Security management
Insights
Blog
Global Tariffs: Dynamic Risk Management Meets Its Moment
The recent introduction of US-imposed tariffs has shaken global trade. While economists and financial analysts debate whether this on-again/off-again trade war fits into their model for geopolitical, economic, or supply chain risks, the result is the same: uncertainty and chaos sure to shake up business strategy for the foreseeable future. This new era of volatility […]
Blog
Don’t Call It A Comeback: Stay Ready For Ransomware
So far, 2025 is filled with … distractions for security leaders. Between scrambling to secure their organizations’ AI initiatives, staying on top of critical vulnerabilities (and the organizations delivering the CVE process), perpetually communicating and training to guard against human element breaches, and navigating yet another period of uncertainty and volatility, it’s tempting to take […]
Showcase Your Security & Risk Innovation With A Forrester Award
Get recognized for excellence in security, privacy, and risk innovation. Apply for a Forrester Security & Risk Enterprise Leadership Award to celebrate your success in creating resilient operations. Apply by July 23, 2025.
Blog
MITRE-geddon Averted, But Fragility In CVE Processes Remains
This week, we saw the CVE process, as we know it, come hours from the brink of collapse when a memo started circulating on LinkedIn that DHS would cut funding to MITRE’s CVE cataloging on April 16. MITRE’s role in the CVE process is the crucial first step in assigning IDs to vulnerabilities so that practitioners, vendors, researchers, and governments across the globe can consistently reference the same vulnerability. The process also allows for responsible disclosures and accountability for vulnerabilities to software companies.
Blog
OpenAI Requires Identity Verification For Access To Its Latest Models
OpenAI announced that it will require organizations to complete an identity verification (IDV) process to verify their organization’s identity before being allowed to access the latest OpenAI models. Identity verification will likely require developers to digitally verify themselves using government-issued photo ID from permitted countries and prove their affiliation with their organization. Forrester expects that […]
Blog
Government Leaders: Prioritize Cyber Efficiency Amid Federal Volatility
Government agencies at the federal, state, and local levels must prepare for a future where they experience uncertainty, headcount reductions, contract cancellations, and budget cuts. This is gut-wrenchingly difficult to process, yet remaining leaders must figure out how to move forward to serve the mission. For public sector cybersecurity leaders, this is even more paramount. […]
Blog
Forrester’s Top Threats For 2025
2025 started with a bang! Technology and geopolitics are changing so fast that many can’t keep track of the latest trends, with an announcement of new, benchmark-shattering genAI-related tech seemingly every week.
Blog
Announcing Forrester’s Security & Risk Enterprise Leadership Award
Forrester is delighted to announce the opening call for our annual Security & Risk Enterprise Leadership Award. This award recognizes organizations that have transformed their security, privacy, and risk management functions into capabilities that fuel the organization’s reputation for trust and its long-term success.
Blog
The Tech Exec’s Guide To Decoding Cybersecurity Vendor Performance
Forrester analyzed the earnings calls of the 10 largest cybersecurity vendors by market cap and identified key trends for technology executives.
Blog
New Year, New Us: Introducing Forrester’s International Security & Risk Team Research
Dive into our backgrounds, existing research, and capabilities. As a team, we cover a multitude of security and risk priorities. We are also geographically distributed; no one else is as uniquely positioned to add this level of global perspective to our research and our clients.
Blog
Generative AI Innovation In Security Tools Is Finally Getting Interesting
The core themes of The-C2 conference in London were artificial intelligence, supply chain security, and cyber hygiene. Get a closer look at how these themes may impact security professionals in this recap.
Blog
Address The Whole Person To Impact Insider Risk
One of the main themes from the recent Insider Summit was that insider risk is very much a human problem, not a technology problem. Find out more in this review of the event.
Blog
Breaches And Lawsuits And Fines, Oh My! What We Learned, The Hard Way, From 2024
With the average cost of a data breach at $2.7 million and 33% of enterprises reporting being breached three or more times over the past 12 months, understanding and learning from past incidents is not just beneficial — it’s essential.
Blog
Google To Acquire CNAPP Specialist Unicorn Wiz For $32 Billion
Learn what the largest-ever acquisition in cybersecurity means both for Google and the CNAPP space.
Blog
The Akira IoT Device Attacks Aren’t Just About THAT Device
Securing IoT devices presents unique challenges due to their proprietary operating systems and firmware, which often preclude traditional endpoint protection methods. This blog explores the critical role of network segmentation and Zero Trust principles in mitigating risks, emphasizing the importance of robust edge, network, and gateway security measures to defend against sophisticated attacks such as the Androxgh0st botnet and Akira ransomware.
Blog
Top Recommendations For CISOs In 2025: Deal With Uncertainty … Again
The security landscape continues to evolve, as does global uncertainty, leaving CISOs preparing for turbulence ahead.
Blog
The Brewing Battle For Digital Online Age Verification
With online identity verification well understood and maturing, the next brewing verification battle is around age verification, a subset of identity verification.
Blog
Another Cautionary Tale Of The Perils Of Using Password Managers
Last week, password wallet vendor LastPass experienced an outage. All LastPass systems and services have since been restored and are up and running. It is worth noting that this is not the first incident involving password wallet products. Past incidents include: LastPass had an outage in 2024. PasswordState had a malicious DLL cause a breach […]
Blog
Quantum Security Isn’t Hype — Every Security Leader Needs It
The commercial availability of quantum computers that can compromise traditional asymmetric cryptography is still five to 10 years away. But security and risk (S&R) professionals must assess and prepare for the impact of quantum security now.
Blog
How I Apply Third-Party Lab Results In My Security Operations Research
Last week, I attended the AV-Comparatives conference in Innsbruck, Austria. This conference brought together many cybersecurity vendors, particularly those with a European focus, as well as a few nonprofits, academic institutions, and analyst firms.
Blog
Detect, Defend, Deny: Zero Trust World 2025
Cybersecurity vendor ThreatLocker recently hosted its fifth annual Zero Trust World (ZTW) conference in Orlando, welcoming attendees from 28 countries to learn about Zero Trust principles and ThreatLocker offerings. Over two days, the event celebrated Zero Trust as a cybersecurity model and the ThreatLocker approach for achieving Zero Trust. Industry leaders, managed service providers, security […]
More posts