FT Cybersecurity Summit Europe
The cyber onslaught continues, from all directions. Denial-of-service hackers, financial fraudsters, organised criminal gangs, terrorists, unfriendly states – wherever the attacks come from, they are increasing in number and becoming more difficult to defend against.
Hardly a day goes by without news of another cyber breach. A British bank is hacked and £2.5m is stolen from 20,000 customers. A hoax press release is emailed from a French construction company and briefly wipes €6bn off its share value. A US server company is attacked and millions of people are denied access to major websites.
Businesses are having to invest more money and effort to make cyberspace safer for themselves and their customers. Governments are ramping up the defences too. The European Union’s Network and Information Security (NIS) Directive, which will be transposed into the national laws of all member states by the spring of 2018, is intended to boost the overall level of cyber security in the EU. Individual states are taking additional measures, as exemplified by the UK which in 2016 extended its National Cyber Security Strategy for another five years with a budget of £1.9bn. Brexit also throws up some big questions. Will Britain continue to comply with the NIS Directive and other EU legislation in this area? And if Britain leaves Europol, the EU’s law enforcement agency, will that degrade Europe’s cyber defences?
The fourth annual FT Cyber Security Summit Europe will discuss the seriousness of the cyber threat facing Europe and explore the solutions. Moderated by Financial Times journalists, this must-attend event will provide a thorough assessment of the dangers in cyberspace and how businesses and governments are investing in better defences for a more secure future.
|Early Bird Ticket (ends 11 August)|| £999 +VAT|
|Standard Ticket||£1299 +VAT|
The registration fee covers your attendance at the conference, this includes refreshments and any documentation made available on the day.
Our fees do not include travel and accommodation costs.
Please see our Terms and Conditions for more information.
Discounts are available when registering multiple delegates. When booking 3 - 5 places save 10% per ticket, 6 - 9 places save 20% per ticket and for 10+ tickets save 30% per ticket. Discounts will automatically apply when booking.
AGENDA - 8TH NOV
Registration and networking
Conference chair’s opening remarks
Sir Julian King, Commissioner for the Security Union, European Commission
Gavin Patterson, Chief Executive Officer, BT
Panel: Senior management briefing - corporate Europe under siege
Europe’s businesses continue to suffer attacks from hackers, fraudsters, and other criminal and state-linked groups. They are under virtual siege and struggling to defend themselves against assaults from all directions. Cyber security is therefore a crucial priority for senior management.
• Do CEOs, CIOs, CROs and everyone else in the senior management team/executive committee really understand the scale of the cyber threats facing them? Are they properly equipped to deal with these threats?
• Where are the attacks coming from, in terms of types of attacker and countries of origin?
• What does an effective cyber security strategy look like? Security comes at a cost, so how does the senior management team agree on a budget that is big enough? How do they maximise the return on the security investment?
• Who is responsible for cyber security in a large corporation? What are the respective roles of the CEO, the senior management team and the IT security managers? How do senior management ensure that internal silos and communications barriers do not compromise security?
• What are national governments and EU institutions doing to help businesses improve their security?
• How do the company’s leaders avoid being the weakest link? CEO email fraud – also known as business email compromise (BEC) – where a fraudster posing as the CEO or other executive committee member instructs the finance department to make a payment to an overseas account, is a growing problem. Executives themselves are being duped by fake emails and are coming under other forms of cyber attack. What must they do to protect their position and reputation?
Senior Official, National Cyber Security Centre, GCHQ
Senior Executive, McKinsey
Panel: Command and control – the role of the CISO in today’s cyber battlefield
The chief information security officer (CISO) has never been so important. Breaches are increasing in frequency and severity. The CISO plays a crucial role in protecting the company from cyber attack, and when a breach occurs, he or she must act quickly to close it down, mitigate its impact, and take steps to ensure similar breaches do not happen again.
• How serious is the cyber threat? Who are the main aggressors?
• Data integrity: how can CISOs be sure their data is correct, and has not been tampered with?
• Is today’s security technology up to the job? How do CISOs decide between the many security products and services on offer?
• Basic cyber hygiene – what are the minimum operational and technical procedures and controls that need to be in place? What industry standards should be followed? What happens when some of those standards are made obsolete by rapidly evolving threats? Could information sharing between companies, industry sectors and the public sector be improved?
• How does the CISO report to/communicate with all relevant people in the organisation, from the Board, CEO and senior management, down to frontline staff?
• Cyber resilience: what role does the CISO have in ensuring business continuity after a security breach?
• Is affordable cyber security insurance available? If so, is it worthwhile when the priority must be to maintain security and, in the event of a breach, keep operations running, rather than to seek financial compensation through an insurance claim months later?
• How closely do CISOs work with Europe’s law enforcement agencies and civilian cyber security? After Brexit, Britain may no longer be a member of Europol – would that be a problem?
Rosa Kariger, Global Chief Information Security Officer, Iberdrola Group
Cheri McGuire, Group Chief Information Security Officer, Standard Chartered Bank
Thomas Tschersich, SVP, Chief Information Security Officer, Telekom Security, Deutsche Telekom
Presentation: Effective board reporting on cyber security
Senior Executive, McKinsey
Panel: Addressing the skills gap
Acquiring the best technology to keep an organisation secure in cyberspace is only half the story… the other half is finding the best people. Recruitment can be a challenge at a time when the cyber threat is increasing and employers are competing fiercely with each other in the cyber security jobs market. There are simply not enough qualified experts to fill all the gaps.
• How difficult is it to recruit people for cyber security roles? Is there a shortage of people with the right skills and attitudes? What does a good CISO look like? Should they be paid more?
• What should governments and businesses be doing to encourage more people to take degrees in security-related disciplines, sign up for practical on-the-job training and acquire the relevant professional qualifications?
• Is there enough diversity among cyber security professionals, in terms of gender, disability, ethnicity and so on?
• How is artificial intelligence helping to close the skills gap? Could it replace staff, thereby reducing recruitment pressures, or will it always be purely complementary to people?
• Is the skills gap worse in some industries? Are companies in sectors such as banking paying more to attract the best talent, leaving other sectors with less choice?
Yuri Rassega, Head of Cyber Security, Enel
Simon Tong, Global IT Security Manager, Schlumberger
Steven Wilson, Head, European Cyber Crime Centre (EC3), Europol
Panel: State-sponsored cyber crime
Government-led cyber attacks on other countries’ official institutions and businesses are common. Aggressors almost never admit their complicity, and believe they have a legitimate right to launch such attacks in defence, or promotion, of national interests. Victims sometimes complain loudly, protesting they have been maliciously and unfairly targeted – but they often keep quiet because they believe that admitting to a breach is a further security risk, or simply to protect their reputation.
• What are the most serious forms of state-sponsored cyber crime – such as corporate espionage, data theft, the disruption of critical national infrastructure and interference with elections?
• Who are the main culprits, and how strong is the evidence against them?
• What is the best way to detect and prevent state-sponsored attacks?
• How should a government or a business react to a cyber attack from an unfriendly state? How do they plug the breach and inform the public?
• Traceability and attribution: how do you correctly identify the offending state? What action should be taken against the aggressor?
• Is a retaliatory cyber attack acceptable, especially when tracing the source of the original attack is difficult and often impossible?
• Should the West, Russia, China and other countries make more of an effort to cooperate with each other on cyber security (such as sign non-aggression pacts), perhaps under the auspices of the UN?
David Martinon, Ambassador for Cyberdiplomacy and the Digital Economy, Government of France
Neil Walsh, Chief of the Global Programme on Cybercrime, UN Office on Drugs and Crime (UNODC)
Presentation: Regulating cyberspace in the financial sector – an essential exercise or a compliance chore?
Regulation on what financial companies must do to protect themselves and their customers from cyber attack, and how they should respond to a breach, is becoming more widespread in Europe and elsewhere. But cynics bemoan its complexity and doubt its usefulness.
• The world: what cyber security initiatives are the G20, the UN, the Basel Committee on Banking Supervision and other supranational institutions planning, how useful will they be and what compliance challenges will they present to banks, asset management companies and other financial firms?
• The EU: the Network and Information Security (NIS) Directive, the General Data Protection Regulation (GDPR) and the second Payment Services Directive (PSD2) come into effect in 2018 for businesses in all sectors, not just finance. Will these measures really improve security and data privacy in Europe’s financial firms? Or will it be at best a box-ticking exercise and at worst a compliance nightmare?
• The UK: what are the FCA, PRA and Bank of England doing to improve cyber security in the financial sector?
• Regulatory compliance must be culturally embedded, so what should boards, CEOs and executive committees in financial firms be doing to ensure this is the case?
Alison Barker, Director of Specialist Supervision, Supervision – Investment, Wholesale & Specialists, Financial Conduct Authority
Panel: Protecting critical national infrastructure – and defining what is "critical"
Critical national infrastructure industries such as financial services, telecommunications, energy, transport and healthcare need to be especially secure and resilient. Disruption in these industries has serious ramifications for the rest of the economy and society at large, so governments are anxious that more is done to protect them.
• What types of threat do critical infrastructure companies face, and what special measures must they take to ensure their security and, in the event of a breach, their resilience?
• How do governments define what is “critical”? Can companies in “non-critical” sectors – such as food retailing, consumer goods, restaurants and leisure – take a more relaxed attitude to security?
• Is the financial sector – such as banking, asset management and insurance – the most “critical” sector and targeted more than any other? Do financial services companies therefore generally have better cyber security than companies in other sectors?
• What is the government’s role in protecting critical infrastructure through organisations like the UK’s National Cyber Security Centre (NCSC) and Centre for the Protection of National Infrastructure (CPNI), Germany’s Federal Office for Information Security (BSI ), and Italy’s National Anti-Crime Centre for the Protection of Critical Infrastructure (CNAIPIC)?
• What are likely to be the most serious cyber risks facing critical industries in the near future? How do you protect them from the “unknown unknowns”?
Paul Hopkins, Global Head of Security Architecture, Vodafone; and Oxford Martin Associate, Global Cyber Security Capacity Centre, Oxford Martin School, University of Oxford
Gilbert Verdian, Chief Information Security Officer, Vocalink.
Senior Executive, Kaspersky Lab
Closing keynote address
Chair’s summing up and closing remarks
Networking drinks reception
Sir Julian King
Commissioner for the Security Union
Chief Executive Officer
Group Chief Information Security Officer
Standard Chartered Bank
Head, European Cyber Crime Centre (EC3)
Chief Information Security Officer
Chief of the Global Programme on Cybercrime
UN Office on Drugs and Crime (UNODC)
Ambassador for Cyberdiplomacy and the Digital Economy
Government of France
SVP, Chief Information Security Officer, Telekom Security
Head of Cyber Security
Global Chief Information Security Officer
Global IT Security Manager
Global Head of Security Architecture, Vodafone
Oxford Martin Associate, Global Cyber Security Capacity Centre, Oxford Martin School, University of Oxford
Director of Specialist Supervision, Supervision – Investment, Wholesale & Specialists
Financial Conduct Authority
Mon, 29 Oct 2018 - Tue, 30 Oct 2018
Sat, 26 Jan 2019 - Wed, 30 Jan 2019
Sun, 24 Feb 2019 - Thu, 28 Feb 2019
Athens, 104 39
Sun, 17 Mar 2019 - Fri, 22 Mar 2019
Boston, Massachusetts 02199
Tue, 9 Apr 2019 - Thu, 11 Apr 2019
Thu, 2 May 2019 - Sat, 4 May 2019
Fri, 17 May 2019 - Sun, 19 May 2019