GRC – Governance, Risk, And Compliance

Governance, risk, and compliance (GRC) trends are always evolving. Follow Forrester’s latest research and insights on GRC trends.

Discover how Forrester supports IT leaders.

Insights

Blog

A New Era Of Privacy Dawns With The Latest Google Fine

Enza Iannopollo November 16, 2022
In the wake of a lawsuit settlement over deceptive location-history user settings, companies need to look closely at their data privacy practices.
Blog

Misguided Fear Of AI And Automation: A Classic Horror Story

Carlos Casanova October 25, 2022
Classic horror movie quirks closely resemble what we’re seeing in firms looking to innovate and differentiate yet are running from rather than toward AI and advanced automation.

Prepare Your Infrastructure For 2023 Change

Get our Predictions 2023 guide to explore the infrastructure shifts driving transformation and resiliency.

Blog

Apply Critical Thinking And Culture To Reduce Insider Risk

Joseph Blankenship September 27, 2022
Learn how to reduce the three most common types of insider threats in this Security & Risk event preview.
Blog

CCPA Penalties Are Here: Sephora Hit With $1.2 Million Fine

Stephanie Liu September 9, 2022
French retailer Sephora became the first company to be penalized under the California Consumer Privacy Act (CCPA) for not disclosing to consumers that it sells their personal information, failing to respect users’ Global Privacy Control as an opt-out, and neglecting to correct these infractions by the deadline. The $1.2 million penalty is part of a […]
Blog

The US Pipeline Industry Catches A Break, But Now Is Not The Time To Be Complacent

Brian Wrozek August 11, 2022
The Transportation Security Administration's relaxing of rules based on industry feedback is welcome. Yet the days of nonexistent or voluntary cybersecurity regulations for critical infrastructure are ending.
Blog

Generally Accepted AI Principles — “GAAIP” — Can Bridge The Trust Gap

Achim Granzen May 19, 2022
Organizations looking to scale their use of AI-enhanced decision-making are facing a dilemma. There is still a large gap between voluntary frameworks for responsible AI and actionable law and enforceable regulations. I wrote about Singapore’s Model AI Governance Framework in an earlier blog post. My colleague Guannan Lu has recently taken a look at China’s […]
Podcast

Will Web3 Live Up To Its Promise?

What It Means May 19, 2022
Web3 proponents have a grand vision of a fairer internet. But will it ever become reality? VP, Principal Analyst Martha Bennett examines both sides of this complex question.

Shape Your 2023 Cybersecurity Priorities For Uncertain Times

Join us for a planning webinar to learn how you can budget and align your 2023 cybersecurity plans for what’s ahead.

Blog

The Top Systemic Risks Changed In 2022, And Climate Change Was Left Out In The Cold

Renee Murphy April 20, 2022
It’s time for the latest “Top Systemic Risks” report. One of the biggest movers this year was climate change. Last year, as the pandemic dragged on, climate change ranked number five. This year, it ranked number eight. In the age of declaring climate goals and new markets requiring carbon reporting, corporations pushed climate change risk […]
Blog

Build Better Bridges: Introducing Forrester’s BISO Role Profile

Jess Burn April 19, 2022
BISOs operate on behalf of the CISO, serving as an advisor to the business unit’s functional leaders. They also engage as a member of the business unit’s senior leadership team to understand, discuss, and advise on the intersection of strategic priorities and key IT and security risks.
Blog

If Your Board Is Bored, Then You’re Boring

Sara M. Watson March 11, 2022
CIOs and CTOs have a complicated relationship with their boards. Now is a ripe opportunity for tech execs to become the digital expert your board needs.
Blog

Navigate China’s New Data And AI Regulations

Guannan Lu March 3, 2022
Firms often struggle to identify the appropriate security controls and practices to comply with fast-changing data regulations. Here are three practices firms should adapt to keep pace.
Blog

Setting The Record Straight On The Third-Party Risk Management Market

Alla Valente February 7, 2022
Third-party risk management (TPRM) is high on the list of business priorities and risk management priorities, and that’s a good thing. Despite predictions in the early days of the pandemic that firms would rein in outsourcing strategies, the third-party ecosystem continues to grow, smaller vendors and suppliers remain cybersecurity targets, the global regulatory machine continues […]
Blog

Enterprise Risk Pros Pivot From Compliance To Driving Faster, Better Decisions

Alla Valente February 3, 2022
The average firm’s list of business and risk management priorities looks very different today than it did two years ago. What’s changed? For starters, according to Forrester data, 43% of enterprise risk management (ERM) decision-makers report having experienced three or more discrete critical risk events over the past 12 months. The same group reveals that […]
Blog

The Emerging Cyber Risk Quantification Market: When CISOs Need Decisions, Not More Dashboards

Paul McKay January 31, 2022
Ask any CISO to articulate the ROI of their firm’s cybersecurity investment — or, worse yet — to defend an increase to the security budget, and you’re likely to get anything from a threat heat map to a 5×5 grid to a list of the latest threats with a flowchart of how the firm is […]
Blog

The Days When SA&T Operated Solely To Train People About Security Are Vanishing

Jinan Budge November 1, 2021
I’ve been living and breathing the security awareness and training (SA&T) market since joining Forrester 3.5 years ago, working closely with most vendors in this market, as well as our clients. I have seen a significant elevation in the conversation and client expectations, with vendors rushing to innovate and disrupt to meet these new expectations. […]
Blog

Employee Vaccination Mandates: Indecision Is The Riskiest Decision Of All

Alla Valente October 14, 2021
It can be the carrot or the stick, but the key to a successful vaccination incentive is to make a definitive decision.
Blog

GRC Platforms Morph From Maslow’s Hammer To The Swiss Army Knife

Alla Valente September 22, 2021
Winston Churchill said it best — “Never let a good crisis go to waste” — and governance, risk, and compliance (GRC) vendors have heeded the advice not once but twice. In 2002, after the Sarbanes-Oxley Act intended to protect investors from fraudulent accounting activities by corporations, vendors turned GRC technologies into a Maslow’s hammer of […]
Blog

Stormy Times For Cloud Compliance?

Lee Sustar September 20, 2021
Find out why enterprise risk management (ERM) professionals are taking a hard look at compliance in the cloud.
Blog

What’s In A Name? “Product” Versus “Service”

Charles Betz September 20, 2021
“What’s in a name? That which we call a rose By any other name would smell as sweet.” — William Shakespeare, Romeo and Juliet, Act 2, Scene 2 One conversation I’ve found myself in over the past 20 years is the debate over IT portfolio terminology: Application Service Product Platform Why is this important? Because organizations use […]
Video

The Trust Imperative

Stephanie Balaouras May 12, 2021

More posts