NIS2 expands the scope of who is included. It adds more regulations and divides the world into two tiers, each with different requirements. And it increases the personal liability of senior officers around cybersecurity failings. So how does this new regulatory environment change the cybersecurity calculus? What do firms need to do now?

• The US Treasury reported that companies paid an estimated $5.2 billion in BitCoin transactions due to ransomware payments for companies in 2021.
• Only a quarter of ransomware attacks are reported. 
• Ransomware is here to stay. So how can CISOs stop it being a permanent tax on the business?

• When economies are under stress, employees too can find themselves in financial difficulty. When geopolitical tensions rise, people can take sides.
• Insider threats of various kinds become far more prevalent and dangerous at times like these.
• How have security and other MIS tools matured to make detecting malicious insiders easier and more accurate?

• Blurred lines between cyber-spies, cybercriminals and cyber-armies have transformed the (in)security landscape
• Nation-state exploits are now widely available
• How can the various elements of government work better with private sector solution providers and endusers to build security that can cope with not-quite-nation-state attackers?

• Recent Cloud outtages have not simply disrupted low-level infrastructure, they have disabled cybersecurity solutions and sometimes shut down corporate access to critical network assets.
• As well as managing Cloud security, CISOs need good Cloud incident response. How are they going about it?

• Until cybersecurity is truly seen as risk management and not a whack-a-mole IT problem, the hackers will continue to evade outmoded control frameworks
• Part of this is down to CISOs, part of it to Boards and part of it to solution providers
• The banks have done it. When will the rest of business catch up?

• If single point solutions and on-prem security are failing the business, what about the alternatives?
• What kinds of company need what kinds of third-party help, and where does that leave the in-house security team?
• Do you have solutions that can help relieve the pressures on under-resourced CISOs?

Data privacy is only a small part of the picture.

• Regulators are looking at operational resilience in key sectors like finance – securing the wholesale payments market is a priority and others will follow. 
• They are looking at disclosure and fining the miscreants. 
• Can you help businesses comply with new regimes?

• If cybersecurity is to change to meet the evolution of our digital world, then so must those who implement it.
• CISOs cannot cling to an IT paradigm and companies must move away from hiring on false pretences (on budget and commitment) and firing at the first breach.
• What does a next-gen CISO look like and are you one of them?

• If the practical realities of business nix conventional zero trust ideas, then what else?
• Some say that AI and behavioural analysis are better suited to a world where perfect data
  and visibility are unavailable. But are they right?
• And don’t these solutions only pick up problems after they have occurred?

• If we start with real business risks, then not only do we get real engagement from the business and the Board, we create a framework for prioritizing cybersecurity, resilience, incident response and BCP spend.
• We avoid an endless race to build and rebuild solution stacks. 
• What does resilience really look like?

• Ransomware tests every part of your cybersecurity infrastructure from awareness to endpoint protection to patching to phishing defences.
• Some attacks are sophisticated, but most rely on traditional methods and vectors.
• So why is it so hard to beat them? Is AI or zero trust or something else the answer?