security risk management
With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.
Discover how Forrester supports IT and security and risk leaders.
Insights
Blog
Remove Ambiguity: Measure Human Risk Management Metrics That Matter
Our latest research — Five Steps To Better Human Risk Management Metrics and The Essential List Of Human Risk Management Metrics — provides security leaders the clarity they need to measure what truly matters. I see this not as just another comprehensive metrics framework (though it is that!) — I also see it as a foundation for turning human risk management from a conversation into a movement.
Blog
AWS Outage, Nexperia Seizure, And The EU’s Cloud Sovereignty Framework: The Battle For Digital Sovereignty Is On!
In times of calm, but especially in times of chaos, risk management strategies and their execution must be dictated by context and control. Prioritizing key risks and crafting appropriate responses is essential to keeping the business going.
Master Risk And Lead Through Uncertainty
Attend our Security & Risk Summit to get insider access to frameworks and tools that help security professionals navigate AI attacks, understand quantum risks, and redefine resilience.
Blog
From Veto To Victory: California’s New AI Act Revives The National (And International) Conversation On AI Regulations
At its core, California’s new AI law requires safety protocols, best practices, and key compliance policies, but it stops short of prescribing risk frameworks and imposing legal liabilities. Here’s a closer look at what’s in SB 53.
Blog
Fix Your GRC Blind Spots: Risk Lessons From The Louvre
The Louvre heist is a mirror for today’s governance, risk, and compliance gaps. Recognizing these blind spots can transform your enterprise risk efforts from decorative to defensive art. Find out how.
Blog
Risk Consulting Firms Are Getting Shaken, Not Stirred, By AI
Chief risk officers (CROs) are navigating a risk landscape that’s more volatile, fragmented, and tech-driven than ever. Yet many CROs still rely on advice from risk consulting services providers that are stuck in the audit compliance cottage industry of yesteryear, gently stirring into action. Learn how to select the right risk consulting provider for your organization in this preview of a new report.
Blog
Forrester’s AEGIS Framework: The New Standard For AI Governance
AEGIS is not just another acronym — it’s now a fully cross-referenced, regulation-aware blueprint for building trust in AI systems.
Blog
Announcing Forrester’s 2025 Security & Risk Enterprise Leadership Award Winners
Learn more about the two enterprise security programs that won this year’s Security & Risk Enterprise Leadership Award.
Predictions 2026: Your Planning Starts Here
2026 will demand proof, not promises. Explore Forrester’s Predictions resources — guides, webinars, and blogs — to plan smarter, lead with trust, and stay ahead of disruption.
Blog
Declaring Zero Trust Without Testing Is A Lie
Zero Trust without real-world testing is a false sense of security. Learn how MITRE ATT&CK-driven adversarial trials turn Zero Trust from theory into proof.
Blog
Announcing The Cybersecurity Risk Ratings Platforms Landscape, Q4 2025
Despite a somewhat frustrating past, the CRRP market is truly at an inflection point — with the realization that there’s value in the data collected to produce ratings, not just the ratings themselves.
Blog
How F5 And SonicWall Revealed The Fragility Of The Software Supply Chain
The recent breaches at F5 and SonicWall illustrate how attackers are targeting the very infrastructure that enterprises rely on to secure and deliver digital services.
Blog
UK Government Plans To Mandate Digital eID For All Legal UK Residents
The UK government plans to mandate an electronic digital identity scheme and credential to all legal residents and employees of the UK to prove immigration and employment eligibility status. Read our assessment of the benefits, challenges, and concerns.
Blog
The Netherlands Targets Chip Governance: A New Precedent For Cyber And IP Risk Intervention
The Netherlands placing Chinese-owned chipmaker Nexperia under ministerial oversight is a sign that Europe has crossed from passive screening to active control to keep IP and capacity in-region. Find out what this means for CISOs and risk leaders and what steps to take next.
Blog
Sovereignty Is The New Differentiator: Google Cloud’s Strategic Shift
Sovereign cloud used to be synonymous with compliance and data protection. But as organizations tighten their sovereign policies and demand greater control over their data and cloud infrastructure, the narrative is changing.
Blog
Predictions 2026: Cybersecurity And Risk Leaders Grapple With New Tech And Geopolitical Threats
In 2026, continued political instability coupled with technological advancements being used by cybercriminals will force cybersecurity and risk leaders to adapt their defensive technologies and prepare their workforce for big shifts. Find out more in our 2026 predictions for cybersecurity and risk.
Blog
How To Build AI Red Teams That Actually Work
AI red teaming blends offensive security tactics with safety evaluations for bias, toxicity, and reputational harm. It’s messy, fragmented and, most of all, necessary. Get six tips to get started on an AI red team that actually works in this preview of our upcoming Security & Risk Summit.
Blog
Too Big To Fail, Cyber Edition
Why did the UK government extend a £1.5 billion guaranteed loan to Jaguar Land Rover after a debilitating ransomware attack? And what can your security team learn from it? Find out in this post.
Blog
Securing AI’s M&A Feeding Frenzy Is On
The cybersecurity industry is in the middle of a land grab as AI security M&A heats up. In just 18 months, eight major vendors — including Check Point, Cisco, CrowdStrike, F5, and Palo Alto Networks — have spent upwards of $2.0 billion acquiring startups focused on securing enterprise AI. AI for security is already poised to disrupt […]
2026 Predictions: What Tech And Security Leaders Must Know
Our 2026 tech and security predictions are out — now it’s time to go deeper. Join Forrester’s analysts to uncover what you must do to lead with trust and value.
Blog
Splunk .conf25: Cisco, AI, And Data
The 10th annual Splunk .conf took place in Boston recently. From the opening keynote to various new product releases and enhancements, get a full review of the event in this post.
Blog
The Abyss Of The Salesloft-Salesforce Breach May Reach The Challenger Deep
Details have been trickling out about a security issue in Salesloft’s Drift product. Find out what data was compromised and what actions you can take to reduce the threat to your business.
Blog
Announcing The Forrester Wave™: IoT Security Solutions, Q3 2025
IoT devices are a normal part of business and personal life. In enterprises, it is estimated that there are between six and 10 IoT devices for each employee, ranging from long-standing devices, such as printers and cameras, and industry-specific devices like warehouse scanners and medical infusion pumps to modern air quality monitors and soil moisture […]
More posts