The Age of Convergence: can CISOs adapt?

18th annual e-Crime & Cybersecurity Congress
3rd & 4th March 2020 • London, UK


How digital transformation is merging cybersecurity, privacy, compliance and fraud


Digital transformation (DX) is upending companies' treatment of IT, security and information risk.

In the old model, IT is a toolset which provides necessary but non-profitable services. Data is almost just a waste product of this service provision, and cybersecurity is limited to the defence of specific pieces of technology or 'crown jewel data'.

As budgeting and seniority reflect, it's not viewed as a strategic imperative, nor is it seen as a major threat to the business. Traditional operational and business risks - such as Brexit, the US-China trade war, and incidents such as the Max 737 crashes - are all far higher up the priority list than data loss or a DDoS attack.

But that is starting to change. Post-DX, companies interact with their customers and supply chain digitally. It may even be the primary - or at least most profitable - way that they do so.

In this post-DX business, technology and data are no longer discrete tools useful to, but separate from, the business. They are the way the business delivers. Without them, there is no business.

At this point, cybersecurity is not just about a loss of data, and the consequences go beyond a blip in customer confidence, share price and reputation. It finally becomes the major business risk that CISOs and vendors have been warning of.

DX turns cybersecurity into a serious business risk. So what next?

In the post-DX business, old models of security, privacy, fraud and data integrity are untenable.

Cybersecurity has grown up as a piecemeal function, and primarily a technical one. It's often still treated as a matter of managing and monitoring an ever-more-complex stack of solutions, with maybe a SOC and some SecDevOps thrown in, and different solutions and procedures put in place to protect specific pieces of tech or data.

Intimately related activities such as fraud detection and prevention, data management, PCI DSS and data privacy are often still siloed away from each other and from security teams.

And from different sides of the spectrum, both the business and security teams have failed to understand - or explicitly rejected - the idea that cybersecurity is just another form of operational risk management, which must be prioritised, analysed and managed like other (often more business-critical) risks.

All of this has to change.

The end of cyber-exceptionalism, the start of cyber-transformation

First, cybersecurity must lose its exceptionalist mindset. Cyber threats are generally not existential. Losses are survivable and risk does not need to be reduced to zero.

Second, cybersecurity needs to be integrated into normal operational risk management and business continuity planning. It needs to operate according to standard risk management practices.

Third, cybersecurity must enable and secure the data centralisation, analytics and visibility required to deliver truly digital services.

And last but not least, in digital companies, cybersecurity must be integrated into the anti-fraud effort, where previously both organisation and corporate culture have often meant that these functions rarely collaborate.

In short, a new level of business orientation and rigour is needed to shape a new era of cybersecurity. And the effects on CISOs, their staff, and the entire function will be profound.


The 18th annual edition of the e-Crime and Cybersecurity Congress will address these and other key issues for its audience of senior information security stakeholders. Featuring strategic guidance, case studies, animated panel discussions and more from the real business leaders in the space, we'll be looking at where cybersecurity is going, and how CISOs can keep up.

View details of the 2019 event here

  • Adapting to the changing threatscape

    • Passive, static systems are increasingly vulnerable in a world of adaptive malware and attackers developing AI-based threats
    • Can global adaptive security architecture use predictive modelling and threat intelligence to combat this threat?
    • Is the ability to go on the offensive the future for cybersecurity solutions?

  • Defining data, dealing with data

    • In the digitalisation era, most companies' core problem is not security itself but data. What do they have? What is its value?
    • Can companies reduce risk by reducing their data footprint?
    • What are the most effective ways of discovering, aggregating, analysing and securing data?

  • Solving the problem of privileged access

    • Applying appropriate controls to privileged accounts should be a basic security requirement - it's a critical defence against a key attack vector
    • How do you ensure controls are implemented across on-premises, hybrid and cloud environments, without disrupting access for those who need it?
    • Developing a dynamic and risk-based approach to access

  • Next-generation threat and vulnerability management

    • How can security teams keep up with the threat landscape without being overwhelmed by the volume of information?
    • Trying to pursue a 'fix-everything' policy will disrupt the business and is not sustainable from a cost perspective
    • How do you isolate and remediate the most relevant risks?

  • Connecting security, fraud and data management silos

    • Most fraud these days is digitally-enabled, cybersecurity failures endanger data privacy, and data privacy failures enable both fraud and social engineering.
    • So why are fraud, cybersecurity, and data privacy departments so siloed?
    • How can cross-function collaboration and streamlining of duties improve effectiveness and reduce costs?
    • As cybersecurity becomes more integrated into operational risk management, what does this mean for CISOs?

  • Securing digital transformation

    • What does digital transformation mean for data, for silos, and for cybersecurity?
    • Does securing the digital enterprise imply the transformation of cybersecurity?
    • Once boards wake up they want answers, metrics, and personnel they trust to deliver. Can they get them?

Who attends

Job titles

CISO
PCI Security Manager
Group Head of IT Security
Detective Chief Superintendent
Global Security Officer
Global Information Security Officer
Head Of Cybersecurity Unit and Deputy Chief for Computer Crime
Head of Security, Risk and Compliance
Chief Privacy Officer / Data Protection Officer
CISO
Director, Compliance & Operational Risk
I.T. Director
DPO
Head of I.S., Projects & PMO
CIO
Head of IT Resilience
Global Security, Senior Special Agent
Head of Cyber Security Unit
Group DPO
Head of Information Security
Chief Information Security Officer
Group CISO
Detective Superintendent
Group Fraud & Investigations Manager
Director of Security Operations, Engineering & Administration
Head of Information Security
Group Global IT Security Manager
CISO and CPO
Head of Information Security
Head of Cyber Resilience
Head of Financial Crime & MLRO
Head of Security Architecture
Head of IT Governance
Global Information Security & PCI Compliance Manager
CISO
Head of IT Finance and Risk Management
Director of Global Security
CISO
Group IT Information Security Manager
Group Information Security Policy, Risk & Vendor Manager
Senior Information Security Manager
CISO
Group Head of IT Infrastructure and Cybersecurity Audit
Senior Technology Risk Manager
Group Head of Security Architecture & Risk
Chief Information Security & Technology Officer
Head of IT Infrastructure Change and Information Security
National eCrime Co-ordinator
Head of I.T. Security Operations
Head of Infrastructure
Group Data Protection Officer/CISO
Head of Information Technology
Head of Information Governance, Data Protection and Information Security
Group Information Security Manager
Head of Cyber Threat Intelligence
UK CISO & DPO
Global Head - Cyber, Information & Technology Risk Office
Head of IT Security
Global Information Security & Compliance Director
Director - Information Security Europe
CISO
Head of Information Security
Global Information Security Programme Manager
Global Information Security Manager
Director, Cyber Security Centre
Head of Technology & Cybersecurity Risk
Head of Fraud Management
CISO
CISO
CIO
Head of Digital Security & Risk
Group Head of Information Security
Head of Strategy and Partnerships, National Cyber Crime Unit
Group Privacy Officer
Group Head of Information Risk and Security
Global Security Manager
Global Head of Information Security
CIO Europe
CTO
VP, Global Security Strategy, Engineering and Architecture
Senior Fraud Manager
UK CISO
Head of Information Security
PCI Compliance & Risk Manager
Senior Special Agent - Global Security
Head of IT
CISO
Global Cyber Security Manager
CISO UK
DPO
Group Information Security Manager
Global Head of Security Architecture, Ops & Eng
Head of Cybercrime Intelligence
Group Head of Information Security
Chief Information Security Officer
Senior Information Security Manager
Head of Information Security
Global Business Continuity Manager
Director Global Information Security
Digital Security Manager
Head Fraud Investigation - Cyber Crime
Head of Information Security Risk Oversight
Head of IT
CISO
Vice President - Global Information Security
CISO
Chief Information Security Officer & Data Protection Officer
Head of Enterprise Risk
Head of Section, Cybercrime Unit
Head of International Information Security
Head of Information Security
Group Information Security Officer
National Information Security Officer
Chief Information Security Officer (CISO)
CIO
CISO/Head of Security Function
Regional Head of Information Security, Europe and UK
Head of Fraud & Special Investigations
CISO
CISO
CISO - EMEA
Head of Information Security Engagement
IT Director
Chief Information Security Officer
Fraud & Investigations Manager
CTO
CIO
Group CISO
Director, Head of I.T. Security & Risk Management Systems
Senior Manager, Cyber Security & Risk
CISO & Head of Cyber Security
Senior Vice President - Global Information Security
CISO
Group Head of Information Security
Global SOC Manager
CISO
Head Of IT Risk
Global Red Team Manager
Joint Cyber Center (JCC) Chief of Intelligence
Group Information Security Manager
Head of Security Monitoring
Head of Payment Security & Governance
IT Security & Compliance Manager
Global Fraud Risk Controller
Head of Cybercrime Department
CISO
Head of Enterprise Architecture & Cyber Security
Head of Information Security - EMEA
Head of Information Security
Head of I.T. Security & Technical Risk
Senior Information Security Risk Management
Head of Technology and Operational Risks
Director of Global Security Operations
Head of Cyber & Architecture Design
Principal Information Security Manager
CISO
CISO
Head of Risk – IT & Cybersecurity
Head of Cyber Security
Head of Information Security & Business Continuity
Head of Financial Crime Prevention Team
Head of Information Governance
Global Security & Investigations
Head of Innovation, Security and Privacy
CTO
Head of Technology and Cybersecurity Risk
Head of Information Security
CISO
CTO
Head of Information Security
Head of IS & DP
Global Director of I.T. Risk & Information Security
Global CISO
Director of Compliance
Head of Information Risk
Director of Information Systems
Head of Information Security
Global PCI Compliance
Head of Group Investigations & Financial Crime Officer
CIO

Companies

UK Home Office
U.S. Secret Service
American Express
Bupa Global
Swiss Federal Police
Linklaters LLP
Clifford Chance LLP
Three
GVC Holdings
Odeon Cinemas
Credit Suisse
Deutsche Bank Group
Zurich Insurance Group
Asda
Philips
Lloyds Banking Group
Hiscox
Financial Conduct Authority
Covéa Insurance
easyJet
M&G Prudential
Police Scotland
Ministry of Interior - Bulgaria
Apple
NEXT
William Hill
Government Digital Service
Royal & Sun Alliance Insurance Group
Airbus Group
Comic Relief
Sony
Transport for London
University of Derby
Metro Bank
Office Depot
Formula 1
Gemfields
National Trust
Direct Line Group
GSK
Natixis
Aviva
Travis Perkins
Ladbrokes Coral Group
MUFG - Mitsubishi UFJ Financial Group
Dutch National High Tech Crime Unit
Citigroup
Halfords
DLA Piper LLP
AmTrust International
TalkTalk
Dixons Carphone
Bank of America Merrill Lynch
Western Union
University of Liverpool
The Bank of Ireland
CBRE
Royal Mail
Charities Aid Foundation
National Crime Agency
NHS
Crown Prosecution Service
FBI
Telegraph Media Group
Australian Federal Police
Capita
InterContinental Hotels Group
Freshfields Bruckhaus Deringer LLP
Shop Direct
Allianz
Rothschild & Co
Matalan
Which?
Peabody Trust
BP
Pentland
National Cyber Security Centre
Swiss Re
Modern Times Group
Santander
PhotoBox
London North Eastern Railway
Maersk
Royal Thai Police - Technology Crime Suppression Division
University College London
DVLA
Cabinet Office
Boden
Ministry of Justice
UK Finance
Ashurst LLP
British Airways
Serious Fraud Office
Clyde & Co LLP
HSBC
JD Sports
Barclays
Heathrow
Barnardo's
Swedbank
Channel 4
HM Revenue & Customs
Waitrose
UK Ministry of Defence
Royal Bank of Scotland
Vodafone
Travelopia
Network Rail
European Commission
Anglo American
Lycamobile
VUE Entertainment
Co-operative Financial Services
American International Group
Metropolitan Police Service
AXA
Euromoney Institutional Investor
John Lewis Partnership
LUSH
Booking.com
U.S. Department of Justice
Selfridges
JP Morgan Chase
Vanquis Bank
Munich Re
Pearson
Old Mutual Wealth
Sparebank 1
United Nations Office on Drugs and Crime
BNP Paribas
Legal & General
Arsenal FC
ITV
Fieldfisher LLP
Société Générale
Sainsbury's
DKB
Mizuho
LV= Liverpool Victoria
University of Cambridge
Post Office
Standard Chartered Bank
DHL
Schroders
DPDgroup
Pinsent Masons LLP
Ocado
Tullow Oil
Man Group
Morgan Stanley
Arriva
Greggs
Liberty Global
Domino's Pizza
UCAS
Department for Digital & Culture & Media & Sport (DCMS)
Whitbread
Hastings Direct
Marks & Spencer
National Security Agency
Carpetright
Travelers Insurance
Bank of England
Virgin Media
Waterstones
DWP
Uber
Allen & Overy LLP
Fidelity International
ticketmaster
UBS
giffgaff
German Federal Criminal Police Office
Dropbox
Canada Life
Cancer Research UK
Carnival
Chubb
State Street Corporation
TSB Bank

Industries

Banking
Industrial Engineering
Industrial Engineering
Oil/Gas
Telecommunications
Banking
Banking
Banking
Media
Retail
Oil/Gas
Retail
National Law Enforcement
Banking
National Law Enforcement
Telecommunications
Retail
Electronic/Electrical Equipment
Insurance
Central Government
Banking
Healthcare
National Law Enforcement
Travel/Leisure/Hospitality
Media
Banking
Aerospace/Defence
Media
Insurance
Banking
Casinos/Gaming
Banking
Mining/Metals
Banking
Retail
Electronic/Electrical Equipment
Banking
Food/Beverage/Tobacco
Banking
Insurance
Banking
Household/Personal Products
Retail
Retail
Retail
Legal
Media
Banking
Charity
Casinos/Gaming
Software
Retail
Media
Retail
Banking
Automobiles/Parts
Banking
Banking
Central Government
Insurance
Central Government
Oil/Gas
Banking
Banking
Banking
Insurance
Banking
Media
Central Government
Retail
Media
Central Government
Healthcare Services
Banking
Food/Beverage/Tobacco
Insurance
Transportation/Shipping
Retail
National CERT
Transportation/Shipping
Legal
Insurance
Banking
Education
Banking
Retail
Transportation/Shipping
Charity
Banking
National Law Enforcement
Industrial Engineering
Industrial Engineering
Regional Law Enforcement
Transportation/Shipping
Transportation/Shipping
Telecommunications
Media
Transportation/Shipping
Banking


Venue

Park Plaza Victoria, London

vpp

Location:
Park Plaza Victoria
239 Vauxhall Bridge Road, London, UK, SW1V 1EQ
Telephone: 0844 415 6752
 

Directions:
Please click here