How To Report

Forrester’s Security Consequence Management Framework

Address Cybersecurity Errors With Appropriate Consequences

June 30th, 2023
With contributors:
Joseph Blankenship , Aidan Riga , Bill Nagel


Security teams debate whether to punish employees who fail phishing simulations or cybersecurity quizzes or fall victim to scams such as business email compromise. Punishments for offenders range from severe sanctions such as discipline or termination to milder ones like forcing them to sit through additional training. Security leaders find it difficult to tread the line between punitive action, showing empathy to employees, and getting the right level of engagement. This report helps security leaders determine the appropriate consequences to apply when employees err, depending on the frequency and severity of the mistake.

Want to read the full report?

This report is not available for purchase at this time.

Forrester helps business and technology leaders use customer obsession to accelerate growth. That means empowering you to put the customer at the center of everything you do: your leadership strategy, and operations. Becoming a customer-obsessed organization requires change — it requires being bold. We give business and technology leaders the confidence to put bold into action, shaping and guiding how to navigate today's unprecedented change in order to succeed.