security risk management
With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.
Insights
Blog
T&I EMEA 2025: Build Your Proactive Security Program By Matching Attacker Velocity
Organizational opacity, bad defaults, compliance driven security, and institutional inertia render your security initiatives less effective than one might hope, and attackers are keenly aware of this most unfortunate circumstance. Attackers ship hourly. Defenders hold quarterly reviews. That delta is your breach window. Whilst you perceive your organization as a collection of security controls, threat […]
Blog
Security Planning 2026: Budget To Manage Volatility, Seize Opportunities, And Avoid Threats
Security and risk leaders face an uncertain road ahead in 2026. Wild market swings, geopolitical tensions, and increased cybersecurity threats mean that security and risk leaders must build resilient plans and make bold moves to turn volatility into opportunity. Learn how our Budget Planning Guide for security and risk leaders can help.
Can Your Security Strategy Handle Today’s Volatility?
Economic turmoil, increased cyberattacks, and changing regulations. Learn new strategies for managing risk in an era of volatility.
Blog
Budget Boom Or Budget Bust? Be Ready For Both In 2026
Though volatility has tempered budget expectations, business and tech leaders should prepare for the unexpected. Forrester’s 2026 Budget Planning Guides can help you make the right strategic moves this budget planning season.
Blog
What’s Hot For Enterprise Fraud Management In APAC In 2025
As AI-driven threats increase across the APAC region, so do enterprise fraud management technologies. Find out what fraud management professionals in APAC should pay attention to when evaluating solutions and vendors.
Blog
Your Zero Trust Strategy Needs An Adversarial Perspective
As IT environments become more complex and alert fatigue grows, the solution isn’t more controls — it’s systematic testing through an attacker’s lens. Find out how your Zero Trust strategy can benefit from this approach in this preview of a new report.
Blog
What International Customers Should Know About Microsoft’s Sovereign Cloud Offerings
Given the increasingly volatile geopolitical environment, Microsoft customers are requesting more details on the company’s digital sovereignty posture. Consequently, Microsoft has now updated its sovereign cloud offerings to include details for Sovereign Public Cloud, Sovereign Private Cloud, and National Partner Cloud. Find out what this means and how it may impact your strategy in this post.
Blog
How To Choose A Security Platform Without Getting Burned
Not all security platforms are created equal. CISOs and security pros can get five tips on selecting a security platform in this preview of a new report.
New For 2026! Security Budget Planning Guide + Workbook
Prepare your 2026 security budget for critical risks. Get our budget planning guide and workbook to assess, prioritize, and implement investments for fortified security in uncertain times.
Blog
Pause Innovation Now And Pay The Price Later: Why AI Readiness Can’t Wait
Even as volatility abounds, business and technology leaders must stay laser-focused on building a strong AI foundation. The first blog in our new quarterly Bold Stances series offers some guidance.
Blog
Announcing The Forrester Wave™: Security Analytics Platforms, Q2 2025 — The SIEM Vs. XDR Fight Intensifies
Find out how our latest analysis of the security analytics platforms space illustrates the dramatic changes this market is undergoing as legacy SIEM vendors are locked in heated competition with surging XDR providers.
Blog
Datadog DASH: A Revolving Door Of Operations And Security Announcements
Datadog’s 2025 keynote showcased a bold vision for AI-driven observability and security, unveiling a sweeping array of autonomous agents and tools designed to transform IT operations. From Bits AI SRE and Security Analyst to LLM Observability and Code Security, Datadog is trying to position itself as a central hub for operational intelligence in an increasingly algorithmic tech landscape.
Blog
Identiverse 2025 Recap: The Identity Trends Reshaping Your Identity Access Management Roadmap
I recently attended Identiverse in Las Vegas. This was my first time back at Identiverse since conference founder Ping Identity sold the conference in 2021. As identity related initiatives continue to dominate Forrester clients’ top priorities and initiatives, I felt impelled to share my perspectives and insights. Here are my five major conclusions and recommendations […]
Blog
Announcing The Forrester Wave™: Cyber Risk Quantification Solutions, Q2 2025
Cyber risk quantification (CRQ) solutions are on a mission to transform security and risk operations. The goal: a future where risk is measurable, actionable, and tightly integrated into business strategy. Some solutions emphasize picking up where legacy governance, risk, and compliance (GRC) implementations fall short and provide data-driven risk reporting, continuous monitoring, and third-party risk […]
Blog
Supply Chain, AI, And Operational Resilience Risks Dominate ERM Programs In 2025
For risk professionals, leading through 2025’s volatility has been like living in an “Alice in Wonderland” unreality. Risk teams have never been more important as a function to guide their businesses through challenges such as geopolitical risk events, trade disruption, economic volatility, and regulatory disruption.
Blog
Are Emergency Systems Safe From DOGE Cuts?
Are emergency communications services dodging the DOGE cuts? Learn some of the direct and indirect impacts as well as the collateral-impact angles in this post.
Blog
Coinbase Flips The Coin On Would-Be Extortionists
In a recent example of why managing insider risk is critical, cryptocurrency exchange Coinbase announced that it was the target of an extortion scheme enabled by insiders. Learn more about the incident and how to protect against it in this blog.
Blog
The Cyber Risk Tides Are Turning: RSAC ‘25 And Beyond
RSAC is the largest cybersecurity conference in the world. Leaders and practitioners across all sectors come together to tackle challenges, all under the maxim of “managing risk.” But what does “risk” actually mean at a security conference? Is it a mythical pursuit? Marketing buzzword? Or generic substitute for “the thing we need to detect/prevent/remediate”? RSAC […]
Blog
It’s Time To Start Planning Your Postquantum Migration
When will quantum computers will be able to break asymmetric cryptography and algorithms? And what steps should you take to prepare? Find out in this preview of a report on quantum security.
Blog
RSAC Conference 2025: Welcome To The Petting Zoo
From live goats and puppies to robot dogs and animal costumes, the RSAC Conference 2025 delivered some unexpected surprises. But it also delivered the usual insight into various trends in the security market today. Find out more in this RSAC review.
Blog
Overregulation Forges A CISO Coalition With The G7 Letter
A coalition of over 40 chief information security officers (CISOs) from leading companies, including Salesforce, Microsoft, AWS, Mastercard, and Siemens, sent a letter to the G7 and OECD, urging them to take action on aligning international cybersecurity regulations.
Blog
Global Tariffs: Dynamic Risk Management Meets Its Moment
The recent introduction of US-imposed tariffs has shaken global trade. While economists and financial analysts debate whether this on-again/off-again trade war fits into their model for geopolitical, economic, or supply chain risks, the result is the same: uncertainty and chaos sure to shake up business strategy for the foreseeable future. This new era of volatility […]
More posts