security risk management

With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.

Discover how Forrester supports IT and security and risk leaders.

Insights

Blog

Master Risk, Conquer Chaos At Forrester’s Security & Risk Summit

Amy DeMartine 2 days ago
For leaders in security, risk, and privacy, this year has been different, with a new level of volatility fueled by geopolitics, new regulatory hurdles, relentless AI disruption, and looming quantum threats. Learn how Forrester’s Security & Risk Summit 2025 can empower you to stay ahead of the chaos, take the right risks, and secure your organization.
Blog

Announcing The Forrester Wave™: Unified Vulnerability Management Wave, Q3 2025

Erik Nost 4 days ago
Vulnerability management is undergoing a seismic shift. The risk based prioritization from Vulnerability Risk Management (VRM) has combined with attack surface management (ASM) to form exposure management and continuous security testing — two emerging practices that prioritize visibility and prioritization over remediation and response.

Summer Team Up: Security & Risk Summit

This August, seize the opportunity to elevate your team! Buy one pass for Security & Risk Summit and get one free. Don’t wait — reserve your passes today!

Blog

100% Accuracy On Weather Predictions? Well, No, But You Are In Control Of Your Organizational Resilience

Amy DeMartine July 25, 2025
This week the UN court said countries must address the “urgent and existential threat” of climate change. It’s easy to see from weather events why this is more urgent than ever before.
Blog

AI Regulations Clear Major Hurdles On Both Sides Of The Atlantic

Enza Iannopollo July 23, 2025
July has marked a defining moment for global AI regulation, as policymakers in both the US and the EU removed or abandoned some heavy roadblocks that stood in the way of laws mandating transparency and regulations enshrining risk management.
Blog

Build Your Proactive Security Program By Matching Attacker Velocity

Tope Olufon July 17, 2025
Effective security must mirror attacker agility. Learn how to think like an attacker and build a proactive security strategy in this preview of our upcoming Technology & Innovation Summit EMEA.
Blog

Security Planning 2026: Budget To Manage Volatility, Seize Opportunities, And Avoid Threats

Jess Burn July 15, 2025
Security and risk leaders face an uncertain road ahead in 2026. Wild market swings, geopolitical tensions, and increased cybersecurity threats mean that security and risk leaders must build resilient plans and make bold moves to turn volatility into opportunity. Learn how our Budget Planning Guide for security and risk leaders can help.
Blog

Budget Boom Or Budget Bust? Be Ready For Both In 2026

Sharyn Leaver July 15, 2025
Though volatility has tempered budget expectations, business and tech leaders should prepare for the unexpected. Forrester’s 2026 Budget Planning Guides can help you make the right strategic moves this budget planning season.

New For 2026! Security Budget Planning Guide + Workbook

Prepare your 2026 security budget for critical risks. Get our budget planning guide and workbook to assess, prioritize, and implement investments for fortified security in uncertain times.

Blog

What’s Hot For Enterprise Fraud Management In APAC In 2025

Meng Liu July 1, 2025
As AI-driven threats increase across the APAC region, so do enterprise fraud management technologies. Find out what fraud management professionals in APAC should pay attention to when evaluating solutions and vendors.
Blog

Your Zero Trust Strategy Needs An Adversarial Perspective

Tope Olufon June 30, 2025
As IT environments become more complex and alert fatigue grows, the solution isn’t more controls — it’s systematic testing through an attacker’s lens. Find out how your Zero Trust strategy can benefit from this approach in this preview of a new report.
Blog

What International Customers Should Know About Microsoft’s Sovereign Cloud Offerings

Dario Maisto June 30, 2025
Given the increasingly volatile geopolitical environment, Microsoft customers are requesting more details on the company’s digital sovereignty posture. Consequently, Microsoft has now updated its sovereign cloud offerings to include details for Sovereign Public Cloud, Sovereign Private Cloud, and National Partner Cloud. Find out what this means and how it may impact your strategy in this post.
Blog

How To Choose A Security Platform Without Getting Burned

Jeff Pollard June 27, 2025
Not all security platforms are created equal. CISOs and security pros can get five tips on selecting a security platform in this preview of a new report.
Blog

Pause Innovation Now And Pay The Price Later: Why AI Readiness Can’t Wait

Stephanie Balaouras June 26, 2025
Even as volatility abounds, business and technology leaders must stay laser-focused on building a strong AI foundation. The first blog in our new quarterly Bold Stances series offers some guidance.

Master Your 2026 Budget With Our Ultimate Guides And Tools

Plan smarter to thrive in 2026! Access planning guides, workbooks, webinars, and resources to invest wisely, cut costs, and maximize your budget impact — even in uncertain times.

Blog

Announcing The Forrester Wave™: Security Analytics Platforms, Q2 2025 — The SIEM Vs. XDR Fight Intensifies

Allie Mellen June 24, 2025
Find out how our latest analysis of the security analytics platforms space illustrates the dramatic changes this market is undergoing as legacy SIEM vendors are locked in heated competition with surging XDR providers.
Blog

Datadog DASH: A Revolving Door Of Operations And Security Announcements

Carlos Casanova June 20, 2025
Datadog’s 2025 keynote showcased a bold vision for AI-driven observability and security, unveiling a sweeping array of autonomous agents and tools designed to transform IT operations. From Bits AI SRE and Security Analyst to LLM Observability and Code Security, Datadog is trying to position itself as a central hub for operational intelligence in an increasingly algorithmic tech landscape.
Blog

Identiverse 2025 Recap: The Identity Trends Reshaping Your Identity Access Management Roadmap

Merritt Maxim June 18, 2025
I recently attended Identiverse in Las Vegas. This was my first time back at Identiverse since conference founder Ping Identity sold the conference in 2021. As identity related initiatives continue to dominate Forrester clients’ top priorities and initiatives, I felt impelled to share my perspectives and insights. Here are my five major conclusions and recommendations […]
Blog

Announcing The Forrester Wave™: Cyber Risk Quantification Solutions, Q2 2025

Cody Scott June 18, 2025
Cyber risk quantification (CRQ) solutions are on a mission to transform security and risk operations. The goal: a future where risk is measurable, actionable, and tightly integrated into business strategy. Some solutions emphasize picking up where legacy governance, risk, and compliance (GRC) implementations fall short and provide data-driven risk reporting, continuous monitoring, and third-party risk […]
Blog

Supply Chain, AI, And Operational Resilience Risks Dominate ERM Programs In 2025

Paul McKay June 13, 2025
For risk professionals, leading through 2025’s volatility has been like living in an “Alice in Wonderland” unreality. Risk teams have never been more important as a function to guide their businesses through challenges such as geopolitical risk events, trade disruption, economic volatility, and regulatory disruption.

Showcase Your Security & Risk Innovation With A Forrester Award

Get recognized for excellence in security, privacy, and risk innovation. Apply for a Forrester Security & Risk Enterprise Leadership Award to celebrate your success in creating resilient operations.

Blog

Are Emergency Systems Safe From DOGE Cuts?

Octavio Garcia Granados May 22, 2025
Are emergency communications services dodging the DOGE cuts? Learn some of the direct and indirect impacts as well as the collateral-impact angles in this post.
Blog

Coinbase Flips The Coin On Would-Be Extortionists

Joseph Blankenship May 16, 2025
In a recent example of why managing insider risk is critical, cryptocurrency exchange Coinbase announced that it was the target of an extortion scheme enabled by insiders. Learn more about the incident and how to protect against it in this blog.
Blog

The Cyber Risk Tides Are Turning: RSAC ‘25 And Beyond

Cody Scott May 14, 2025
RSAC is the largest cybersecurity conference in the world. Leaders and practitioners across all sectors come together to tackle challenges, all under the maxim of “managing risk.” But what does “risk” actually mean at a security conference? Is it a mythical pursuit? Marketing buzzword? Or generic substitute for “the thing we need to detect/prevent/remediate”? RSAC […]
More posts