risk management

“No risk, no reward,” may be true, but unnecessary risk is . . . well, unnecessary. Read our insights on risk management and mitigation.

Discover how Forrester supports IT leaders.

Insights

Blog

Don’t Be A Passive Bystander — Take An Active Approach To Insider Risk

Joseph Blankenship September 13, 2023
One of Forrester’s best practices for managing insider risk is to turn your employees into advocates for the program. Get five tips for how to do that in this preview of our upcoming Security & Risk event in November.
Blog

Make Cyber Insurance Work For You

Heidi Shey September 11, 2023
Learn why cyber insurance is a major opportunity in this preview of our upcoming Security & Risk Forum.

Strenthen Security Operations With Agile SecOps

Read this report to learn how to apply agile software development lifecycle practices (SDLC) to detection and response to create engineering-driven detection operations.

Blog

Heed The Warnings And Get Climate Risk On Your Risk Register

Alla Valente August 23, 2023
After Montana was found to have violated the constitutional right to a “clean and healthful environment," this is what every risk pro should be considering.
Blog

Seize The Opportunity: The Security & Risk Enterprise Leadership Award 2023

David Levine August 22, 2023
Last month, Forrester announced its inaugural Security & Risk Enterprise Leadership Award. As former CISOs, my Forrester colleague Brian Wrozek and I are sharing our thoughts about why you should apply. There are tangible benefits to you, your team, your organization, and the greater security community. You should apply — and apply now — for […]
Blog

Subscription Hardware Puts The Channel At Risk

Naveen Chhabra August 14, 2023
Subscription-based hardware is the emerging model that every hardware vendor is promising to customers, partners, and investors. It’s a significant shift from the classic capex model in which firms spend money for outright hardware purchases. There are several scenarios such as new technology, short-term projects, test-before-you-buy, and infrastructure bundled with managed services, etc., where subscription-based […]
Blog

Vulnerability Management Strategies: Avoiding A Cyber Root Canal

David Levine August 8, 2023
Vulnerability management, like flossing, is not fun, exciting, or sexy, but we know that it’s a necessary component of good hygiene. There’s a ton of evidence and research to strongly substantiate its benefits, and yet we frequently struggle to do it despite clearly understanding the consequences — we certainly don’t want a root canal! Yet, […]
Blog

Data Governance Unlocks The Impact Of Analytics: Data Strategy & Insights 2023

Jayesh Chaurasia July 12, 2023
Forrester data shows that fewer than 10% of enterprises are advanced in their insights-driven capabilities. Find out why in this blog post.

Don't Get Misled By Unrealistic AI And Security Expectations

Learn the truth behind ML’s madness, how AI and security (really) work in detection and response, and red-flag claims to avoid.

Blog

Announcing Forrester’s Security & Risk Enterprise Leadership Award

Stephanie Balaouras June 21, 2023
Forrester is thrilled to announce its inaugural Security & Risk Enterprise Leadership Award, which will recognize security organizations that have transformed the security, privacy, and risk management functions to fuel long-term success. Learn how to apply here.
Blog

VRM And SOC Teams Can Benefit From Each Other

Erik Nost June 5, 2023
We’re excited to announce our latest research on vulnerability risk management (VRM) and security operations center (SOC) teams. VRM and SOC teams are pivotal parts of the security organization, with different responsibilities but shared challenges. When Allie and I kicked off our research on interlocks between these teams earlier this year, we weren’t sure what […]
Blog

Announcing The Vulnerability Risk Management Landscape, Q2 2023

Erik Nost May 23, 2023
What do organizations use VRM for? Learn the five top use cases in this preview of our new report: The Vulnerability Risk Management Landscape, Q2 2023.
Webinar

Ransomware Defense For Constrained State And Local Budgets

Explore the state of ransomware vulnerability for state and local governments — and how you can protect your agency with limited resources.
Blog

Wonder Twin Powers, Activate! Cyber Risk Ratings And Third-Party Risk Platforms Are More Powerful Together

Alla Valente May 2, 2023
Third-party risk management and cyber risk ratings fight better together, making security and risk professionals the beneficiaries of the alliance.

Seven Steps To Bolstering Network Security With Zero Trust Edge

Watch this video to break down vendor ZTE hype and learn how to implement it across all endpoints in an enteprisewide networking fabric.

Blog

This Earth Day, Take Control Of Climate Risk

Cody Scott April 21, 2023
Climate events occur more frequently every year. Treat this Earth Day as a call to action, and add climate risks to your systemic risk purview.
Blog

The US Government Is Here And Really Wants To Help Protect You From Ransomware

Brian Wrozek March 27, 2023
Ransomware Vulnerability Warnings Are Coming To A Critical Infrastructure Near You The US Cybersecurity and Infrastructure Security Agency (CISA) launched the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023 in response to ongoing concerns about the threat of ransomware. This is the CISA’s ransomware-centric take on external attack surface management for critical infrastructure. The RVWP pilot […]
Blog

It’s 10 p.m. — Do You Know Where Your Data Is Going?

Stephanie Liu March 16, 2023
Last week, The Washington Post did a deep dive on how a publication used “commercially available” mobile data to out a Catholic priest as a Grindr user and visitor of a gay bar, ultimately forcing him to resign. Some of this data was sourced from Grindr; a Grindr spokesperson told the Post that “[the] company […]
Blog

Spotting Reputational Risk In Nontraditional Third-Party Relationships Ain’t So Yeezy

Alla Valente March 14, 2023
Third-party risk management efforts typically focus on software vendors and managed services providers. It's time to broaden that perception.
Blog

The Third-Party Risk Questionnaire Equation Doesn’t Add Up: Right Intention, Wrong Execution

David Levine February 23, 2023
Perspectives From A Former CISO/CSO For my second blog in this series, I wanted to share my thoughts on one of my favorite subjects: third-party risk management (TPRM). More specifically, I’m going to primarily focus on the receiving side of the equation — i.e., responding to and dealing with external inquiries about your organization as […]

Get More Risk Mitigation With Your 2024 Budget

Download our 2024 Planning Guide for Security and Risk Leaders to see where strategic cybersecurity investments (and divestments) can deliver more business value.

Blog

Introducing The CLM Landscape, 2023: Contract Management Gets A Dose Of Digitalization

Alla Valente February 23, 2023
All businesses rely on contracts. Unlike customer-facing functions, however, the software that powers the creation, execution, and management of these commercial obligations hasn’t made the shift toward digital … until now! In my new report, The Contract Lifecycle Management Landscape, Q1 2023, I looked at the 26 notable contract lifecycle management (CLM) vendors that procurement, […]
Blog

Make The Case For Concentrating On Concentration Risk

Alla Valente February 21, 2023
Unless you’re a floppy disk aficionado, Tom Persky isn’t likely to be a familiar name. Tom is what you’d call a “last man standing,” as he’s the only bulk seller of floppy disks left, and his business of recycling, stripping, and reselling floppy disks is booming. You may be thinking, so what? Do they still […]
Blog

Cybersecurity Risk Dashboards: No Value, Extreme Liability

Jeff Pollard January 30, 2023
Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]
More posts