Securing the Law Firm Summit

Prioritising pre-emptive security

2nd July 2025 • Park Plaza Victoria, London, UK

Reactive security is security too late in today’s threat landscape. So, how can you improve your proactivity?

 

The future of cybersecurity is pre-emptive

As cyber threats continue to evolve in complexity and, more significantly, volume, the failings of traditional and reactive approaches like detection and response are increasingly exposed.

EDR-type detection systems are overwhelmed with attacks and possible attacks; SOCs are swamped with false positives; and the lack of useful information in this tsunami of alarms means that organisations are becoming less, not more, secure.

One answer is the idea of pre-emptive cyber-defence. This prioritizes stopping threats before they materialize, leveraging technologies like Automated Moving Target Defense (AMTD) to fortify organizational defences against novel and sophisticated cyberattacks.

According to Gartner, “By 2030, pre-emptive cybersecurity technologies will be included in 75% of security solutions that are currently focused solely on detection and response.”

So, cybersecurity should no longer be about "how quickly can we respond?"—it should be about "how do we stop attacks before they start?"

In this model, predicting and stopping threats before they strike is the only way to stay ahead of attackers.

Put more practically, being able to see at least some of what is coming enhances the value of the information coming into your security process, allowing you to act on good intel rather than react to bad.

AI, automation, Zero Trust, and threat intelligence are the foundation of modern proactive security. All buzzwords of course, but no less true for that.

So, this July we will gather security leaders from across the UK’s legal sector to look in detail at this approach. We will ask what new technologies or processes it requires.

We will investigate how easily it sits with current technology stacks. We will look at the resource and staffing implications.

And we will also have our usual in-depth case studies and panels from leaders in the industry giving their insights into the challenges and solutions to BAU and strategic problems. Cybersecurity is now top of every agenda. Can law firms keep up?

 

The Securing the Law Firm Summit will look at the latest thinking around legal cybersecurity. As well as presentations from some of the world’s largest firms we will also be asking how small and medium-sized organisations can keep up with cybersecurity best practice in the sector.

  • Using the right threat intelligence in the right way

    • Generic threat intel is useless. But specific nation-state and ransomware group activity targeting legal firms analysed by AI or machine learning can predict attack patterns before they occur.
    • It can also be used to pre-emptively train employees on specific attack tactics before incidents occur.
    • So, who provides this kind of threat intelligence and how can firms use them in practice?
  • Managing insider threats at a time of crisis

    • When economies are under stress, employees too can find themselves in financial difficulty. When geopolitical tensions rise, people can take sides.
    • Insider threats of various kinds become far more prevalent and dangerous at times like these.
    • How have security and other MIS tools matured to make detecting malicious insiders easier and more accurate?
  • Automate your red-teaming and attack simulations

    • Testing a firm’s defences using automated penetration testing and AI-driven attack simulation gives firms practical insights into how to harden their defences.
    • But is automation better than using real ethical hackers or the vendors who outsource this service to global teams of white hats?
    • And does it really continuously improve security posture or cause too much disruption?
  • How behavioural analytics is getting better

    • AI is said to be able to detect abnormal behaviour in users, devices, and systems before a breach happens.
    • Those deviations can then be used to pre-empt various types of attack – especially those triggered by malicious insiders.
    • But how good is it really? Does it truly isolate material abnormality, or does it just create another alert firehose?
  • Resilience IS proactive

    • Cyber resilience means assuming a breach will happen and preparing for it. You can’t get much more proactive than that.
    • Zero Trust is part of that.
    • What’s the best way to maintain immutable backups? What does a pre-emptive incident response playbook look like? How much is resilience DR and how much security? And who is responsible for what?
  • Can you really rely on the Cloud?

    • It’s hard to square the need for national security with Cloud usage. Major defence contractors avoid it completely.
    • The big providers are notorious for selling what they want and not what clients might like.
    • So, what does a balanced Cloud strategy look like? How can risks be reduced to acceptable levels?
  • Encrypt and tokenise the lot?

    • If data is unreadable then it’s unusable.
    • Encryption and tokenisation bring with them costs in terms of the systems required to implement them as well as speed, latency and other issues.
    • But if cybersecurity is, as the NCSC, Cabinet Office and government claim, national security, then key suppliers to the public sector must surely have to use these solutions? Are we getting better at cheaper, faster encryption?
  • Cloud incident response

    • Recent Cloud outages have not simply disrupted low-level infrastructure.
    • They have disabled cybersecurity solutions and sometimes shut down corporate access to critical network assets.
    • As well as managing Cloud security, CISOs need good Cloud incident response. How are they going about it?
  • Embracing risk management

    • Until cybersecurity is truly seen as risk management and not a whack-a-mole IT problem, the hackers will continue to evade outmoded control frameworks
    • Part of this is down to CISOs, part of it to Boards and part of it to solution providers
    • The banks have done it. When will the rest of business catch up?
  • Ransomware – dealing with the new normal

    • The US Treasury reported that companies paid an estimated $5.2 billion in BitCoin transactions due to ransomware payments for companies in 2021
    • Only a quarter of ransomware attacks are reported
    • Ransomware is here to stay. So how can CISOs stop it being a permanent tax on the business?
  • From cybercrime to cyberwar

    • Blurred lines between cyber-spies, cybercriminals and cyber-armies have transformed the (in)security landscape.
    • Nation-state exploits are now widely available.
    • How can the various elements of government work better with private sector solution providers and endusers to build security that can cope with not-quite-nation-state attackers?
  • NIS2 – changing the game in cybersecurity?

    • NIS2 expands the scope of who is included. It adds more regulations and divides the world into two tiers, each with different requirements.
    • And it increases the personal liability of senior officers around cybersecurity failings.
    • So how does this new regulatory environment change the cybersecurity calculus? What do firms need to do now?

Who attends

Job titles

Security Architect
Information Security Senior Analyst
Head of Solutions Delivery
Head of Information Security
Operations Manager, Cyber
Global Information Governance Manager
IT Security Manager
Cyber Security Analyst
Cyber Security Technologist
IT Manager
Info Sec Governance Risk & Compliance Manager
Head of Information Technology
Senior Information Security Analyst
Head of IT Operations
Head of Cyber Security
Chief Information Security Officer
IT Operations and Security Manager
Security Operations Engineer
Head of IT & Operations
Head of IT
CISO
Director of IT
Head of GRC
Cyber GRC Manager
Head of Cyber Security
Security Analyst
Information Security Analyst
IT Risk and Disaster Recovery Manager
Lead Enterprise Architect
Information Security Manager
Information Security Governance Manager
Head of Technology and Security
Head of IT
Lead Cybersecurity Engineer
Information Security Analyst
Head of Information Technology
Security Operations Manager
Cyber Security Manager
Information Security Manager
Senior Business Continuity & Resilience Specialist
Lead End User solutions engineer
Security Architect
Head of Information Security
Chief Information Security Officer
Information Security Officer
IT Manager
Information Security Analyst
Information Security Officer
Information Security Manager
IT Admin and Compliance Officer
Information Security Manager
Director of IT
Senior Manager Business Assurance
Information Security Architect
Head of IT and Information Security Officer
IT Manager
Head of Information Security
Director of IT
IT Director
Director of Information Security
Head of IT
Customer Support Analyst
Information Governance
IT Director
Cyber Security Specialist
Head of IT
Information Security Analyst
Head of IT Infrastructure and Architecture
Chief Information Officer
IT Manager
Director of Risk and Compliance
Cyber Security Analyst
IT and Cyber Security Administrator
Global Info Sec GRC Manager
Head of Information Security
Information Security Manager
Cyber Consulting Director
Director, Risk & Compliance
Cyber Security Manager
Compliance Consultant
Information Security Officer
Cyber Security Engineer
Senior Manager, Platforms and Infrastructure Design
Chief Information Officer
Information Security Officer
Information Security Manager
Unified Communications and Collaboration Services
CTO
Head of Information Security
Data Privacy and Regulatory Compliance Lawyer
Information Security Operations Analyst
Information Assurance Officer
Senior IT Manager
Information Security Manager
Information Security Specialist
SecOps Manager
Risk, Culture and Engagement Lead Specialist
Associate Director - Information Security
Applications Support Specialist
CISO - Corporate Functions
Lead End User Computing Solutions Engineer
IT Manager

Organisations

Walkers Global
Shakespeare Martineau
Gateley Plc
Slaughter and May
Clyde & Co LLP
HFW
The Law Society
HFW
Macfarlanes LLP
Gill Jennings & Every LLP
Shakespeare Martineau
King & Wood Mallesons (KWM)
Horwich Farrelly
Addleshaw Goddard LLP
HFW
Withersworldwide LLP
EIP Europe LLP
Travers Smith LLP
Cains
Beale & Co
Walkers Global
CMS
Dentons UKMEA LLP
Mishcon de Reya LLP
DLA Piper LLP
Taylor Wessing LLP
Travers Smith LLP
Norton Rose Fulbright LLP
Shakespeare Martineau
Wedlake Bell LLP
RPC LLP
Howard Kennedy LLP
RPC LLP
Mishcon de Reya LLP
Forsters LLP
Lightfoots LLP
Shakespeare Martineau
Foot Anstey LLP
Burges Salmon LLP
Clifford Chance LLP
Clifford Chance LLP
Ashurst LLP
Freeths LLP
Clyde & Co LLP
Ashurst LLP
Colman Coyle LLP
Joseph Hage Aaronson
Taylor Wessing LLP
Gateley Plc
Birketts LLP
Ward Hadaway
IBB Law
Brodies LLP
Clifford Chance LLP
Bates Wells LLP
Martin Tolhurst Solicitors
Addleshaw Goddard LLP
Bevan Brittan LLP
Stewarts Law LLP
Morae Global
Wiggin LLP
Birkett Long LLP
Penningtons Manches Cooper LLP
Boult Wade Tennant
Government Legal Department
Russell-Cooke LLP
Shakespeare Martineau
Blake Morgan LLP
Horwich Farrelly
Cadwalader Wickersham & Taft LLP
Dechert LLP
Addleshaw Goddard LLP
Martin Tolhurst Solicitors
Allen & Overy LLP
Mishcon de Reya LLP
Macfarlanes LLP
Mishcon de Reya LLP
Wedlake Bell LLP
RPC LLP
Coole Bevis LLP
Shepherd and Wedderburn
HFW
Hogan Lovells International LLP
Buckles Solicitors LLP
Gowling WLG
Ashurst LLP
Clifford Chance LLP
Hogan Lovells International LLP
Bird & Bird LLP
Dechert LLP
Shakespeare Martineau
Trowers & Hamlins
The Honourable Society of Lincoln's Inn
HFW
Travers Smith LLP
Farrer & Co LLP
DLA Piper LLP
Morae Global
Orrick Herrington & Sutcliffe LLP
Credit Suisse
Clifford Chance LLP
4 New Square

Industries

Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Legal
Banking
Legal
Barristers Chambers


Venue

Park Plaza Victoria, London

vpp

Location:
Park Plaza Victoria
239 Vauxhall Bridge Road, London, UK, SW1V 1EQ
Telephone: 0333 400 6140

Directions:
Please click here