Ransomware – Public Sector Enemy #1

29th September 2017

By J Connolly A report released this week by security firm Barracuda revealed that over 25 per cent of the UK’s local authorities have been […]

GDPR means no hiding place for UK firms

27th September 2017

by Barry Scott, CTO, Centrify EMEA As with most aspects of the EU, unhindered cross-border data flows are something most U.K. firms just take for […]



Session ONE – Defending against Risks and Vulnerabilities, Developing Resilience, Deterring Cyber-attacks

  • A review of the risk landscape and emerging vulnerabilities that pose a serious threat to business and government
  • Key policy frameworks for cyber security in the UK and across Europe
  • Working in Partnership to reduce the attack surface and solve strategic security challenges
  • Understanding threat vectors and actors, trends and priorities
  • Building skills, capabilities, capacity and responsiveness
  • Exploring key technology innovations and regulatory requirements
  • Real-life cyber security incidents handling, response and deterrence mechanisms
  • Thinking like a hacker and defense mechanisms
  • Protecting against malware, ransomware, social engineering, and monitoring the threat horizon
  • Cyber hygiene essentials and best practice to identify and plug gaps in your security posture
The Conference Chair’s Opening Remarks

Professor Christopher Hankin, Director, Institute for Security Science and Technology at Imperial College London

Keynote Address: The National Cyber Security Strategy (2016-20)

National Cyber Security Centre (invited)

The National Cyber Security Centre provides a hub of expertise for businesses and individuals to build resilience and respond to major incidents. This morning address covers the three key pillars of the latest cyber security strategy: defend, deter and develop. We also explore how the NCSC is developing relationships with new partners to protect key interests, what steps it has taken to address systemic vulnerabilities and providing leadership on key national cyber security issues.

Working in Partnership to Manage Risks

CISO, Close Brothers (invited)

Cyber security is not just an IT issue. It presents a real and potent business risk. We look at:

  • Cyber risks facing businesses
  • How companies are creating alliances and partnerships to deal with growing cyber risks
  • How they can outpace attackers and think like a hacker to fortify their cyber defences
New Tech, New Risks – The Fourth Industrial Wave

Head of Information Security, News UK (invited)

Disruptive technologies like the IoT, mobile, cloud, big data and blockchain are expanding the cyber-attack surface. The Dyn attack in 2016 showed how exploiting connected devices can have a colossal impact on the internet. As our personal, professional and social lives become more interconnected – and dependent on cyberspace – we ask what emerging risks lie ahead of us and how we can prepare for them.

Combatting Cybercrime: Trends and Priorities

Head of European Cybercrime Centre EC3, Europol (invited)

British businesses have reported a 22 percent increase in cybercrime in the past year, resulting in more than £1bn in losses. We consider what is being done to:

  • Develop a clearer picture of patterns and trends in cybercrime
  • Disrupt cybercriminal networks
  • Build capabilities to mitigate risks
  • Mitigate cybercrime through partnerships, aggregation and analysis of reported breaches


How to Respond to a Cyber Breach

Cyber Resilience Manager at Department for Work and Pensions (DWP) (invited)

This session will cover three considerations:

  • The basics of what would constitute a reportable breach, who do you report it to, and when do you report it by, will be considered in the context of national and international legislative requirements
  • Examples of what needs to be in place to enable a cyber breach to be reported in an accurate and timely way
  • Punitive actions, current levels of fines, versus likely future levels
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
The Cyber Skills Deficit

Security Architect, Tesco (invited)

The cyber security workforce shortfall presents serious challenges for both businesses and government. A report commissioned by Intel Security and the Centre for Strategic and International Studies (CSIS) found that 3 out of 4 IT experts claim there is a cybersecurity talent shortage across the UK. Those surveyed identified threat analysis as the number one skill that is lacking. We look at how one organisation is rising to the challenge, and opening up new pathways to attract, recruit, train and retain much-sought after talent in the cybersecurity domain.

Why Current Security Techniques are Failing

Chief Information Security Officer, Royal Bank of Scotland (invited)

Traditional security approaches are failing to proactively identify and block adversary activity. Most security tools address part of the cyber kill-chain. This session looks at:

  • Continuous breach prevention techniques
  • Real-time intelligence and monitoring
  • Machine learning and automated security
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session TWO – A New Approach to Cyber Security

Aligning cybersecurity objectives and strategy to the business imperative for growth. 

The Conference Chair Opens the Afternoon Session

Professor Christopher Hankin, Director, Institute for Security Science and Technology at Imperial College London

Building your Security Function

Numerous surveys have shown that executives and corporate boards are focused on emerging risks. This is not surprising given the sophistication and frequency of cyber-attacks. But, as ISACA’s ‘State of Cybersecurity’ report for 2016 shows, while four out of five cybersecurity and InfoSec professionals say their boards are concerned, only one in seven CISOs report to the CEO.


We look at the role of senior board management in developing a cogent corporate cyber security strategy.

  • How should senior management assess cyber risks and develop an appropriate strategy and controls?
  • What specific responsibilities should be given to Chief Risk Officers, Chief Information Security executives?
  • How can security professionals better communicate with business leaders, and align cyber security strategies with enterprise objectives?
Why users are your biggest asset

User behaviour remains critical to the success of organisational security. People are often the biggest asset, though viewed as ‘the weakest link’ in the security chain. Targeted spear-phishing attacks which use social engineering techniques to maximise the chance of success have been correlated with data loss, stolen user credentials and breaches. What should your organisation be doing to mitigate the risks associated with users? What are the barriers for users working securely, and how can organisations meet user needs?

Cyber Insurance – Why it Matters

There are significant consequences attached to cyber breaches. These include among other things the loss of customer data, financial costs, penalties from regulators, disruption of services and reputational damage. What can be done to mitigate the fallout of any breach? Is cyber insurance worth considering, and how can it benefit your organisation?

Questions to the Panel of Speakers

Afternoon Networking and Refreshments served in the Exhibition Area

Afternoon Networking and Refreshments served in the Exhibition Area
The Important Role of Cyber Security Research

Thirteen UK universities have been recognised as Academic Centres of Excellence in Cyber Security Research (ACE-CSRs) by the Department for Culture, Media and Sport, along with the Engineering and Physical Sciences Research Council (EPSRC) and GCHQ. These universities are carrying out the best UK cyber security research.

We explore how collaboration between academia and business is helping to drive forward cutting-edge innovations and generating new areas of growth for the cyber security industry.

Preparing your organisation for the European General Data Protection Regulation (EU GDPR)

Organisations now hold more data than ever before. And as the number of security breaches rises, so too do the penalties. One organisation received a fine of £250,000 from the UK regulator in 2013. But, based on its 2014 turnover, that same organisation could be fined up to £198m under the new EU GDPR set to come into force in May 2018.

This session explores best practice around:

  • Reviewing vendor contracts
  • The full data lifecycle from storage to destruction
  • Embedding consent, right to be forgotten in policies and procedures
  • Establishing data breach notification procedures
  • Appointing a data protection officer
  • Training staff to avoid malpractice
  • Compliance audits to identify and remedy issues
Keynote Closing Address: Managing Security at the Speed of Business

Our closing session explores:

  • What is being done across Europe to build greater collaboration between investigators, industry, government and academia
  • How intelligence is being pooled to disrupt rogue actors
  • What can be done to keep pace with evolving threats
  • New tools and technologies to ward off breaches, manage crises
  • Steps taken to build cyber defence capability and capacity
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Closes, Delegates Depart

Please note:
Whitehall Media reserve the right to change the programme without prior notice.