One year ago, COVID-19 was declared a global health emergency, impacting all sectors virtually overnight. With the pandemic hitting this benchmark, Forrester analysts are available for interviews to discuss how specific sectors have been impacted these past months worldwide, as well as what 2021 will look like as we keep adjusting to this “new normal.”

The below insights explore risk management, security and privacy trends:

Senior Analyst Alla Valente:

  • “Firms were not prepared for a pandemic. In fact, among the Fortune 50 companies, I believe only one had pandemic listed as a risk in their 10K.
  • “The pandemic highlighted the interconnectedness of risk categories and how unforeseen crisis in one area has a cascading effect across the enterprise.
  • “Presently, firms realize they need to get better at expecting the unexpected, but many haven’t gone far enough to put in the necessary processes to make significant impact in case of another event of this scale. Partially because they see COVID as a once in a hundred-year flood that won’t come again for another 99 years.
  • “The pandemic highlighted the rigidity of their supply chains — too long, lean, and geographically concentrated to pivot in response to shifting customer demand. In some cases scale production (toilet paper, paper towels, household items, cleaners, and web cameras included) but in other cases pivot to other products or delivery methods (some retailers without online presence needed to scale quickly). 
    • Also, vaccine rollout and distribution is still very much dependent on supply chain (i.e. do we have enough gloves, specific syringes, trained staff to administer?).
  • “Vaccine rollout gives hope that there is a light at the end of the tunnel, so long as firms understand that there are too many unknowns to set plans in stone. They can plan for reopening, but need to continuously monitor trends, connect with employees to gauge sentiment, and be mindful of how their actions will be perceived in the market (reputational risk).” 

Principal Analyst Paul McKay (Based in Europe):

  • “Security leaders have never been busier during the pandemic. They played their part in enabling the shift to remote work to preserve human safety from the virus and have been absolutely fundamental to the effort to keep business running, without compromising security in the longer run. As we emerged from the immediate crisis, we’ve seen that security leaders are hampered by being asked to do more with less and have to find ways of stretching their budgets to achieve the same or more security goals, all while being fully remote from their teams.

  • “Last year also saw some security professionals making emergency technology purchases to react swiftly to the emerging crisis. While considered necessary at the time, with budgets and value for money for security being continually challenged, CISOs will want to take a step back and re-evaluate whether these purchases are right in the long term. I expect to see a lot of bonfires of redundant security tools happening, with a continued drive towards vendor consolidation and security simplification efforts.
  • “Priorities have shifted to more operational matters in the SOC and CISOs are now heavily involved in efforts to modernize IT and enable the future of work by helping accelerate the shift in workloads to the cloud. This has raised interest amongst European security leaders in the Zero Trust model for security, as prior models proved themselves inadequate to the task of securing a remote workforce during and post-pandemic.

  • “One year on from the start of the pandemic, CISOs are under pressure to deliver value for money for spend, with workforce shortages, hiring freezes and a more distributed and bigger attack surface to defend themselves against. To say they have a big load on their plate would be classic understatement.

  • Looking ahead, security professionals in Europe are going to be focused on enabling a hybrid work model, which will continue many of the trends we saw last year (i.e. acceleration of cloud). We will start to see a return to offices at least domestically later this year, though international travel might be later. This means security professionals will still have the challenges of securing a remote workforce whilst having a population of workers in the office. This makes initiatives to implement a Zero Trust model and to eliminate this trust distinction even more critical.”

Senior Analyst Enza Iannopollo (Based in Europe):

  • “Companies must ensure they follow a privacy by-design approach when dealing with the sensitive data of their employees. Classic businesses collected and processed an unprecedented volume of sensitive, personal data. As part of their pandemic management strategies, companies around the world engaged in the collection of unprecedented volumes of sensitive, personal data. While the health emergency provided the legal basis for many of these activities, companies remain liable and responsible for protecting the sensitive, personal data they collect, process, store, and share.”

  • “Consumers are more likely to share their data and to spend more money with companies they believe will keep their data safe. Our research also suggests that empowered consumers — those that are most likely to engage through digital channels and experiment with new technology — are particularly tuned into values and privacy. Companies must ensure that they follow best practices when it comes to protecting the personal data of their customers.”

  • “Remote working created both opportunities and risks. Employees’ productivity, performance, collaboration, proactivity are among the variables that employers want to capture. While their intention is to support their employees, some of the data collection and processing activities underpinning these activities pose significant privacy challenges and can destroy — not increase — employee trust. According to our research, we expect regulators around the world to multiply their enforcement actions against companies that undermine the privacy rights of their employees. Beyond that, employee trust and experience directly impact employee performance and the quality of the customer experience employees deliver.”

To connect further with either analyst, please reach out to