From cybersecurity to national security

18th June 2026 • The Westin Grand Munich

A race against time: Getting in front of the Al security problem — as much as it may seem like hype, Al adoption by business and the bad guys is a reality, and securing it is the biggest CISO challenge yet.

Securing Al in the business, understanding Al as a threat vector, unwrapping Al in security tooling

The Bundesverband Digitale Wirtschaft {BVDW), Germany's digital economy association, recently released a detailed framework addressing ethical implementation of Al agent systems as the technology approaches mainstream adoption across marketing and business operations. The 25-page whitepaper arrives amid stark public resistance to autonomous Al, with BVDW-commissioned surveys revealing only 25% of Germans express willingness to delegate tasks to Al agents. 

Businesses are taking a different view. According to a recent survey of 2,250 IT and cyber decision makers across 21 countries, 81% of global businesses are already using Al-driven tools as part of their cybersecurity strategy. This figure is even higher in the UK: 86% of businesses have incorporated Al. 

The survey underscores that Al and automation are considered top priorities for improving cybersecurity over the next 12 months by 42% of organisations surveyed. 

Companies see Al as a critical tool for staying ahead of threats and managing increasingly complex digital environments. However, 94% of global businesses believe that Al will negatively affect their cyber risk exposure within the next three to five years. In the UK, 66% of businesses surveyed are concerned that Al-driven attacks will increase significantly in both complexity and scale during this period. 

Every sector is affected. Some, like retail innovate so fast to keep up with customers that they already have agentic and other Al across everything from inventory management to their e­commerce offerings. Others are moving more slowly. But as Boards demand the productivity and efficiency gains being promised by Al providers, pushing back against widespread Al deployment is difficult. Accenture has just announced that promotions will be linked to the frequency with which staff login to and use Al tools! 

Securing this Al sprawl is critical. Ensuring data integrity becomes even more critical as it feeds into business-essential Al processes. 

Organisations also need to defend against Al which is already acting as a force multiplier, enabling threat actors to execute, automate, and scale complex attacks with unprecedented speed, reducing the need for high-level human expertise. These attacks use generative Al to create tailored malware, conduct highly convincing social engineering, and autonomously map, simulate, and exploit network vulnerabilities in real time. 

And what about the Al being deployed by your security vendors? Is it a new attack surface? Do you understand what they are doing? Do they? 

All these topics, as well as the bread-and-butter issues, will be discussed at our latest e­Crime & Cybersecurity Congress. If you want access to the best insights, the most thought­ provoking presentations, and the most senior and sophisticated network, it's must-attend. 

The e-Crime & Cybersecurity Congress Germany will look at how security teams and the business must change their security model to secure Al systems and defend against Al-enabled attackers. Join our real-life case studies and in-depth technical sessions from the most sophisticated teams in the market. 

Achieving visibility across ecosystems 
From exposed initial access points, to complex IT/OT environments to roaming Al agents and other non­human machine identities, simply understanding your device and application landscape is a huge challenge. Can you help with asset tracking and endpoint visibility? And what about anomaly detection after that? 

Data integrity a critical priority 
In Al-powered business, corrupted data equals corrupted decisions. Pricing engines, demand forecasts and recommendation systems are only as trustworthy as their inputs. CISOs must prioritise data lineage tracking, tamper detection, pipeline validation and cryptographic integrity controls across analytics and Al workflows.

Defending against the latest ransomware variants 
Ransomware is effective precisely because it can exploit whatever weaknesses exist in your security architecture and processes. The threat and the actors are constantly evolving and that evolution is forcing the hands of government and causing havoc in the insurance market. What can CISOs do to better defend against ransomware? 

Securing Agentic Al 
Agentic systems don't just generate content - they act. CISOs must address model manipulation, prompt injection, data poisoning, tool-chain abuse and privilege escalation within Al agents executing transactions. Governance must extend beyond ML pipelines into runtime controls, behavioural monitoring and kill-switch design.

Why zero trust, isolation and segmentation are key 
Business ecosystems now include logistics APls, fintech integrations, marketplace sellers, social­commerce platforms and Saas pricing engines. Each connection expands attack surface. Continuous third-party risk scoring, API security testing, software bill of materials (SBOM) validation and zero-trust segmentation become foundational, not optional. 

From Analysts to Al Supervisors 
Security teams cannot scale headcount at the pace of digital transformation. The future SOC blends automation engineers, detection scientists and Al risk specialists. Peer collaboration, shared intelligence and trusted industry forums become force multipliers in defending fast-moving retail environments. 

Making the best use of threat intelligence 
In a preemptive security model, timing is everything - success depends on detecting and neutralizing threats before they become active incidents. To do this, security operations can't just rely on internal telemetry (e.g., endpoint or network logs). They need external, real-time context about emerging threats - where do they get it? 

Security Posture Management 
Traditional vulnerability scanners don't handle cloud native architectures well. Today's cloud environments spin up thousands 
of ephemeral assets without a traditional OS, without an IP address for long. So how do you adapt to that dynamic, APl-driven reality? How can traditional tools connect the dots - not just generate tickets? 

Improving continuous attack surface discovery 
You need to know what attackers can see and what they can actually attack -and you need it on a continuous basis, not in some static inventory. Ideally you also need assets ranked by risk priority and put into the current threat and vulnerability context. Is this feasible and is it cost effective? 

The power of automation 
There's too much manual intervention in security. SOAR pulls data from SIEMs, EDRs, firewalls, cloud APls, ticketing systems threat intelligence feeds, and even email servers and coordinates actions across tools via APls and prebuilt integrations and intelligent playbooks. Well, that's the theory. How does it work in the real world? 

Adversary simulation and behavioural analysis 
Automated adversary simulation identifies telemetry blind spots. They provide prioritized remediation guidance and control effectiveness metrics. They track progress trends and validate security ROls as well as providing board and audit reporting. How well do they work in practice? 

Dealing with regulations 
CISOs now must build a single coherent security program that simultaneously satisfies divergent regulatory demands; they must interpret vague legal standards into technical architectures, and they risk non-compliance if auditors, regulators, or courts interpret differently later; they face unrealistic expectations around incident reporting; and they face personal liability. Can RegTech help?