UK & Ireland CISO Executive Summit

Ransomware attacks and other cyber threats have become a key business risk, and the CISO’s role in reporting this risk to the board remains a critical area of discussion. Risk metrics play a pivotal role in this reporting and the metrics used shape the outcomes of their board interactions. In this interactive session, CISOs from different organisations will present short “board pitches” covering what they report metrics to their boards, followed by an open discussion.

In this conversation, you will hear about:

• The different types of metrics CISOs use to quantify risk
• How to reduce complexity to reach successful outcomes
• Best practices to gain the board’s confidence and boost your profile

Companies come with different baggage and mindsets towards cybersecurity. Changing employee’s attitudes in a meaningful way is an ongoing challenge and manifests in different ways across business units. Cyber consistency is key to maintaining a resilient security posture, but one size does not fit all.

Join this session to explore different approaches to making a meaningful cultural change:

• Understanding the ‘how’ of a meaningful culture change
• Successfully implementing a DevSecOpps approach
• Maintaining a robust security culture with a distributed workforce and employee turnover

Organisations’ security awareness budgets are rising as the need threat landscape increases across an increasingly distributed workforce. Yet after an employee has completed their awareness training, what is the appropriate consequence for someone failing to adhere to your cybersecurity policies? Consequence management is a key component in encouraging the correct cyber behaviour and deciding how strict the consequences should be is a complex question. In this panel session, CISOs from different companies will share their Consequence Management Frameworks and followed by a discussion.

Join this session to discuss:

• Who should have the responsibility to enforce consequences
• Different approaches to consequence management – what’s been successful
• Sharing best practices and lessons learned

In today’s competitive environment, an organisation’s ability to execute successful mergers and acquisitions (M&A) has become a key differentiator. Yet the public nature of an M&A increases the potential for ransomware attacks. One’s ability to consolidate identity and access management (IAM) quickly during an M&A process can be a key tool in increasing the agility of an M&A and therefore reducing exposure to attacks. In this fireside chat, we will walk you through a successful M&A, where identity was quickly synchronised, leading to a secure M&A.

Join this fireside chat to discuss:

• M&A identity tales – best practices and lessons learnt
• Simplifying joiners, movers and leavers from two organisations
• Addressing Shadow IT & third-party access during an M&A

With over 82% of cybersecurity breaches involving the human element, it’s clear current training approaches aren’t working. Traditional methods rely on static tools and outdated certifications to assess workforce cybersecurity capabilities, approaches that create blind spots and vulnerabilities. To combat this lack of visibility, organisations must employ new methods to assess, build, and prove cyber capability and resilience.

Join us to discuss:

• Measuring and benchmarking cybersecurity capabilities
• Developing a people-centric cybersecurity culture across roles and responsibilities
• Implementing dynamic, real-world training and upskilling practices

Technological innovation is a key driver of business growth, yet continuous SDLC, growing software supply chains, and mergers & acquisitions lead to an ever evolving attack surface, and leave you exposed to new opportunities for exploitation. In this boardroom, we’ll discuss security vulnerabilities that need to be considered during business development to ensure CISOs are enablers of secure business growth.

Join this Executive Boardroom to discuss:

• To what extent have you seen your attack surface evolve and what challenges does it pose for security?
• How do you pinpoint the most critical flaws in your asset inventory and prioritise what to fix and why?
• What preemptive approaches can you take to lower your threat exposure across your attack surface?

Just how elevated have the cybersecurity stakes become for today’s organisations? As a CISO, communicating what’s at stake, the associated risks and the ROI of security programs is a critical success factor in gaining buy in for your cybersecurity strategies and securing investment. But how can you clearly demonstrate to the board that your investments are paying off, and that your protection levels are increasing? Join this boardroom to discuss:

• The metrics that will impact key decisions on budget, resources, overall security posture of the organisation
• Reporting risk to the board in a way that avoids misunderstanding and ‘worst-case scenario’ cyberattack outcomes
• Demonstrating the ROI of security programs to demonstrate how security investments are paying off

Geoff White is one of the world’s leading journalists on cybercrime, having covered it for BBC News, Channel 4 News, Sky News and published two books on the subject.

He uses real-world examples and his own investigations to bring home the impact of today’s global hacking industry, and to give insight into how organisations and individuals can protect themselves