Heidi Shey
Principal Analyst
Author Insights
Blog
Global Tariffs: Dynamic Risk Management Meets Its Moment
The recent introduction of US-imposed tariffs has shaken global trade. While economists and financial analysts debate whether this on-again/off-again trade war fits into their model for geopolitical, economic, or supply chain risks, the result is the same: uncertainty and chaos sure to shake up business strategy for the foreseeable future. This new era of volatility […]
Blog
RSAC 2025 Early Stage Expo Preview: AppSec, IAM, GenAI, SecOps, And More
As we put together our game plan for what to see at RSA Conference 2025, we wanted to scope out innovation, identify which vendor booths will be a must-see, and (at least for one of us) minimize the number of steps to take around the Moscone Center.
Blog
Breaches And Lawsuits And Fines, Oh My! What We Learned, The Hard Way, From 2024
With the average cost of a data breach at $2.7 million and 33% of enterprises reporting being breached three or more times over the past 12 months, understanding and learning from past incidents is not just beneficial — it’s essential.
Blog
Quantum Security Isn’t Hype — Every Security Leader Needs It
The commercial availability of quantum computers that can compromise traditional asymmetric cryptography is still five to 10 years away. But security and risk (S&R) professionals must assess and prepare for the impact of quantum security now.
Blog
Highlights And Implications Of Biden’s Executive Order On Strengthening And Promoting Innovation In The Nation’s Cybersecurity
Forrester's security and risk research team breaks down the key highlights and implications of former US President Joe Biden’s 2025 Executive Order (EO) 14144 on strengthening security, improving accountability for software and cloud service providers, and promoting innovation, including use of emerging technologies.
Blog
Data Security: The Time Is Now To Pioneer A New Strategy
Data security is both a high priority and struggle for many organizations. Find out why and get some next steps in this preview of our upcoming Security & Risk Summit, December 9–11 in Baltimore.
Blog
Don’t Wait For A Crisis To Act
CrowdStrike's recent global incident underscores businesses' need to have robust crisis communication plans in place before a crisis occurs.
Blog
Never “Too Small For Cybercriminals”: One Town’s Cautionary Tale
In a world of Scattered Spiders and Midnight Blizzards and UNC2452s, why is Arlington’s BEC important? Because it’s happening all the time to towns, municipalities, regional health systems, and small businesses lacking the resources to prepare for such an event.
Blog
What We Can Learn From 2023’s Most Notable Breaches
Cybersecurity breaches continued to rise in 2023. Learn the eight most common incident types and get four key takeaways from our new report.
Blog
The State Of Cybersecurity Innovation: RSA Conference 2024
RSAC gives security startups two structured opportunities to distinguish themselves, and Forrester always finds it revealing to see which startups make the cut.
Blog
Forrester’s RSAC 2024 Themes, Takeaways, And Observations
More than 41,000 attendees, 600 exhibitors, and 425 sessions. Get some of the key themes and takeaways from the Forrester security & risk analysts who attended RSA Conference (RSAC) 2024.
Blog
Five Things You Should Know About Burnout In Cybersecurity But Probably Don’t
The cybersecurity industry continues to focus almost exclusively on technology at the expense of dealing with the heart of cyberdefenses: the people. Yet the stress of expectations, limited resources, and detriments to well-being continues to cause havoc with the mental and physical health, productivity, and retention of the cybersecurity workforce.
Blog
GenAI: GRC Enters Accelerator Era, And Not A Minute Too Soon!
Generative AI offers an opportunity for risk management to reinvent itself from the department of “no” to the discipline of “go.” Find out how in this blog post.
Blog
You Got Your Carbon Black In My Symantec! No, You Got Your Symantec In My Carbon Black!
What is Broadcom planning to do with VMware’s Carbon Black unit? Find out in this blog covering the plan to integrate Carbon Black with Broadcom's existing product lineup.
Blog
Breaking Down The US Executive Order To Protect Americans’ Sensitive Personal Data
Learn the key takeaways and market impacts from the Biden administration’s executive order to protect Americans’ sensitive personal data.
Blog
What To Know: A Retrospective Of 2023’s Top Breaches And Fines
After a retrospective review of the largest publicly reported breaches and privacy violations in 2023, here's what you need to know for 2024.
Blog
Prescription For Change: Cybersecurity Outage Highlights Critical Vulnerabilities In Healthcare
A recent cybersecurity incident at Change Healthcare cause the pharmacy claims processors to take its systems offline. Learn the implication of this event and five things firms can do to prepare.
Blog
Make Cyber Insurance Work For You
Learn why cyber insurance is a major opportunity in this preview of our upcoming Security & Risk Forum.
Blog
Prevent Data Turnovers With Insider Risk Management
Learn some valuable lessons about insider risk management from the New York Knicks and the Toronto Raptors. Really.
Blog
The State Of Data Security, 2023
Learn some of the key data security trends of the year including the causes of breaches, types of data being compromised, and post-breach effects and impact.
More posts