From Security to Resilience – Rethinking the Impossible
11th & 12th March 2026 • Park Plaza Victoria, London, UK
100% security is impossible. So, security alone doesn’t keep organisations running, security + resilience does.
Recognising this requires a fundamental shift at every organisation – in people, process, and technology.
Secure everything? Or survive anything?
“Cybercriminals pose a seismic and increasingly sophisticated threat to businesses and national security. Yet Britain seems remarkably ill-prepared,” The Guardian October 2025
Cybersecurity professionals may take issue with the last words, but they surely understand that that’s what it looks like to politicians, shareholders, customers and the public in general. ‘What are ministers going to do about this?’ is an increasingly common question in the press. All of which means that at last the true significance of cybersecurity is being realised. Finally, then, will organisations spend the right money on the right things?
Preventing a Digital Breakdown | The Accountability Reckoning Boards no longer accept ‘too hard to quantify.’ CISOs must speak the language of risk — or be replaced. If we can model credit default and hurricane exposure, and allocate capital against it, why pretend cyber risk is immeasurable? Security is operational risk. It should be measured and managed as such. | Regulators Have Already Decided Their question isn’t if you’ll be breached. It’s how fast you recover. DORA, NIS2, the UK Resilience Framework and the rest are much less interested in your security stack and much more interested in how you’ve identified critical dependencies, business services and processes and how you can keep them running. |
From Defence to Design for Failure If security can’t guarantee safety, resilience must become the organising principle. A truly resilient enterprise could survive without security. Security becomes an efficiency function — not a guarantee. | The ROI Reset CISOs started off talking about data crown jewels and GDPR – but data losses are not existential, it’s data encryption and attacks on IoT systems that are. So, is uptime the only relevant metric? | Enabling continuity Defence tools must prove they enable continuity. Cybersecurity done well should be seen as foundational to resilience. The key is to be able to link specific security goals to business risks. |
Next generation tools and models: the rise of AI Resilience and security need many of the same things: visibility across technology and processes; accurate inventory mapping; data integrity and availability; risk-based prioritization. So how will AI help with these? | The future of the cybersecurity stack The stack of the future is a resilience architecture: dynamic, AI-assisted, and impact-aware. Its goal is not to prevent every breach, but to ensure that when compromise happens, the organisation stays in business. | CISO or Cyber Resilience Chief – A New Power Base? Resilience is the new seat at the table. If resilience not security is the endgame, what does that mean for hierarchies, budgets and responsibilities? Will The next generation of CISOs defend walls or rebuild faster? |
How vendors can respond to the new resilience paradigm
Turning security into resilience – re-thinking your security toolset
Defence tools must prove they enable risk measurement and management, as well as continuity.
Detection as Resilience Speed is resilience. The vendors who thrive will be those who turn detection and response into minutes, not days. It’s no longer about catching every attacker — it’s about shortening dwell time, preserving core processes, and containing the blast radius before business impact sets in. | Resilience is a Data Problem You can’t recover what you don’t understand. The best cybersecurity tools are now the ones that see across dependencies — mapping which processes, identities, and suppliers matter most. Visibility isn’t just security analytics anymore; it’s the foundation of adaptive recovery. | Vulnerability Management vs Exposure Prioritisation Scanning every CVE means nothing without knowing which asset underpins which process. Resilience-aligned vulnerability vendors will fuse exposure data with business criticality scoring — helping risk leaders prove that the systems most vital to operations are also the most defended. |
Incident Response Becomes Recovery Engineering New generation incident response it starts when operations must be restored. The leading IR providers are expanding into “recovery engineering” — building predefined restoration playbooks, secure failover architectures, and post-incident dependency analytics that prove to boards and regulators that recovery times are predictable and tested. | Zero Trust Re-Defined as Graceful Degradation Zero Trust has been sold as “trust nothing.” The resilience version is “trust what’s left.” The most forward-looking vendors are designing architectures where services degrade gracefully rather than fail catastrophically — so the business can operate in a partial trust mode while recovering full capacity. An impractical utopia becomes realizable. | From Endpoint Protection to Endpoint Continuity Endpoints aren’t just entry points; they’re business enablers. In a resilience model, the endpoint provider that wins is the one that helps the organisation keep working even when devices are compromised. Automated isolation, local restore capabilities, and identity-based reauthentication make endpoint agents part of the continuity fabric, not just the perimeter. |
“The fusion of security and resilience will demand new architectures, new mindsets, and perhaps new leadership titles — but also more investment. Organisations can no longer just talk the talk.”
Threat Intelligence is Business Impact Intelligence Threat data has become abundant; what’s scarce is relevance. The next generation of threat-intel vendors map adversary campaigns to the organisation’s critical process dependencies — turning technical IOCs into operational risk insights. The winners are those who can brief not just SOC analysts, but resilience committees and risk officers in business-impact language. | Threat Hunting For Continuous Assurance The best hunters are becoming resilience auditors. Instead of chasing every trace of intrusion, they prioritise hunts by business criticality — proving that vital functions remain uncompromised. Continuous threat hunting becomes a living control assurance mechanism: a test of whether resilience assumptions hold in practice. | From I(D)AM to Identity Resilience Identity systems are now single points of systemic failure. IAM vendors must pivot from “locking down” to “failing safe” — ensuring that recovery identity stores, delegated trust models, and just-in-time credentials can keep essential services running when the primary directory collapses. The new IAM pitch: you can still operate when your IdP goes dark. |
Cloud Security is Cloud Recovery Architecture Cloud controls can’t just prevent misconfiguration — they must guarantee recoverability. Cloud-security vendors that integrate configuration management, snapshot integrity checks, and cross-region failover orchestration are no longer security add-ons; they are resilience engines that assure continuity in hybrid and multi-cloud ecosystems. | Network Security Means Dependency Mapping Firewalls and segmentation are necessary but insufficient. The real value for network vendors now lies in visibility of interdependence — knowing which flows matter most for critical processes. By mapping and tagging business-critical pathways, network vendors can position themselves as resilience cartographers, not just traffic police. | SIEM & XDR Are Situational Awareness Platforms In a resilience-driven enterprise, telemetry is only useful if it supports real-time decision-making under duress. SIEM and XDR vendors can position themselves as command-centre backbones, feeding incident command, risk, and business continuity teams with shared situational awareness — not just an undigestible tsunami of alerts. |
“The good news for vendors is that organisations are being reminded daily that their operations can be taken offline for weeks, even months, by a straightforward ransomware attack. They need to invest now.”
Security and Resilience through AI (while Securing AI…)
AI in cybersecurity is well-funded but poorly explained. How does it work, what will it deliver and is it secure?
From Static Rules to Self-Learning Defences Traditional SIEM, EDR, and XDR platforms are evolving from rule-based systems into self-learning ecosystems. Advanced ML models and transformer-based architectures allow systems to identify novel attack patterns without prior signatures. However, these models can be poisoned by adversarial data or manipulated through prompt injection and model inversion — creating new surfaces of compromise. | Threat Intelligence and Adversary Simulation Generative AI is transforming how analysts synthesize and communicate intelligence. LLMs can draft attacker playbooks, simulate phishing lures, and summarize multi-source threat feeds, dramatically reducing the time between detection and action. But the same capability can be exploited by attackers at scale — forcing defenders to authenticate not just identities, but language patterns and context. | Predict, Prioritise, Patch By integrating NLP and predictive analytics, AI can mine vulnerability databases, code repositories, and telemetry to predict which CVEs are most likely to be exploited in a given environment. This enables CISOs to move from reactive patching to pre-emptive mitigation. But attackers can use similar models to target unpatched systems faster than ever, creating an AI-accelerated race between discovery and exploitation. |
Always-On Defence, Continuous Response Agentic AI architectures — where semi-autonomous software entities patrol networks, triage incidents, and even patch systems — promise 24/7 protection without human fatigue. These agents can coordinate across silos (endpoint, cloud, identity) to contain threats in seconds. Yet the delegation of operational authority raises governance questions: how do CISOs ensure explainability, ethical boundaries, and control if an agent acts on incomplete or corrupted data? | Data Correlation and Anomaly Detection AI’s ability to unify disparate telemetry — from IoT sensors to SaaS APIs to industrial controllers — gives security teams unprecedented visibility across the enterprise. Cross-domain embeddings and graph AI reveal hidden dependencies and behaviours that human analysts would miss. Yet increased reliance on centralized AI pipelines introduces systemic risk: if data integrity or model logic is compromised, every downstream decision may be corrupted. | Model Integrity, Governance, and Supply-Chain Risk As organizations embed AI into every layer of their stack, “AI security” becomes a new domain of cybersecurity. Models must be version-controlled, auditable, and protected from theft, inversion, or malicious fine-tuning. Governance frameworks must extend beyond data privacy to include model provenance and policy enforcement. CISOs now need to protect not just networks and data — but the AI decision systems that will increasingly run both. |