Agenda Day 2

The World Cyber Security Congress Day 2 - 28th March 2018


Day Two - Wednesday 28th March 2018


Chairperson’s opening remarks and welcome

Mark Weil

Insights from Insurance

  • Understand your exposure to cyber risk from an insurance point of view
  • Which aspects of cybercrime can be insured against and what can’t?
  • Results of the Marsh UK Survey: how involved are boards in combatting cyber attacks and responding to incidents?

Fragile cyberworld - what to expect in 2018?

The world is already fragmented, and becoming a lot more so; the cyberworld – especially.
A lot of the discussion during meetings at WEF-2018 in Davos and on its sidelines concerned possible further future regional divisions around the world. But those divisions are already here, and have been for years. The World Wide Web is proof of this: a truly global Internet when people from anywhere, from the US to China, had access to the same digital services is long gone. Besides, today we have Europe’s increasing concern over digital privacy, while most EU citizens haven’t heard of the GDPR. Then there’s the rollback of the US’s net neutrality provisions, and protectionist legislation in Russia and other countries. Geopolitical tensions continue to increase and risk new clashes among nation states – even military conflict.
In his speech, Anton will provide an overview of the current worrying trends in the cybersecurity industry; explain how ‘balkanization’ is undermining its ability to do its job: protecting against cybercrime; and list what we need to do to slow if not reverse these trends.

Anton Shingarev, Vice-president for Public Affairs, Kaspersky Labs
Rob Shaw

Healthcare under attack: what can we learn from this highly targeted industry about digital transformation and resilience in the face of attack?

  • Isolating infected parts of the network and containing the threat
  • Ransomware - to pay or not to pay?
  • Reducing the costs incurred and the data lost, and preventing life threatening disruption to services
Mark Testoni

Disruptive technology to solve cyber security problems in government and industry: AI and Machine learning

  • How will the next wave of disruptive technology affect the cyber security industry ?
  • Cutting through the hype surrounding AI and Machine learning
Steven Wilson

The inside story of cybercrime: a view from the front line of international cyber policing

  • Are cyber attacks on your enterprise a result of espionage, organised crime or a random attack?
  • What have we learned from high-profile attacks in the last year and how can you adjust your security processes accordingly?
  • International collaboration models and open source platforms to keep you ahead of the threat

Networking coffee break & exhibition visit

Stream One - Evolving roles in the C-suite

Stream Two - Managing a broad attack surface

Stream Three - Fraud and cyber crime

Stream One

What does the board want to hear from their CISO?

  • With only 15% of boards satisfied with the information they are getting from management, how can you best present your board report?
  • Where might you be missing the mark?
  • How can you communicate in a way that is actionable and useful?
Stream Two

How does King manage its attack surface with over 1 billion users?

  • How can your Development team build security into your applications?
  • Is it better to create these solutions in-house?
  • Tips for scaling your cyber security processes and protocols as your business booms
Stream Three

What can retailers and the financial sector do to combat fraud and cybercrime?

  • Could FIs do more to combat cybercrime through ‘Know your customer’ processes?
  • How can retailers work with law enforcement?
  • A perspective from ex-law enforcement turned security director
Stream One

IT is the business – rethinking the role of the IT team

  • Different circumstances call for different leadership skills
  • The current cyber climate demands CIOs, CISOs and CTOs with a strong grasp on business strategy and value-creation
  • Cyber security is no longer considered a solely ‘operational’ risk and IT professionals are moving to the c-suite
  • Is your IT team prepared for their new responsibilities? Are you?
Stream Two

Standards-based approach to cyber security strategy

  • What does a sophisticated attack look like – a brief history of cyber attacks
  • Cyber Security and standards – what approaches are available
  • ISO 27932 and the NIST Framework – what approach did we take
  • Detect, Respond, Recover – cyber-attacks and incident response
  • Strategy execution – Benchmarking & tracking progress.
Stream Three

Anti-fraud and information security functions

  • New methods for conducting fraud-related inquiries and investigations
  • Reallocating resources to achieve your goals
  • How can we best maintain anti-fraud programmes and related plans?
Stream One

Panel: The emergence of the “BISO”

Panel: The emergence of the “BISO”
  • Implement an information security strategy that supports businesses goals and objectives
  • How much should CISOs understand finance?
  • Collaborate with security architects to discuss solutions with the business strategy in mind
  • Facilitate cross-department engagement to identify projects that enable business development while ensuring the necessary security controls are in place
Mike Pitman, BISO, Head of Information Security, John Lewis
Rich Baich, CISO, Wells Fargo
Simon Jenner, CISO,
Tarun Samtani, CISO, Findel PLC
Jean-Francois Simons, CISO, Brussels Airlines
Stream Two

Panel: what is the future of mobile and app security?

  • Mobile-readiness in the artificial intelligence age
  • Customer interaction at multiple touchpoints
  • The human side of mobile channels
Giacomo Collini, Director of Information Security, King
Greg Hawkins, CTO, Starling bank
Emilio Vacca, Director, Mobile channel, Telegraph Media Group
Stream Three

How have breaches changed in scope, motivation and cost?

  • Cyber security breaches today can see 5% of a company’s GDP wiped overnight
  • How have cyber security breaches changed historically?
  • What will the future hold?
Maria Vello, COO, Cyber Defence Alliance
Stefano Ciminelli, Deputy CISO, Swift
David Pope, CISO, DVLA
Mike Wyeth, Group Security Director, Shopdirect
Bruno Kalhoj, Head of Division, Security and Safety Division, Directorate General Administration, European Central Bank

Networking lunch break & exhibition visit

Networking lunch break & exhibition visit 




Stream One

Lessons Learned from a legacy IT overhaul at the Student Loans Company

  • SLC began their IT overhaul two years ago
  • What lessons were learned along the way and what advice would I give to IT professionals grappling with legacy IT transformation issues?
Stream Two

The Future of the IoT and connected devices

  • The connected world presents both challenges and opportunities for cyber security
  • Panasonic Avionics deals with fleets of planes flying all around the world, each connected to the internet
  • How do they manage their risk in such a connected and high-stakes environment?
Stream Three

Social engineering tactics

  • SEBs program for increasing awareness among SEB client executives and our customers
  • Why are people so susceptible to social engineering attacks?
  • Why are hackers sometimes better able to engage your workforce than you are?
Stream One

Panel: Should you bring your SOC in-house?

  • How should high value assets be monitored, and by whom?
  • Do the costs of building up an in-house security operations center outweigh the benefits?
  • Which other traditionally externally outsourced IT tasks should be brought in-house?
  • Which elements of your SOC should you outsource?
  • What will the next generation of SOCs look like?
Jonathan Lloyd-White, CISO, SMBC EMEA
Stream Two

Panel: the future of encryption

  • Will technology companies have to do more to support counter terrorism operations?
  • Is encryption as secure as we think?
  • Is it as anonymous as we think?
  • Is quantum encryption coming sooner than we think?
Alun McGlinchy, Chief Information Technology Security Officer, Student Loans Company
Stream Three

Panel: Cyber culture eats security strategy for breakfast

  • With the best intentions, your cyber security culture can undermine your security strategy
  • How to cultivate the best cyber security culture for your enterprise
George Zarkadakis, Digital Lead, Willis Towers Watson
Simon Jenner, CISO,
Jonathan Kidd, CISO, Hargreaves Lansdown
David Lenoe

When Security Tools Collide: testing the real-world usefulness of two services

What’s the best way to test out a new security service? We decided it might be interesting to try testing two services at once – not in a traditional side-by-side bake-off, but testing them against each other, pitting a penetration testing service against a web application defense service. The results were interesting, illuminating, and helped us make decisions about the real-world usefulness of both services. 
Simon Jenner

How do you prevent a breach from evolving into a business-crippling attack

  • Companies often fail to understand the true threat against their employees, suppliers and ultimately, their data
  • Does your board view data security as a "business problem" and not just an "IT problem"?
  • Moving beyond legacy IT solutions, from obsolete ‘perimeter protection' strategy vs. ‘data-centric' strategy
  • Staying on top of evolving cyber threat intelligence is key to strengthening your data security strategy
Martyn Booth

How can we close the intelligence gap?

  • Encouraging knowledge sharing between industry, academia and public sector
  • Overcoming the main collaboration hurdles
  • Successful partnerships
  • creating a ‘public sector alumni’ program in the private sector, and using these networks to build a collaborative framework

Plenary wrap up session


Chair’s closing remarks and close of conference

last published: 21/Feb/18 17:15 GMT


Cyber Security Congress


Harry Fox
+44 (0)207 092 1222


Jennifer Clark
t/ +44 (0)207 092 1220


Tayyab Abbasi
+44 (0)207 092 1210


The Cyber Security Congress is two events: A world-class conference where business leaders from around the world meet; and, a unique cyber security and information technology exhibition. To visit the exhibition is free. There is, naturally, a registration fee to attend the conference.