NIS2 expands the scope of who is included. It adds more regulations and divides the world into two tiers, each with different requirements. And it increases the personal liability of senior officers around cybersecurity failings. So how does this new regulatory environment change the cybersecurity calculus? What do firms need to do now?

• MSSP, MDR, CSaaS – all of these offer varying degrees of outsourced cybersecurity services
• So when does it make sense to outsource?
• And what outsourcing arrangements make sense for which firms?

• The next 20 years will see an ecosystem of small single-issue vendors slim down to a far less complex set of larger platforms
• These platforms will be able to invest in continuous development and offer to cover all or large chunks of organisations’ security needs
• But will the winners in this evolution be those at today’s cutting edge?

• Cyber-insurers need to understand the risks they are insuring if they are to set premiums at a level that makes sense.
• They also need to know that they are insuring risks that clients have taken steps to mitigate properly.
• Why insure those who leave their digital doors open?
• What can and can’t be insured?

• Most companies’ core reliance is now upon a small number of monolithic application suites and Cloud services
• In addition, they are likely to be developing their own software in the Cloud
• These and other changes fundamentally alter the IT landscape in which cybersecurity operates
• So do CISOs need a new model for cybersecurity and are legacy solutions still valid?

• Organisations have limited budgets
• The skills shortage in security staff growing
• This dynamic affects the type of on prem security operation firms can employ
• So how can CISOs continuously upskill their teams?

• The US Treasury reported that companies paid an estimated $5.2 billion in BitCoin transactions due to ransomware payments for companies in 2021.
• Only a quarter of ransomware attacks are reported. 
• Ransomware is here to stay. So how can CISOs stop it being a permanent tax on the business?

• Data privacy is only a small part of the picture. 
• Regulators are looking at operational resilience in key sectors like finance – securing the wholesale payments market is a priority and others will follow. They are looking at disclosure and fining the miscreants.
• Can you help businesses comply with new regimes?

• If single point solutions are not the answer, then how about a holistic approach?
• Instead of treating every threat type and actor or network anomaly as a separate variable or alert, step back and look at the whole landscape.
• Cybersecurity is still not run as a true risk management process. It must be.

• Migrating to the cloud is a priority. But, if not properly managed, cloud migrations result in extra complexity and risk.
• So how can firms efficiently assess cloud readiness, plan and execute migrations and establish comprehensive cloud governance?
• Can you help companies transition smoothly and securely to the Cloud?

• Zero Trust/ZTNA/SASE - they promise solutions to the key problems CISOs face today.
• But how realistic are they? Do they take into account existing legacy technology, and the ways in which real companies actually do business day-to-day?
• Can you explain how a real-world implementation works?

• If cybersecurity is to change to meet the evolution of our digital world, then so must those who implement it.
• CISOs cannot cling to an IT paradigm and companies must move away from hiring on false pretences (on budget and commitment) and firing at the first breach.
• What does a next-gen CISO look like and are you one of them?