CISO Trends

The chief information security officer (CISO) role is growing in importance and remit. Discover the latest trends and analysis for CISOs and information security leaders.

Insights

Blog

Announcing The Forrester Wave™: IoT Security Solutions, Q3 2025

Paddy Harrington 4 days ago
IoT devices are a normal part of business and personal life. In enterprises, it is estimated that there are between six and 10 IoT devices for each employee, ranging from long-standing devices, such as printers and cameras, and industry-specific devices like warehouse scanners and medical infusion pumps to modern air quality monitors and soil moisture […]
Read More
Blog

Vibe Hacking And No-Code Ransomware: AI’s Dark Side Is Here

Jeff Pollard August 28, 2025
CISOs must recognize that AI is enabling attackers to scale operations quickly with minimal technical skill. Learn how this is happening and get four key takeaways to better defend your organization in this new era.
Read More

Master Risk And Lead Through Uncertainty

Attend our Security & Risk Summit to get insider access to frameworks and tools that help security professionals navigate AI attacks, understand quantum risks, and redefine resilience.

Learn More & Register
Blog

Lessons From Technology & Innovation Summit APAC’s Forrester Women’s Leadership Program: Choose Your Advisors, And Nuggets Of Advice, Wisely

Jinan Budge August 27, 2025
A room full of people gathered as part of our Forrester Women’s Leadership Program to celebrate successes and posit solutions for the many challenges that women face in this field. The theme? “Choose your advisors — and nuggets of advice — wisely.”
Read More
Blog

Ongoing Government Uncertainty Around Cybersecurity Initiatives Is Putting Your Business At Risk

Paddy Harrington August 20, 2025
Government instability is undermining key cybersecurity programs like CyberSentry and MITRE’s CVE cataloging, putting critical infrastructure and business operations at risk. This post explores how funding cuts and conflicting AI directives are creating dangerous gaps in threat detection and response.
Read More
Blog

Black Hat 2025: Troop Forrester Goes To Hacker Summer Camp

James Plouffe August 13, 2025
2025 marks the 28th year of Black Hat, and although it remains on the edgier side of corporate-focused cybersecurity conferences, it sometimes feels like the event is considering completely ditching its hoodie in favor of a collared shirt.
Read More
Blog

Black Or Blue, Microsoft’s Quick Machine Recovery Might Be Able To Soften That Bruise

Paddy Harrington August 11, 2025
Windows 11’s new Quick Machine Recovery and kernel-space security changes mark a turning point in enterprise resilience. As Windows 10 nears retirement, these features offer IT leaders compelling reasons to upgrade beyond just compliance.
Read More
Blog

Announcing The Forrester Wave™: Privileged Identity Management Solutions, Q3 2025

Geoff Cairns August 7, 2025
Learn three important factors to consider when planning a privileged identity management (PIM) deployment or enhancement in this preview of our new report on the PIM solution market.
Read More
Blog

Introducing AEGIS — The Guardrails That CISOs Need For The Agentic Enterprise

Jeff Pollard August 4, 2025
AI agents aren’t coming — they’re already here. And they’re not waiting for your security architecture to catch up. Learn how Forrester's new AEGIS framework can help CISOs secure, govern, and manage AI agents and agentic infrastructure.
Read More
Blog

Palo Alto Networks Enters The Identity Security Market With $25B Purchase Of CyberArk

Allie Mellen July 31, 2025
The third-largest cybersecurity M&A deal in history makes sense in some respects, but the track record on mega security and identity tie-ups is incomplete and unproven.
Read More
Blog

Microsoft Retires Password Management In Authenticator

Andras Cser July 30, 2025
Microsoft’s move to gradually retire password management capabilities in its Authenticator application will have three immediate effects.
Read More
Blog

Announcing The Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025

Erik Nost July 29, 2025
Vulnerability management is undergoing a seismic shift. The risk-based prioritization from vulnerability risk management (VRM) has combined with attack surface management (ASM) to form exposure management and continuous security testing — two emerging practices that prioritize visibility and prioritization over remediation and response.
Read More
Podcast

Fear In B2B Buying, Future Of Experiences, Cisco Live Recap

What It Means July 10, 2025
In this episode of What It Means, we dig into fear as a motivator in the B2B buying process, the human-centric future of digital experiences, and what CISOs need to know coming out of Cisco Live.
Listen Now

New For 2026! Security Budget Planning Guide + Workbook

Prepare your 2026 security budget for critical risks. Get our budget planning guide and workbook to assess, prioritize, and implement investments for fortified security in uncertain times.

Download Now
Blog

Pause Innovation Now And Pay The Price Later: Why AI Readiness Can’t Wait

Stephanie Balaouras June 26, 2025
Even as volatility abounds, business and technology leaders must stay laser-focused on building a strong AI foundation. The first blog in our new quarterly Bold Stances series offers some guidance.
Read More
Blog

Key Takeaways From Cisco Live 2025: Cisco’s Big Bets For Unified Security And AI

Jitin Shabadu June 18, 2025
Cisco Live 2025 Focused On Three Main Themes: AI, Simplification, And Security At its annual Cisco Live event, the company delivered a clear message: It’s operationalizing AI across the core pillars of networking, security, and observability. Building on last year’s momentum with innovations like Hypershield and Splunk integration, the company has framed its vision around […]
Read More
Blog

You Don’t Need To Be Ethan Hunt To Break Into A Building

Paddy Harrington June 17, 2025
In today’s hyper-connected buildings, cybercriminals don’t need grappling hooks or disguises — just a vulnerable thermostat or door lock to breach your defenses and disrupt your operations.
Read More
Blog

When You Can’t Change The Technology, Change Your Security Policies

Paddy Harrington June 11, 2025
When you can’t change the security of external technologies such as IoT, OT, or power infrastructure, you must adapt your internal cybersecurity policies and controls to mitigate the risks that they introduce.
Read More
Blog

Decoding The Naming Game: Why Standardizing Threat Actor Names Alone Won’t Enhance Your Security Posture Or Response

Jitin Shabadu June 6, 2025
Microsoft, CrowdStrike, Palo Alto Networks, and Mandiant recently announced a new initiative to create an aggregate and standardized glossary of threat actors. Learn the benefits and limitations of standardizing threat actor names.
Read More

Master Your 2026 Budget With Our Ultimate Guides And Tools

Plan smarter to thrive in 2026! Access planning guides, workbooks, webinars, and resources to invest wisely, cut costs, and maximize your budget impact — even in uncertain times.

Get Started Today
Blog

Announcing The Forrester Wave™: Email, Messaging, And Collaboration Security Solutions, Q2 2025

Jess Burn June 3, 2025
The Forrester Wave™: Email, Messaging, And Collaboration Security Solutions, Q2 2025, is live — and it looks a bit different from its predecessor in 2023.
Read More
Blog

Sudo Coming To Windows? Pretty Much, Yeah

Paddy Harrington May 29, 2025
Windows 11 introduces a new security feature that separates admin and user roles, bringing a sudolike experience to the desktop.
Read More
Podcast

New AI Lessons In Coding, Marketing, And Product Design

What It Means May 29, 2025
In this episode, we look at how to avoid the risks of AI-enabled tools in three common business use cases: coding, marketing, and product design. The key takeaway from all three areas: There’s still a strong need to have a human in the loop to review your AI outputs.
Listen Now
More posts