Home > Who We Serve > Security & Risk

Forrester For Security & Risk

Rising attacks, shrinking budgets, and growing accountability leave no room for guesswork. Cut through uncertainty and focus on the security moves that protect the business and prove value.

Jump to:

Challenges You Face

Security and risk leaders are making high‑stakes decisions with limited margin for error. That pressure shows up in a few critical ways:

  • Keeping the security roadmap current as business priorities, technology, and threats rapidly change
  • Evaluating new and emerging technologies — including AI — without adding risk or complexity
  • Managing constrained budgets and vendors while proving that security investments deliver value
  • Guiding the business with confidence, balancing speed, protection, and enablement
  • Building and sustaining capable teams amid talent shortages and burnout

Want The Latest Forrester News?

Sign up for our Insights At Work Newsletter and get exclusive updates delivered directly to your inbox.

Thanks for signing up.

Stay tuned for updates from the Forrester blogs.

This image introduces Forrester’s Agentic AI Guardrails For Information Security (AEGIS) Framework, a model for securing AI agents and agentic architectures. AEGIS extends Zero Trust with six security domains, guided by least agency, continuous risk management, and explainable outcomes, helping security and risk leaders enable AI adoption with confidence, control, and accountability.

Questions We Answer

What are the major trends and challenges affecting security and risk leaders?

For many CISOs and CIOs, the pressure to deliver real, measurable results from secure Al initiatives has intensified significantly. At the same time, geopolitical pressures and security risks continue to command attention, pushing security and risk leaders to focus on outcomes that align to business goals and build trust across the business.

In 2026, tech and security leaders will be called upon to recalibrate investments under tighter financial scrutiny and governance, navigating increasingly complex geopolitical and economic risks. Learn more in our guide: 2026 Predictions for Technology and Security.

How do I ensure my organization implements AI responsibly?

Security leaders must proactively embed security and risk mitigation throughout the entire AI agent lifecycle, from initial design to continuous operation, using comprehensive threat modeling and robust governance frameworks. Organizations also need to extend software supply chain security to their broader AI ecosystem, thoroughly vetting third-party components, implementing software and AI bills of materials, and maintaining human-in-the-loop oversight.

To safeguard AI integrity, enterprises should develop dynamic risk management approaches that use continuous monitoring, context-aware policy-as-code, and automated compliance controls to detect and mitigate emerging AI-related risks. From our industry leading Zero Trust and AEGIS frameworks, Forrester is on your side and by your side as you navigate the changing AI landscape.

How do I ensure my organization is compliant with evolving regulations?

New AI governance frameworks continue to barrage tech and security leaders, but security leaders don’t need another framework. They need a sequencing plan. AEGIS gives you one.

Forrester’s AEGIS regulatory cross walk is a fully cross-referenced, regulation-aware blueprint for building trust in AI systems. If you’re a CISO, CIO, or CTO — or you report to one — AEGIS is a pathway to AI agent and agentic trust. You’ll start with the controls that anchor trust, then layer in nuance and regional specificity. Learn more about AEGIS.

Forrester Decisions for Security and Risk

Bold Solutions To Drive Better Outcomes

Forrester guides security and risk leaders to anticipate threats, safeguard business growth and reputation, and build lasting trust with customers and employees.

Key Priorities

As a security and risk leader, you’re under constant pressure to anticipate emerging threats and protect business growth strategies, customers and employees, and company reputation. Forrester Decisions for Security & Risk Leaders is tailored to help you deliver on your most pressing priorities:

  • Proactively manage enterprise risk and sustain compliance.
  • Lead a high-performing security organization and culture.
  • Defend against cyberattacks and emerging threats.
  • Manage identity and access for humans and machines.
  • Establish an effective privacy and data protection program.
  • Secure products through their lifecycle.
  • Secure and manage the risks of emerging technologies.

What’s Included In This Service

Forrester Decisions services are uniquely built to give you strategic insights for your role as a business leader in your organization and help you deliver on your functional role as a division or department leader. Here’s what’s inside:

Shape strategy, guide transformational change, and stay ahead of the curve with leading research and insights.

Empower your team to conquer your priorities with proven strategic models and plug-and-play templates.

Accelerate progress and de-risk decisions with expert advice and hands-on support tailored to you and your team.

  • Guidance sessions
  • Peer discussions
  • Event attendance
  • Client webinars
  • Dedicated relationship management

Support for CISOs and Their Teams

Forrester Decisions for Security & Risk offers multiple levels of service to ensure the right expertise and degree of support for you and your team. All service levels offer access to research, tools, data, and certification courses.

VIP Leader

Leverage support from a trusted partner and former executive who understands your challenges and supports your strategic agenda every step of the way.

Availability may vary by geographic region.

Leader 

Procure deep expertise across your functional discipline through expert-led guidance sessions that help you apply unique research, tools, and data to your specific needs.

Team 

Develop a common language and toolset to strengthen your team’s expertise and skill sets with access to relevant certification courses and insights.

AI Access

Equip everyone in your organization to get trusted advice fast through AI in a flexible self-service model.

Learn More About Forrester Decisions

What Our Clients Are Saying

City Of Pittsburgh

City Of Pittsburgh Cuts Cybersecurity Insurance Premiums With Forrester’s Help

Watch the City Of Pittsburgh’s CISO describe how she worked with Forrester to reduce the city’s cybersecurity insurance premiums and cut its deductible in half.

Learn More
Oracle

How Oracle And Forrester Tackled DORA Compliance Together

Learn how Forrester helped Northern Trust identify the security architecture models that aligned to its goals.

Learn More
Northern Trust

Forrester Helps Northern Trust Upgrade Its Security Architectures

Learn how Forrester helped Northern Trust identify the security architecture models that aligned to its goals.

Learn More
Ahold Delhaize

How Ahold Delhaize Set Its Cybersecurity Metrics Strategy With Forrester’s Help

Hear how the partnership between Forrester and Ahold Delhaize’s cybersecurity team has helped the multinational grocery retailer define its key cybersecurity metrics.

Learn More

Upcoming Events For Security & Risk Leaders

Austin

Technology & Innovation Forum Central

See 2025 Highlights
New York City

Technology & Innovation Forum East

See 2025 Highlights
London

Technology & Innovation Forum EMEA

See 2025 Highlights
Washington, D.C.

Security & Risk Forum

See 2025 Highlights

Forrester Forum Singapore

Learn more

Forrester Forum Sydney

Learn more

Complimentary Webinars

Webinar

Predictions 2026 Webinar: Technology & Security

In 2026, technology and security leaders will be under pressure to deliver real, defensible value. Join us for a webinar to learn how trust, value, and evidence-based decisions will define your success.
Watch Now
Webinar

Predictions 2026 APAC Webinar: Technology & Security

Join us to discover Forrester’s top 2026 predictions for APAC tech and security. Learn how to build resilient strategies, balance innovation with sovereignty, and deliver measurable value in a region defined by complexity and momentum.
Watch Now
Webinar

2026 Budget Planning: Why CIOs And CISOs Must Be On The Same Page

Learn how CIOs and CISOs can align budgets and strategies to tackle cybersecurity threats, prioritize risks, and implement solutions for 2026 volatility.
Watch Now

Frequently Asked Questions

Who is Forrester Decisions for Security & Risk designed for?

It’s built for security and risk leaders responsible for anticipating emerging threats, sustaining compliance, managing security programs, and enabling business growth, as well as for teams focused on identity management, privacy programs, and securing emerging technologies.

Whether you’re a CISO, CIO, or application development leader, or if you work for one, Forrester Decisions for Security & Risk can help you drive better outcomes.

What topics and priorities does this service cover?

Our research spans all of the key priorities for CISOs and other security leaders, from managing enterprise risk and defending against cyber threats to leading high‑performing security teams and implementing privacy and data‑ protection programs.

It also includes guidance on securing AI, navigating emerging technologies, and other enterprise-wide priorities.

What resources are included in this service?

Forrester clients gain access to leading research, cutting-edge data, planning guides, templates, forecasts and predictions, technology evaluations, and analyst guidance to help de-risk decisions. Clients also receive access to Forrester AI, our generative AI tool, to accelerate success with answers from trusted Forrester research.

These resources are designed to both shape long‑term strategies and support day‑to‑day functional decisions.

How does Forrester Decisions help organizations stay ahead of threats?

Forrester Decisions provides insights into emerging threat landscapes and equips leaders with tools to proactively protect their organizations. Our leading insights and data support continuous risk management and enable organizations to make informed, data‑driven security decisions, while our frameworks and templates support teams as they work to implement best practices.

From our industry leading Zero Trust and AEGIS frameworks to our signature research for security and tech professionals, Forrester is on your side and by your side as you navigate the changing cyber security landscape.

Meet A Few Of Our Security & Risk Analysts

Allie Mellen

Principal Analyst

Heidi Shey

Principal Analyst

Jinan Budge

VP, Research Director

Jeff Pollard

VP, Principal Analyst

Build A Security Org For The Future

Download our guide to help CISOs prove business value, win budget, and reduce burnout. Use our actionable framework to align security with enterprise goals, justify funding, and lead a high-performing team.

Get The Guide

Insights

Blog

Regulators Are Moving On SBOMs — But Is Your Compliance Program Keeping Pace?

Janet Worthington 2 days ago
Software bill of materials (SBOM) requirements are advancing rapidly, and the time for “wait and see” is quickly running out. The global regulatory landscape for software supply chain security is shifting from recommendations to mandates, yet many organizations remain unprepared. What you do now will determine whether your company is ready or left behind as […]
Read More
Blog

2026 Really Is This Risky: Our Top Recommendations For CISOs

Jess Burn 2 days ago
Security leaders entered 2026 with little expectation that uncertainty will ease … ever. Economic pressure, geopolitical instability, accelerating artificial intelligence adoption, and renewed technology consolidation have turned volatility into a structural condition rather than a temporary disruption. This is life now, and CISOs are being asked to move faster, support aggressive AI initiatives, and protect […]
Read More

New For 2026! Security Budget Planning Guide + Workbook

Prepare your 2026 security budget for critical risks. Get our budget planning guide and workbook to assess, prioritize, and implement investments for fortified security in uncertain times.

Download Now
Blog

When Fixing Security Vulnerabilities Breaks Your Customer Email Program

Shar VanBoskirk 5 days ago
In January 2026, Salesforce changed how its Marketing Cloud Engagement platform encrypts tracked email links. The fix addressed a vulnerability that could have exposed CloudPages content, such as landing pages, microsites, forms, subscriber data from preference and unsubscribe centers, and email content via web view links. But the fix created a new problem: All tracked […]
Read More
Blog

What We’re Looking Forward To At The RSAC 2026 Conference

Joseph Blankenship February 25, 2026
The annual RSAC Conference in San Francisco is the cybersecurity industry’s biggest event of the year. For the analysts attending, RSAC Conference week provides an opportunity to learn about cybersecurity trends and topics, meet with vendors and clients, and share our insights and observations. It’s also an excellent opportunity to meet our daily step goals […]
Read More
Discover More Insights For Security & Risk Leaders

Talk To Us

Get in touch to learn how Forrester can help with your security & risk challenges.

Become A Client