14th e-Crime & Cybersecurity Mid-Year Summit

19th October 2022 • Park Plaza Victoria, London

Real cybersecurity regulation is good news for CISOs

Data privacy has dominated regulators’ thinking in the past few years but that is changing. New regulation around resilience and cybersecurity itself will transform the role of the CISO and the cybersecurity function – or at least it should.

 

The regulators are on the case. Operational resilience in critical sectors of the economy is now a key focus. Data privacy legislation is well established. And fines for cyber-related misconduct are beginning to be imposed. Just recently, the U.S. Securities and Exchange Commission (SEC) signalled a significant change in how it thinks about what constitutes a threat to companies: It now considers cyber vulnerabilities to be an existential business risk.


This was evident in fines levied against two companies over inadequate disclosures of cybersecurity issues — British publishing company Pearson PLC and First American Financial Corp. In mid-August, the SEC  announced that Pearson had agreed to pay $1 million to settle charges that it misled investors following a 2018 breach and theft of millions of student records. And in June, the SEC announced another settlement and $500,000 fine against real estate services company First American Financial for lack of disclosure controls following the discovery of a vulnerability in its system that exposed 800 million image files, including Social Security numbers and financial information.


These fines signal a major shift, and one that could profoundly change the way companies think about cybersecurity threats, communicate internally about these threats, and disclose breaches.


And there is much more regulation coming: March 2022’s Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) requires critical infrastructure companies to report cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency (CISA).

In the same month, the US Securities and Exchange Commission (SEC) proposed a rule requiring publicly listed companies to report cybersecurity incidents, their cybersecurity capabilities, and their board’s cybersecurity expertise and oversight. The latter, Amend Item 407(j) of Regulation S-K, “require[s] disclosure about if any member of the registrant’s Board of directors has cybersecurity experience.” This is a Sarbanes-Oxley moment for cybersecurity, and it will be a game-changer.


And CISOs also should check the updates to the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule and the proposed the Healthcare Cybersecurity Act (S.3904).


What happens in the US happens elsewhere and Europe is already on the case with DORA, and two other regulations (a Cybersecurity Regulation and an Information Security Regulation) which the EU describes as “a milestone in the EU cybersecurity and information security landscape.” Mandatory security regulations mean standards, budgets and, finally, real Board attention.

 

The 14th e-Crime & Cybersecurity Mid-Year Summit will look at how we all need a new kind of security. Join our real-life case studies and in-depth technical sessions from the security and privacy teams at some of the world’s most admired brands.

  • All aboard the Cloud

    • Applications have become increasingly complex with users demanding more and more
    • They expect rapid responsiveness, innovative features, and zero downtime. Performance problems are no longer
    • acceptable. They'll easily move to your competitor.
    • Should you go Cloud Native?
  • Developing the next generation of security leaders

    • If cybersecurity is to change to meet the evolution of our digital world, then so must those who implement it.
    • CISOs cannot cling to an IT paradigm and companies must move away from hiring on false pretences (on budget and commitment) and firing at the first breach.
    • What does a next-gen CISO look like and are you one of them?
  • The rise and rise of effective cybersecurity regulation

    • Data privacy is only a small part of the picture.
    • Regulators are looking at operational resilience in key sectors like finance – securing the wholesale payments market is a priority and others will follow.
    • They are looking at disclosure and fining the miscreants. How to comply with new regimes?
  • Securing the technologies of the future

    • Quantum computers, web3, multiple types of distributed ledger technology, augmented and virtual reality, the Metaverse, AI-driven applications and even organisations, automation as a service
    • These technologies are happening now and they all have security implications
    • Who is thinking about how to secure future tech?
  • Reining in BigTech

    • Resilience and security increasingly come down to key dependencies outside the organization.
    • With on prem tech the past and Cloud and external IT the future, how do public and private sector organisations ensure security when they rely on vendors who are vulnerable but above leverage with even their biggest clients?
    • Time for governments to step in?
  • Embracing risk management

    • Until cybersecurity is truly seen as risk management and not a whack-a-mole IT problem, the hackers will continue to evade outmoded control frameworks
    • Part of this is down to CISOs, part of it to Boards and part of it to solution providers
    • The banks have done it. When will the rest of business catch up?
  • From cybercrime to cyberwar

    • Blurred lines between cyber-spies, cybercriminals and cyber-armies have transformed the (in)security landscape
    • Nation-state exploits are now widely available
    • How can the various elements of government work better with private sector solution providers and endusers to build security that can cope with not-quite-nation-state attackers?
  • From smart machines to smart cities - securing the IoT

    • How long will it be before every significant device and location is part of an ecosystem of sensors connected to public and private networks?
    • Driving apps tell insurers what premiums to charge. Packaging machines report their own breakdowns.
    • But are these devices visible on your network and how are you securing them?
  • The perimeter is dead - that is not just hype

    • ZTNA and SASE may be tricky to implement; they may involve hard decisions about legacy tech 
    • But they are also one of the few ways to deal with the death of the perimeter and new challenges like software supply chain attacks
    • What do you need to know about implementation?
  • Securing digital currencies

    • The move towards non-cash payment methods during the crisis has been extreme, and looks irreversible.
    • Many more governments are now looking at developing their own digital currencies.
    • How do we go about securing a world in which most - perhaps all - payments are digital?
  • Getting real about automation, AI and the rest

    • The next 20 years will see an ecosystem of small single-issue vendors slim down to a far less complex set of larger platforms
    • These platforms will be able to invest in continuous development and offer to cover all or large chunks of organisations’ security needs
    • But will the winners in this evolution be those at today’s cutting edge?
  • Keeping citizens safe

    • The COVID era demands unprecedented levels of citizen engagement. Compromises are inevitable to ensure the safety of all.
    • But the systems required to provide safety also create a huge data security and privacy challenge for both governments and employers alike.
    • Can solution providers help?

Who attends

Job titles

Global Manager, Service Continuity
CISO
Head of Payments
Global IS Manager
Head of Digital Risk
Group I.T. Audit Manager
Global Security Supervisor
Head of Penetration Testing
Chief of Cybercrime Section
CISO, Head of Information Security
Global Head I.T. Governance
Head of ISAG
Global Fraud Risk Controller
Head of Global I.T. Security
Head of Data Protection
CISO
Head of I.T. Security Risk Management
Global IS Risk Manager
Global Head of IT Security
Head of Information Security Risk
CISO, Head of Digital Security & Risk
Group Finance & Compliance Director
Chief Security Officer
Chief Information Officer
Head of Cybercrime Unit
Head of Cyber Threat Intelligence
Head of Internal Audit
Head of I.T. Security
Chief Information Security Officer
Group I.S. Manager
Chief Executive
Head of Emergency Response
Head of I.T. Security
Director Of Information Security
Chief Information Security Officer
CISO
Head of Operational Risk Management
Group Data Security Manager
Head of Information Security
CIO
Head of Specialist Crime
Director of Security
Head of Informantion Security Risk
Head of Cyber & Investigations
Chief Information Security Officer
Head of Group I.T.
Head of Information Security
Global Head of Fraud Investigations
Chief Information Security Officer
Global Security Manager
Group CISO
Chief Information Security Officer
Director Global Investigations
Head of Policy & Performance
Head of Information Security
Global Head of Cyber Intelligence
Head of Information Security
Director Cybercrimes
Head of Payments & Fraud
Director of Risk & Compliance
Head of Information Security
Head of I.T. Security Operations
Group Information Security Manager
Head of Operational Security
Head of Payment & Financial Crime
Chief Information Security Officer
Head of Internal Audit
Head of Information Security
Head of IT Risk & Control
Director Enterprise Technology
Head of Business Controls
Director
Director of Security
Head of Cybercrime Investigations
Head of I.T. Security
Director, Global Security
Group I.T. Security Officer
Head of I.T.
Head of Risk & Resilience
Director Group Risk Management
Head of Investigations
Head of Customer Security
Chief Technology Risk Officer
Group Fraud Manager
CISO
Chief, Cyber Crimes
Chief Risk Officer
Head of Business Risk
Group IT Security Analyst
CIO Risk Manager
Group Infrastructure Manager
Head of Operations & Infrastructure
Head of Technical Support
Head Cybersecurity Operations
Head of Fraud Oversight
Director, Technical Investigations
Director
Global I.T. Security & Compliance
Director, Information Security

Companies

Trafigura
GE Capital
Babcock International Group
Scotia Gas Networks
Telefónica O2
Bank of America Merrill Lynch
ING
Catella Bank
Channel 4
H&M
BP
John Lewis Partnership
Royal Canadian Mounted Police
Experian
Jordan Cyber Crime Project
Zamir Telecom
John Wiley & Sons
Halma
Zurich Financial Services
Security Service of Ukraine
HSBC
British Medical Association
Romanian Directorate
TUI Travel
Markit
Western Union
Pennant International Group
TSL Education
Liverpool Victoria
The Finance Practice
Camelot Group
Capital One
Noble Group
HSBC
Dixons Carphone
Halma
Ghana International Bank
British American Tobacco
First Rate Exchange Services
Unum Provident
Santander
Rexam
Matalan
John Lewis Partnership
Home Retail Group
Allen & Overy LLP
ITV
Virgin Money
Spamhaus
Rank Group
EveryMatrix
Shop Direct
Sky
QVC
Lloyds Banking Group
General Motors Corporation
Tullett Prebon
Atcore Technology
Aviva
CIFAS
Premier Oil
HSBC
Rothschild
HSBC
Liverpool Victoria
Permanent TSB
Auto Trader
Public Health England
Selfridges
NBC Universal
Office of Civil Nuclear Security
UBM
Citigroup
SABMiller
Legal & General
Post Office
JD Sports
CERT-UK
Eurostar
Mayer Brown LLP
Swiss Re
UBS
Open University
The Bank of Tokyo - Mitsubishi UFJ
Dixons Carphone
Post Office
JustGiving
Bank of America Merrill Lynch
FIA Pakistan
Norgren
GE Capital
Unipart Group
Heathrow
Inmarsat
Modern Times Group
Ocado
Capital One

Industries

Banking
Industrial Engineering
Industrial Engineering
Oil/Gas
Telecommunications
Banking
Banking
Banking
Media
Retail
Oil/Gas
Retail
National Law Enforcement
Banking
National Law Enforcement
Telecommunications
Retail
Electronic/Electrical Equipment
Insurance
Central Government
Banking
Healthcare
National Law Enforcement
Travel/Leisure/Hospitality
Media
Banking
Aerospace/Defence
Media
Insurance
Banking
Casinos/Gaming
Banking
Mining/Metals
Banking
Retail
Electronic/Electrical Equipment
Banking
Food/Beverage/Tobacco
Banking
Insurance
Banking
Household/Personal Products
Retail
Retail
Retail
Legal
Media
Banking
Charity
Casinos/Gaming
Software
Retail
Media
Retail
Banking
Automobiles/Parts
Banking
Banking
Central Government
Insurance
Central Government
Oil/Gas
Banking
Banking
Banking
Insurance
Banking
Media
Central Government
Retail
Media
Central Government
Healthcare Services
Banking
Food/Beverage/Tobacco
Insurance
Transportation/Shipping
Retail
National CERT
Transportation/Shipping
Legal
Insurance
Banking
Education
Banking
Retail
Transportation/Shipping
Charity
Banking
National Law Enforcement
Industrial Engineering
Industrial Engineering
Regional Law Enforcement
Transportation/Shipping
Transportation/Shipping
Telecommunications
Media
Transportation/Shipping
Banking


Venue

Park Plaza Victoria, London

vpp

Location:
Park Plaza Victoria
239 Vauxhall Bridge Road, London, UK, SW1V 1EQ
Telephone: 0844 415 6752
 

Directions:
Please click here