security risk management
With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.
Insights
Blog
VRM And SOC Teams Can Benefit From Each Other
We’re excited to announce our latest research on vulnerability risk management (VRM) and security operations center (SOC) teams. VRM and SOC teams are pivotal parts of the security organization, with different responsibilities but shared challenges. When Allie and I kicked off our research on interlocks between these teams earlier this year, we weren’t sure what […]
Blog
The CLM Market Is Ripe For Disruption, And 13 Vendors Vie To Lead The Charge
When thinking of markets on the cusp of disruption, legal tech — and especially contract lifecycle management — is not likely what comes to mind. But it should. Here's why.
Thrive In Economic Uncertainty
Get actionable advice to navigate the 2023 downturn. Explore our resources for tech, marketing, CX, sales, and product leaders.
Blog
Announcing The Vulnerability Risk Management Landscape, Q2 2023
What do organizations use VRM for? Learn the five top use cases in this preview of our new report: The Vulnerability Risk Management Landscape, Q2 2023.
Blog
Why The Digital Identity Market Needs A Big Shake-Up To Meet Its Potential
“On the internet, nobody knows you are a dog” is an oft-quoted maxim from the ’90s attributed to Peter Steiner. First appearing in The New Yorker, this meme illustrates the difficulty of establishing identity and, by extension, validating claims on the internet. Over three decades later, we still face the same challenges. In this realm […]
Webinar
Ransomware Defense For Constrained State And Local Budgets
Explore the state of ransomware vulnerability for state and local governments — and how you can protect your agency with limited resources.
Blog
Wonder Twin Powers, Activate! Cyber Risk Ratings And Third-Party Risk Platforms Are More Powerful Together
Third-party risk management and cyber risk ratings fight better together, making security and risk professionals the beneficiaries of the alliance.
Blog
Harnessing CISO Collective Power
Lone Wolf Or Wolf Pack? Perspectives From A Former CISO/CSO One of the most valuable, important, and rewarding things I did during my tenure as a CISO/CSO was becoming involved in the CISO community. There are plenty of leaders who choose to go down the CISO path primarily on their own, and perhaps for some, […]
Unlock The Secret To 2023 Tech Success
Attend our predictions webinar on overcoming resource constraints with a focus on resiliency and talent.
Blog
Protecting Against The Top Cybersecurity Threats In 2023 Requires A Balanced Approach
Get a preview of the top five cybersecurity threats — established and emerging — for this year and learn how to defend against each.
Blog
Asset Management May Make Minds Meander, But Mastery Is Core To Zero Trust
At some point in every organization’s security journey, the problem of asset management inevitably comes up. Solutions are often cosmetic and don’t tackle fundamental issues or provide real visibility. As more organizations chart their Zero Trust course, the asset management problem comes up a lot more, as you cannot mediate what you do not know, […]
Blog
The EU Cyber Solidarity Act Will Fail If It Is Stunted By Geopolitics And Protectionism
On 18 April 2023, the European Commission adopted a proposal for the EU Cyber Solidarity Act to strengthen cybersecurity capabilities in the EU. The proposed act will support detection and awareness of cybersecurity threats, bolster preparedness of critical entities, reinforce solidarity, and improve crisis management and response capabilities across member states. Additionally, the Commission presented […]
Blog
Cybersecurity Firms Aren’t Immune To The Economic Downturn
Last week, Forrester published its first report on what cybersecurity vendors’ quarterly earnings mean for technology executives. This research involved analysis of earnings calls from 10 publicly listed cybersecurity service providers. This information showcases existing trends and strategies and hopefully saves you some time by highlighting the most important interpretations. Even though most cybersecurity vendors’ […]
Blog
Plan Now For Major Changes To Oracle Java Licensing Costs
Oracle has again changed licensing rules for its widely used Java product. On January 23, 2023, the company introduced a new license metric, the SE Universal Subscription. It offers all the benefits of the legacy Java SE subscription, plus universal use rights (desktop, server, and third-party cloud) and triage support for customers’ entire Java portfolio, […]
Blog
The US Government Is Here And Really Wants To Help Protect You From Ransomware
Ransomware Vulnerability Warnings Are Coming To A Critical Infrastructure Near You The US Cybersecurity and Infrastructure Security Agency (CISA) launched the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023 in response to ongoing concerns about the threat of ransomware. This is the CISA’s ransomware-centric take on external attack surface management for critical infrastructure. The RVWP pilot […]
Blog
Avoid A Bot Waterloo
I don’t follow the Eurovision Song Contest closely, but I know that ABBA famously won decades ago with “Waterloo” and that a few other contest winners — Celine Dion, Måneskin — have achieved global success afterwards. This year, though, an article about Eurovision got my attention. It seems that tickets to the live Eurovision performances […]
Blog
Product Management And Security Collaboration Benefits More Than Product Security
As part of Forrester’s research into securing what you sell, we have long advocated for security leaders to overlay their own activities with the rest of the product team and to engage in the product lifecycle before the product has even been defined. Last year, we reached out to product management decision-makers to learn more […]
Blog
The Pay Gap Isn’t The Only Problem For Women In CISO Roles
Last week, we published Forrester’s third CISO Career Paths report. This research involved an analysis of the career paths of Fortune 500 CISOs, looking into their education, tenures, and prior experiences of security leaders at some of the world’s largest companies. This data showcases existing trends and helps forecast what CISO roles will look like […]
Blog
2023 Security Recommendations: Protect Your Ass(ets) And Lawyer Up
Forrester recently published Top Recommendations For Your Security Program, 2023 for CISOs and other senior cybersecurity and technology leaders. This year’s overarching theme involves protection (as you might expect) — but not exactly in the way you’d think in the context of security. In 2023, our recommendations fall into three major strategic themes for security […]
Blog
Zero Trust Comes Into The Mainstream In Europe
Until recently, discussions about Zero Trust (ZT) in Europe focused on the what and why. The last year has seen a significant shift in the market, and organizations have now begun focusing on the how. European organizations see significant value in adopting Zero Trust and have taken steps to prioritize adoption. This trend is driven […]
Blog
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog
2022 Breaches And Fines Offer Lessons To Security Leaders
2022 didn’t let up on the security incidents — according to Forrester’s Security Survey, 2022, 74% of security decision-makers experienced at least one data breach at their firm in the previous 12 months. As we looked at the top breaches and privacy violations of 2022 — and there was activity right up to the end […]
More posts