Cybersecurity Trends

Stay up-to-date on the cutting edge of cybersecurity with insights on Zero Trust, vendors, regulations, and other privacy & security topics.

Insights

Blog

Regulators Are Moving On SBOMs — But Is Your Compliance Program Keeping Pace?

Janet Worthington 1 day ago
Software bill of materials (SBOM) requirements are advancing rapidly, and the time for “wait and see” is quickly running out. The global regulatory landscape for software supply chain security is shifting from recommendations to mandates, yet many organizations remain unprepared. What you do now will determine whether your company is ready or left behind as […]
Read More
Blog

2026 Really Is This Risky: Our Top Recommendations For CISOs

Jess Burn 2 days ago
Security leaders entered 2026 with little expectation that uncertainty will ease … ever. Economic pressure, geopolitical instability, accelerating artificial intelligence adoption, and renewed technology consolidation have turned volatility into a structural condition rather than a temporary disruption. This is life now, and CISOs are being asked to move faster, support aggressive AI initiatives, and protect […]
Read More

AI Isn’t A Hardware Contest — It’s A Human Test

Most orgs get less than 50% ROI on AI. See how people, skills, operating models, and culture — not more tech — unlock the value your AI investments are missing.

Get The Human + AI Guide
Blog

When Fixing Security Vulnerabilities Breaks Your Customer Email Program

Shar VanBoskirk 4 days ago
In January 2026, Salesforce changed how its Marketing Cloud Engagement platform encrypts tracked email links. The fix addressed a vulnerability that could have exposed CloudPages content, such as landing pages, microsites, forms, subscriber data from preference and unsubscribe centers, and email content via web view links. But the fix created a new problem: All tracked […]
Read More
Blog

What We’re Looking Forward To At The RSAC 2026 Conference

Joseph Blankenship February 25, 2026
The annual RSAC Conference in San Francisco is the cybersecurity industry’s biggest event of the year. For the analysts attending, RSAC Conference week provides an opportunity to learn about cybersecurity trends and topics, meet with vendors and clients, and share our insights and observations. It’s also an excellent opportunity to meet our daily step goals […]
Read More
Blog

Claude Code Security Causes A SaaS-pocalypse In Cybersecurity

Jeff Pollard February 23, 2026
We have seen this pattern before, even if the specifics look different. Think back to the day AWS introduced GuardDuty, when Microsoft folded Defender for Endpoint into its enterprise licensing commitments and launched Microsoft Sentinel, or when Google acquired Mandiant and eventually Wiz. Sure, the launch of fully autonomous AI agents that can ingest entire […]
Read More
Blog

Create A Cross-Functional Q-Day Team Or Suffer A Hard Day’s Night

Sandy Carielli February 4, 2026
Quantum security requirements will hit parts of the organization that you both did and did not expect, from the security team looking to upgrade its public key infrastructure (PKI) to the development team making sure that upcoming releases are quantum-safe to the infrastructure team looking at hardware refreshes and legacy internet-of-things (IoT) devices. To build out a […]
Read More
Blog

When A Hosting Provider Becomes A Hostile Provider: The Notepad++ Compromise

Jeff Pollard February 2, 2026
The detailed writeup from cybersecurity vendor Rapid7 about the Notepad++ compromise gives CISOs a clear demonstration of how a single failure in the distribution process for a widely used utility can become an enterprise-scale software supply chain event. Developers, analysts, automation engineers, researchers, IT operators, and security teams use this editor as part of their […]
Read More

Predictions 2026: Your Planning Starts Here

2026 will demand proof, not promises. Explore Forrester’s Predictions resources — guides, webinars, and blogs — to plan smarter, lead with trust, and stay ahead of disruption.

Explore Our 2026 Predictions Resources
Blog

Think Hardware Security Modules Aren’t Exciting? Think Post-Quantum Migration!

Andras Cser January 30, 2026
Hardware security modules (HSMs) are a key foundational security component of public key infrastructure. HSMs hold the crown-jewel keys for encryption and digital signatures and perform encryption and decryption operations on protected data and payment information. While HSMs have been in use for decades, they now play an oversized role in migrating to post-quantum security […]
Read More
Blog

Weaponized Insiders Can Result In Big Consequences

Joseph Blankenship January 27, 2026
The US Department of the Treasury recently announced that it is canceling all of its contracts, reportedly valued at $21 million, with technology provider Booz Allen Hamilton (BAH) due to an insider incident that occurred between 2018 and 2020. The incident resulted in the theft of tax return data for more than 400,000 US taxpayers and the release of tax information about high-net-worth […]
Read More
Blog

Ready For OpenClaw To Pry Into Your Environment And Grip Your Data

Jeff Pollard January 26, 2026
A formidable challenge awaits security leaders as personal tools like Moltbot spread. AI butlers are the next shadow super-user.
Read More
Blog

Mastering An Effective Executive Tabletop Exercise: Deriving Maximum Value And Impact

David Levine January 22, 2026
So you’ve decided to run an executive tabletop exercise (TTX) and pulled off the Herculean feat of getting it scheduled. Will this be a career-limiting move or career highlight? Let’s go for the latter. Done right, a good TTX will drive tremendous value for the company and garner you accolades. I have yet to do […]
Read More
Blog

CrowdStrike’s Planned Acquisition Of Seraphic Highlights The Need To Address Endpoint Risks

Paddy Harrington January 16, 2026
CrowdStrike’s move to acquire Seraphic spotlights a growing blind spot in cybersecurity: The browser has quietly become one of the riskiest — and least protected — endpoints in the enterprise. This blog reveals why legacy EDR, XDR, and network tools can’t see what’s really happening inside the browser and how Seraphic’s unique JSE‑based approach could change the game for data protection and threat detection.
Read More

2026 APAC Predictions: The Blind Spots You Can’t Afford to Miss

Missed the live reveal? The blind spots haven’t gone anywhere. Watch the webinar replay to uncover what APAC tech and security leaders didn’t see coming — and why your 2026 roadmap may need a reset.

Watch Now
Blog

My Tips For Crushing Your Analyst Briefings And Wowing The Analyst

Joseph Blankenship January 13, 2026
Former Forrester analyst Josh Zelonis blogged about how to deliver successful vendor briefings years ago. I’m updating his blog with my own thoughts as a “recovering marketer,” Forrester analyst, and research director. This blog is a collection of my top tips for briefing analysts, with contributions from other security and risk analysts.
Read More
Podcast

SolarWinds’ Lessons For CISOs, AI In B2B Sales, Shopping In Answer Engines

What It Means December 11, 2025
The holiday season is in full swing, and as retailers vie for consumer dollars, some of the biggest ones are branching out to answer engines like ChatGPT and Perplexity. In this episode, we describe what that experience looks like now and what brands should do in response. We also look at the lasting implications of a high-profile legal case for CISOs and the state of AI in B2B sales.
Listen Now
Blog

MITRE ATT&CK Evaluations Return: More Coverage, More Nuance

Allie Mellen December 10, 2025
There were many big changes in this latest round. Read our breakdown and what we learned.
Read More
Blog

Tidings Of Comfort And Trust: Holiday-Season Security That Bolsters Your Brand

Jess Burn December 2, 2025
Make safe, reliable digital experiences as part of the value you deliver — and help keep customers coming back yearround.
Read More
Blog

Updating Our Security Champions Research To Expand And Strengthen Security

Jinan Budge November 30, 2025
A strong security culture is the foundation of an effective security program. That’s why we’re revisiting essential research that explores how to build a security champions network, examining how security champion networks can help scale influence, embed security into everyday decisions, and foster trust across the business.
Read More
Blog

Insider Incidents Can Happen To Anyone

Joseph Blankenship November 25, 2025
Managing insider risk requires steadfast focus, documenting policies, and following defined processes. Follow these four steps laid out in Forrester’s “Best Practices: Insider Risk Management” report to reduce insider risk.
Read More
Blog

AI Vendor Threat Research And Cybersecurity’s Cynicism Problem

Jeff Pollard November 24, 2025
For years, the security community decried the lack of transparency in public breach disclosure and communication. But when AI vendors break with old norms and publish how attackers exploit their platforms, that same community’s reaction is split. Some are treating this intelligence as a learning opportunity. Others are dismissing it as marketing noise. Unfortunately, some […]
Read More
Blog

SAFE Acquires Balbix

Erik Nost November 20, 2025
Cyber risk quantification (CRQ) vendor SAFE announced that it acquired unified vulnerability management vendor Balbix. The acquisition helps SAFE grow its proactive security platform. Proactive security platforms support all three principles of proactive security: visibility, prioritization, and remediation. Balbix ingests data from other vulnerability sources for visibility, prioritizes high-risk vulnerability and misconfigurations, and helps orchestrate […]
Read More
More posts