Thursday 24 April 2025, 9.30am – 5pm (BST)
In person – City of London
In association with
Cybersecurity is often viewed through the lenses of threats and vulnerabilities. However, understanding cyber risk should also involve balancing impact and probability. Discussions about cyber risk are frequently bogged down by technical jargon about exploits, malware, and vulnerabilities, making it difficult for executive decision-makers to grasp and manage these risks effectively.
To address this, we need to quantify cyber risk and make it align with our business strategy. By doing so, we can make informed decisions about security investments and enhance our resilience. Quantifying risk allows us to better understand the weighted potential impact and likelihood of cyber threats, enabling leaders to prioritise scarce resources and develop strategies more efficiently. This approach not only helps in managing cyber risk but also in improving overall organisational resilience. This event explored these critical questions and provided insights into a more effective approach to cyber risk.
Presentations on the day included:
Welcome and introductions
Tarquin Folliss OBE (info), Vice Chairman, The SASIG
Juliette Arnold, Cyber Assurance Manager, Lloyd’s of London (info)
Security metrics – The journey towards risk quantification
Aris Matthidis, Group CISO, Tokio Marine Kiln (info)
Fireside chat: Human-centred security: The role of behaviour in risk reduction
Pieree Noel (info), Group Chief Resilience Officer, CISO and Chief Privacy Officer, Le Collectionist
Simon Culliton (info), Sales Director, SoSafe
Panel session: Insuring the digital age – Quantifying cyber risk
Facilitated by Dr Lucy Fraser (info), Senior Policy Adviser, General Insurance Policy, Association of British Insurers (ABI)
Henry Skeoch (info), Cyber Exposure Management Lead, Beazley
Luke Fardell (info), Lead Cyber Analyst, Tokio Marine Kiln
Elspeth Robertson (info), Cyber Risk Advisor, Lockton
Panel session: Innovation and risk quantification in cyber
Facilitated by Tarquin Folliss OBE, Vice Chairman, The SASIG
David White (info), President, Axio
Peter Dyson (info), Head of Analytics, Kovrr
Justin Hempson-Jones (info), Managing Director, Social Machines
James Hanbury Director, Cybersecurity, KPMG CRQ (info)
Future proofing risk management through quantification: Practically applying the FAIR methodology
Rob Moore (info), Vice President, Mastercard Technology Risk
Why bother with security awareness? Delivering measurable behaviour change
Lucy Finlay (info), Delivery Director for Secure Behaviours and Analytics, Think Cyber
Risk quantification: Turning security data into actionable risk insights
Ivan Milenkovic (info), VP Cyber Risk Technology, Qualys
Risky business: The prejudices and pitfalls of cyber risk planning
Jonathan Mattey (info), Head of Cyber Security, Forge Holiday Group
The exposure evolution: Transforming vulnerability management through proactive risk assessment
Jamie Cowper (info), Director of Product Marketing, Rapid7
Validating cybersecurity strategy and tracking risk reduction: Making company decisions with CRQ
Dr. Adedayo Adetoye Director, Security Architecture and Engineering, Mimecast (info)
Closing keynote: Learning from the mistakes of others – A retrospective review
Stephen Bonner (info), Deputy Commissioner, Information Commissioner’s Office
All SASIG events operate under the Chatham House Rule and there is no charge to attend. Refreshments and lunch were kindly provided by our hosts.
If you are a member of ISACA, ICA, ISC2 or The Security Institute, you can earn CPE/CPD points for attending our events live/in person. Remember to log your attendance with your provider to be credited.
