Jess Burn

We are thrilled to announce our new research report, Deconstructing Human-Element Breaches, detailing the many and varied risks posed by and to humans — a problem that has plagued cybersecurity teams for decades. Forrester clients can use this research as a catalyst for productive conversations with executives and peers across functions about controls to mitigate the human-element breach types most common to their organizations and industries.

Forrester's security and risk research team breaks down the key highlights and implications of former US President Joe Biden’s 2025 Executive Order (EO) 14144 on strengthening security, improving accountability for software and cloud service providers, and promoting innovation, including use of emerging technologies.

As has now become a Forrester Security & Risk Summit tradition, a room full of amazing women and a few brave fellas gathered last week as part of the Forrester Women’s Leadership Program to celebrate successes and solve for the many challenges that women face in this field. The theme? “To propel your career in security and risk, choose your advisers and nuggets of advice wisely.”

As you increase your marketing message volume this holiday shopping season, so do the bad actors using generative AI tools to mimic your logo, language, and landing pages. Learn two things you can do to help reduce your exposure in this post.

Risks posed by and to humans such as deepfakes, data exfiltration by insiders, and misuse of generative AI are expected to accelerate and become more complex. Learn how to discern and manage these human-element risks in this preview of an upcoming report.

Here are the top things you need to know coming out of CrowdStrike's recently held Fal.Con user conference, just two months after its config update took down 8.5 million Windows endpoints.

The July 19 CrowdStrike Falcon outage created major trust issues for the company and the broader security market. What's next for CrowdStrike? Find out as we make several predictions on where the company will go next.

CrowdStrike's recent global incident underscores businesses' need to have robust crisis communication plans in place before a crisis occurs.

Technology leaders woke up this morning to find that a software update by cybersecurity vendor CrowdStrike had gone badly wrong. Get updates on the steps that your organization should take now and in the long term as a result of the CrowdStrike outage.

In a world of Scattered Spiders and Midnight Blizzards and UNC2452s, why is Arlington’s BEC important? Because it’s happening all the time to towns, municipalities, regional health systems, and small businesses lacking the resources to prepare for such an event.

Choosing the right cybersecurity incident response services provider comes down to three things. Learn what they are and get a preview of our new Wave report in this blog.

Cybersecurity breaches continued to rise in 2023. Learn the eight most common incident types and get four key takeaways from our new report.

RSAC gives security startups two structured opportunities to distinguish themselves, and Forrester always finds it revealing to see which startups make the cut.

More than 41,000 attendees, 600 exhibitors, and 425 sessions. Get some of the key themes and takeaways from the Forrester security & risk analysts who attended RSA Conference (RSAC) 2024.

Microsoft announced the launch date of Copilot for Security. Find out what this means for security professionals and how you can prepare.

What is Broadcom planning to do with VMware’s Carbon Black unit? Find out in this blog covering the plan to integrate Carbon Black with Broadcom's existing product lineup.

Changing tech, changing threats, and changing consequences. 2024 will be a busy year for security professionals. Get a preview of our top security recommendations for 2024 in this blog and then read our full report.

A recent cybersecurity incident at Change Healthcare cause the pharmacy claims processors to take its systems offline. Learn the implication of this event and five things firms can do to prepare.

Thanks to the widely publicized cybersecurity talent shortage, degree requirements are fading from job postings – even for US Federal contractors – and being replaced by demonstrable skills challenges, making expensive four-year programs less appealing to high school grads and those in the workforce looking for a career change. To keep up, colleges and universities are doing some rethinking of their own as many attempt to carve out a slice of the cybersecurity skills and training pie. In the process, these institutions are renaming the traditional “three Rs” of education.