Browse the R3 Summit 2019 agenda and speakers below.
The R3 Summit 2020 agenda will be released at the beginning of next year

08:00 – 09:00: Registration & welcome refreshments

Cyber resiliency by design: Prepare, absorb, recover, adapt


  • Creating a response plan that minimises confusion and stress without deviating from habitual actions
  • Developing a positive security culture that helps increase early detection
  • Incident Response plans are not perfect. Communication is crucial during an incident
  • Resilience v Robustness – adapting in a changing environment

by A Senior Representative (confirmed), NCSC Show Profile


The human in Cyber Resilience: How dysfunctional behaviour during response and recovery can be avoided so that your organisation emerges on the other side stronger and more competitive


  • Organisational Resilience, as defined within the business and management literature is a business outcome as opposed to a process, management system, strategy or static characteristic.
  • It arises through a complex interplay of factors, the presence, importance and contribution of which change in response to the threats posed by the external environment and the inherent vulnerabilities of the organisation.
  • Unlike most business outcomes, such as increasing profit, improving customer service and reducing carbon emissions, organisational resilience can only be observed and measured when the organisation is responding to and recovering from stress.
  • Whilst many factors are involved, the role of people, and their actions, cannot be overstated.  People, especially groups of people in institutionalised settings, are affected by stress in some quite unusual ways.

by Dr. Sandra Bell, Head of Resilience Consulting, Sungard Availability Services Show Profile


Emerging practice in developing and implementing an operational resilience framework

Panel discussion

  • How have organisations addressed the challenge for improving organisational resilience to keep pace with the emerging threat and regulatory expectations?
  • Approaches, opportunities and challenges to developing and implementing an operational resilience framework
  • What metrics or indicators could be used to assess and compare operational resilience?
  • What are the practical challenges related to improving operational resilience in the information supply chain?

by Nic Devine, Global Head of Operational Resilience, Deutsche Bank Show Profile

by Barrie Millett, Head of Operational Resilience, Wesleyan Show Profile

by Robin Jones, Head of Technology, Resilience and Cyber, Financial Conduct Authority Show Profile


10:40 – 11:10: Morning refreshments & network

How do you use Next Generation technology in your Incident Response planning?

Roundtable 1

  • How do you balance technology and your human resource in Incident Response?
  • Can you rely solely on technology to give you the answers you need?
  • Do you see potential in AI to drive efficiencies and time to recovery?
  • How can you use your Incident Response planning for more than data breaches?

by Kevin McMahon, CEO, CYJAX Show Profile


What metrics or indicators do you use to assess operational resilience?

Roundtable 2

by Charlotte Davis, Head of Operational Resilience, Bupa Group Show Profile


How do you involve your supply chain partners in your operational resilience testing?

Roundtable 4

by David Gordon, Global Crisis Management Lead, Standard Life Aberdeen Show Profile


Breach notification since GDPR: How have you been dealing with your internal incidents and breaches of data?

Roundtable 8

by Rocio de la Cruz, Principal Associate, Gowling WLG Show Profile


How do you train your security teams to develop personal resiliency?

Roundtable 10

by Bharat Thakrar, Chief Technology Officer and Cyber Advocate, Learning People Show Profile


How to detect and manage internal threats

Roundtable 12

by Jeremy Swinfen Green, Head of Consulting, teiss Show Profile


The data breach vs. the ethics breach: How to prepare for both

Roundtable 3

  • Break down the difference between a data breach and an “ethics breach”
  • Hear key insights from recent data breaches and learn how to avoid these mishaps
  • Gain an incident and breach toolkit to prepare your organisation ahead of a breach

by Vipul Asher, Privacy Consultant, OneTrust Show Profile


How successful is your recovery plan in a cyber attack?

Roundtable 5

  • Why cyber attacks are likely to be the Achilles heel of your recovery strategy?
  • Why existing and traditional DR systems will never be enough today?
  • How robust and agile is your Resiliency strategy in a hybrid multicloud world?
  • How can you sidestep cyber attacks and function under duress?
  • What regulatory mandates does cyber resilience help you comply with?

by Richard Hamilton, Cyber and Disaster Recovery Consultant, IBM Resiliency Services Show Profile


How to reduce your attack surface with data sanitization

Roundtable 7

Access to the right data is important for any organisation. But while data is an asset, it can also be a huge liability. And the problem is not just deciding how to collect and use data legally. It is critical to decide what data to collect and keep, and what data to permanently remove.

  • How does unnecessary data storage increase costs and information risk?
  • How can I ensure data security when I migrate data to the cloud?
  • How can I destroy data safely and prove to regulators and other stakeholders that I have done so?
  • How can I manage IT assets so that when they are reassigned internally or sold to third parties the data on them is deleted?

by Fredrik Forslund, Vice President, Enterprise & Cloud Erasure Solutions, Blancco Show Profile


Taking on external threats and communicating effectiveness to the board

Roundtable 9

  • The world of external threats and corresponding threat intelligence continues to evolve at an astonishing rate and technology leaders are increasingly asked to provide countermeasures for threats originating beyond the perimeter.
  • The risks of not responding to these challenges are huge – but how do you consider taking on such a task when the perimeter demands so much of your attention ?
  • How do you prove efficacy to the board to secure vital funding, in order to sufficiently strengthen security posture ?

by Trevor Crompton, WW VP Sales, Blueliv Show Profile


Does converged security deliver better Business Resilience? How technology can break down silos

Roundtable 11

  • Risk mitigation is everyone’s business, how is technology helping you to address the threats against your organisation?
  • How are you using technology to support your cyber and physical security resilience?
  • Can it support both functions simultaneously?
  • What does the trend towards AI mean for the functions that deliver operational resilience?
  • Can AI help you to optimise your resilience against external risk?

by Tim Willis, Director Corporate Security, Dataminr Show Profile


How do you plan your cyber incident response exercises?

Roundtable 6

by Mark Chaplin, Principal, Information Security Forum Show Profile


12:40 – 13:40: Lunch & Network

Are you prepared enough to survive a cyber attack?

Case study

  • Digital transformation is enabling disruptive business models to provide improved customer experience and better business outcomes.
  • Hybrid multicloud adoption is the key pillar enabling this digital transformation.
  • The risk landscape in such a complex world is dramatically changing and cyber attacks are now no longer a question of ‘if’, but ‘when’.
  • Organisations must build cyber resilience early into their digital and cloud transformation strategy. It’s time to re-evaluate your traditional disaster recovery programs.

by Felicity March, Cyber Resilience Specialist, Europe Infrastructure Services, IBM Resiliency Services Show Profile


The evolution of cyber risk management and how to engage with the board

Case study

  • The 4th industrial revolution, driving technology and data consumption, driving cyber security.
  • Supporting the board understand cyber as a complex enterprise wide risk.
  • The role of the board in securing the balance sheet and the role of cyber risk management.
  • What the board should know and how to report cyber risk effectively.

by Andy Watkin-Child, Chartered Security Professional Show Profile


What are the barriers to improving cyber resilience in organisations and business, and how to overcome them

Panel discussion

  • Challenges between internal organisational structures
  • Access to the right skills and technology
  • Poor visibility of entry points to detect a breach in real time
  • Shift in mindset from SOC to shared duty

by Ian Burgess, Head of Cyber Policy, UK Finance Show Profile

by Drew Gibson, Head of Cyber, Sopra Steria Show Profile

by Dr Ruth Massie, Senior Lecturer in Cyber Governance, Cranfield School of Management Show Profile


The Response and Recovery feedback cycle and the pursuit of continual improvement

Case study


by Thom Langford, Founder, TL(2) Security Show Profile


Planning a cyber incident response exercise in critical national infrastructure and the lessons learning during execution

Case Study

by Peter Gibbons, Chief Security Officer, Network Rail Show Profile

by Guy Huckle, Head of Operational Security and Contingency Planning, Network Rail Show Profile


Internal Information sharing and collaboration – best practice during response for a faster recovery

Panel discussion

  • Effective internal communication approaches and channels to manage every stage of a breach.
  • Ensure your people are empowered to give an effective, professional response to protect your reputation and assets
  • Identifying the stakeholders to participate
  • How to identify and share relevant information

by Titta Tajwer, CISO, News UK Show Profile

by Massimo Cotrozzi, Director - Cyber Intelligence Centre, Deloitte Show Profile


15:20 – 15:50: Afternoon refreshments & Networking

Interactive incident response workshop



What makes a resilient business and Information Security leader?

Panel discussion

  • How to deliver Business Resilience as a Service at scale and adding everyday value to the service
  • Developing Business Resilience awareness training within the security function
  • How to ensure colleagues return to business-as-normal after a crisis
  • How to reward resilient behaviours in the wider business

by Phil Huggins, Security and Risk Leader Show Profile

by Dr. Paul Robertson, Director of Resilience, continuity and crisis, EY Show Profile

by Vicki Gavin, Security, Privacy and Resilience - Advisor / Thought Leader Show Profile


Cyber Crisis Playbooks to avoid mistakes from previous breaches


  • Receive a bespoke analysis of how resilient their organisation is to cyber attack
  • Clear Command & Control: how the best playbooks maintain clarity of decision-making through the ambiguity of a major breach
  • Response at Internet speed: how the best playbooks use templates and holding statements to accelerate effective recovery
  • Exercising is Essential: how the best playbooks maintain readiness through an owned schedule of rehearsals

by Kevin Duffey, Managing Director, The Cyber Rescue Alliance Show Profile

by Chris Procter, Director, Data Protection + Show Profile


How do you plan for the human responses in your Incident Response plan?

Panel discussion

  • The reality of the human response to an incident and not the planned response
  • Selecting incident management team members not on seniority or technical expertise, but on their knowledge and ability to respond collectively in an incident
  • People is the most important asset a company can have. Have lessons learnt after each critical/high incident and understand where “people” failed and improve your controls
  • Creating playbooks for under pressure people to avoid forgetting basic things

by Tiffany Georghiades, Crisis and Resilience Manager EMEA, The Walt Disney Company Show Profile

by Diana Moldovan, UKI Cyber Operations Lead, Aviva Show Profile

by Andy Shaw, Head of Information Security - Premier Inn & Restaurants, Whitbread Show Profile

by Jim Steven, Head of Data Breach Services, Experian Consumer Services Show Profile


17:30 – 19:00: Drinks Reception

back to top

Copyright © Lyonsdown Ltd. 2016. All rights reserved.