security risk management

With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.

Discover how Forrester supports IT leaders.

Insights

Blog

Announcing Forrester’s New Research On Attack Surface Management

Jess Burn January 12, 2022
As I watched the December 2021 Log4j situation unfold (and it continues … ), the importance of IT asset visibility couldn’t have been clearer. So many security and IT teams struggle to maintain much-needed visibility into an increasingly complex and distributed IT environment because so much of an organization’s estate is unknown or undiscovered due […]
Blog

Log4j, Open Source Maintenance, And Why SBOMs Are Critical Now

Sandy Carielli December 15, 2021
Beyond the immediate response issues, the Log4j vulnerability poses longer-term risk management and community considerations.

US Public Sector Predictions 2022

Discover how the President's Management Agenda will shape agencies' priorities in 2022.

Blog

Divide And Conquer: Rapid Response To The Apache Log4j Vulnerability

Allie Mellen December 13, 2021
It’s been … a weekend for security pros. The Apache Log4j vulnerability (CVE-2021-44228) affects somewhere between 0 and 3 billion-plus of the devices currently running Java. Luckily, a metric ton of amazing advice exists on #InfoSecTwitter right now. It’s a lot to consume at once, which is why we‘ve put together three parallel workstreams you […]
Blog

The Cybersecurity Incident Response Market Abounds With Choice — But Please Choose Before You’re Hit!

Jess Burn December 6, 2021
Last week, we released the Forrester Now Tech: Cybersecurity Incident Response Services, Q4 2021. This research provides a comprehensive overview of the service provider landscape. In the report, we define and describe the vendor segments and then classify each of the 36 vendors into the appropriate segment based on functionality. We also provide information on key industries the vendors support and any reference customers they […]
Blog

As Bad Bots Level Up, Use Bot Management To Stay One Step Ahead

Sandy Carielli November 29, 2021
In my new report, Now Tech: Bot Management, Q4 2021, I discuss the ongoing scourge of bad bots and define the vendor landscape for bot management solutions. I chatted with my research associate, Isabelle Raposo, about this report over the course of the research process. This is the first time we’ve worked on a report […]
Blog

Announcing The First Forrester Wave™ Evaluation Covering Enterprise Fraud Management Solutions In Asia Pacific

Meng Liu November 18, 2021
Following up the previously published Now Tech report, I’m excited to announce that The Forrester Wave™: Enterprise Fraud Management In Asia Pacific, Q4 2021 is now live. Forrester defines enterprise fraud management (EFM) as “a solution that integrates data from multiple payment and non-payment transaction processing systems, online portals, and threat information sources and provides transaction monitoring, risk […]
Blog

Forrester Security & Risk Forum 2021: Be Part Of Our World

Steve Turner November 9, 2021
Maybe it’s the amazing talks coming up today and tomorrow at the Forrester Security & Risk (S&R) Forum or maybe I’ve watched “The Little Mermaid” with the family one time too many — either way, I was inspired to write a little ditty about the forum, sung to the tune of “Part of Your World.” […]

Predictions 2022 Live

Chart a bold path to success in 2022. Hear our predictions for the year ahead.

Blog

S&R Forum 2021: Passwordless Authentication Adoption Is Gaining Momentum

Sean Ryan November 8, 2021
Passwordless authentication, in the form of inherence factors (e.g., fingerprint, facial) or in the form of possession factors (e.g., device, app, token/certificate) and supplemented by other factors (e.g., location, user behavior), is an emerging authentication technology that will protect organizations from brute force attacks, credential stuffing, phishing, and social engineering tactics. If carefully selected and […]
Blog

S&R Forum 2021 Preview: What It Means To Go To Market On Trust

Jess Burn November 5, 2021
Forrester’s Security & Risk Forum is just days away, and I am really looking forward to it. The theme for this year’s event is “Grow Trust. Drive Business.” We chose this theme for good reason — we believe companies that earn and retain trust among customers, employees, and partners drive revenue-generating loyalty behaviors like retention […]
Blog

Forrester’s Security & Risk 2021 Preview: Secure What You Sell Goes Mainstream

Sandy Carielli November 4, 2021
Before I joined Forrester, my colleagues Jeff Pollard and Amy DeMartine initiated our product security research, leading to our first report on the topic, Secure What You Sell: CISOs Must Tackle Product Security To Protect Customers. In those bygone days of 2018 and 2019, we identified that: Forrester was the first to market with this […]
Blog

The Days When SA&T Operated Solely To Train People About Security Are Vanishing

Jinan Budge November 1, 2021
I’ve been living and breathing the security awareness and training (SA&T) market since joining Forrester 3.5 years ago, working closely with most vendors in this market, as well as our clients. I have seen a significant elevation in the conversation and client expectations, with vendors rushing to innovate and disrupt to meet these new expectations. […]
Video

Predictions 2022: Continued Uncertainty Forces Attention On Securing Relationships

Jeff Pollard October 28, 2021

European Predictions 2022

Visit our resource hub to discover the key trends impacting European businesses in 2022.

Blog

US Consumer Pandemic Recovery Outlook, August 2021: Ongoing Uncertainties Caution Consumers

Anjali Lai October 14, 2021
In the wake of chronic caution fatigue, US consumers are looking to their most trusted brands to provide a sense of stability and reliability.
Blog

Employee Vaccination Mandates: Indecision Is The Riskiest Decision Of All

Alla Valente October 14, 2021
It can be the carrot or the stick, but the key to a successful vaccination incentive is to make a definitive decision.
Blog

Halloween Comes Early For Syniverse, FB, And Twitch — What We Can Learn From Their Spooky Outages Plus Breaches

Jeff Pollard October 7, 2021
As renowned ghost hunter and solver of mysteries Scooby-Doo would say, “Ruh roh, Raggy!” It looks like more than ghosts are wreaking havoc on haunted networks. We’re less than a full week into October, and Cybersecurity Awareness Month isn’t quite taking shape the way we expected. Ostensibly, orgs decided to pivot and use this time […]
Blog

The Application Security Market Will Grow To $12.9 Billion By 2025

Sandy Carielli September 23, 2021
Application security budgets are on the rise. Find out which sectors of the market will see the most dramatic investment and why.
Blog

Promoting Responsibility, Compliance, And Good Judgment Without Fear, Shame, Or Acrimony

Jinan Budge September 22, 2021
Security programs founded in fear will reduce employee engagement and stifle creativity. Learn how to nurture positive behavior and foster a more positive security culture.

See the future and gain a competitive advantage for 2022

Discover 12 trends our research reveals will matter most next year. Download our Predictions 2022 Guide.

Blog

Stormy Times For Cloud Compliance?

Lee Sustar September 20, 2021
Find out why enterprise risk management (ERM) professionals are taking a hard look at compliance in the cloud.
Podcast

A CISO’s Guide To Employee Empowerment

What It Means September 16, 2021
What’s the most important thing a security leader can do to empower their direct reports? Delegate. Learn how to do it effectively from VP, Principal Analyst Jeff Pollard in this week’s episode.
Blog

Security Leaders: It’s Time To Facilitate Employee Productivity, Not Hinder It

Andrew Hewitt September 13, 2021
As new generations enter the workforce, your security strategy needs to meet their needs as well. Get tips on how to strike the right balance in this blog post.
More posts