security risk management
With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.
Discover how Forrester supports IT and security and risk leaders.
Insights
Blog
Project Glasswing: The 10 Consequences Nobody’s Writing About Yet
Anthropic’s Project Glasswing and Claude Mythos Preview prove that autonomous zero-day discovery now operates at scale. We evaluate the immediate, medium-term, and structural consequences for security teams, vendors, insurers, regulators, and future careers.
Blog
What To Know When Evaluating Sensitive Data Discovery And Classification Solutions
The ability to identify sensitive data in your organization, gain visibility into where it is located, and tag it to inform controls for data access, data use, and the data’s lifecycle underpins your efforts to protect that data. Sensitive data discovery and classification is foundational for Zero Trust data security, privacy, and AI governance. The […]
Blog
When Cyber Insurance Meets Cyber War, Coverage Becomes Conditional
For years, cyber insurance relied on generic war exclusions that rarely shaped enterprise decisions. That changed when NotPetya, a Russia‑linked attack, caused billions in collateral damage in a blast radius of unrelated but affected organizations and triggered prolonged legal battles over whether traditional war clauses applied to cyber events. The result was landmark settlements for […]
Blog
CISOs Have Plenty Of Work To Do In An AI-Driven Future
As AI becomes more embedded in fundamental business processes, organizations can no longer settle for “secure enough.” Learn how AI is redefining the CISO role — and actions that they can take today.
Blog
The Expanding Universe Of GRC For AI: Key Questions From Technology Leaders
In 1929, astronomer Edwin Hubble discovered something unsettling. The universe isn’t static; it’s expanding everywhere, simultaneously, at every scale. His simple equation (Hubble’s law) shows that galaxies are accelerating away from each other, and the farther they are, the faster they recede. Eventually, galaxies become so distant that they cross our observable horizon entirely — […]
Blog
Geopolitical Volatility Has Become A Technology Leadership Test
Geopolitical volatility is testing and redefining technology leadership, demanding sharper trade-offs, stronger resilience, and faster decisions from CIOs and CISOs. Read guidance from our new research to help navigate these challenges.
Blog
No, You Can’t Just Vibe Code Commerce — Yet
“What coding?” Vibe coding is the cute term for using genAI systems to create, debug, or update programming code. People can use it without knowing how to write a line of code themselves. What this means: Lots of people are generating code they don’t understand. It’s not just developers using these tools to code faster; for example, it’s schoolteachers writing their […]
Blog
From Operating Rooms To iPhones: What The Stryker Attack Reveals About Third-Party Risk
A recent cyberattack on a global medical device manufacturer shows how third-party failures can cascade from enterprise IT into patient-facing operations. This post unpacks what the incident reveals about concentration risk, vendor dependencies, and real-world impact.
Blog
White House Announces The 2026 Cyber Strategy For America
On Friday, March 6, the Trump administration released the latest US national cybersecurity strategy, President Trump’s Cyber Strategy for America, alongside an executive order on combating cybercrime and fraud. The document, focused on six core pillars, is the briefest cybersecurity strategy released by the US in the last decade. The biggest challenge with the document […]
Blog
Practical Quantum Computing By 2030 Is Likely — And So Is Q‑Day
Forrester’s report, “The State Of Quantum Computing, 2026,” shows that quantum computing is advancing faster than expected, making business utility and Q-day security risks plausible by 2030.
Blog
The Mandela Effect In TPRM: Why Companies Still Misremember Their Third-Party Risk Exposure
What do the Monopoly man’s monocle, the Fruit of the Loom cornucopia, and “Luke, I am your father” have in common? None of them actually exist the way you remember. That glitch is the Mandela effect, a collective misremembering of facts or events, and it is the same mental bug that convinces executives that their […]
Blog
2026 Really Is This Risky: Our Top Recommendations For CISOs
Security leaders entered 2026 with little expectation that uncertainty will ease … ever. Economic pressure, geopolitical instability, accelerating artificial intelligence adoption, and renewed technology consolidation have turned volatility into a structural condition rather than a temporary disruption. This is life now, and CISOs are being asked to move faster, support aggressive AI initiatives, and protect […]
Now On Demand: 2026 Tech And Security Predictions
Missed it live? Watch our on-demand webinar to explore our 2026 predictions. Learn what tech and security leaders must do to lead with trust and value.
Blog
What We’re Looking Forward To At The RSAC 2026 Conference
The annual RSAC Conference in San Francisco is the cybersecurity industry’s biggest event of the year. For the analysts attending, RSAC Conference week provides an opportunity to learn about cybersecurity trends and topics, meet with vendors and clients, and share our insights and observations. It’s also an excellent opportunity to meet our daily step goals […]
Blog
When A Hosting Provider Becomes A Hostile Provider: The Notepad++ Compromise
The detailed writeup from cybersecurity vendor Rapid7 about the Notepad++ compromise gives CISOs a clear demonstration of how a single failure in the distribution process for a widely used utility can become an enterprise-scale software supply chain event. Developers, analysts, automation engineers, researchers, IT operators, and security teams use this editor as part of their […]
Blog
Think Hardware Security Modules Aren’t Exciting? Think Post-Quantum Migration!
Hardware security modules (HSMs) are a key foundational security component of public key infrastructure. HSMs hold the crown-jewel keys for encryption and digital signatures and perform encryption and decryption operations on protected data and payment information. While HSMs have been in use for decades, they now play an oversized role in migrating to post-quantum security […]
Blog
Weaponized Insiders Can Result In Big Consequences
The US Department of the Treasury recently announced that it is canceling all of its contracts, reportedly valued at $21 million, with technology provider Booz Allen Hamilton (BAH) due to an insider incident that occurred between 2018 and 2020. The incident resulted in the theft of tax return data for more than 400,000 US taxpayers and the release of tax information about high-net-worth […]
Blog
Ready For OpenClaw To Pry Into Your Environment And Grip Your Data
A formidable challenge awaits security leaders as personal tools like Moltbot spread. AI butlers are the next shadow super-user.
Blog
Digital Sovereignty: Why Tech Execs Must Act Now
As global tensions continue to rise and cloud adoption accelerates, digital sovereignty has become a board-level topic. Tech execs must now modernize infrastructure, protect autonomy, ensure compliance, and manage geopolitical risk at the same time. As we outlined in a recent report, 2025 showed a clear trend: Digital sovereignty is reshaping public cloud strategy across […]
Blog
MITRE ATT&CK Evaluations Return: More Coverage, More Nuance
There were many big changes in this latest round. Read our breakdown and what we learned.
Blog
Six Months In: What 2025 Taught Me And Why I’m Fired Up For 2026
2025 has been a year of learning, listening, and building momentum. From packed workshops to powerful storytelling, our events sparked connection and action across industries. Now, we’re raising the bar for 2026 with a bold promise: ideas into action. Here’s what we learned — and what’s next.
More posts