Main Conference Program 2018

March 20th, 2018

08:00

Registration and refreshments

08:50

CHAIR'S WELCOME REMARKS

*Interactive Audience Poll via Sli.do
Vote live to generate real-time content #CYBERRISKNSA

9:00

KEYNOTE ADDRESS: Future outlook- Cyber risk in 2020

9:30

GUEST ADDRESS: 

10:00

CISO PANEL: Next generation cyber risk management

  • How do you develop risk appetite limits for cyber security risk?
  • What are the weakness or challenges firms experience with the data aggregation or intelligence gathering tools to address cyber security risks?
  • The Fed guidance issued recently specifies the CISO function to be part of 2LOD. How are firms implementing it?

10:50

Morning coffee and networking break

11:25

PANEL DISCUSSION: Mitigating cyber risk losses

  • Do U.S. banks have sufficient capital to absorb worst case cyber risk losses?
  • Does your info security use the same risk framework as ops risk?
  • Given that firms have different defences in place, how do firms understand weaknesses and risk priorities?

12:00

PANEL DISCUSSION: Modelling cyber risk

  • Does the vast scope of threats make modelling for cyber risk unfeasible? Can risk models accurately capture cyber risk?
  • How to apply stress testing and scenario analysis to cyber risk
  • Do you redo the same cyber scenarios each year or do new ones?
  • Do you combine cyber scenarios along with macro scenarios?

Manan N. Rawal, Regional Head of Independent Model Review & Governance, HSBC USA

12:45

Lunch and networking break

1:45

SPOTLIGHT ON: Overcoming current challenges for effective quantification

  • Evaluating the lack data to develop Risk Appetite Statements
  • How to shift to consequence-driven cyber risk management
  • How to tame complexity to facilitate quantitative cyber risk measurement?

2:20

LIVE INTERVIEW: Insurance of cyber risk- an additional tool in the toolkit

  • How do firms broaden scope of insurance risk products?
  • What are the data and tools used to insure cyber risk to effectively manage the risk? How to manage the risk and not just transfer it?

2:55

Afternoon coffee and networking break

3:25

THE EXECUTIVE BOARDROOM: Tone from the topMemo to the Board

  • How do you see ORM and cyber risk interacting with the Board? What is the nature of the op risk and cyber risk reporting to the Board? 
  • Op risk and cyber risk now have a voice with the Board of Directors- What is needed to improve the Board's understanding of operational and cyber risks? Does the board have the necessary information regarding the pain points in the organisation? 
  • What are Board expectations? What is expected of them to dispense their duties properly and are they focused on the right things?
  • Adding value to the business:
  • What value is operational and cyber risk bringing to the business? 
  • What is a great example of bringing something valuable to the business from your second line view?
  • The value operational risk and cyber risk adds and the costing framework- how to assess whether putting a control in place will save or cost?

Michael J Abriatis, Executive Vice President, Chief Operational Risk Officer, PNC BANK
David Canter-McMillan, Function Head for Operational Risk, FEDERAL RESERVE BANK OF NEW YORK

*Audience Q&A
Submit your questions via sli.do

4:15

WAR GAMES: Disaster recovery and business continuity in operational risk

PART I: SCENARIO DISSECTION AND STRATEGIZING
In each scenario, participants are introduced to an operational risk scenario which is still unfolding and asked to consider the immediate steps they would advise their firm to take based on the information available at each stage
PART II: HARVEST SESSION
Each host will summarise their POA of the discussion and present it back to the table participants with comments

Learning outcomes:

  • What immediate actions would you advise your firm to do in the scenario?
  • Hierarchy of response- who are the 1st and 2nd responders?
  • Incident management- how do you assess the impact on your firm?
  • What's your crisis management protocols? What do they look like? 
  • Business continuity planning from employees to infrastructure 
  • What's your loan exposure for customers impacted?

 

5:30

CHAIR'S CLOSING REMARKS

Alexander Campbell, Divisional Content Editor, RISK.NET

5:35

Networking drinks reception

7:00

Private dinner- Invite only

March 21st, 2018

08:30

Registration and breakfast

09:00

CHAIR'S OPENING REMARKS

09:10

KEYNOTE ADDRESS: Redefining customer protection and service with the rise of cyber threats using social engineering

*Audience Q&A
Submit your questions via sli.do

09:40

PANEL: Third party vendor risk- Fraud and cyber security

  • How do you integrate the information security function with fraud detection?
  • What is the best method you have seen in conducting an incident exercise?
  • Data breach related fraud prevention- What does authentication look like in the future?

*Audience Q&A
Submit your questions via sli.do

10:30

Morning networking break

11:05

SPOTLIGHT ON: Systemic cyber risk reduction

  • Consolidating an integrated industry wide response to cyber security risk
  • Concerns over risk aggregation
  • Importance of mapping tools

11:35

PANEL DISCUSSION: Extrapolating the causes of cyber security breaches

  • Evaluating the role of human error
    • Inadequate controls on sensitive data
    • Insider threat and ‘anomalous behaviour' by staff
  • Ransomware and/or phishing
    • Preventative controls (AV, Advanced End-Point, Cloud Filtering)
    • Recovery strategies from ransomware

12:20

Lunch and networking break

1:20

WAR GAME: How to rob a bank in 2018

Back in the 1900's a traditional bank heist, required meticulous preparation and planning- arranging the right tools, insider information, timing, target, plan-B and get-away-car was of essence. Not much has changed in that sense, a cyber-heist in the 21st century requires similar preparation. This session will allow all conference attendees to jointly prepare a cyber-heist; the results of which will likely be surprising to all involved.

1:55

WAR GAME: Robbing the bank in 2018

....continued

2:25

Afternoon coffee and networking break

3:00

CHAMPAGNE KEYNOTE ADDRESS: To boldly go where no state regulator has gone before: New York's first in the nation cybersecurity regulation- where do we go from here?

*Audience Q&A
Submit your questions via sli.do

3:30

ALL STAR PANEL: The insidious effects of geopolitical risk

  • How to prepare for potential repercussions within your own firms - The increasing necessity for Boards and Chief Risk Officers to monitor the political and business environment 
  • How to reflect the increased economic and political uncertainty caused by political events in your risk - based capital models? I.e. are you holding more capital?

*Audience Q&A
Submit your questions via sli.do

4:20

CHAMPAGNE ROUNDTABLES: Bring your questions, leave with your answers!

From session to roundtable- Take the day's most contentious issues and fully engage with your peers in small interactive roundtable discussions to drill down, share best practice and take away diverse approaches to the same challenge from your fellow industry peers.

5:15

CHAIR'S CLOSING REMARKS

5:20

End of Cyber Risk North America

 

>> Follow this link to view our speaker profiles

Follow program updates on Twitter #CyberRiskNA

For updates or to discuss speaking opportunities please contact Genevieve Furtado: