Agenda
Presentations already confirmed include:
►Ready to Recover: The True Test of Cyber Resilience
Andy Giles, Executive Director, Cyber & Technology Risk Reporting and Metrics, JPMorgan Chase
- How the threat has changed — the rise of state-based and hybrid cyber activity, and the deteriorating threat environment.
- Prepare to fail — why resilience incidents are not hypothetical but inevitable, and why readiness must be cultural, not procedural.
- Match fit for recovery — what it means to be ready for data and systems restoration under real-world conditions.
- Knowing when “good enough” is good enough — how to measure resilience in ways that are predictive, embedded, and aligned with risk appetite.
►Rise of Autonomous Attacks (Live Mythos-Style Hack)
Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England
- See how autonomous AI agents are now running the recon and exploitation phases of real-world attacks. and what that means for boards, CISOs, and red teams in 2026.
- A first-hand look at how agentic offensive AI works in practice, driven by intent, not step-by-step instruction.
- See AI agent run reconnaissance against a controlled target, identify exploitable assets, and demonstrate the early stages of a kill chain in real time.
- A walk through real-world findings from recent engagements including critical vulnerabilities discovered by AI agents that automated scanners had missed for over 18 years.
- What defenders need to know: why traditional, control-based security models are structurally insufficient against goal-driven autonomous attackers, and the three specific actions every CISO should be taking before this becomes the default attacker model.
►Panel Discussion: Beyond Compliance — Building Cyber Resilience That Actually Works
Simon Brady, Event Chairman (Moderator)
Monika Atanasova, Global Head of Cyber TPRM, Raiffeisen Group
Philipp Grabher, CISO, Canton Zurich
Juan Carlos Lopez Ruggiero, Lecturer, HSLU, Lucerne
- How do we turn risk appetite statements into real decision levers instead of paperwork?
- With NIS2 and similar rules, what does “appropriate and proportionate” really mean on the ground — and how can risk management steer the response?
- Which cyber metrics really matter — and how do we prove our risk posture to the Board, to clients, and across the entire supply chain, right down to nth-party dependencies?
- How does a resilience-first mindset transform culture — moving from blame and unrealistic prevention to readiness, adaptability, and fast recovery?
►Panel Discussion: The Corporate Security Case for AI Sovereignty
Simon Brady, Event Chairman (Moderator)
Federico Casano, CISO, YAPEAL
Idir Laurent Khiar, DPO and AI Officer, Baltic Cluster, Geopost SA
Agnès Terreau, Country DPO & Security Officer, ManPower Group
- Your AI runs on someone else's infrastructure, under someone else's law — is that a security risk your board has signed off on?
- Do you actually know which AI models are running inside your organisation — and do you control what data they see and send out?
- NIS2, the AI Act, and GDPR each touch AI sovereignty differently — how do you build one coherent security programme when the regulations pull in different directions?
- If your primary AI vendor became inaccessible tomorrow — through outage, sanctions, or a geopolitical event — how long before your operations fail, and do you have a continuity plan?
►Quantum Is Coming. Financial Services Can’t Afford to Wait
Will Collison, Technical Director - Cryptography, HSBC
- Discover why the quantum threat to today’s cryptography is closer and more disruptive than many realise
- Hear what’s at stake for financial services as quantum computing reshapes the cybersecurity landscape
- Join the call for industry-wide collaboration to tackle one of cybersecurity’s biggest ever challenges before the clock runs out
- Learn what you can do today (or already should be doing) to reduce your risk