security risk management

With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.

Discover how Forrester supports IT leaders.

Insights

Blog

US Consumer Pandemic Recovery Outlook, August 2021: Ongoing Uncertainties Caution Consumers

Anjali Lai October 14, 2021
In the wake of chronic caution fatigue, US consumers are looking to their most trusted brands to provide a sense of stability and reliability.
Read More
Blog

Employee Vaccination Mandates: Indecision Is The Riskiest Decision Of All

Alla Valente October 14, 2021
Whether it's the carrot or the stick approach, the key to a decision on vaccination mandates is to make a definitive decision. Failing to do so constitutes a risk in itself. Find out why in this post.
Read More

Get Our 2022 Predictions First

Sign up to get an alert the minute Forrester's 2022 Predictions are available, and be the first to know about the dynamics impacting your organization in the year ahead.

Blog

Halloween Comes Early For Syniverse, FB, And Twitch — What We Can Learn From Their Spooky Outages Plus Breaches

Jeff Pollard October 7, 2021
As renowned ghost hunter and solver of mysteries Scooby-Doo would say, “Ruh roh, Raggy!” It looks like more than ghosts are wreaking havoc on haunted networks. We’re less than a full week into October, and Cybersecurity Awareness Month isn’t quite taking shape the way we expected. Ostensibly, orgs decided to pivot and use this time […]
Read More
Blog

The Application Security Market Will Grow To $12.9 Billion By 2025

Sandy Carielli September 23, 2021
Application security budgets are on the rise. Find out which sectors of the market will see the most dramatic investment and why.
Read More
Blog

Promoting Responsibility, Compliance, And Good Judgment Without Fear, Shame, Or Acrimony

Jinan Budge September 22, 2021
Security programs founded in fear will reduce employee engagement and stifle creativity. Learn how to nurture positive behavior and foster a more positive security culture.
Read More
Blog

Stormy Times For Cloud Compliance?

Lee Sustar September 20, 2021
Find out why enterprise risk management (ERM) professionals are taking a hard look at compliance in the cloud.
Read More
Podcast

A CISO’s Guide To Employee Empowerment

What It Means September 16, 2021
What’s the most important thing a security leader can do to empower their direct reports? Delegate. Learn how to do it effectively from VP, Principal Analyst Jeff Pollard in this week’s episode.
Listen Now
Blog

Security Leaders: It’s Time To Facilitate Employee Productivity, Not Hinder It

Andrew Hewitt September 13, 2021
As new generations enter the workforce, your security strategy needs to meet their needs as well. Get tips on how to strike the right balance in this blog post.
Read More
Blog

CISOs And The Trust Imperative

Jeff Pollard September 10, 2021
There is no executive role that better aligns with the trust imperative than the CISO. Find out why and how it may impact your organization directly.
Read More
Blog

SCA Vendors Are Leading The Way On Diversity, Equity, And Inclusion

Sandy Carielli August 31, 2021
It’s no secret that the security industry has a DEI problem. Yes, I just linked to six different articles or social media posts supporting that point, and I’ve barely scratched the surface. My colleagues, Jinan Budge, Jess Burn, Allie Mellen, and Alla Valente, authored a blog about gender bias in the security industry last month, […]
Read More
Blog

European Organizations Struggle To Attain Diversity In Their CISO Leadership Roles

Paul McKay August 26, 2021
Written with Zaklina Ber, senior research associate, Forrester Forrester analyzed the career backgrounds of 168 chief information security officers (CISOs) with public profiles who are working for major organizations in Europe with listings in the highest stock market indexes in the UK (FTSE 100), France (CAC 40), Germany (DAX 30), Italy (FTSE MIB), Spain (IBEX […]
Read More
Podcast

The Rising Cost Of Ransomware

What It Means August 19, 2021
What’s driving the increase in ransomware attacks, and what can security leaders do to protect their organizations? Analysts Allie Mellen and Steve Turner provide insight in this episode.
Listen Now

Security & Risk

Learn how to leverage trust to win, grow, and retain customers at our Security & Risk event Nov. 9–10.

Blog

Software Composition Analysis Is A Core Tool To Protect Your Software Supply Chain

Sandy Carielli August 18, 2021
Over the past year, breaches such as SolarWinds and Kaseya have woken us up to the realities of software supply chain risk. Whether through infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of existing vulnerabilities in open source components, attackers are leveraging gaps in supply chain controls to […]
Read More
Blog

Zero Trust For Healthcare Orgs Is Just What The Doctor Ordered

Christopher Sherman July 29, 2021
Healthcare data is low-hanging fruit for hackers. Learn how adopting a Zero Trust strategy can help keep your data safe.
Read More
Podcast

Causes And Cures For Toxic Culture In The Security Org

What It Means July 29, 2021
There’s a culture crisis in the IT security field that could be putting firms at risk. Learn about the causes and cures of a toxic security culture from Principal Analyst Jinan Budge in this episode of What It Means.
Listen Now
Blog

Using Our Tools Against Us: Adversaries Continue To Abuse Trust In The Supply Chain

Steve Turner July 13, 2021
Attackers continue to abuse trust in unique and creative ways. Have you talked with your partners about security yet? Get three tips on how to do that effectively.
Read More
Blog

COVID-19 Drives Delivery Model Transformation And A Sustainability Revolution In The Security Consulting Space

Paul McKay July 1, 2021
“The Forrester Wave™: European Cybersecurity Consulting Providers, Q3 2021,” launched today. Fifteen firms are featured in this report, representing a cross section of large international security consulting providers and more regionally based security pure plays. The European security consultancy market has seen a large transformation in the past 16 months in how it delivers value […]
Read More
Blog

When It Comes To Incident Response, Is Your Cyber Insurance Carrier On Your Side?

Jess Burn June 30, 2021
You know, I really feel for security leaders and professionals. After a year of pandemic-related disruption and an uptick in ransomware and serious cyberattacks of all kinds — just as they’re firming up their policies and strategies to secure hybrid work for the foreseeable future — they get hit with an all-out assault of ransomware […]
Read More
Blog

Zero Trust Doesn’t Mean Zero Breaches

David Holmes June 29, 2021
We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]
Read More
Blog

Forrester’s List Of Ransomware Resources

Jeff Pollard June 24, 2021
With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks. The links below are a mixture of Forrester’s own research and third-party links. […]
Read More
More posts