Agenda

SCHEDULE OF EVENTS

Monday, April 15, 2019

4:45 PM

Welcoming Remarks

Joel Baker

President and CEO
MSA Research Inc.

Emcee

Adam Segal

ICRMC 2019 Emcee and Director of Cyberspace and Digital Policy Program
Council on Foreign Relations

5:00 PM

State of the Union Part I: Understanding the Threat Horizon

Phyllis Schneck

Managing Director and Global Leader of Cyber Solutions
Promontory, an IBM Company

5:45 PM

State of the Union Part II: The Global Regulatory Landscape

Large-scale data breaches are increasingly in the public eye; consumer trust in brands is faltering, creating a surge in data and privacy protection discussions from the Boardroom to the front lines. While the European Union’s General Data Protection Regulation (GDPR) has occupied much of the spotlight since coming into effect in May, globally there has been a barrage of privacy laws like the California Consumer Privacy Act that was passed in June and the breach-reporting amendments to PIPEDA came into force on November 1st. What do these and the plethora of other privacy regulations mean for your organization when it comes to protecting an individual’s personal data?

Moderator

Adel Melek

Global Vice Chairman, Risk Advisory
Deloitte LLP

Panelist

Beth Dewitt

Partner, Risk Advisory
Deloitte

Panelist

Troels Oerting

Head of the Global Centre for Cybersecurity
World Economic Forum

6:30 PM

Cocktail Reception Sponsored by Slice

7:30 PM

Gala Dinner

Tuesday, April 16, 2019

08:00 AM

Breakfast

09:00 AM

Opening Remarks

Joel Baker

President and CEO
MSA Research Inc.

Emcee

Adam Segal

ICRMC 2019 Emcee and Director of Cyberspace and Digital Policy Program
Council on Foreign Relations

09:30 AM

The CISO Perspective: A Fireside Chat

The role of CISO is an ever-slogging fight at times to implement security, reduce risk and train employees on basic security hygiene principles. The job tends to eat at security executives with its high stress and career risk, plus the role itself is still maturing. So what is a CISO to do? Who would want this type of job? Let's talk about some ideas on how to help our peers thrive in this role. A truthful view into the role of the CISO and the myriad of jobs this position is expected to fulfill for an organization. We will look at how a CISO operates within a business, the risks and forces of opposition they face as a change agent and the responsibility they bare as the senior security executive for the business. We will delve into the impossible positions CISOs face daily at times to balance business operations versus risk mitigation and the stress it puts on the individual, their family and the cyber community at large. Finally, we will discuss initiatives we have championed, as CISOs, to take care of our teams, help peers and mentor new CISOs who are experiencing the turbulence of their first security executive role.

Moderator

Doug Howard

Vice President
Global Service and IT Innovation
RSA Security

Panelist

Gary Hayslip

Vice President and CISO
Webroot

Panelist

Nick Steele

Deputy CSO
Dell

10:30 AM

Networking Break

10:50 AM

Concurrent Session A - Pulling Back the Curtain: The Future of Cyber Insurance

2017 was arguably the most financially devastating year to date for companies who experienced a cyber breach. Around the world, these incidents resulted in the loss of billions in market capital, the firing or resignation of CISO’s and CEO’s and large scale government investigations. In a 2018 global survey by the Ponemon Institute, IT security practitioners were more pessimistic than in past years about their ability to protect their organizations from cyber security threats. Yet, despite this apparent increase in the frequency and severity of cyber losses, the cyber insurance market has continued to grow and evolve. This session will consist of a candid conversation concerning the state of the cyber insurance market, the evolution of underwriting cyber risk, the convergence of coverage, and cyber claim trends. More specifically, we will talk through key considerations in building an effective insurance portfolio (including information about the limitations of insurance), dispel the myths concerning coverage and claims, and share our insights from both an underwriting and broking perspective.

Moderator

Greg Markell

President and CEO
Ridge Canada Cyber Solutions

Panelist

Jennifer Drake

Vice President and Legal Consultant
Financial Services Group
Aon

Panelist

Greg Eskins

Managing Director
Specialties Leader
Marsh Canada

Panelist

Ruby Rai, CIPP/C, CRM

Manager, Cyber & Professional Liability
AIG Canada

10:50 AM

Concurrent Session B - Corralling Cyber Operational Risk Controls and Measurement: GRI and FAIR Institute

There’s an old saying in marketing that “Half of your marketing dollars are wasted. You just don’t know which half.” Given the common state of cyber risk measurement practices today, you have to wonder whether the same is true of cyber-related controls. In this session, the panel will discuss some of the challenges that currently limit our profession's ability to identify and focus on the things that matter most, or understand the value of our controls. It will also discuss some of the misperceptions and challenges regarding cyber risk measurement that inhibit broader adoption of better risk measurement methods, and steps you can take to help make a difference.

Moderator

Mike Stramaglia

Executive in Residence
Global Risk Institute

Panelist

Thomas Davies

Associate Partner, Cyber Security
Financial Services Office
EY

Panelist

Jack Jones

Co-founder and Executive VP, Research & Development, Risklens
and Creator of Factor Analysis of Information Risk (FAIR)

11:45 AM

Lunch and Keynote Presentation Sponsored by AIG

Speaker

Sir Rob Wainwright

Partner, North-West Europe, Deloitte
and former Executive Director of Europol

1:15 PM

Mitigating Cyber Risk with Technology: What You Need to Consider

There are scores of technology options for cyber protection but how should an organization go about deciding what is the right technology option for its enterprise and risk profile? Our panel will discuss this issue from a user's perspective, providing a framework for looking at how businesses should approach procurement decisions around cybersecurity technology and the available options.

Moderator

Steve Tenai

Partner
Aird & Berlis LLP

Panelist

Azam Dawood

Head of Technology Procurement
BMO

Panelist

Michael Eubanks

Senior Vice-President, Information Technology and Chief Information Officer
LCBO

Panelist

Richard Wilson

Partner, Cybersecurity & Privacy Consulting
PwC

2:15 PM

Concurrent Session A - Success and Failure: Lessons Learned from Recent Breaches and ISAC Success Stories

Organizations are constantly battling the onslaught of threat actors attacking their information assets. It has become best practice to work on improving incident response processes on an ongoing basis. Once breached, however, each situation is different and no matter how well you are prepared, things never go as planned. Alexander Rau, Senior Manager with Mandiant, and Rob Labbé, Director of Information Security at Teck Resources, will jointly discuss some of the lessons learned from publicly disclosed breaches to highlight key insights in possible improvements to processes, procedures during an incident response as well as third party engagement. As the co-founder of the MM-ISAC (Mining and Metals Information Technology Information Sharing and Analysis Center), Rob Labbé will also share the advantages of being a member of an ISAC and the benefits of information sharing, training and staff development, working groups and collaboration that come from working with other organizations within your industry.

Rob Labbé

Director, Information Security,
Teck Resources Ltd.

Alexander Rau

Senior Manager, Consulting Services
Mandiant

2:15 PM

Concurrent Session B - Actuarial Perspectives on Cyber Pricing/Reserving/Aggregation Management

A Cyber Actuary and a Cyber Security Expert Walk into a Bar… Any discussion of cyber risk modeling usually starts with complaints about the evolving threat and scarcity of data. Thus far, actuaries have approached cyber risk with caution, even as the cyber insurance market has grown rapidly around them. MeA Cyber Actuary and a Cyber Security Expert Walk into a Bar… Any discussion of cyber risk modeling usually starts with complaints about the evolving threat and scarcity of data. Thus far, actuaries have approached cyber risk with caution, even as the cyber insurance market has grown rapidly around them. Meanwhile, a small number of cyber security experts have taken steps to understand cyber insurance with the aim to establish a quantitative foundation for managing cyber risk. Join us for a conversation between two such individuals as they explore the tough questions and share their insights around cyber aggregation risk, silent cyber exposure, risk selection, reinsurance, and cyber catastrophe events, to name a few.anwhile, a small number of cyber security experts have taken steps to understand cyber insurance with the aim to establish a quantitative foundation for managing cyber risk. Join us for a conversation between two such individuals as they explore the tough questions and share their insights around cyber aggregation risk, silent cyber exposure, risk selection, reinsurance, and cyber catastrophe events, to name a few.

Ben Goodman

Founder and CEO
4A Security & Compliance

Jonathan Laux

Managing Director and Head of Cyber Analytics
Aon

3:00 PM

Networking Break

3:20 PM

Two Technologies: The Quantum and Blockchain Cyber Steam Trains - Swot Analysis

Quantum and Blockchain have gathered much attention in recent years due to their potential as intensely disruptive technologies. Unfortunately, what they really are and what their real impact could be is often misunderstood. The advent of scalable quantum computers will put at risk our current use of public-key cryptography to secure Internet communications and otherwise support our digital economy. This potentially devastating effect requires us to plan and put in place risk mitigation strategies for this so-called "post-quantum era". However, quantum computing is not expected to bring significant changes in our ability to tackle hard computational problems nor lead to breakthroughs in Artificial Intelligence, for example. On the other hand, the use of blockchains has the potential to create distributed applications in the absence of a trusted third-party. This has vast-reaching implications in many sectors of our economy such as currency, banking, real-estate, supply chain, transport and even management. However, the use of distributed ledgers whose integrity is protected by blockchain technology can be inefficient, and in application domains where a trusted authority exists or is required it might not be an optimal solution to manage trust. So is blockchain the answer for managing trust in a post-quantum world? Well, it depends... This panel will address this and related questions, with the more general aim of demystifying Quantum and Blockchain, what they are, how they are related, what it really means to all of us in the future.

Moderator

Laurence Cooke

Founder and CEO
nanopay

Panelist

José Fernandez

Associate Professor
École Polytechnique de Montréal

Panelist

Michele Mosca

CEO and President
evolutionQ Inc.

Panelist

David Verbeeten

Domain Expert (Insurance)
ConsenSys

4:15 PM

When your CISO gets sued

Moderator

Kirsten Thompson

National Lead of Transformative Technologies and Data Strategy Group,
Partner, Privacy & Cybersecurity
Dentons LLP

Panelist

Anahi Santiago

CISO
Christiana Care Health System

5:00 PM

Conference Wrap Up