CISO Trends
The chief information security officer (CISO) role is growing in importance and remit. Discover the latest trends and analysis for CISOs and information security leaders.
Insights
Blog
Geopolitical Volatility Has Become A Technology Leadership Test
Geopolitical volatility is testing and redefining technology leadership, demanding sharper trade-offs, stronger resilience, and faster decisions from CIOs and CISOs. Read guidance from our new research to help navigate these challenges.
Blog
From Sedimentary To Strategic: Rethinking Security Organizational Design
Security organizational design sits at the intersection of strategy and circumstance. External pressures force change, while internal constraints limit redesign. Over time, many security leaders stop updating their security organization structures with intent and instead end up with a structure that accumulates the imprint of past breaches, regulatory responses, and technology shifts. Structure begins to […]
Blog
The Security Priorities APAC And EMEA Leaders Doubled Down On — And Deprioritized — In H2 2025
In the second half of 2025, security and risk (S&R) leaders in APAC and EMEA continued to grapple with familiar pressures, but they reprioritized how they address them. While AI; governance, risk, and compliance (GRC); and third-party risk management (TPRM) stayed stubbornly on top of the charts, application security and security organization structure resurfaced with […]
Blog
Prevent MDR-To-IR Handoff Chaos Before A Breach
Security leaders often assume that once they’ve invested in managed detection and response (MDR) services, the hardest parts of breach detection and response are behind them. Alerts are monitored. Playbooks exist. Someone is watching the environment 24/7. Then, they have a security incident. It escalates quickly. And the response feels less coordinated than expected. We […]
Blog
The Stryker Attack: Enterprise Resiliency Plans Can’t Ignore UEM
The alleged Stryker cyberattack underscores a critical blind spot in enterprise resilience strategies: the outsized risk and impact of compromised device and endpoint management platforms.
Blog
Announcing The Forrester Wave™: Cybersecurity Skills And Training Platforms, Q1 2026
The Forrester Wave™: Cybersecurity Skills And Training Platforms, Q1 2026 is now live, and it lands at a moment when security leaders are under real pressure to prove readiness and resilience. Automation and AI have compressed attacker timelines, blurred role boundaries across security teams, and exposed the limits of certification-first training models. What matters now […]
Blog
2026 Really Is This Risky: Our Top Recommendations For CISOs
Security leaders entered 2026 with little expectation that uncertainty will ease … ever. Economic pressure, geopolitical instability, accelerating artificial intelligence adoption, and renewed technology consolidation have turned volatility into a structural condition rather than a temporary disruption. This is life now, and CISOs are being asked to move faster, support aggressive AI initiatives, and protect […]
Now On Demand: 2026 Tech And Security Predictions
Missed it live? Watch our on-demand webinar to explore our 2026 predictions. Learn what tech and security leaders must do to lead with trust and value.
Blog
What We’re Looking Forward To At The RSAC 2026 Conference
The annual RSAC Conference in San Francisco is the cybersecurity industry’s biggest event of the year. For the analysts attending, RSAC Conference week provides an opportunity to learn about cybersecurity trends and topics, meet with vendors and clients, and share our insights and observations. It’s also an excellent opportunity to meet our daily step goals […]
Blog
Claude Code Security Causes A SaaS-pocalypse In Cybersecurity
We have seen this pattern before, even if the specifics look different. Think back to the day AWS introduced GuardDuty, when Microsoft folded Defender for Endpoint into its enterprise licensing commitments and launched Microsoft Sentinel, or when Google acquired Mandiant and eventually Wiz. Sure, the launch of fully autonomous AI agents that can ingest entire […]
Blog
When A Hosting Provider Becomes A Hostile Provider: The Notepad++ Compromise
The detailed writeup from cybersecurity vendor Rapid7 about the Notepad++ compromise gives CISOs a clear demonstration of how a single failure in the distribution process for a widely used utility can become an enterprise-scale software supply chain event. Developers, analysts, automation engineers, researchers, IT operators, and security teams use this editor as part of their […]
Blog
Endpoint Security Is Dead. Long Live Endpoint Security.
Endpoint security is undergoing a seismic shift — and Forrester is officially closing the chapter on a decade of standalone evaluations. Discover why the traditional model has run its course, how prevention and detection have become inseparable, and what this transformation means for the future of protecting enterprise workloads.
Blog
Think Hardware Security Modules Aren’t Exciting? Think Post-Quantum Migration!
Hardware security modules (HSMs) are a key foundational security component of public key infrastructure. HSMs hold the crown-jewel keys for encryption and digital signatures and perform encryption and decryption operations on protected data and payment information. While HSMs have been in use for decades, they now play an oversized role in migrating to post-quantum security […]
Blog
Weaponized Insiders Can Result In Big Consequences
The US Department of the Treasury recently announced that it is canceling all of its contracts, reportedly valued at $21 million, with technology provider Booz Allen Hamilton (BAH) due to an insider incident that occurred between 2018 and 2020. The incident resulted in the theft of tax return data for more than 400,000 US taxpayers and the release of tax information about high-net-worth […]
Blog
Ready For OpenClaw To Pry Into Your Environment And Grip Your Data
A formidable challenge awaits security leaders as personal tools like Moltbot spread. AI butlers are the next shadow super-user.
Blog
Mastering An Effective Executive Tabletop Exercise: Deriving Maximum Value And Impact
So you’ve decided to run an executive tabletop exercise (TTX) and pulled off the Herculean feat of getting it scheduled. Will this be a career-limiting move or career highlight? Let’s go for the latter. Done right, a good TTX will drive tremendous value for the company and garner you accolades. I have yet to do […]
Blog
The Success Of Your Proactive Security Strategy Depends On Your Answer To Six Questions
Proactive security has always been based on three principles: visibility, prioritization, and remediation. But in the age of AI, each principle will continue to experience challenges. In our latest research, The Future Of Proactive Security, we found that the future of proactive security hinges on how well teams answer six foundational questions across each principle: what, when, where, why, how, and who. Since AI accelerates […]
Blog
One Way To Close Your Security Gap: Stop Running As Admin On Windows Daily
While enterprise security has advanced, many organizations still leave a major vulnerability in place by letting employees run with local admin rights on Windows devices. This blog goes over ways to close that vulnerability gap.
Blog
ServiceNow Buys Armis To Improve Its Proactive Security Platform
ServiceNow has announced its intent to acquire proactive security platform vendor Armis in a cash deal valued at $7.75 billion.
Podcast
Women In Security, Holiday Shopping Trends, AI Agents In Content
Happy New Year! We kick off 2026 by unpacking lessons from 2025 and what they signal for the year ahead. This episode brings together security, marketing, and content leaders’ perspectives so you can act with confidence.
Blog
Announcing The Static Application Security Testing Solutions Forrester Wave™ And Buyer’s Guide — AI Brings Opportunity To SAST Solutions
The new Forrester Wave™ and Buyer's Guide details how AI is changing the way static application security testing (SAST) solutions are used. Learn more in this preview of the report.
More posts