Agenda

08:00 - 08:50

Registration and Networking Breakfast
08:50 - 09:00

Chair's Welcome
09:00 - 09:20

►Briefs and Breaches: Why Foreign States Target Law Firms

Chris Worthy, Former Deputy Director, UK Home Office & Independent Consultant

  • State sponsored espionage and where cyber fits in
  • Why would foreign States carry out espionage (including Cyber) against law firms?
  • How they use the information gathered
  • The range of techniques used (including Cyber and non-cyber methods)
09:20 - 09:40

►Bridging the cybersecurity skills gap. Are you part of the problem or part of the solution?

Ash Spencer, Head of IT and Security, Minster Law

  • What is the cybersecurity skills gap?
  • What problems or challenges do those gaps cause?
  • Some potential solutions to address the skills gap within your organisation
09:40 - 10:00

►Safeguarding Your Enterprise: Addressing Human and Insider Risks in Data Loss Prevention

Henry Glynn, Cyber Security Solutions Specialist, Bytes
James Burchell, Sales Engineering Manager, CrowdStrike
Khetan Gajjar, Field CTO, EMEA, Mimecast

  • Addressing both accidental and malicious data loss
  • The importance of managing human risk and insider threats
  • How to enhance user awareness to prevent accidental data loss
  • Securing collaborative platforms to prevent data breaches
  • Ensuring compliance with regulatory requirements to mitigate risks
  • Detecting anomalous user behaviour to identify potential insider threats and prevent malicious data loss
10:00 - 10:20

►Securing GenAI: Our Journey & Lessons Learned

Ali Shepherd, Director of Cyber & Operational Resilience (CISO), FCA

  • Balancing Innovation and Risk
  • Embedding Responsible AI
  • Addressing novel risks and threats
10:20 - 11:00

►Education Seminar 1

Delegates will be able to choose from a range of topics:

  • Security operations and the Cloud: How to address the security staff shortage, Graham Holt, Regional Vice President (Sales), Arctic Wolf
  • Two sides of the same coin: How DLP and Zero Trust create unified data protection, Damian Acklam, Founder & CEO, Gradian
11:00 - 11:30

Networking Break
11:30 - 12:00

►Panel Discussion: Managing Elevated Threats: Protecting Clients, Staff, and Data

Steve Davies, Head of Cyber Security, DLA Piper (moderator) 
Chris Worthy, Former Deputy Director, UK Home Office & Independent Consultant
Neil Bell, Information Security Manager, Forster LLP 
Luke Fardell, Lead Cyber Analyst, Tokio Marine Kiln 
Tim Collinson, Head of Information Security, Walkers

  • How is the firm addressing the risk of being targeted due to representing politically sensitive or high-profile clients?
  • What measures are in place to protect partners and employees during travel to regions with heightened security concerns
  • How are we preparing for potential threats from activists, hacktivist groups, or state-sponsored actors targeting the firm or its clients?
12:00 - 12:20

►Data Security, Governance & Consolidation for Legal Firms

Scott Chenery, Regional Manager UK & Ireland, Kiteworks

  • Your data, why is it so important?
  • Centralised Data Governance whilst maintaining end user experience
  • Possession less editing – why it’s here and why you need it
  • Consolidation of data sharing applications
12:20 - 12:40

►Cyber Leadership in an era of Dis-Cooperation

William Dixon, Associate Fellow, Royal United Services Institute and Senior Technology Cyber Fellow, The Ukraine Foundation

  • How global trade fragmentation impacts the community
  • How the "America First" Foreign Policy is leading to cyber instability
  • Actions the Cyber C-Suite can take
12:40 - 13:20

►Education Seminar 2

Delegates will be able to choose from a range of topics:

  • Securing the Last Mile – Rethinking Browser Security in the Enterprise, David Segev, VP Sales Global Strategic Accounts & International Markets, Layer X
  • Supplier Engagement is key to building supply chain resilience, Justin Kuruvilla, Chief Cyber Security Officer, Risk Ledger
13:20 - 14:30

Lunch Networking Break
14:30 - 14:50

►Quantum Leap - Preparing for a quantum-safe future 

Steve Davies, Head of Cyber Security, DLA Piper

  • What is quantum computing and what does it mean for the enterprise?
  • What are the risks and how serious is the threat from quantum computing? 
  • How can you prepare for the post-quantum future, today?
  • What does post-quantum readiness look like across technology service providers?
14:50 - 15:10

►Securing Cloud Adoption in Law Firms

Neil Bell, Information Security Manager, Forster LLP

  • Why cloud adoption security is critical for modern legal practices—for efficiency, scalability, and business continuity
  • Aligning cloud security strategy with firm-specific goals 
  • Understanding regulatory and jurisdictional impacts, such as GDPR, HIPAA, and attorney–client privilege obligations
  • Developing a risk-based approach that integrates cybersecurity from day one, not as an afterthought and not losing sight of customer needs
15:10 - 15:50

►Panel Discussion: Operationalising Threat Intelligence in High-Risk Environments

Rob Flanders, Head of Threat and Incident Response, BAE Systems 
William Dixon, Associate Fellow, Royal United Services Institute and Senior Technology Cyber Fellow, The Ukraine Foundation 
James Kwaan, CIO - GS&S, Lloyds Banking Group 
Ash Spencer, Head of IT and Security, Minster Law 
Nathan Hayes, Director of IT, Three Crowns 

  • How can traditional cyber intelligence be integrated into threats to legal practice? 
  • Can existing intelligence marking schemes (e.g. TLP) be easily fit with restrictions surrounding legal privilege?
  • How can intelligence support the mitigation of attacks against VIPs, case leads, and privileged data?
  • Which is of greatest concern to the legal sector – ransomware or targeted attacks?
15:50 - 16:10

Networking Break
16:10 - 16:30

►Ransomware in Financial Services: How AI-Driven Ransomware Will Trigger the Next Major Breach

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

  • LIVE DEMO - Inside the first AI-powered ransomware attack 
  • Why Financial Services is the perfect target — and how attackers are breaking in more easily than most think
  • First-hand insights from real-world red team ops 
  • Why traditional security fails — compliance checklists and conventional tools don’t stop modern ransomware
  • What CISOs and security leaders must do now 
16:30 - 17:00

►Panel Discussion: The Quantum Threat Timeline: Migration Challenges and Strategic Planning

Adam Avards, Principal for Cyber and Third Party Risk Policy, UK Finance (Moderator) 
William Dixon, Associate Fellow, Royal United Services Institute and Senior Technology Cyber Fellow, The Ukraine Foundation 
Federico Iaschi, Information Security Director, Starling Bank 
Matt Admas, Head of Security Enablement, Citi

  • What is the current state of quantum computing and how soon must financial institutions act to mitigate quantum threats?
  • What are the real-world implications of transitioning to quantum-resistant algorithms?
  • How can organisations build roadmaps that align with regulatory and operational realities?
17:00 - 17:00

Chair's Closing Remarks
17:00 - 18:00

Drinks Reception

Education seminars


Security operations and the Cloud: How to address the security staff shortage


Graham Holt, Regional Vice President (Sales), Arctic Wolf

Cyber Security continues to be a top priority for law firms - yet the operational burden, resource challenges, and fast-evolving threat landscape make it difficult to stay ahead. As more firms shift critical business functions to cloud-based SaaS platforms, it's time to ask: Should security operations follow suit? This discussion will bring together CISOs, CIOs, IT Directors, and Partners from the legal industry to explore key challenges.

Attendees will learn:

  • Shortage of skilled security professionals and retention difficulties
  • The need for continuous, 24x7x365 monitoring across increasingly complex security stacks
  • Alert fatigue and dissatisfaction with existing tools-based approaches
  • Rising compliance demands and the growing cost of cyber insurance

Securing the Last Mile – Rethinking Browser Security in the Enterprise


David Segev, VP Sales Global Strategic Accounts & International Markets, Layer X

Modern enterprises face an evolving threat landscape where the browser has become a significant point of vulnerability. Traditional security measures often fall short in addressing the unique risks associated with browser usage, including SaaS sprawl, the rise of shadow AI, and the proliferation of malicious browser extensions. This session will explore why the browser is now the riskiest application within the enterprise and demonstrate how LayerX provides a novel approach, transforming the browser into a controllable, visible, and secure workspace, moving beyond Zero Trust to achieve Zero Gaps security.

Attendees will learn:

  • Understand the evolving risks that make the browser a prime target in today's enterprise environment
  • Identify the limitations of traditional security approaches in addressing modern browser-based threats
  • Learn about emerging threats such as SaaS sprawl, shadow AI, and malicious browser extensions that exploit browser vulnerabilities
  • Discover how LayerX offers a comprehensive solution to secure browser activity, enhancing visibility and control
     

Supplier engagement is key to building supply chain resilience


►Supplier engagement is key to building supply chain resilience

Justin Kuruvilla, Chief Cyber Security Officer, Risk Ledger

Supply chain risk management involves complex business relationships and vast data volumes, yet many organisations still rely on static spreadsheets in shared drives. We examine why Third-Party Risk Management (TPRM) often fails and how strategic collaboration can improve security across your entire supply chain.

Attendees will learn:

  • Why traditional TPRM approaches fall short in today’s interconnected threat landscape
  • How engaging suppliers directly can reduce friction and improve data quality
  • What ‘good’ looks like: practical steps to move from transactional to collaborative supply chain security

Two sides of the same coin: How DLP and Zero Trust create unified data protection


Damian Acklam, Founder & CEO, Gradian

Data Loss Prevention Programmes and Zero Trust Frameworks are essential initiatives of your organisation’s modern cybersecurity strategy. Each embraces the fundamental need to successfully protect organisational data in an increasingly complex threat landscape. It is estimated that 35% of DLP Gen 1 implementations have failed due to them creating 'too much noise', meanwhile Zero Trust is (in some respects) considered 'revolutionary' to help drive user productivity in the face of changing mobility patterns. The modern enterprise now faces two challenges - how to protect your data whilst simultaneously enabling access to it!

Attendees will learn:

  • How are DLP and Zero Trust are two sides of the same coin
  • How ‘tooling first’ conversations are a hindrance rather than a help
  • How 'time' is your friend when it comes to being successful - the programmatic approach wins!
  • Why strong policy creation and ongoing policy management are so important
  • The only 3 outcomes that you should care about to define success