Agenda

08:00 - 08:50

Breakfast & Networking Break
08:50 - 09:00

Chair's Welcome 
09:00 - 09:20

►“If you want to go fast, go alone. If you want to go far, go together” 

Dale Hodgkinson, Head of Strategy and Architecture, Slaughter and May

  • Are law firms really CNI?
  • Future asks of NIST, DORA, Cyber Essentials Plus, ISO, Operations, Growth, Transformation….
  • Building a world-class EA capability
09:20 - 09:40

►Is the modern SOC delivering real value?

Andrew Gogarty, Account Director UK&I Enterprise Sales, Nomios 
Jonathan Freedman, Head of Technology & Security, Howard Kennedy 
Jacob Dobson, Head of Security Operations UK&I Pre-sales (SOC), Nomios

  • In this thought-provoking Fireside Chat, Nomios and Howard Kennedy explore the challenges of evolving cyber threats and compliance demands, emphasising how a true partnership is essential for success; drastically increasing the speed and effectiveness of security response and remediation.
  • After all, how do you detect the abnormal without first understanding what is normal?
09:40 - 10:10

►Panel discussion: Time to think of law firms as CNI? 

Simon Brady, Managing Editor & Event Chairman, AKJ Associates (Moderator)
Julie M. Johnson, Attaché, UK, CISA 
Dale Hodgkinson, Head of Strategy and Architecture, Slaughter and May 
Steve Davies, Head of Cyber Security, DLA Piper

  • How would classifying law firms as CNI reshape their approach to cybersecurity and resilience?
  • What specific threats do law firms face that could justify their inclusion as CNI?
  • Do current cybersecurity regulations adequately protect the sensitive data held by law firms?
  • How can law firms balance the confidentiality of client data with the transparency required for CNI compliance?
10:10 - 10:50

► Education Seminar 1

Delegates will be able to choose from the following education seminars:

  • Ransomware 2025: Advanced Threat Tactics Targeting Legal Firms, John Anthony Smith, Information Security Expert, Conversant Group
  • Proactive Defence Against Insider Threats and Data Breaches: Safeguarding Sensitive Information, Danielle Kinsella - Technical Advisor EMEA, Gigamon, on behalf of Fortem IT
10:50 - 11:30

Networking Break
11:30 - 12:00

►AI & Law Firms: 5 minutes to Armageddon? 

Martyn Styles, CISO, Bird & Bird 
Leon Butler, Head of Data Security, Quorum Cyber 

  • AI Is a Double-edged Sword
  • AI Powered Attacks
  • AI Benefits for Security
  • AI for Defenders
     
12:00 - 12:20

►Taking an Adaptive Approach to Solving the #1 Data Loss Issue of Email Misdelivery

Henry Glynn, Cyber Security Solutions Specialist, Bytes Software Services
Giuseppe Damiano, Senior Pre-Sales Solution Consultant, Bytes Software Services

  • Data breach cost and prevalence is at an all time high with malicious insiders being the costliest breach
  • Untrained employees are the biggest cyber risk to their business
  • People make mistakes – behavioural intelligence and automated detection can prevent these from being costly
12:20 - 12:40

►Defence of the Realm: How we ensure that we still have a business tomorrow

Philip Flint, Lead Enterprise Architect, Ampa Group

  • Leveraging an Architecture-Based Approach to Enhance Security: Discover how a structured framework can bolster your defences.
  • Funding Our Transformation: A Blueprint for Success: Learn how we secured funding for our initiatives and how you can do the same.
  • Future Trends and Preparedness: Gain insights into upcoming IT security trends and how they may affect the ongoing business of law.
12:40 - 13:20

► Education Seminar 2

Delegates will be able to choose from the following education seminars:

  • Securing the Law Firm as Critical National Infrastructure - Why Law Firms Must Adopt a CNI-Level Security Posture, Greg Jorgensen, Senior Cybersecurity Solutions Consultant, Exponential-e 
  • SASE, Past Present and Future – a new look at what’s important for securing today’s law firms, Greg Duffy, M.Eng., Product Marketing Director, EMEA, Cato Networks, on behalf of Wavenet 
13:20 - 14:20

Lunch & Networking Break
14:20 - 14:40

►Quantum Leap - Preparing for a quantum-safe future 

Steve Davies, Head of Cyber Security, DLA Piper

  • What is quantum computing and what does it mean for the enterprise?
  • What are the risks and how serious is the threat from quantum computing? 
  • How can you prepare for the post-quantum future, today?
  • What does post-quantum readiness look like across technology service providers?
14:40 - 15:00

►Protecting Against the Evolving Threat Landscape

Craig Hinchliffe, Regional Sales Engineer, Crowdstrike

  • Adapting to Cloud and Identity Threats: Understand how evolving attack vectors target cloud environments and identity systems.
  • The Impact of AI on Cybersecurity: Examine how AI is both exploited by adversaries and utilised for defence.
  • Staying Ahead of Adversaries: Discuss how organisations must continuously evolve their security strategies to counter new threats.
  • Proactive Threat Intelligence: Learn how to leverage advanced tools and intelligence to identify and mitigate emerging risks.
     
15:00 - 15:20

►Mind the Gap: Uncovering Decision Bias in Cybersecurity

Bec McKeown, CPsychol, Mind Science

  • Understanding the Role of Cognitive Biases in Security Decisions
  • Identifying Key Biases Impacting Security Outcomes
  • Mitigation Strategies for Reducing Bias in Security Practices
15:20 - 15:50

►Mitigating Concentration Risks in an interconnected Business Landscape

Ethan Duffell, Head of Information Security, Clifford Chance LLP
Simon Brady, Managing Editor & Event Chairman, AKJ Associates (Moderator)

  • How do you identify and assess concentration risk within your organization’s vendor and technology ecosystem?
  • What strategies do you recommend for balancing operational efficiency with the need to diversify and reduce concentration risk?
  • How can CISOs communicate the critical importance of concentration risk to boards and other stakeholders effectively?
  • What role does resilience planning play in mitigating concentration risk, especially in today’s cyber threat landscape?
  • Key takeaways from recent incidents, including the CrowdStrike outage and the heavy reliance on platforms like Microsoft Office 365.
     
15:50 - 16:20

Networking Break
16:20 - 17:00

►Partnerships or Pitfalls? Mastering Third-Party Risk  

Adam Avards, Principal for Cyber and Third Party Risk Policy, UK Finance (Moderator)
Orlando Fernandez, Senior Technical Specialist at the Recovery, Resolution & Resilience team, Prudential Policy Directorate, Bank of England (BoE)
Peter Smith, Chief Information Security Officer, Allica Bank
Michael Jefferson, Head of Financial Services Public Policy UK, Middle East, Africa and Switzerland, Amazon Web Services (AWS) 
Zsuzsanna Berenyi, Senior Cyber Security Third Party Risk Manager, LSEG 

  • Insights from the PRA, end-users, and suppliers on managing third-party risks
  • Navigating the evolving regulatory landscape and its influence on third-party partnerships
  • Strategies to identify and mitigate third-party risks
  • Transforming strong risk management practices into a competitive edge
17:00 - 18:00

Drinks Reception & Networking 

Education seminars


Ransomware 2025: Advanced Threat Tactics Targeting Legal Firms


John Anthony Smith, Information Security Expert, Conversant Group

With access to sensitive client data and the financial means to pay hefty ransoms, legal firms are high-value targets for sophisticated threat actors. This session will explore the latest tactics used by ransomware groups and strategies to stay one step ahead.

Attendees will learn:

  • The latest ransomware tactics targeting the legal sector
  • Practical approaches for building resilience, from protecting hybrid work environments to improving vendor security
  • How to respond effectively to ransomware incidents, ensuring minimal disruption to operations and client trust
  • Key insights from recent ransomware incidents and their impact on the legal industry

SASE, Past Present and Future – a new look at what’s important for securing today’s law firms


Greg Duffy, M.Eng., Product Marketing Director, EMEA, Cato Networks

SASE is the modern network and security architecture for digital businesses. But there is one fundamental requirement for SASE to be successful for today’s Law Firms.

What attendees will learn:

  • Using an example illustrating the single most important thing to get right when building a SASE service.
  • The four transformational impacts from getting it right.
  • A scary vision of what getting it wrong might look like.
     

Exponential-e


Greg Jorgensen, Senior Cybersecurity Solutions Consultant, Exponential-e

  • Law firms manage highly sensitive and high-value data - such as mergers and acquisitions, intellectual property, and privileged client communications, making them prime targets for ransomware, insider threats, supply chain attacks, and cloud misconfigurations.
  • This presentation challenges the traditional view of law firms as service providers and suggests they should adopt a mindset similar to critical national infrastructure (CNI), emphasising the need for robust cybersecurity strategies like Zero Trust Architecture.
  • It also argues that emerging technologies like AI and quantum computing pose less immediate risk compared to current, more pressing cyber threats that demand urgent action.