return data for more than 400,000 US taxpayers and the release of tax information about high-net-worth […]
Blog
Ready For Moltbot To Crack Its Shell And Spill Into Your Environment?
The (AI) Butler Did It If you hang out in the same corners of the internet that I do, chances are you’ve seen Clawdbot (now renamed Moltbot), the AI butler in action. You’ve seen the screenshots that show empty inboxes that an AI cleaned up. You likely read stories about personal bots that write code […]
Predictions 2026: Your Planning Starts Here
2026 will demand proof, not promises. Explore Forrester’s Predictions resources — guides, webinars, and blogs — to plan smarter, lead with trust, and stay ahead of disruption.
Blog
Mastering An Effective Executive Tabletop Exercise: Deriving Maximum Value And Impact
So you’ve decided to run an executive tabletop exercise (TTX) and pulled off the Herculean feat of getting it scheduled. Will this be a career-limiting move or career highlight? Let’s go for the latter. Done right, a good TTX will drive tremendous value for the company and garner you accolades. I have yet to do […]
Blog
The Success Of Your Proactive Security Strategy Depends On Your Answer To Six Questions
Proactive security has always been based on three principles: visibility, prioritization, and remediation. But in the age of AI, each principle will continue to experience challenges. In our latest research, The Future Of Proactive Security, we found that the future of proactive security hinges on how well teams answer six foundational questions across each principle: what, when, where, why, how, and who. Since AI accelerates […]
Blog
One Way To Close Your Security Gap: Stop Running As Admin On Windows Daily
While enterprise security has advanced, many organizations still leave a major vulnerability in place by letting employees run with local admin rights on Windows devices. This blog goes over ways to close that vulnerability gap.
Blog
ServiceNow Buys Armis To Improve Its Proactive Security Platform
ServiceNow has announced its intent to acquire proactive security platform vendor Armis in a cash deal valued at $7.75 billion.
Podcast
Women In Security, Holiday Shopping Trends, AI Agents In Content
Happy New Year! We kick off 2026 by unpacking lessons from 2025 and what they signal for the year ahead. This episode brings together security, marketing, and content leaders’ perspectives so you can act with confidence.
Now On Demand: 2026 Tech And Security Predictions
Missed it live? Watch our on-demand webinar to explore our 2026 predictions. Learn what tech and security leaders must do to lead with trust and value.
Blog
Announcing The Static Application Security Testing Solutions Forrester Wave™ And Buyer’s Guide — AI Brings Opportunity To SAST Solutions
The new Forrester Wave™ and Buyer's Guide details how AI is changing the way static application security testing (SAST) solutions are used. Learn more in this preview of the report.
Podcast
SolarWinds’ Lessons For CISOs, AI In B2B Sales, Shopping In Answer Engines
The holiday season is in full swing, and as retailers vie for consumer dollars, some of the biggest ones are branching out to answer engines like ChatGPT and Perplexity. In this episode, we describe what that experience looks like now and what brands should do in response. We also look at the lasting implications of a high-profile legal case for CISOs and the state of AI in B2B sales.
Blog
Tidings Of Comfort And Trust: Holiday-Season Security That Bolsters Your Brand
Make safe, reliable digital experiences as part of the value you deliver — and help keep customers coming back yearround.
Blog
SAFE Acquires Balbix
Cyber risk quantification (CRQ) vendor SAFE announced that it acquired unified vulnerability management vendor Balbix. The acquisition helps SAFE grow its proactive security platform. Proactive security platforms support all three principles of proactive security: visibility, prioritization, and remediation. Balbix ingests data from other vulnerability sources for visibility, prioritizes high-risk vulnerability and misconfigurations, and helps orchestrate […]
Blog
Anthropic Catches Attackers Using Agents In The Act
On November 13, AI vendor Anthropic published details about the disruption of what it characterized as an AI-led cyber espionage operation. Learn what is in Anthropic's report and get tips on how to protect against future AI-enabled attacks.
Blog
Proactive Security Platforms Will Cumulate Visibility, Prioritization, And Remediation
Last year, we released our inaugural Forrester Wave™ on attack surface management (ASM) solutions. The ASM Wave primarily focused on visibility — the first of the three principles of proactive security. ASM’s visibility is achieved through external asset discovery and ingestion of third-party information regarding asset attributes, and both features are becoming increasingly commoditized. Yet the ubiquity of […]
Blog
Remove Ambiguity: Measure Human Risk Management Metrics That Matter
Our latest research — Five Steps To Better Human Risk Management Metrics and The Essential List Of Human Risk Management Metrics — provides security leaders the clarity they need to measure what truly matters. I see this not as just another comprehensive metrics framework (though it is that!) — I also see it as a foundation for turning human risk management from a conversation into a movement.
Blog
Developer-Led Growth Meets Enterprise-Grade Security And Distributed Infrastructure At Cloudflare Connect 2025
Cloudflare Connect 2025 had a distinctly optimistic vibe as the vendor positions itself as the connective tissue for modern digital operations in the enterprise and showcases its AI security abilities. Learn more in this event review.
Blog
UK Government Plans To Mandate Digital eID For All Legal UK Residents
The UK government plans to mandate an electronic digital identity scheme and credential to all legal residents and employees of the UK to prove immigration and employment eligibility status. Read our assessment of the benefits, challenges, and concerns.
Blog
Technology & Innovation Summit EMEA Review: Cyber Resilience In The Age Of Mayhem
In a time defined by AI-led disruption and economic volatility, innovation can feel as exhilarating as it is exhausting. Learn how to navigate the path to cyber resilience in an age of mayhem in this review of Forrester’s recent Technology & Innovation Summit EMEA.
2026 Tech & Security Predictions You Can’t Afford To Miss
AI cleanup, budget shifts, neocloud, and quantum threats — what’s ahead could reshape your strategy. Get Forrester’s guide with five bold predictions to stay ahead and lead with trust and value.
Blog
You Know Who’s In The Building — But Who’s In Your Network?
Strong physical security is standard in critical infrastructure — but OT networks often remain wide open. This blog explores how applying Zero Trust principles can help you control digital access with the same rigor you apply to physical visitors.
Blog
CISOs: Change The Way You Develop Cybersecurity Talent — Now
What began as a collection of free or low-cost courses and labs for individual job seekers has transformed into a cornerstone of the cybersecurity training and experience ecosystem. CS&T platforms now play a critical role in continuous learning, professional development, and operational readiness — and they deserve a place in your budget and program.
Blog
CrowdStrike Fal.Con 2025: Flexing Into The Agentic AI Age
CrowdStrike held its Fal.Con 2025 conference recently and not surprisingly for a cybersecurity vendor event in 2025, AI dominated. Get our highlights and key takeaways here.
More posts