Agenda

08.00 - 09.00

Breakfast Networking Break
 
09.00 - 09.10

Chair's Welcome
09.10 - 09.30

►From Cybersecurity to Real, Risk-Based Exposure Management: the True Power of Resilience

Steve Davies, Head of Cyber Security, DLA Piper

  • What is Exposure management and how does it differ from vulnerability management? 
  • Managing the real-world risks associated with the modern attack surface
  • Maximising Exposure Management to reduce risks enterprise-wide
09.30 - 09.50

Akamai - presentation to be announced
09.50 - 10.10

►Evolving Threats to Law Firms: Adversary Tactics, Detection, and Defense

Ekow Oduro, IT Security Operations Lead, Forsters LLP

  • How emerging threat actors are evolving their methods against the legal sector
  • How to uncover vulnerabilities across the wider legal supply chain
  • How to spot and disrupt hidden data exfiltration and C2 activity
  • How to strengthen resilience through threat-led testing and simulation
10.10 - 10.50

►Education Seminar 1

Delegates will be able to choose from a range of topics:

  • Attacked at Machine Speed, Defended at the Speed of Dave in the SOC, Thom Langford, EMEA CTO, Rapid7
  • Tenable - presentation to be announced
10.50 - 11.20

Networking Break
11.20 - 11.45

►Collaborating Securely: Addressing Cyber Risks in Chambers Partnerships

Eleanor Ludlam, Partner - Cyber, Privacy and Technology Litigation, Pinsent Masons (Moderator)
Adam Speker KC, Barrister, 5RB
Melanie Hart, Partner – Contentious Information Law & Dispute Resolution, Kingsley Napley

  • Supply chain risks when engaging barristers
  • Technical challenges of securing chambers
  • Navigating breach of confidence during a cyber incident
  • Injunctive relief as a legal remedy
11.45 - 12.05

►European Cyber Threats Exposed: CrowdStrike Threat Briefing

Mark Ward, Senior Regional Sales Engineer, Crowdstrike

  • Exploration of key findings from the 2025 European Threat Landscape, highlighting the tactics and techniques used by leading threat actors
  • Insight into the strategic objectives of adversaries across eCrime, nation-state and hacktivist groups
  • Guidance on how understanding their playbook can inform stronger, more effective defensive strategies
12.05 - 12.25

►Internal Audit – Bridging the Gap Between Aspirations and Reality

Mark Penlington, Head of Risk, Resilience and Internal Audit, Irwin Mitchell LLP

  • Why Internal Audit Is Important: Learn why Internal Audit is essential to providing the assurance and confidence senior executives need to understand how teams actually operate in practice
  • What Internal Audit Is: Understand the role of Internal Audit as an objective, constructive process that strengthens governance and accountability
  • How It Enhances Risk Management and Governance: Discover how Internal Audit bridges the gap between stated controls and actual practice by validating control effectiveness, uncovering hidden risks, and driving better decision-making
  • How to Embed Internal Audit in a Practical Way: Learn practical approaches to implement and integrate Internal Audit to deliver meaningful insight, drive activity and provide lasting value
12.25 - 13.05

►Education Seminar 2

Delegates will be able to choose from a range of topics:

  • Turning Employees Into your First Line of Defence, Sam Hooke, Sales Director, Hoxhunt
  • Ankura - Presentation to be announced
13.05 - 14.00

Lunch Networking Break
14.00 - 14.05

►Zero Trust Controls at the Endpoint

Thomas Jenkins, Account Executive, Threatlocker

  • Discover how ThreatLocker applies Zero Trust at the endpoint, eliminating implicit trust by continuously verifying every application, executable, and action before authorisation
  • Learn how a deny-by-default, malware-proofing approach reduces ransomware risk, stopping unauthorised software and scripts even when other security layers are bypassed
  • Understand how least-privilege enforcement limits attacker capability, ensuring applications and users can perform only explicitly approved actions on enterprise devices
  • Explore how granular, policy-based endpoint control safeguards against modern threats, reducing enterprise exposure to ransomware and other advanced attacks
14.05 - 14.30

►Fireside Chat: Mitigating Concentration Risks in an Interconnected Business Landscape

Simon Brady, Event Chairman, AKJ Associates (moderator)
Ethan Duffell, Head of Information Security, Clifford Chance LLP

  • Identifying and assessing concentration risk across vendors and technology ecosystems
  • Balancing operational efficiency with diversification and risk reduction
  • Communicating the importance of concentration risk to boards and stakeholders
  • Embedding resilience planning to address concentration risks in today’s threat environment
  • Lessons from recent incidents such as Microsoft 365/Azure outages (2024), the 2024 CrowdStrike disruption, and the June 2025 Google Cloud outage
14.30 - 15.10

►Education Seminar 3

Delegates will be able to choose from a range of topics:

  • Safe AI Adoption for Law Firms: Guardrails that Protect Clients (and your Firm), James Derbyshire, Cybersecurity Entrepreneur, Harmonic Security
  • Beyond Questionnaires: Rethinking Supply Chain Security in Law Firms, Justin Kuruvilla, Chief Cyber Security Strategist, Risk Ledger
15.10 - 15.30

Networking Break
15.30 - 16.00

►Panel Discussion: Beyond Compliance — Building Cyber Resilience That Actually Works

Simon Brady, Event Chairman, AKJ Associates (moderator) 
Jonathan Freedman, Head of Technology & Security, Howard Kennedy 
Jonathan Turner, Head of Cyber Security, Farrer & Co 
Federico Iaschi, Information Security Director, Starling Bank
Will Packard, Director - Operational Resilience, Ernst & Young LLP

  • How do we turn risk appetite statements into real decision levers instead of paperwork?
  • With NIS2 and similar rules, what does “appropriate and proportionate” really mean on the ground — and how can risk management steer the response?
  • What cyber metrics really matter — and how do we prove our risk posture to the Board, to clients, and across the entire supply chain, right down to nth-party dependencies?
  • How does a resilience-first mindset transform culture — moving from blame and unrealistic prevention to readiness, adaptability, and fast recovery?
16.00 - 16.00

Chairman's Closing Remarks
16.00 - 17.00

Drinks Networking Reception

Education seminars


Safe AI Adoption for Law Firms: Guardrails that Protect Clients (and your Firm)


James Derbyshire, Cybersecurity Entrepreneur, Harmonic Security

Legal teams are embracing AI to accelerate research, improve client service, and streamline operations. Yet as firms adopt tools ranging from GenAI assistants to AI-enabled practice software, they face a dilemma: how to encourage innovation while upholding strict client commitments, confidentiality obligations, and regulatory requirements.

This session explores how leading legal firms are moving quickly on AI adoption while implementing the controls needed to avoid data exposure, ethical missteps, and compliance violations. Attendees will learn where the most common governance gaps occur, the types of AI-related risks that frequently go unnoticed, and how to establish practical guardrails that protect sensitive information without slowing lawyers down.

Drawing on real patterns observed across law firms of all sizes, the talk outlines a clear framework for responsible AI enablement. You will leave with a deeper understanding of how to safely operationalise AI in a legal environment and how forward leaning firms are putting structure around experimentation, oversight, and continuous monitoring.

Attendees will learn:

  • The most common AI driven exposure patterns in legal workflows and why they occur
  • Where governance gaps arise as firms introduce both sanctioned and unsanctioned AI tools
  • Practical guardrails that balance innovation with confidentiality, client commitments, and regulatory duties
  • How progressive firms are enabling responsible internal AI use while maintaining full compliance

Attacked at Machine Speed, Defended at the Speed of Dave in the SOC


Thom Langford, EMEA CTO, Rapid7

Budgets are tight, your team is stretched thin, and the business is (very) demanding. What CAN you do to get the most out of your people, investments and technology? How can you turn data into action; moving from drowning in alerts to executing precise, high-impact remediations.

Attendees will learn:

  • Augmenting your response time with AI and human expertise
  • Shifting to Managed eXtended Detection and Response to unify visibility across your estate
  • Proactively staying on the right side of the regulators

Beyond Questionnaires: Rethinking Supply Chain Security in Law Firms


Justin Kuruvilla, Chief Cyber Security Strategist, Risk Ledger

Organisations across all sectors rely on increasingly complex digital supply chains, from cloud services and software providers to managed services and specialist vendors. Each connection introduces supply chain risk, yet many security and risk teams still depend on point-in-time assessments that struggle to reflect how risk changes over time. In this session, Risk Ledger will explore the fundamentals of supply chain risk and security, focusing on why visibility is often limited, where blind spots typically emerge, and how organisations can start to untangle complex supplier ecosystems. We will examine why questionnaire-led approaches alone are no longer sufficient, how external and continuous signals can complement existing governance processes, and what a more resilient, defensible approach to supply chain security can look like in practice. The session will also cover how organisations can prioritise effort, reduce noise, and focus on the suppliers that matter most. This session is designed for leaders looking to better understand supply chain risk, build stronger foundations for continuous assurance, and make more informed risk decisions regardless of sector.

Attendees will learn:

  • A clearer understanding of how supply chain cyber risk emerges and evolves
  • Insight into common visibility gaps and why they persist
  • Practical principles for moving beyond point-in-time assessments
  • A framework for prioritising suppliers and focusing on what matters most

Turning Employees Into your First Line of Defence


Sam Hook Hoxhunt 
Martyn Styles, Bird & Bird 

Security awareness that actually scales.

Attendees will learn:

  • Humans and security - People will always be vulnerable to scams, so Infosec teams must focus on education and building a strong “suspicious bone”
  • Low effort for Infosec - Hoxhunt largely runs itself, requiring minimal setup and ongoing management from busy security teams
  • Practical demo - Live demonstration of realistic phishing simulations and how easy it is to set up effective security awareness training