security risk management
With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.
Discover how Forrester supports IT and security and risk leaders.
Insights
Blog
Think Hardware Security Modules Aren’t Exciting? Think Post-Quantum Migration!
Hardware security modules (HSMs) are a key foundational security component of public key infrastructure. HSMs hold the crown-jewel keys for encryption and digital signatures and perform encryption and decryption operations on protected data and payment information. While HSMs have been in use for decades, they now play an oversized role in migrating to post-quantum security […]
Blog
Weaponized Insiders Can Result In Big Consequences
The US Department of the Treasury recently announced that it is canceling all of its contracts, reportedly valued at $21 million, with technology provider Booz Allen Hamilton (BAH) due to an insider incident that occurred between 2018 and 2020. The incident resulted in the theft of tax return data for more than 400,000 US taxpayers and the release of tax information about high-net-worth […]
Blog
Ready For Moltbot To Crack Its Shell And Spill Into Your Environment?
The (AI) Butler Did It If you hang out in the same corners of the internet that I do, chances are you’ve seen Clawdbot (now renamed Moltbot), the AI butler in action. You’ve seen the screenshots that show empty inboxes that an AI cleaned up. You likely read stories about personal bots that write code […]
Blog
Digital Sovereignty: Why Tech Execs Must Act Now
As global tensions continue to rise and cloud adoption accelerates, digital sovereignty has become a board-level topic. Tech execs must now modernize infrastructure, protect autonomy, ensure compliance, and manage geopolitical risk at the same time. As we outlined in a recent report, 2025 showed a clear trend: Digital sovereignty is reshaping public cloud strategy across […]
Blog
MITRE ATT&CK Evaluations Return: More Coverage, More Nuance
There were many big changes in this latest round. Read our breakdown and what we learned.
Blog
Six Months In: What 2025 Taught Me And Why I’m Fired Up For 2026
2025 has been a year of learning, listening, and building momentum. From packed workshops to powerful storytelling, our events sparked connection and action across industries. Now, we’re raising the bar for 2026 with a bold promise: ideas into action. Here’s what we learned — and what’s next.
Blog
The Real Deal: A Black Friday-Inspired RFP Template For Vetting AI SaaS Vendors
For those of us of a certain generation, “Black Friday” invokes memories of the Cabbage Patch Kid riots of 1983.
Predictions 2026: Your Planning Starts Here
2026 will demand proof, not promises. Explore Forrester’s Predictions resources — guides, webinars, and blogs — to plan smarter, lead with trust, and stay ahead of disruption.
Blog
GRC Platforms Enter Their Grad School Era
Governance, risk, and compliance (GRC) platforms are officially old enough to be in grad school. In our 2023 market evaluation, GRC technology turned 20 years old but was still figuring out what it wanted to be when it grew up.
Blog
Insider Incidents Can Happen To Anyone
Managing insider risk requires steadfast focus, documenting policies, and following defined processes. Follow these four steps laid out in Forrester’s “Best Practices: Insider Risk Management” report to reduce insider risk.
Blog
OpenText Redefines Enterprise Automation And AI
OpenText World 2025 marked a turning point for enterprise automation and AI. The event spotlighted innovations such as the AI Data Platform and Content Aviator, designed to embed trust, security, and context into every layer of automation. From intelligent service delivery to knowledge-centric operations, OpenText’s strategy reflects a bold vision for the future of IT, one where automation and AI work hand in hand to deliver resilience and measurable business outcomes.
Blog
SAFE Acquires Balbix
Cyber risk quantification (CRQ) vendor SAFE announced that it acquired unified vulnerability management vendor Balbix. The acquisition helps SAFE grow its proactive security platform. Proactive security platforms support all three principles of proactive security: visibility, prioritization, and remediation. Balbix ingests data from other vulnerability sources for visibility, prioritizes high-risk vulnerability and misconfigurations, and helps orchestrate […]
Blog
Proactive Security Platforms Will Cumulate Visibility, Prioritization, And Remediation
Last year, we released our inaugural Forrester Wave™ on attack surface management (ASM) solutions. The ASM Wave primarily focused on visibility — the first of the three principles of proactive security. ASM’s visibility is achieved through external asset discovery and ingestion of third-party information regarding asset attributes, and both features are becoming increasingly commoditized. Yet the ubiquity of […]
Now On Demand: 2026 Tech And Security Predictions
Missed it live? Watch our on-demand webinar to explore our 2026 predictions. Learn what tech and security leaders must do to lead with trust and value.
Blog
Remove Ambiguity: Measure Human Risk Management Metrics That Matter
Our latest research — Five Steps To Better Human Risk Management Metrics and The Essential List Of Human Risk Management Metrics — provides security leaders the clarity they need to measure what truly matters. I see this not as just another comprehensive metrics framework (though it is that!) — I also see it as a foundation for turning human risk management from a conversation into a movement.
Blog
AWS Outage, Nexperia Seizure, And The EU’s Cloud Sovereignty Framework: The Battle For Digital Sovereignty Is On!
In times of calm, but especially in times of chaos, risk management strategies and their execution must be dictated by context and control. Prioritizing key risks and crafting appropriate responses is essential to keeping the business going.
Blog
From Veto To Victory: California’s New AI Act Revives The National (And International) Conversation On AI Regulations
At its core, California’s new AI law requires safety protocols, best practices, and key compliance policies, but it stops short of prescribing risk frameworks and imposing legal liabilities. Here’s a closer look at what’s in SB 53.
Blog
Fix Your GRC Blind Spots: Risk Lessons From The Louvre
The Louvre heist is a mirror for today’s governance, risk, and compliance gaps. Recognizing these blind spots can transform your enterprise risk efforts from decorative to defensive art. Find out how.
Blog
Risk Consulting Firms Are Getting Shaken, Not Stirred, By AI
Chief risk officers (CROs) are navigating a risk landscape that’s more volatile, fragmented, and tech-driven than ever. Yet many CROs still rely on advice from risk consulting services providers that are stuck in the audit compliance cottage industry of yesteryear, gently stirring into action. Learn how to select the right risk consulting provider for your organization in this preview of a new report.
Blog
Forrester’s AEGIS Framework: The New Standard For AI Governance
AEGIS is not just another acronym — it’s now a fully cross-referenced, regulation-aware blueprint for building trust in AI systems.
Blog
Announcing Forrester’s 2025 Security & Risk Enterprise Leadership Award Winners
Learn more about the two enterprise security programs that won this year’s Security & Risk Enterprise Leadership Award.
Blog
Declaring Zero Trust Without Testing Is A Lie
Zero Trust without real-world testing is a false sense of security. Learn how MITRE ATT&CK-driven adversarial trials turn Zero Trust from theory into proof.
More posts