Cybersecurity Trends
Stay up-to-date on the cutting edge of cybersecurity with insights on Zero Trust, vendors, regulations, and other privacy & security topics.
Insights
Blog
Mastering An Effective Executive Tabletop Exercise: Deriving Maximum Value And Impact
So you’ve decided to run an executive tabletop exercise (TTX) and pulled off the Herculean feat of getting it scheduled. Will this be a career-limiting move or career highlight? Let’s go for the latter. Done right, a good TTX will drive tremendous value for the company and garner you accolades. I have yet to do […]
Blog
CrowdStrike’s Planned Acquisition Of Seraphic Highlights The Need To Address Endpoint Risks
CrowdStrike’s move to acquire Seraphic spotlights a growing blind spot in cybersecurity: The browser has quietly become one of the riskiest — and least protected — endpoints in the enterprise. This blog reveals why legacy EDR, XDR, and network tools can’t see what’s really happening inside the browser and how Seraphic’s unique JSE‑based approach could change the game for data protection and threat detection.
Predictions 2026: Your Planning Starts Here
2026 will demand proof, not promises. Explore Forrester’s Predictions resources — guides, webinars, and blogs — to plan smarter, lead with trust, and stay ahead of disruption.
Blog
My Tips For Crushing Your Analyst Briefings And Wowing The Analyst
Former Forrester analyst Josh Zelonis blogged about how to deliver successful vendor briefings years ago. I’m updating his blog with my own thoughts as a “recovering marketer,” Forrester analyst, and research director. This blog is a collection of my top tips for briefing analysts, with contributions from other security and risk analysts.
Podcast
SolarWinds’ Lessons For CISOs, AI In B2B Sales, Shopping In Answer Engines
The holiday season is in full swing, and as retailers vie for consumer dollars, some of the biggest ones are branching out to answer engines like ChatGPT and Perplexity. In this episode, we describe what that experience looks like now and what brands should do in response. We also look at the lasting implications of a high-profile legal case for CISOs and the state of AI in B2B sales.
Blog
MITRE ATT&CK Evaluations Return: More Coverage, More Nuance
There were many big changes in this latest round. Read our breakdown and what we learned.
Blog
Tidings Of Comfort And Trust: Holiday-Season Security That Bolsters Your Brand
Make safe, reliable digital experiences as part of the value you deliver — and help keep customers coming back yearround.
Blog
Updating Our Security Champions Research To Expand And Strengthen Security
A strong security culture is the foundation of an effective security program. That’s why we’re revisiting essential research that explores how to build a security champions network, examining how security champion networks can help scale influence, embed security into everyday decisions, and foster trust across the business.
2026 APAC Predictions: The Blind Spots You Can’t Afford to Miss
Missed the live reveal? The blind spots haven’t gone anywhere. Watch the webinar replay to uncover what APAC tech and security leaders didn’t see coming — and why your 2026 roadmap may need a reset.
Blog
Insider Incidents Can Happen To Anyone
Managing insider risk requires steadfast focus, documenting policies, and following defined processes. Follow these four steps laid out in Forrester’s “Best Practices: Insider Risk Management” report to reduce insider risk.
Blog
AI Vendor Threat Research And Cybersecurity’s Cynicism Problem
For years, the security community decried the lack of transparency in public breach disclosure and communication. But when AI vendors break with old norms and publish how attackers exploit their platforms, that same community’s reaction is split. Some are treating this intelligence as a learning opportunity. Others are dismissing it as marketing noise. Unfortunately, some […]
Blog
SAFE Acquires Balbix
Cyber risk quantification (CRQ) vendor SAFE announced that it acquired unified vulnerability management vendor Balbix. The acquisition helps SAFE grow its proactive security platform. Proactive security platforms support all three principles of proactive security: visibility, prioritization, and remediation. Balbix ingests data from other vulnerability sources for visibility, prioritizes high-risk vulnerability and misconfigurations, and helps orchestrate […]
Blog
Anthropic Catches Attackers Using Agents In The Act
On November 13, AI vendor Anthropic published details about the disruption of what it characterized as an AI-led cyber espionage operation. Learn what is in Anthropic's report and get tips on how to protect against future AI-enabled attacks.
Blog
Remove Ambiguity: Measure Human Risk Management Metrics That Matter
Our latest research — Five Steps To Better Human Risk Management Metrics and The Essential List Of Human Risk Management Metrics — provides security leaders the clarity they need to measure what truly matters. I see this not as just another comprehensive metrics framework (though it is that!) — I also see it as a foundation for turning human risk management from a conversation into a movement.
Blog
Secure Vibe Coding: I’ve Done It Myself, And It’s A Paradigm, Not A Paradox
“There’s a new kind of coding I call ‘vibe coding,’ where you fully give in to the vibes, embrace exponentials, and forget that the code even exists,” said Andrej Karpathy in a post on X (formerly Twitter) back in February.
Blog
Gold Rush Or Fool’s Gold? How To Evaluate Security Tools’ Generative AI Claims
Generative AI features and products for security are gaining significant traction in the market. Knowing how to evaluate them, however, remains a mystery. What makes a good AI feature? How do we know if the AI is effective or not? These are just some of the questions I receive on a regular basis from Forrester […]
Blog
Fix Your GRC Blind Spots: Risk Lessons From The Louvre
The Louvre heist is a mirror for today’s governance, risk, and compliance gaps. Recognizing these blind spots can transform your enterprise risk efforts from decorative to defensive art. Find out how.
Blog
Forrester’s AEGIS Framework: The New Standard For AI Governance
AEGIS is not just another acronym — it’s now a fully cross-referenced, regulation-aware blueprint for building trust in AI systems.
Blog
Recorded Future Predict 2025: Intelligence To Operations … And Now To Action
Recorded Future held its Predict Global 2025 conference in New York City recently. Get some key highlights from the conference as well as a look ahead to the vendor’s Predict Europe 2025 event.
Now On Demand: 2026 Tech And Security Predictions
Missed it live? Watch our on-demand webinar to explore our 2026 predictions. Learn what tech and security leaders must do to lead with trust and value.
Blog
Developer-Led Growth Meets Enterprise-Grade Security And Distributed Infrastructure At Cloudflare Connect 2025
Cloudflare Connect 2025 had a distinctly optimistic vibe as the vendor positions itself as the connective tissue for modern digital operations in the enterprise and showcases its AI security abilities. Learn more in this event review.
Blog
Announcing The Cybersecurity Risk Ratings Platforms Landscape, Q4 2025
Despite a somewhat frustrating past, the CRRP market is truly at an inflection point — with the realization that there’s value in the data collected to produce ratings, not just the ratings themselves.
Blog
How F5 And SonicWall Revealed The Fragility Of The Software Supply Chain
The recent breaches at F5 and SonicWall illustrate how attackers are targeting the very infrastructure that enterprises rely on to secure and deliver digital services.
More posts