Agenda

Presentations already confirmed include:


►Ready to Recover: The True Test of Cyber Resilience

Andy Giles, Executive Director, Cyber & Technology Risk Reporting and Metrics, JPMorgan Chase

  • How the threat has changed — the rise of state-based and hybrid cyber activity, and the deteriorating threat environment.
  • Prepare to fail — why resilience incidents are not hypothetical but inevitable, and why readiness must be cultural, not procedural.
  • Match fit for recovery — what it means to be ready for data and systems restoration under real-world conditions.
  • Knowing when “good enough” is good enough — how to measure resilience in ways that are predictive, embedded, and aligned with risk appetite.
     

►Rise of Autonomous Attacks (Live Mythos-Style Hack)

Manit Sahib, Ethical Hacker & Former Head of Penetration Testing & Red Teaming, Bank of England

  • See how autonomous AI agents are now running the recon and exploitation phases of real-world attacks. and what that means for boards, CISOs, and red teams in 2026.
  • A first-hand look at how agentic offensive AI works in practice, driven by intent, not step-by-step instruction.
  • See AI agent run reconnaissance against a controlled target, identify exploitable assets, and demonstrate the early stages of a kill chain in real time.
  • A walk through real-world findings from recent engagements including critical vulnerabilities discovered by AI agents that automated scanners (Tenable, Qualys, Nessus) had missed for over 18 years.
  • What defenders need to know: why traditional, control-based security models are structurally insufficient against goal-driven autonomous attackers, and the three specific actions every CISO should be taking before this becomes the default attacker model.

►Panel Discussion: Beyond Compliance — Building Cyber Resilience That Actually Works

Simon Brady, Event Chairman (Moderator)
Monika Atanasova, Global Head of Cyber TPRM, Raiffeisen Group

  • How do we turn risk appetite statements into real decision levers instead of paperwork?
  • With NIS2 and similar rules, what does “appropriate and proportionate” really mean on the ground — and how can risk management steer the response?
  • Which cyber metrics really matter — and how do we prove our risk posture to the Board, to clients, and across the entire supply chain, right down to nth-party dependencies?
  • How does a resilience-first mindset transform culture — moving from blame and unrealistic prevention to readiness, adaptability, and fast recovery?
     

►Panel Discussion: The Corporate Security Case for AI Sovereignty

Simon Brady, Event Chairman (Moderator)
Federico Casano, CISO, YAPEAL

  • Your AI runs on someone else's infrastructure, under someone else's law — is that a security risk your board has signed off on?
  • Do you actually know which AI models are running inside your organisation — and do you control what data they see and send out?
  • NIS2, the AI Act, and GDPR each touch AI sovereignty differently — how do you build one coherent security programme when the regulations pull in different directions?
  • If your primary AI vendor became inaccessible tomorrow — through outage, sanctions, or a geopolitical event — how long before your operations fail, and do you have a continuity plan?
     

Education seminars