e-Crime & Cybersecurity Congress Vienna

The regulators mean business

7th May, 2024  •  Renaissance Wien Hotel, Vienna, Austria

NIS2 expands personal liability. DORA demands real resilience. The SEC wants investors informed. How to respond?


Cybersecurity is at a crossroads. It is now absolutely clear that security is no longer simply a question reducing business risk, it is also about national economic security, and indeed, national security more fundamentally.

This realisation from government and business that cybercrime is more than just another market risk will, finally, force organisations across the spectrum to invest appropriately in security. More mandatory regulations and standards will have the same effect.

In Europe NIS2 and DORA imposes significant new burdens on organisations. And in the US, the Securities and Exchange Commission has adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. The Commission also adopted rules requiring foreign private issuers to make comparable disclosures.

“Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” said SEC Chair Gary Gensler. 

That statement explicitly links cybersecurity to enterprise value and makes it a matter of legitimate concern to investors. This is another story that links security to governance but also starts to assign real value to good security. Let’s see if Europe follows suit.


Come to the e-Crime & Cybersecurity Congress Austria to find out:

  • How your fellow cybersecurity professionals are coping with these challenges day-to-day?
  • How you can use resilience regulations to build truly risk-based approaches to defend the assets and processes that really matter.
  • What practical steps you can take to get better supplier visibility and understanding?
  • How to economically enhance the security built into Cloud infrastructure and applications with selected additional technologies.
  • How new and not-so-new EU Directives are driving the Board view of cybersecurity risk and investment.


The e-Crime & Cybersecurity Congress Vienna will look at how security teams can increase their readiness for the coming storm. Join our real-life case studies and in-depth technical sessions from the security and privacy teams at some of the world’s most admired brands.

  • NIS2 – changing the game in cybersecurity?

    NIS2 expands the scope of who is included. It adds more regulations and divides the world into two tiers, each with different requirements. And it increases the personal liability of senior officers around cybersecurity failings. So how does this new regulatory environment change the cybersecurity calculus? What do firms need to do now?

  • Ransomware – dealing with the new normal

    • The US Treasury reported that companies paid an estimated $5.2 billion in BitCoin transactions due to ransomware payments for companies in 2021.
    • Only a quarter of ransomware attacks are reported. 
    • Ransomware is here to stay. So how can CISOs stop it being a permanent tax on the business?
  • Managing insider threats at a time of crisis

    • When economies are under stress, employees too can find themselves in financial difficulty. When geopolitical tensions rise, people can take sides.
    • Insider threats of various kinds become far more prevalent and dangerous at times like these.
    • How have security and other MIS tools matured to make detecting malicious insiders easier and more accurate?
  • From cybercrime to cyberwar

    • Blurred lines between cyber-spies, cybercriminals and cyber-armies have transformed the (in)security landscape
    • Nation-state exploits are now widely available
    • How can the various elements of government work better with private sector solution providers and endusers to build security that can cope with not-quite-nation-state attackers?
  • Cloud incident response

    • Recent Cloud outtages have not simply disrupted low-level infrastructure, they have disabled cybersecurity solutions and sometimes shut down corporate access to critical network assets.
    • As well as managing Cloud security, CISOs need good Cloud incident response. How are they going about it?
  • Embracing risk management

    • Until cybersecurity is truly seen as risk management and not a whack-a-mole IT problem, the hackers will continue to evade outmoded control frameworks
    • Part of this is down to CISOs, part of it to Boards and part of it to solution providers
    • The banks have done it. When will the rest of business catch up?
  • The pros and cons of managed services

    • If single point solutions and on-prem security are failing the business, what about the alternatives?
    • What kinds of company need what kinds of third-party help, and where does that leave the in-house security team?
    • Do you have solutions that can help relieve the pressures on under-resourced CISOs?
  • Here comes real cybersecurity regulation

    Data privacy is only a small part of the picture.


    • Regulators are looking at operational resilience in key sectors like finance – securing the wholesale payments market is a priority and others will follow. 
    • They are looking at disclosure and fining the miscreants. 
    • Can you help businesses comply with new regimes?
  • Developing the next generation of security leaders

    • If cybersecurity is to change to meet the evolution of our digital world, then so must those who implement it.
    • CISOs cannot cling to an IT paradigm and companies must move away from hiring on false pretences (on budget and commitment) and firing at the first breach.
    • What does a next-gen CISO look like and are you one of them?
  • Are AI / ML solutions the answer?

    • If the practical realities of business nix conventional zero trust ideas, then what else?
    • Some say that AI and behavioural analysis are better suited to a world where perfect data
      and visibility are unavailable. But are they right?
    • And don’t these solutions only pick up problems after they have occurred?
  • From threat/security to risk/resilience

    • If we start with real business risks, then not only do we get real engagement from the business and the Board, we create a framework for prioritizing cybersecurity, resilience, incident response and BCP spend.
    • We avoid an endless race to build and rebuild solution stacks. 
    • What does resilience really look like?
  • Is ransomware just going to get worse?

    • Ransomware tests every part of your cybersecurity infrastructure from awareness to endpoint protection to patching to phishing defences.
    • Some attacks are sophisticated, but most rely on traditional methods and vectors.
    • So why is it so hard to beat them? Is AI or zero trust or something else the answer?


Renaissance Wien Hotel


Renaissance Wien Hotel

Linke Wienzeile/Ullmannstraße 71, 
1150 Vienna,  

Telephone: +43 1-891020


Please click here