Agenda

Safe AI Adoption for Law Firms: Guardrails that Protect Clients (and your Firm)

James Derbyshire, Cybersecurity Entrepreneur, Harmonic Security

Legal teams are embracing AI to accelerate research, improve client service, and streamline operations. Yet as firms adopt tools ranging from GenAI assistants to AI-enabled practice software, they face a dilemma: how to encourage innovation while upholding strict client commitments, confidentiality obligations, and regulatory requirements.

This session explores how leading legal firms are moving quickly on AI adoption while implementing the controls needed to avoid data exposure, ethical missteps, and compliance violations. Attendees will learn where the most common governance gaps occur, the types of AI-related risks that frequently go unnoticed, and how to establish practical guardrails that protect sensitive information without slowing lawyers down.

Drawing on real patterns observed across law firms of all sizes, the talk outlines a clear framework for responsible AI enablement. You will leave with a deeper understanding of how to safely operationalise AI in a legal environment and how forward leaning firms are putting structure around experimentation, oversight, and continuous monitoring.

Attendees will learn:

• The most common AI driven exposure patterns in legal workflows and why they occur
• Where governance gaps arise as firms introduce both sanctioned and unsanctioned AI tools
• Practical guardrails that balance innovation with confidentiality, client commitments, and regulatory duties
• How progressive firms are enabling responsible internal AI use while maintaining full compliance

Attacked at Machine Speed, Defended at the Speed of Dave in the SOC

Thom Langford, EMEA CTO, Rapid7

Budgets are tight, your team is stretched thin, and the business is (very) demanding. What CAN you do to get the most out of your people, investments and technology? How can you turn data into action; moving from drowning in alerts to executing precise, high-impact remediations.

Attendees will learn:

• Augmenting your response time with AI and human expertise
• Shifting to Managed eXtended Detection and Response to unify visibility across your estate
• Proactively staying on the right side of the regulators

Beyond Questionnaires: Rethinking Supply Chain Security in Law Firms

Justin Kuruvilla, Chief Cyber Security Strategist, Risk Ledger

Organisations across all sectors rely on increasingly complex digital supply chains, from cloud services and software providers to managed services and specialist vendors. Each connection introduces supply chain risk, yet many security and risk teams still depend on point-in-time assessments that struggle to reflect how risk changes over time. In this session, Risk Ledger will explore the fundamentals of supply chain risk and security, focusing on why visibility is often limited, where blind spots typically emerge, and how organisations can start to untangle complex supplier ecosystems. We will examine why questionnaire-led approaches alone are no longer sufficient, how external and continuous signals can complement existing governance processes, and what a more resilient, defensible approach to supply chain security can look like in practice. The session will also cover how organisations can prioritise effort, reduce noise, and focus on the suppliers that matter most. This session is designed for leaders looking to better understand supply chain risk, build stronger foundations for continuous assurance, and make more informed risk decisions regardless of sector.

Attendees will learn:

• A clearer understanding of how supply chain cyber risk emerges and evolves
• Insight into common visibility gaps and why they persist
• Practical principles for moving beyond point-in-time assessments
• A framework for prioritising suppliers and focusing on what matters most

Turning Employees Into your First Line of Defence

Sam Hook Hoxhunt 
Martyn Styles, CISO, Bird & Bird 

Humans remain one of the most targeted - and most exploited - elements of any organisation’s security maturity. Despite continued investment in technical controls, phishing and social engineering attacks continue to succeed because they are designed to manipulate human behaviors rather than systems. This session explores how organisations can realistically address this challenge by strengthening the human layer of security without overwhelming already stretched Infosec teams.

Co-presented by Bird & Bird and Hoxhunt, this talk combines real-world experience with practical insight into building effective, scalable security awareness programs. The speakers will discuss why user error is inevitable, and why the goal of security awareness should not be perfection, but resilience - helping employees develop a strong “suspicious bone” that enables them to recognise and respond appropriately to threats. Attendees will learn how security awareness can be delivered at scale with minimal ongoing effort, using automation and adaptive training to reduce administrative overhead while maintaining high engagement levels across the organisation. A key highlight of the presentation will be a live, practical demonstration of high-quality phishing simulation emails and the ease with which targeted security awareness training packages can be deployed. This hands-on walkthrough will show how realistic simulations, timely feedback, and automated training can work together to drive lasting behavioral change.

Attendees will learn:

• Humans and security - People will always be vulnerable to scams, so Infosec teams must focus on education and building a strong “suspicious bone”
• Low effort for Infosec - Hoxhunt largely runs itself, requiring minimal setup and ongoing management from busy security teams
• Practical demo - Live demonstration of realistic phishing simulations and how easy it is to set up effective security awareness training

The intricacies of AI breach response

Ryan Rubin, Senior Managing Director – Cyber EMEA, Ankura

AI technologies are being adopted at a rapid rate within the Law Firm Industry. Whilst many have been ironing out the flaws such as accuracy, IP and hallucinations, not many have come to grips with the security risks around the AI technology itself. It is only a matter of time before the next cyber incident relates to a breach in the AI technology.

Join us for an interactive session running through key areas to consider in responding to an AI technology related breach and some of the challenges this brings to organisations needing to do so. We will cover a combination of Agentic AI, Chat based AI and internal AI platforms that law firms may be using to support their business and share general lessons learned from breaches within the law firm industry as key take aways.

Attendees will learn:

• What happens when an AI Agent goes rogue
• How AI breaches differ from standard cyber breaches
• Lessons learned from supporting breaches within law firms
• Shining a light on Shadow AI
• Regulations and Governance

Visible and Verified: A New Approach to AI Risk and Exposure Management

Joel Barnes, Senior Director, Security Engineering, Tenable

As legal firms race to harness AI for critical cost savings and competitive advantage, the widening gap between rapid innovation and necessary governance is creating a volatile new landscape of risk. With fee-earners and internal teams deploying "shadow" agents and onboarding unproven vendors to stay ahead of the competition, security teams are often forced to choose between obstructing business growth or accepting unchecked exposure. This session explores how a holistic Exposure Management strategy bridges this divide, providing the unified visibility needed to control AI-driven data risks, output accuracy, and vendor vulnerabilities.

Attendees will learn: