security risk management

With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.

Discover how Forrester supports IT leaders.

Insights

Blog

So There Won’t Be A Wiz IPO — What Does That Mean For Cyber IPOs In 2025?

Merritt Maxim 8 hours ago
Last week’s mega deal of Google acquiring CNAPP provider Wiz for $32 billion has some lamenting the future of IPOs in the cybersecurity space. Wiz was on a high growth trajectory, and given that Wiz had previously rebuffed Google’s interest in the summer of 2024, many assumed Wiz was on target for a 2025 IPO, […]
Blog

Generative AI Innovation In Security Tools Is Finally Getting Interesting

Allie Mellen 1 day ago
The core themes of The-C2 conference in London were artificial intelligence, supply chain security, and cyber hygiene. Get a closer look at how these themes may impact security professionals in this recap.
Blog

Address The Whole Person To Impact Insider Risk

Joseph Blankenship 2 days ago
One of the main themes from the recent Insider Summit was that insider risk is very much a human problem, not a technology problem. Find out more in this review of the event.
Blog

How To Boost Your Third-Party Risk Program With A Spring Cleaning

Alla Valente 2 days ago
Prioritize Foundational Elements Over Decorative Accessories Our springtime urge to clean, redecorate, and renovate has a biological explanation. Turns out that spring’s increased hours of daylight lower our body’s production of melatonin (the hormone that makes you sleepy), which leads to regained energy and inspiration to clean our living environments. For security and risk pros, […]
Blog

Breaches And Lawsuits And Fines, Oh My! What We Learned, The Hard Way, From 2024

Janet Worthington March 25, 2025
With the average cost of a data breach at $2.7 million and 33% of enterprises reporting being breached three or more times over the past 12 months, understanding and learning from past incidents is not just beneficial — it’s essential.
Blog

Google To Acquire CNAPP Specialist Unicorn Wiz For $32 Billion

Andras Cser March 19, 2025
Learn what the largest-ever acquisition in cybersecurity means both for Google and the CNAPP space.
Podcast

Finally, An Alternative To 3LOD: Meet Continuous Risk Management

What It Means March 13, 2025
For more than a decade, risk managers have been trying to use the three lines of defense (3LOD) framework for enterprise risk management. But it was never meant for that. In this episode, Senior Analysts Alla Valente and Cody Scott walk through the new Forrester Continuous Risk Management Model, a more holistic and business-centric risk management approach.
Blog

The Akira IoT Device Attacks Aren’t Just About THAT Device

Paddy Harrington March 12, 2025
Securing IoT devices presents unique challenges due to their proprietary operating systems and firmware, which often preclude traditional endpoint protection methods. This blog explores the critical role of network segmentation and Zero Trust principles in mitigating risks, emphasizing the importance of robust edge, network, and gateway security measures to defend against sophisticated attacks such as the Androxgh0st botnet and Akira ransomware.
Blog

Top Recommendations For CISOs In 2025: Deal With Uncertainty … Again

Jeff Pollard March 12, 2025
The security landscape continues to evolve, as does global uncertainty, leaving CISOs preparing for turbulence ahead.
Blog

The Brewing Battle For Digital Online Age Verification

Merritt Maxim March 11, 2025
With online identity verification well understood and maturing, the next brewing verification battle is around age verification, a subset of identity verification.
Blog

Another Cautionary Tale Of The Perils Of Using Password Managers

Andras Cser March 5, 2025
Last week, password wallet vendor LastPass experienced an outage. All LastPass systems and services have since been restored and are up and running. It is worth noting that this is not the first incident involving password wallet products. Past incidents include: LastPass had an outage in 2024. PasswordState had a malicious DLL cause a breach […]
Blog

Quantum Security Isn’t Hype — Every Security Leader Needs It

Merritt Maxim March 3, 2025
The commercial availability of quantum computers that can compromise traditional asymmetric cryptography is still five to 10 years away. But security and risk (S&R) professionals must assess and prepare for the impact of quantum security now.
Blog

Announcing The Forrester Wave™: Managed Detection And Response Services, Q1 2025!

Jeff Pollard February 27, 2025
The third installment of The Forrester Wave™: Managed Detection And Response Services is now live, and there’s so much to love about the managed detection and response (MDR) services market: fantastic providers, engaged clients, and meaningful outcomes. This year is no different. Forrester clients can access the full report here. As we mentioned in Choose […]
Blog

Contract Lifecycle Management Is The Bridge Between Strategy And Reality — Choose Wisely To Thrive In Uncertainty

Alla Valente February 20, 2025
In under two months of 2025, organizations face a battery of changing regulations, new tariffs, and economic uncertainty … all while trying to stay competitive, remain resilient, and execute on their AI strategy. Here’s the good news: How well your organization deals with risk, crisis, and operations opportunity will largely depend on … you guessed […]
Blog

Assessment Is Anyone’s Guess: Proving GOAT Status Requires Validation

Erik Nost February 11, 2025
As spectators tuned in to Super Bowl LIX to indulge in American culture rife with consumerism, T. Swift, and rap feuds, the buzz was less around the game and more on determining who is pro football’s GOAT (greatest of all time).
Blog

Choose Your Own MDR Adventure: Avoid The Free-For-All Of “New” MDR Services

Jeff Pollard February 4, 2025
Managed detection and response (MDR) — without a doubt — has successfully claimed the crown of all managed security services for making and keeping clients happy.
Blog

Deepfakes: The Hidden Threat CMOs Can’t Ignore

Karen Tran January 31, 2025
Deepfakes are not just a distant threat; they are a present danger with the potential for long-lasting repercussions. Marketing leaders must understand how to mitigate the risks.
Blog

Tenable To Acquire Vulcan Cyber: More Consolidation In The Vulnerability Management Market

Erik Nost January 30, 2025
The proactive security market is consolidating further as exposure management vendor Tenable announced its intent to acquire Vulcan Cyber, a unified vulnerability management (UVM) vendor that specializes in third-party vulnerability collection, vulnerability response, and application security posture management. This acquisition demonstrates how vendors are reacting to CISOs’ continued need to unify and consolidate their fragmented […]
Blog

Breaking Down Human-Element Breaches To Improve Cybersecurity: FAQ

Jinan Budge January 28, 2025
We are thrilled to announce our new research report, Deconstructing Human-Element Breaches, detailing the many and varied risks posed by and to humans — a problem that has plagued cybersecurity teams for decades. Forrester clients can use this research as a catalyst for productive conversations with executives and peers across functions about controls to mitigate the human-element breach types most common to their organizations and industries.
Blog

Technological And Environmental Risks Take The Top Two Spots In 2025 WEF Risk Report

Paul McKay January 24, 2025
Get the highlights from the World Economic Forum’s 2025 Global Risks Report and find out what it means for global risk leaders.
More posts