Agenda
08.30 - 09.15: Registration and refreshments
09.15 - 09.20: Chairman’s welcome
Jonathan Easton, Editor, FStech
09.20 - 09.50: Keynote speaker: From Tabletop exercises to Polycrisis: Evolving Resilience Exercises in the Financial Sector
Fox Ahmed, Global Head of Cybersecurity and Technology and Data Protection Regulatory Risk, BNP Paribas
Financial services have long relied on tabletop exercises to test their incident response and continuity planning. But the environment has changed; regulatory expectations are sharper, third-party dependencies are deeper, and geopolitical shocks can ripple into technology and operations at speed.
09.50 - 10.20: What 40 CEOs told us about building cyber resilience
Manuel Hepfer, Research Affiliate, Oxford University’s Saïd Business School.
Cybersecurity risk appears on most enterprise risk registers as a top ten risk. Yet, many CEOs who guided their company thought a serious cyberattack acknowledged that they had not paid sufficient attention to managing cybersecurity risk. In this session, Manuel Hepfer will share research insights from a first-of-its kind research study, in which he spoke with 40 CEOs, many of whom had to lead their company through a serious cyberattack. He will share their mistakes and regrets, alongside the top take-aways for cybersecurity leaders.
10.20 - 11.00: Panel: Navigating Evolving UK and Global Cyber Regulations: Compliance, Risk, and Operational Strategies
Panellists:
Lorenzo Grillo, Managing Director – Europe & Middle East Cyber Risk Services Leader, Alvarez & Marsal
Peter Nota, Group Chief Information Security Officer,Vanquis Banking Group
Sarah Pearce, UK Lead Partner, Privacy and Cybersecurity, Hunton Andrews Kurth
Financial institutions face a complex and changing regulatory environment, with new frameworks and updates across the UK and globally. This session explores how firms are responding to recent developments, from DORA in Europe to updated SEC requirements and emerging AI-related policies.
Panellists will assess the operational impact of these changes, outline strategies for compliance, and discuss how technology can support adaptation. The conversation includes practical steps on aligning cybersecurity strategies with evolving compliance expectations, for managing overlapping requirements, tracking rule changes, and maintaining reporting accuracy across jurisdictions.
11.00 - 11.30: Coffee break
11.30 - 12.00: AI in Cybersecurity: The Double-Edged Sword
Anna Webb, Head of Global Security Operations, Kocho
AI threats are evolving at an alarming rate, increasing the urgency for SOC teams to harness AI for defence to stay one step ahead. This keynote explores the dual nature of AI in cybersecurity—how threat actors are leveraging AI to launch sophisticated attacks, and how defenders must respond with equal agility and intelligence. With a focus on financial services, we’ll examine the surge in AI-powered threats, dissect real-world breaches, and outline how modern Security Operations Centers (SOCs) can harness AI to stay ahead.
12.00 - 12.40: Panel: Ransomware reloaded: Defending financial services from modern extortion, sponsored by Rubrik
Panellists:
Eddie Lamb, Global Head of Cyber, Hiscox
Paul Mallon, Solutions Engineering Manager Major Accounts, Rubrik
Will Richmond-Coggan, Partner & Head of Data and Cyber Disputes, Freeths
Ransomware and data extortion attacks continue to evolve, with threat actors adopting increasingly sophisticated tactics and targeting financial institutions with precision. From double-extortion schemes to the use of initial access brokers and underground marketplaces, the business of ransomware is booming. This panel will explore the latest developments in ransomware and data extortion, including how attackers compromise networks, leverage stolen credentials, and negotiate payments. Experts will discuss best practices for proactive defence, early detection, and response, as well as strategies for leveraging threat intelligence to disrupt criminal operations before they cause significant harm. The session will also examine the regulatory and reputational implications of ransomware incidents for financial organisations.
12.40 - 13.10: Ransomware Inc.: The business, players, and power structures of digital extortion
Dr Jason R.C. Nurse, Reader in Cyber Security, University of Kent
Ransomware is no longer the domain of lone hackers, it’s a sophisticated, profit-driven ecosystem fuelled by organised groups operating like modern enterprises. This talk dives into the key players behind today’s most impactful ransomware campaigns, uncovering the structure, tactics, and motivations of threat actors ranging from ransomware-as-a-service (RaaS) operators to affiliates and brokers. We’ll explore how these groups collaborate, evade law enforcement, and evolve in response to defensive measures.
13.10 - 14.10: Lunch Break
14.10 - 14.50: Panel : AI versus Zero-Trust: Reinventing financial cyber defences
Panellists:
Temi Afeye, Senior AI Scientist, Lloyds Banking Group
Thomas Knowles, Head of Security Operations, ClearBank
Amar Singh, Chief Executive Officer, Cyber Management Alliance
As artificial intelligence accelerates the sophistication and scale of cyber-attacks, financial institutions must evolve beyond traditional perimeter-based security. Zero trust architectures – built on continuous verification, least privilege access, and identity-centric controls – are now essential for defending against AI-powered adversaries and advanced persistent threats. This panel will explore how financial organisations can adapt zero trust strategies to counter new attack vectors, integrate AI-driven detection and response, and secure complex, hybrid environments. Experts will discuss practical approaches for implementing zero trust across networks, endpoints, and cloud services, while balancing operational agility and regulatory compliance. Attendees will gain actionable insights into building resilient, adaptive security frameworks that keep pace with the evolving threat landscape.
14.50 - 15.20 : Keynote: Intelligence in Action: A deep dive into Operation Stargrew
Craig Rice, Chief Executive Officer, Cyber Defence Alliance (CDA)
Operation Stargrew was a coordinated operation against a website used by more than 2,000 criminals to defraud victims. Led by Europol, the UK Metropolitan Police, the City of London Police and the National Crime Agency (NCA), the target was LabHost, a criminal platform that enabled phishing attacks on a global scale.
The platform facilitated the creation of fake websites designed to trick victims into disclosing personal information such as email addresses, passwords and bank details. These criminals used the website to request replicas of websites belonging to trusted brands, including banks, health services and delivery companies.
Financial services were directly and significantly affected by LabHost's phishing operations. Globally, 480,000 credit card numbers and 64,000 PINs were stolen, many of which belonged to UK-based financial institutions.
During this session, Craig Rice, Chief Executive of the Cyber Defence Alliance (CDA), will explain the crucial role played by the organisation behind the scenes of the operation and how the it managed to source and transform the data into actionable leads, ultimately helping law enforcement agencies dismantle LabHost’s phishing platform.
15:20 – 15.30: Chairman's closing remarks, quiz and end of conference
15.30 - 17.00: Networking drinks reception
