security risk management

With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.

Discover how Forrester supports IT leaders.

Insights

Blog

VRM And SOC Teams Can Benefit From Each Other

Erik Nost 24 hours ago
We’re excited to announce our latest research on vulnerability risk management (VRM) and security operations center (SOC) teams. VRM and SOC teams are pivotal parts of the security organization, with different responsibilities but shared challenges. When Allie and I kicked off our research on interlocks between these teams earlier this year, we weren’t sure what […]
Blog

The CLM Market Is Ripe For Disruption, And 13 Vendors Vie To Lead The Charge

Alla Valente 5 days ago
When thinking of markets on the cusp of disruption, legal tech — and especially contract lifecycle management — is not likely what comes to mind. But it should. Here's why.

Thrive In Economic Uncertainty

Get actionable advice to navigate the 2023 downturn. Explore our resources for tech, marketing, CX, sales, and product leaders.

Blog

Announcing The Vulnerability Risk Management Landscape, Q2 2023

Erik Nost May 23, 2023
What do organizations use VRM for? Learn the five top use cases in this preview of our new report: The Vulnerability Risk Management Landscape, Q2 2023.
Blog

Why The Digital Identity Market Needs A Big Shake-Up To Meet Its Potential

Tope Olufon May 5, 2023
“On the internet, nobody knows you are a dog” is an oft-quoted maxim from the ’90s attributed to Peter Steiner. First appearing in The New Yorker, this meme illustrates the difficulty of establishing identity and, by extension, validating claims on the internet. Over three decades later, we still face the same challenges. In this realm […]
Webinar

Ransomware Defense For Constrained State And Local Budgets

Explore the state of ransomware vulnerability for state and local governments — and how you can protect your agency with limited resources.
Blog

Wonder Twin Powers, Activate! Cyber Risk Ratings And Third-Party Risk Platforms Are More Powerful Together

Alla Valente May 2, 2023
Third-party risk management and cyber risk ratings fight better together, making security and risk professionals the beneficiaries of the alliance.
Blog

Harnessing CISO Collective Power

David Levine May 2, 2023
Lone Wolf Or Wolf Pack? Perspectives From A Former CISO/CSO One of the most valuable, important, and rewarding things I did during my tenure as a CISO/CSO was becoming involved in the CISO community. There are plenty of leaders who choose to go down the CISO path primarily on their own, and perhaps for some, […]

Unlock The Secret To 2023 Tech Success

Attend our predictions webinar on overcoming resource constraints with a focus on resiliency and talent.

Blog

Protecting Against The Top Cybersecurity Threats In 2023 Requires A Balanced Approach

Brian Wrozek May 1, 2023
Get a preview of the top five cybersecurity threats — established and emerging — for this year and learn how to defend against each.
Blog

Asset Management May Make Minds Meander, But Mastery Is Core To Zero Trust

Tope Olufon April 26, 2023
At some point in every organization’s security journey, the problem of asset management inevitably comes up. Solutions are often cosmetic and don’t tackle fundamental issues or provide real visibility. As more organizations chart their Zero Trust course, the asset management problem comes up a lot more, as you cannot mediate what you do not know, […]
Blog

The EU Cyber Solidarity Act Will Fail If It Is Stunted By Geopolitics And Protectionism

Tope Olufon April 19, 2023
On 18 April 2023, the European Commission adopted a proposal for the EU Cyber Solidarity Act to strengthen cybersecurity capabilities in the EU. The proposed act will support detection and awareness of cybersecurity threats, bolster preparedness of critical entities, reinforce solidarity, and improve crisis management and response capabilities across member states. Additionally, the Commission presented […]
Blog

Cybersecurity Firms Aren’t Immune To The Economic Downturn

Madelein van der Hout April 19, 2023
Last week, Forrester published its first report on what cybersecurity vendors’ quarterly earnings mean for technology executives. This research involved analysis of earnings calls from 10 publicly listed cybersecurity service providers. This information showcases existing trends and strategies and hopefully saves you some time by highlighting the most important interpretations. Even though most cybersecurity vendors’ […]
Blog

Plan Now For Major Changes To Oracle Java Licensing Costs

Steven Russman April 10, 2023
Oracle has again changed licensing rules for its widely used Java product. On January 23, 2023, the company introduced a new license metric, the SE Universal Subscription. It offers all the benefits of the legacy Java SE subscription, plus universal use rights (desktop, server, and third-party cloud) and triage support for customers’ entire Java portfolio, […]
Blog

The US Government Is Here And Really Wants To Help Protect You From Ransomware

Brian Wrozek March 27, 2023
Ransomware Vulnerability Warnings Are Coming To A Critical Infrastructure Near You The US Cybersecurity and Infrastructure Security Agency (CISA) launched the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023 in response to ongoing concerns about the threat of ransomware. This is the CISA’s ransomware-centric take on external attack surface management for critical infrastructure. The RVWP pilot […]
Blog

Avoid A Bot Waterloo

Sandy Carielli March 16, 2023
I don’t follow the Eurovision Song Contest closely, but I know that ABBA famously won decades ago with “Waterloo” and that a few other contest winners — Celine Dion, Måneskin — have achieved global success afterwards. This year, though, an article about Eurovision got my attention. It seems that tickets to the live Eurovision performances […]
Blog

Product Management And Security Collaboration Benefits More Than Product Security

Sandy Carielli March 14, 2023
As part of Forrester’s research into securing what you sell, we have long advocated for security leaders to overlay their own activities with the rest of the product team and to engage in the product lifecycle before the product has even been defined. Last year, we reached out to product management decision-makers to learn more […]
Blog

The Pay Gap Isn’t The Only Problem For Women In CISO Roles

Jeff Pollard March 8, 2023
Last week, we published Forrester’s third CISO Career Paths report. This research involved an analysis of the career paths of Fortune 500 CISOs, looking into their education, tenures, and prior experiences of security leaders at some of the world’s largest companies. This data showcases existing trends and helps forecast what CISO roles will look like […]
Blog

2023 Security Recommendations: Protect Your Ass(ets) And Lawyer Up

Jeff Pollard March 6, 2023
Forrester recently published Top Recommendations For Your Security Program, 2023 for CISOs and other senior cybersecurity and technology leaders. This year’s overarching theme involves protection (as you might expect) — but not exactly in the way you’d think in the context of security. In 2023, our recommendations fall into three major strategic themes for security […]
Blog

Zero Trust Comes Into The Mainstream In Europe

Tope Olufon March 3, 2023
Until recently, discussions about Zero Trust (ZT) in Europe focused on the what and why. The last year has seen a significant shift in the market, and organizations have now begun focusing on the how. European organizations see significant value in adopting Zero Trust and have taken steps to prioritize adoption. This trend is driven […]
Blog

Get A Head Start On The National Cybersecurity Strategy

Jeff Pollard March 2, 2023
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog

2022 Breaches And Fines Offer Lessons To Security Leaders

Sandy Carielli February 24, 2023
2022 didn’t let up on the security incidents — according to Forrester’s Security Survey, 2022, 74% of security decision-makers experienced at least one data breach at their firm in the previous 12 months. As we looked at the top breaches and privacy violations of 2022 — and there was activity right up to the end […]
More posts