GRC – Governance, Risk, And Compliance

Governance, risk, and compliance (GRC) trends are always evolving. Follow Forrester’s latest research and insights on GRC trends.

Discover how Forrester supports IT leaders.

Insights

Blog

Microsoft Races To Reassure Anxious Tech Execs In Europe

Dario Maisto May 12, 2025
Increasing geopolitical volatility has characterized the last three years in Europe and is reaching new heights. Learn what Microsoft has committed to do and what tech executives should watch out for.
Read More
Blog

RSAC Conference 2025: Welcome To The Petting Zoo

Sandy Carielli May 6, 2025
From live goats and puppies to robot dogs and animal costumes, the RSAC Conference 2025 delivered some unexpected surprises. But it also delivered the usual insight into various trends in the security market today. Find out more in this RSAC review.
Read More

Calm The Impact Of Volatility — And Thrive

Stay ahead of market volatility — be prepared, not reactive. Learn how to optimize costs, lead change, and mitigate risks with Forrester's report on navigating uncertainty and driving success in challenging times.

Get The Report
Blog

Overregulation Forges A CISO Coalition With The G7 Letter

Madelein van der Hout April 24, 2025
A coalition of over 40 chief information security officers (CISOs) from leading companies, including Salesforce, Microsoft, AWS, Mastercard, and Siemens, sent a letter to the G7 and OECD, urging them to take action on aligning international cybersecurity regulations.
Read More
Blog

Government Leaders: Prioritize Cyber Efficiency Amid Federal Volatility

Cody Scott April 17, 2025
Government agencies at the federal, state, and local levels must prepare for a future where they experience uncertainty, headcount reductions, contract cancellations, and budget cuts. This is gut-wrenchingly difficult to process, yet remaining leaders must figure out how to move forward to serve the mission. For public sector cybersecurity leaders, this is even more paramount. […]
Read More
Blog

Forrester’s Top Threats For 2025

Allie Mellen April 16, 2025
2025 started with a bang! Technology and geopolitics are changing so fast that many can’t keep track of the latest trends, with an announcement of new, benchmark-shattering genAI-related tech seemingly every week.
Read More
Blog

The Tech Exec’s Guide To Decoding Cybersecurity Vendor Performance

Madelein van der Hout April 15, 2025
Forrester analyzed the earnings calls of the 10 largest cybersecurity vendors by market cap and identified key trends for technology executives.
Read More
Blog

Banks Need Modern Identity Verification Solutions To Stay Competitive And Resilient In The AI Era

Meng Liu April 11, 2025
There is a growing need for more secure identity verification in the financial services industry due to the rise of sophisticated fraud tactics and increasingly complex regulatory requirements. Learn the four key challenges that financial services firms face in this preview of a new report.
Read More
Blog

RSAC 2025 Early Stage Expo Preview: AppSec, IAM, GenAI, SecOps, And More

Heidi Shey April 8, 2025
As we put together our game plan for what to see at RSA Conference 2025, we wanted to scope out innovation, identify which vendor booths will be a must-see, and (at least for one of us) minimize the number of steps to take around the Moscone Center.
Read More
Blog

New Year, New Us: Introducing Forrester’s International Security & Risk Team Research

Jinan Budge April 7, 2025
Dive into our backgrounds, existing research, and capabilities. As a team, we cover a multitude of security and risk priorities. We are also geographically distributed; no one else is as uniquely positioned to add this level of global perspective to our research and our clients.
Read More
Blog

VMware/Siemens: A Cautionary Tale About The Risks Of Software And Services Licensing

Brent Ellis April 1, 2025
Litigation has become the default method for companies to resolve disagreements, force accountability, and establish recourse for everything from breach-related failures to contractual disagreements. A recent lawsuit filed by VMware (now owned by Broadcom) against its customer, Siemens’ US operations, for alleged use of unlicensed software is not unique and should serve as a stark […]
Read More
Blog

Breaches And Lawsuits And Fines, Oh My! What We Learned, The Hard Way, From 2024

Janet Worthington March 25, 2025
With the average cost of a data breach at $2.7 million and 33% of enterprises reporting being breached three or more times over the past 12 months, understanding and learning from past incidents is not just beneficial — it’s essential.
Read More
Podcast

Finally, An Alternative To 3LOD: Meet Continuous Risk Management

What It Means March 13, 2025
For more than a decade, risk managers have been trying to use the three lines of defense (3LOD) framework for enterprise risk management. But it was never meant for that. In this episode, Senior Analysts Alla Valente and Cody Scott walk through the new Forrester Continuous Risk Management Model, a more holistic and business-centric risk management approach.
Listen Now
Blog

Top Recommendations For CISOs In 2025: Deal With Uncertainty … Again

Jeff Pollard March 12, 2025
The security landscape continues to evolve, as does global uncertainty, leaving CISOs preparing for turbulence ahead.
Read More
Blog

Contract Lifecycle Management Is The Bridge Between Strategy And Reality — Choose Wisely To Thrive In Uncertainty

Alla Valente February 20, 2025
In under two months of 2025, organizations face a battery of changing regulations, new tariffs, and economic uncertainty … all while trying to stay competitive, remain resilient, and execute on their AI strategy. Here’s the good news: How well your organization deals with risk, crisis, and operations opportunity will largely depend on … you guessed […]
Read More
Blog

Data Privacy Day: Lessons From Texas

Stephanie Liu January 28, 2025
B2C marketers are monitoring a series of state privacy laws going into effect this year, including the recently enacted Texas Data Privacy and Security Act. Get three key next steps in this post.
Read More
Blog

Technological And Environmental Risks Take The Top Two Spots In 2025 WEF Risk Report

Paul McKay January 24, 2025
Get the highlights from the World Economic Forum’s 2025 Global Risks Report and find out what it means for global risk leaders.
Read More
Blog

Back In The Analyst Chair: What I’ll Be Focusing On In 2024–2025

Paul McKay November 15, 2024
Many of you will have noticed that I have moved back into an analyst role over the last few weeks. I had an immensely rewarding time working in the European research management team with a talented group of analysts on our European tech research coverage, whom I’m incredibly thankful to for their hard work and […]
Read More
Blog

Stop Defending The Three Lines Of Defense

Cody Scott November 14, 2024
Learn how the Forrester Continuous Risk Management Model can replace outdated risk management methods in this preview of a session at the upcoming Security & Risk Summit.
Read More
Blog

A 2025 Global Privacy Prospectus

Stephanie Liu November 13, 2024
The seasons are changing, Christmas catalogs are arriving, the clocks have shifted back an hour (in some countries) … yes, the new year is coming. While we don’t advocate for closing the books on 2024 yet (it’s only November, after all!), now is a great opportunity to consider what’s in store for next year. On […]
Read More
Blog

AI Governance Software Spend Will See 30% CAGR From 2024 To 2030

Michele Goetz November 13, 2024
The global commercial AI software governance market is poised for exceptional growth. Forrester forecasts that by 2030, spending on off-the-shelf AI governance software will more than quadruple, reaching $15.8 billion and capturing 7% of overall AI software spending.
Read More
More posts