Forrester Research Highlights Persistent Breach Risks Despite Rising Security Budgets
New findings from Forrester reveal that while organizations are increasing investments in security and privacy programs, breach frequency remains stubbornly high. Over the past 12 months, two-thirds of enterprises reported at least one breach, with 67% of security decision-makers confirming sensitive data was compromised despite expanded defenses.
The research identifies several key challenges driving this disconnect. External attacks, insider incidents, and supply-chain vulnerabilities continue to dominate breach causes, while rapid AI adoption introduces new risks. Nearly 30% of respondents prioritize improving AI governance, and 28% are developing frameworks to assess privacy risks from generative AI systems. However, security and privacy teams often lag behind deployment, creating gaps in oversight as AI-driven automation and data flows expand without consistent controls.
Detection and response remain critical focus areas, with 31% of security leaders naming it a top priority. Identity and access management (IAM) also sees growing investment, with employee IAM rising from 22% to 25% year-over-year and customer IAM increasing from 21% to 24%. Yet operational hurdles such as visibility gaps, alert fatigue, and tool complexity limit the effectiveness of these efforts.
Executive engagement in security and privacy is improving but remains uneven. Over a third of enterprises now include their Chief Privacy Officer at the executive table, with 22% reporting directly to the CEO and 17% to the board. Meanwhile, 31% of CISOs report to the CEO or president, and 10% directly to the board. However, only 15% of organizations prioritize formal board-level communication on security risks, leaving many with oversight structures but limited strategic discussion.
Cloud complexity further complicates security operations. With 63% of public cloud decision-makers planning to increase their number of providers, organizations face fragmented policy frameworks, identity architectures, and monitoring tools. Despite this, only 19% prioritize consolidating their security technology stack, suggesting most will continue integrating more tools rather than streamlining them.
Forrester’s findings paint a picture of rising ambition in security and privacy, offset by persistent execution challenges including legacy vulnerabilities, AI-related risks, and an expanding supplier footprint. As budgets grow and leadership visibility improves, breaches remain a near-certainty for many enterprises.
Source: https://securitybrief.asia/story/ai-adoption-drives-security-spend-but-breaches-persist
Forrester cybersecurity rating report: https://www.rankiteo.com/company/forrester-research
"id": "FOR1772677952",
"linkid": "forrester-research",
"type": "Breach",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'type': 'enterprise'}],
'data_breach': {'type_of_data_compromised': 'sensitive data'},
'description': 'New findings from Forrester reveal that while organizations '
'are increasing investments in security and privacy programs, '
'breach frequency remains stubbornly high. Over the past 12 '
'months, two-thirds of enterprises reported at least one '
'breach, with 67% of security decision-makers confirming '
'sensitive data was compromised despite expanded defenses.',
'impact': {'data_compromised': 'sensitive data'},
'lessons_learned': 'External attacks, insider incidents, and supply-chain '
'vulnerabilities continue to dominate breach causes. Rapid '
'AI adoption introduces new risks, and security/privacy '
'teams often lag behind deployment. Detection and response '
'remain critical, but visibility gaps, alert fatigue, and '
'tool complexity limit effectiveness. Cloud complexity and '
'fragmented policy frameworks further complicate security '
'operations.',
'post_incident_analysis': {'root_causes': ['external attacks',
'insider incidents',
'supply-chain vulnerabilities',
'rapid AI adoption without '
'consistent controls',
'visibility gaps',
'alert fatigue',
'tool complexity',
'cloud complexity',
'fragmented policy frameworks']},
'recommendations': ['Improve AI governance',
'Develop frameworks to assess privacy risks from '
'generative AI systems',
'Prioritize detection and response',
'Invest in identity and access management (IAM)',
'Enhance executive engagement in security and privacy',
'Formalize board-level communication on security risks',
'Consolidate security technology stack'],
'references': [{'source': 'Forrester Research'}],
'response': {'enhanced_monitoring': 'prioritized by 31% of security leaders'},
'title': 'Forrester Research Highlights Persistent Breach Risks Despite '
'Rising Security Budgets',
'type': ['data_breach',
'external_attack',
'insider_incident',
'supply_chain_vulnerability']}