security risk management

With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.

Discover how Forrester supports IT leaders.

Insights

Blog

The Application Security Market Will Grow To $12.9 Billion By 2025

Sandy Carielli 4 hours ago
Earlier this year, when I published The State Of Application Security, 2021, I highlighted how organizations were prioritizing application security and aggressively adopting a range of tools to support their efforts. With firms continuing to build and enhance applications, and with developers embracing new ways of building applications that improve speed to market and enrich […]
Read More
Blog

Promoting Responsibility, Compliance, And Good Judgment Without Fear, Shame, Or Acrimony

Jinan Budge 1 day ago
I’m very excited to announce my latest research, “Best Practices: Successfully Influencing Employee Cybersecurity Behavior” — Forrester clients can access it here. Excited may not be the right word exactly, as this report was born out of the disappointment I started feeling when hearing of security leaders and teams implementing disciplinary sanctions for employees who […]
Read More

Technology & Innovation APAC, October 19–20, 2021

Join our top analysts, industry thought leaders and hundreds of your peers to explore how creativity can help you drive competitive advantage in an era of rising digital sameness.

Blog

Stormy Times For Cloud Compliance?

Lee Sustar 3 days ago
Find out why enterprise risk management (ERM) professionals are taking a hard look at compliance in the cloud.
Read More
Podcast

A CISO’s Guide To Employee Empowerment

What It Means September 16, 2021
What’s the most important thing a security leader can do to empower their direct reports? Delegate. Learn how to do it effectively from VP, Principal Analyst Jeff Pollard in this week’s episode.
Listen Now
Blog

Security Leaders: It’s Time To Facilitate Employee Productivity, Not Hinder It

Andrew Hewitt September 13, 2021
As new generations enter the workforce, your security strategy needs to meet their needs as well. Get tips on how to strike the right balance in this blog post.
Read More
Blog

CISOs And The Trust Imperative

Jeff Pollard September 10, 2021
There is no executive role that better aligns with the trust imperative than the CISO. Find out why and how it may impact your organization directly.
Read More
Blog

SCA Vendors Are Leading The Way On Diversity, Equity, And Inclusion

Sandy Carielli August 31, 2021
It’s no secret that the security industry has a DEI problem. Yes, I just linked to six different articles or social media posts supporting that point, and I’ve barely scratched the surface. My colleagues, Jinan Budge, Jess Burn, Allie Mellen, and Alla Valente, authored a blog about gender bias in the security industry last month, […]
Read More

Security & Risk

Learn how to leverage trust to win, grow, and retain customers at our Security & Risk event Nov. 9–10.

Blog

European Organizations Struggle To Attain Diversity In Their CISO Leadership Roles

Paul McKay August 26, 2021
Written with Zaklina Ber, senior research associate, Forrester Forrester analyzed the career backgrounds of 168 chief information security officers (CISOs) with public profiles who are working for major organizations in Europe with listings in the highest stock market indexes in the UK (FTSE 100), France (CAC 40), Germany (DAX 30), Italy (FTSE MIB), Spain (IBEX […]
Read More
Podcast

The Rising Cost Of Ransomware

What It Means August 19, 2021
What’s driving the increase in ransomware attacks, and what can security leaders do to protect their organizations? Analysts Allie Mellen and Steve Turner provide insight in this episode.
Listen Now
Blog

Software Composition Analysis Is A Core Tool To Protect Your Software Supply Chain

Sandy Carielli August 18, 2021
Over the past year, breaches such as SolarWinds and Kaseya have woken us up to the realities of software supply chain risk. Whether through infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of existing vulnerabilities in open source components, attackers are leveraging gaps in supply chain controls to […]
Read More
Blog

Zero Trust For Healthcare Orgs Is Just What The Doctor Ordered

Christopher Sherman July 29, 2021
Healthcare data is low-hanging fruit for hackers. Learn how adopting a Zero Trust strategy can help keep your data safe.
Read More
Podcast

Causes And Cures For Toxic Culture In The Security Org

What It Means July 29, 2021
There’s a culture crisis in the IT security field that could be putting firms at risk. Learn about the causes and cures of a toxic security culture from Principal Analyst Jinan Budge in this episode of What It Means.
Listen Now
Blog

Using Our Tools Against Us: Adversaries Continue To Abuse Trust In The Supply Chain

Steve Turner July 13, 2021
Attackers continue to abuse trust in unique and creative ways. Have you talked with your partners about security yet? Get three tips on how to do that effectively.
Read More
Blog

COVID-19 Drives Delivery Model Transformation And A Sustainability Revolution In The Security Consulting Space

Paul McKay July 1, 2021
“The Forrester Wave™: European Cybersecurity Consulting Providers, Q3 2021,” launched today. Fifteen firms are featured in this report, representing a cross section of large international security consulting providers and more regionally based security pure plays. The European security consultancy market has seen a large transformation in the past 16 months in how it delivers value […]
Read More
Blog

When It Comes To Incident Response, Is Your Cyber Insurance Carrier On Your Side?

Jess Burn June 30, 2021
You know, I really feel for security leaders and professionals. After a year of pandemic-related disruption and an uptick in ransomware and serious cyberattacks of all kinds — just as they’re firming up their policies and strategies to secure hybrid work for the foreseeable future — they get hit with an all-out assault of ransomware […]
Read More
Blog

Zero Trust Doesn’t Mean Zero Breaches

David Holmes June 29, 2021
We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]
Read More
Blog

Forrester’s List Of Ransomware Resources

Jeff Pollard June 24, 2021
With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks. The links below are a mixture of Forrester’s own research and third-party links. […]
Read More
Podcast

Trust Is Up For Grabs — What’s Your Plan?

What It Means June 24, 2021
Through a confluence of crises, public trust is shifting across the globe. In this episode, Senior Analysts Anjali Lai and Enza Iannopollo discuss the impact of those shifts and the importance of developing a trust strategy in your organization.
Listen Now
Blog

Debunking Infosec Purity And Other Security Myths In The Wake Of Recent Attacks

Sandy Carielli May 21, 2021
Earlier this week, an op-ed published on The Hill sent information security (infosec) Twitter into a tizzy by blaming cybersecurity industry best practices for recent high-profile security breaches. For the security team at Forrester, the op-ed furthered a number of security myths that we felt compelled to bust here. Myth #1: The Best Infosec Pros […]
Read More
Blog

Le Développement Durable : Nouvel Enjeu De La Transformation Des Entreprises

Thomas Husson May 20, 2021
La prochaine vague de transformation des entreprises sera celle du développement durable.
Read More
More posts