security risk management

With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.

Discover how Forrester supports IT and security and risk leaders.

Insights

Blog

AWS Outage, Nexperia Seizure, And The EU’s Cloud Sovereignty Framework: The Battle For Digital Sovereignty Is On!

Dario Maisto 19 hours ago
In times of calm, but especially in times of chaos, risk management strategies and their execution must be dictated by context and control. Prioritizing key risks and crafting appropriate responses is essential to keeping the business going. The battle for digital sovereignty is now unfolding in real time, following this exact script. Three Events Show […]
Blog

From Veto To Victory: California’s New AI Act Revives The National (And International) Conversation On AI Regulations

Alla Valente 5 days ago
At its core, California’s new AI law requires safety protocols, best practices, and key compliance policies, but it stops short of prescribing risk frameworks and imposing legal liabilities. Here’s a closer look at what’s in SB 53.

Master Risk And Lead Through Uncertainty

Attend our Security & Risk Summit to get insider access to frameworks and tools that help security professionals navigate AI attacks, understand quantum risks, and redefine resilience.

Blog

Fix Your GRC Blind Spots: Risk Lessons From The Louvre

Cody Scott 5 days ago
The Louvre heist is a mirror for today’s governance, risk, and compliance gaps. Recognizing these blind spots can transform your enterprise risk efforts from decorative to defensive art. Find out how.
Blog

Risk Consulting Firms Are Getting Shaken, Not Stirred, By AI

Paul McKay 5 days ago
Chief risk officers (CROs) are navigating a risk landscape that’s more volatile, fragmented, and tech-driven than ever. Yet many CROs still rely on advice from risk consulting services providers that are stuck in the audit compliance cottage industry of yesteryear, gently stirring into action. Learn how to select the right risk consulting provider for your organization in this preview of a new report.
Blog

Forrester’s AEGIS Framework: The New Standard For AI Governance

Jeff Pollard 7 days ago
AEGIS is not just another acronym — it’s now a fully cross-referenced, regulation-aware blueprint for building trust in AI systems.
Blog

Announcing Forrester’s 2025 Security & Risk Enterprise Leadership Award Winners

Joseph Blankenship October 22, 2025
Learn more about the two enterprise security programs that won this year’s Security & Risk Enterprise Leadership Award.
Blog

Declaring Zero Trust Without Testing Is A Lie

Tope Olufon October 20, 2025
Zero Trust without real-world testing is a false sense of security. Learn how MITRE ATT&CK-driven adversarial trials turn Zero Trust from theory into proof.

Predictions 2026: Your Planning Starts Here

2026 will demand proof, not promises. Explore Forrester’s Predictions resources — guides, webinars, and blogs — to plan smarter, lead with trust, and stay ahead of disruption.

Blog

Announcing The Cybersecurity Risk Ratings Platforms Landscape, Q4 2025

Paul McKay October 19, 2025
Despite a somewhat frustrating past, the CRRP market is truly at an inflection point — with the realization that there’s value in the data collected to produce ratings, not just the ratings themselves.
Blog

How F5 And SonicWall Revealed The Fragility Of The Software Supply Chain

Carlos Rivera October 17, 2025
The recent breaches at F5 and SonicWall illustrate how attackers are targeting the very infrastructure that enterprises rely on to secure and deliver digital services.
Blog

UK Government Plans To Mandate Digital eID For All Legal UK Residents

Andras Cser October 16, 2025
The UK government plans to mandate an electronic digital identity scheme and credential to all legal residents and employees of the UK to prove immigration and employment eligibility status. Read our assessment of the benefits, challenges, and concerns.
Blog

The Netherlands Targets Chip Governance: A New Precedent For Cyber And IP Risk Intervention

Tope Olufon October 15, 2025
The Netherlands placing Chinese-owned chipmaker Nexperia under ministerial oversight is a sign that Europe has crossed from passive screening to active control to keep IP and capacity in-region. Find out what this means for CISOs and risk leaders and what steps to take next.
Blog

Sovereignty Is The New Differentiator: Google Cloud’s Strategic Shift

Dario Maisto October 15, 2025
Sovereign cloud used to be synonymous with compliance and data protection. But as organizations tighten their sovereign policies and demand greater control over their data and cloud infrastructure, the narrative is changing.
Blog

Predictions 2026: Cybersecurity And Risk Leaders Grapple With New Tech And Geopolitical Threats

Paddy Harrington October 1, 2025
In 2026, continued political instability coupled with technological advancements being used by cybercriminals will force cybersecurity and risk leaders to adapt their defensive technologies and prepare their workforce for big shifts. Find out more in our 2026 predictions for cybersecurity and risk.
Blog

How To Build AI Red Teams That Actually Work

Jeff Pollard September 30, 2025
AI red teaming blends offensive security tactics with safety evaluations for bias, toxicity, and reputational harm. It’s messy, fragmented and, most of all, necessary. Get six tips to get started on an AI red team that actually works in this preview of our upcoming Security & Risk Summit.
Blog

Too Big To Fail, Cyber Edition

Jess Burn September 29, 2025
Why did the UK government extend a £1.5 billion guaranteed loan to Jaguar Land Rover after a debilitating ransomware attack? And what can your security team learn from it? Find out in this post.
Blog

Securing AI’s M&A Feeding Frenzy Is On

Jeff Pollard September 22, 2025
The cybersecurity industry is in the middle of a land grab as AI security M&A heats up. In just 18 months, eight major vendors — including Check Point, Cisco, CrowdStrike, F5, and Palo Alto Networks — have spent upwards of $2.0 billion acquiring startups focused on securing enterprise AI. AI for security is already poised to disrupt […]
Blog

Splunk .conf25: Cisco, AI, And Data

Allie Mellen September 15, 2025
The 10th annual Splunk .conf took place in Boston recently. From the opening keynote to various new product releases and enhancements, get a full review of the event in this post.

2026 Predictions: What Tech And Security Leaders Must Know

Our 2026 tech and security predictions are out — now it’s time to go deeper. Join Forrester’s analysts to uncover what you must do to lead with trust and value.

Blog

The Abyss Of The Salesloft-Salesforce Breach May Reach The Challenger Deep

Paddy Harrington September 12, 2025
Details have been trickling out about a security issue in Salesloft’s Drift product. Find out what data was compromised and what actions you can take to reduce the threat to your business.
Blog

Announcing The Forrester Wave™: IoT Security Solutions, Q3 2025

Paddy Harrington September 10, 2025
IoT devices are a normal part of business and personal life. In enterprises, it is estimated that there are between six and 10 IoT devices for each employee, ranging from long-standing devices, such as printers and cameras, and industry-specific devices like warehouse scanners and medical infusion pumps to modern air quality monitors and soil moisture […]
Blog

The Forrester Wave™: Secure Access Service Edge Solutions, Q3 2025 — A Market Transformed

Andre Kindness September 10, 2025
We just released The Forrester Wave™: Secure Access Service Edge Solutions, Q3 2025, and the results mark a dramatic shift from the 2023 Wave on Zero Trust edge solutions.
More posts