Forrester Research

Forrester Research operates as a market research and advisory firm headquartered in the United States. The organization's core business involves producing proprietary research reports, analysis, and insights that are sold and provided to its client base, which primarily consists of businesses and organizations seeking guidance on market trends, technology, and strategic planning. Its services are positioned within the broader advisory and consulting sector, where it serves as a source for data-driven assessments and forecasts intended to inform corporate decision-making. The firm's output constitutes its primary intellectual property, encompassing detailed market analysis and client-specific product insights that are valuable assets for its customers. This model relies on controlling access to its research while distributing it to paying clients, creating a fundamental operational dynamic between content dissemination and security.

The company's security posture and practices were notably tested in a confirmed incident on October 5, 2017. During this breach, attackers compromised elements of Forrester's website infrastructure and subsequently used stolen valid user credentials to access and exfiltrate proprietary research reports. The firm's public acknowledgment clarified that the incident did not result in the exposure of confidential client data, financial information, or employee records. However, the theft of its own intellectual property—the market analysis and client product insights—represented a significant economic loss and posed risks of that information entering illicit markets or being used by competitors. Forrester explicitly linked this event to an ongoing industry-wide challenge, noting the inherent tension between providing clients with accessible research and implementing stringent security measures. The firm stated it was continuously evaluating and evolving its cybersecurity practices to address such threats, framing the breach as a catalyst for reinforcing its defensive strategies against increasingly sophisticated attacks targeting advisory and research entities.