risk management

“No risk, no reward,” may be true, but unnecessary risk is . . . well, unnecessary. Read our insights on risk management and mitigation.

Discover how Forrester supports IT leaders.



It’s 10 p.m. — Do You Know Where Your Data Is Going?

Stephanie Liu 5 days ago
Last week, The Washington Post did a deep dive on how a publication used “commercially available” mobile data to out a Catholic priest as a Grindr user and visitor of a gay bar, ultimately forcing him to resign. Some of this data was sourced from Grindr; a Grindr spokesperson told the Post that “[the] company […]

Spotting Reputational Risk In Nontraditional Third-Party Relationships Ain’t So Yeezy

Alla Valente March 14, 2023
Third-party risk management efforts typically focus on software vendors and managed services providers. It's time to broaden that perception.

Unlock The Secret To 2023 Tech Success

Attend our predictions webinar on overcoming resource constraints with a focus on resiliency and talent.


The Third-Party Risk Questionnaire Equation Doesn’t Add Up: Right Intention, Wrong Execution

David Levine February 23, 2023
Perspectives From A Former CISO/CSO For my second blog in this series, I wanted to share my thoughts on one of my favorite subjects: third-party risk management (TPRM). More specifically, I’m going to primarily focus on the receiving side of the equation — i.e., responding to and dealing with external inquiries about your organization as […]

Introducing The CLM Landscape, 2023: Contract Management Gets A Dose Of Digitalization

Alla Valente February 23, 2023
All businesses rely on contracts. Unlike customer-facing functions, however, the software that powers the creation, execution, and management of these commercial obligations hasn’t made the shift toward digital … until now! In my new report, The Contract Lifecycle Management Landscape, Q1 2023, I looked at the 26 notable contract lifecycle management (CLM) vendors that procurement, […]

Make The Case For Concentrating On Concentration Risk

Alla Valente February 21, 2023
Unless you’re a floppy disk aficionado, Tom Persky isn’t likely to be a familiar name. Tom is what you’d call a “last man standing,” as he’s the only bulk seller of floppy disks left, and his business of recycling, stripping, and reselling floppy disks is booming. You may be thinking, so what? Do they still […]

Cybersecurity Risk Dashboards: No Value, Extreme Liability

Jeff Pollard January 30, 2023
Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]

Not So Fast — Mind QR Code Risks, Or Get Ready For Damage Control

Sandy Carielli January 12, 2023
In December 2022, a scammer in California worked up fake parking tickets with QR codes on them, directing citizens to a phishing site collecting payment card information — just one of many such recent QR code-related scams. Though QR code use surged in popularity during the COVID-19 pandemic because of customer desire for touchless interactions, QR-code risk management is not maturing at the same rate as adoption.

Turn 2023 Predictions Into Bold Action

Join us for Predictions 2023 Live to learn how to focus your priorities for success in the year ahead.


Calling Business Resilience Pros: Our Latest State Of Business Continuity Survey Is Live!

Amy DeMartine November 8, 2022
Each year, Forrester Research and the Disaster Recovery Journal (DRJ) team up to launch a study examining the state of business resiliency. We alternate between two resilience domains each year: IT disaster recovery and business continuity. This is the year of business continuity! The last joint survey we did was right in the middle of […]

How To Avoid The Ill-Fated Quest To “Fix” Global Supply Chains

Alla Valente November 3, 2022
Learn why “fixing” supply chain issues is less important than reducing the long-term risks that create the issues in this Security & Risk event preview.

Is Your Organization Equipped To Handle Geopolitical Risks?

What It Means October 27, 2022
Is your security team effectively assessing your exposure to geopolitical risk? Principal Analyst Renee Murphy and Senior Analyst Allie Mellen provide some insights and next steps every security org will want to hear.

Misguided Fear Of AI And Automation: A Classic Horror Story

Carlos Casanova October 25, 2022
Classic horror movie quirks closely resemble what we’re seeing in firms looking to innovate and differentiate yet are running from rather than toward AI and advanced automation.

The State Of Third-Party Risk In 2022: The Not-So-Subtle Art Of Keeping All Balls In The Air

Alla Valente October 20, 2022
New business priorities, strategic initiatives, and a plethora of new risks mean that security, risk, and compliance professionals must master the art of juggling.

Seize On 2023 Tech Opportunity

Get our Predictions 2023 guide to see how tech leaders are shifting their focus to outpace disruption.


Apply Critical Thinking And Culture To Reduce Insider Risk

Joseph Blankenship September 27, 2022
Learn how to reduce the three most common types of insider threats in this Security & Risk event preview.

Forget Quiet Quitting — Tech Whistleblowers Go Out With A Bang

Sara M. Watson August 26, 2022
When tech companies select people with ideals and integrity, they get people with ideals and integrity. When they behave in ways that betray those employees, they can expect rebellion.

Random Acts Of Automation: 10 Pitfalls We Must Avoid

Craig Le Clair August 22, 2022
The trend toward automation is not new. The Industrial Revolution started it in the 19th century, but there has never been such rapid automation progress as today. All forms have accelerated, often without understanding their effect. Humans have become choke points in operations, points of disease and legal liability, and friction to smooth digital pathways, […]

Meta Pixel Fiasco Underscores Why Marketing And Risk Must Work Together

Stephanie Liu August 5, 2022
Marketing and risk share a common goal: building customer trust. By partnering, marketers and S&R pros can use the growing momentum around consumer privacy to grow customer trust.

Who’s Responsible For Cyber Insurance Policy Misrepresentations? It Depends.

Alla Valente July 14, 2022
On July 6, 2022, the Travelers Property Casualty Company of America (Travelers Insurance) filed a suit in an Illinois federal court against International Control Services, Inc. (ICS) asking for policy rescission and declaratory judgment against ICS. Travelers alleges that ICS misrepresented its use of multifactor authentication (MFA) on its policy application, which should be sufficient […]

Tackle 2023 With Bold Action & Clear Focus

Get our Predictions 2023 Guide to see the 12 big-impact dynamics that leaders will have to navigate in the coming year.


COVID-Related Absenteeism Is Costing Your Business Money

J.P. Gownder June 22, 2022
Many organizations are ill-equipped to manage the problem. Yet it's the sort of systemic risk that leaders need to be ready to face.

Forget The FUD: Four Factors Fueling TPRM Platform Adoption Today

Alla Valente May 23, 2022
Fear. Uncertainty. Doubt. Also known as “appeal to fear,” fear-uncertainty-doubt (FUD) is a fallacy in which a person tries to create support for an idea (or technology) by attempting to increase fear towards an alternative. Since passage of Sarbanes-Oxley (SOX), the regulation that launched the era of compliance, technology sales have been predicated on creating […]

Plan Your Response To CISA Emergency Patching Directives

Erik Nost May 20, 2022
The US Cybersecurity and Infrastructure Security Agency and other government agencies will continue to weigh in on vulnerability and patch management. Be prepared to respond.
More posts