Agenda

Presentations already confirmed include:


​​​​​​► The true state of the cyber-nation

  • If a national airline can’t even stay PCI DSS compliant, what is the true state of cybersecurity (and corporate commitment) today?
  • If the true level of data breaches has been hidden by NDAs and compliant regulators and markets, what will we see now that those defences are crumbling?
  • If there is a huge skills gap, what does that say about the current ability of firms and governments to defend?

► Cyber-financialisation is a gamechanger

  • Regulators from the FTC to the EC are making data loss a big deal: compliance failure is now a material P&L hit.
  • Institutional investors have been slow to the game, but they’re all in now. Get security wrong and they will hurt you. The cleverest are shorting you already.
  • The perception of bad cybersecurity hurts enterprise value as much as an actual hack. Do firms understand what this means?

► Protecting the country and the citizen

  • Defending CNI against nation-state and criminal attack
  • Ensuring the digital security of online citizens of all ages
  • Third-party security as a governance issue: helping your supply chain

► Show me the money

  • Outside banking, cybersecurity budgets are pitiful relative to the risk. This has to change.
  • Are you paying enough? CISO and other security packages look too low. Why?
  • How much funding has your vendor had? Is it in this for the long haul, or is it hoping to be flipped? The small can’t build an enterprise solution.

► Scrutiny changes everything

  • Old-school cyber experts poo-poo transparency and the press; they’re out of time. Customers and their lawyers will rule.
  • Boards are realising that cybersecurity is governance and that governance is public.
  • Proper operational risk management techniques will replace IT- and compliance-based processes.

► Securing digital transformation

  • If business survival depends on going digital, then it depends on cybersecurity. Can the industry deliver?
  • Boards get it – and now they want answers, metrics and the right personnel. Can they get them?
  • As B2C and B2B interactions migrate online, the payments revolution accelerates. What are the latest developments?

► Time to tear up the security playbook?

  • Digital transformation, the prevalence of organised and skilled adversaries – cybersecurity was difficult before; what needs to change going forward?
  • Choosing solution providers is critical: what’s your process? Are you picking the right partners?
  • Are the current NIST and other frameworks actually sensible ways to think about and manage cyber operational risk?

► From cybersecurity to risk management

  • If cybersecurity controls don’t work, they don’t reduce risk. But how many CISOs operate to reduce real-world business risk?
  • Where does cyber sit in your firm’s overall risk management framework? Why? Should that change?
  • Do CISOs genuinely understand how to align their own function with the businesses that ultimately fund them?