Cybersecurity Summit: UK Financial Services

September 10, 2026 | 8:30 AM ET - 5:00 PM ET

Hosted by BankInfoSecurity

Register Now
Overview
Speakers
Agenda
Topics
Register
Sponsorship

Event Overview

ISMG’s 2025 Financial Services Cybersecurity Summit will tackle the sector’s most urgent cyber challenges. A keynote panel of leading CISOs will discuss how InfoSec leaders’ responsibilities now span IT, data, communications and operations, underscoring cybersecurity’s strategic role. Sessions will deliver insights on advanced threat intelligence, payment fraud prevention, AI’s impact on attackers and defenders, and leveraging cyber insurance in risk management.

The event concludes with the interactive Solution Room, a hands-on incident response workshop where participants face a high-stakes deepfake scenario to strengthen crisis planning and response.

Current Attendee Snapshot
ISMG_FinancialCybersecuritySummit_0213
FinancialCybersecuritySummit_0157
ISMG_FinancialCybersecuritySummit_0714

Scott Tenenbaum

Head of Claims, North America, Resilience

Imran Khan

VP Cyber Security Transformation Lead, BNP Paribas

Seth Rose

Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigation Unit

David Anderson

Vice President, Cyber, Woodruff Sawyer

Vlad Brodsky

SVP, Chief Information Officer, OTC Markets Group

Kimberly Pack

Counsel, Thompson Hine LLP

Speakers

Thought Leaders on Stage Leading Deep-Dive Discussions

ISMG Summits bring the foremost thought leaders and educators in the security space to the stage, interactive workshops and networking events. Learn from the “who’s who” in Cybersecurity passionate about the latest tools and technology to defend against threats 

View Faculty

Keynote Speaker

Moriah Hara

AI Risk & Security Expert, 3x CISO, Board Advisor, Author, CISSP, CISM, AWS Security, PCI QSA

Interpublic Group and Bank of Montreal. She is a Board Advisor to several startups and a Cybersecurity Co-Author for the book, “The Perfect Scorecard: Getting An ‘A’ in Cybersecurity From Your Board Of Directors.”

She was named by Cybercrime Magazine as one of top 100 Fascinating Women Fighting Cyber, and has multiple, industry recognized security certifications such as the CISSP, CISM, CSSLP, PCI QSA and AWS Security and graduated from Harvard’s inaugural executive cybersecurity program.

Keynote Speaker

Hardik Mehta

Global Head of Risk and Regulatory Compliance, JPMorganChase

Expert in building high-performing risk teams, aligning engineering and regulatory goals, and embedding risk into product development. Pioneered the world’s first cloud-native self-service compliance platform on Azure, automating 450+ controls with AI/ML. Skilled in FAIR, SOX, NIST, GDPR, and large-scale program delivery. Known for translating complex risk into actionable frameworks and driving cultural change across global teams.

2025 Agenda

Given the ever-evolving nature of cybersecurity, the agenda will be continually updated to feature the most timely and relevant sessions.

8:30 - 9:00 bst

Registration & Breakfast

8:50 - 9:00 bst

Opening Comments

9:00 AM - 9:30 AM ET

The CISO's Dilemma: Balancing Accountability, Regulations Reporting and Security in 2026​

This session will review the last year and explore where CISOs have made progress in defining and a strategizing about their mandates, communicating with management and company boards, quantifying and visualizing risk, building new security frameworks and influencing company culture, all while protecting their companies’ critical assets.
 
Panelists will discuss real-world scenarios and use cases that can help define the role of the CISO in 2026 while reducing burnout risk and insecure company posture.
 
Session Highlights:
 
  • How CISO’s responsibilities have changed re: risk management, data governance and business operations
  • Approaches that can align company stakeholders around cybersecurity objectives, fraud reduction, compliance and other risk domains
  • Strategies for engaging with company boards and executive leadership on cybersecurity risks and solutions
  • Measuring security programs’ value in financial terms to support informed decision-making

Erika Dean

CSO, Robinhood Markets

Eric Boateng

CISO, MassMutual

3:55 PM - 4:05 PM ET

Embedding Security at the Speed of Finance

But a well-executed DevSecOps strategy can turn security into a business enabler, integrating controls directly into the software lifecycle without stalling delivery. This session focuses on what DevSecOps means for CISOs in financial services: not just shifting left, but embedding governance, risk, and compliance directly into development workflows.
We’ll explore how leading financial firms are implementing security guardrails in CI/CD pipelines, using policy-as-code to enforce controls, and ensuring that software shipped to production meets regulatory and resilience standards.
 
We’ll also discuss how to drive alignment across AppSec, DevOps, and GRC functions – especially in environments where infrastructure is increasingly ephemeral and APIs serve as critical product infrastructure.
 
We will cover:
  • How to establish DevSecOps as a governance model, aligned to compliance and operational resilience.
  • Real-world practices for embedding security guardrails into CI/CD pipelines.
  • Strategies to integrate SBOM validation, third-party component monitoring, and change control into Dev workflows.
  • Cultural and structural changes needed to align AppSec, DevOps, and GRC teams.
 

Vincent Stoffer,

Field CTO, Corelight, Inc

9:00 - 9:30 bst

Cyberwars & Financial Fortresses: Securing the Global Economy

Malicious actors are taking advantage of the quick digitisation of finance, from state-sponsored hackers to criminal syndicates, endangering public trust and financial stability. Efforts to safeguard the system are still dispersed, with unclear roles for governments, regulators and industry, despite the obvious and immediate threat. This panel will discuss how to strengthen financial institutions’ defences against cyberattacks through proactive defence tactics, increased cyber resilience and international collaboration. Finance, cybersecurity and policy experts will talk about practical ways to close the cybersecurity gap, fortify regulatory frameworks and guarantee that the financial industry continues to be a stable pillar in a world that is becoming increasingly digital. 

The banking sector must adjust to a new phase of digital warfare as cyberthreats become more complicated. The growing digitalisation of financial services has increased attack surfaces, leaving financial infrastructure exposed to cybercriminals. To stay ahead, organisations must implement proactive measures such as sophisticated threat intelligence, cyberattack simulations and cross-border collaboration. Regulatory agencies such as the FCA and the Bank of England are critical in directing these efforts, but business leaders must also collaborate with governments to establish clear cybersecurity roles. This expert panel will deliver concrete ideas to help the U.K.’s financial sector remain resilient and strengthen its position as a global leader in secure digital banking. 

Key Takeaways: 

  • Why cyberattacks targeting digital finance systems are not just financial risks but threats to global economic stability, particularly in markets like the U.K., where financial services are integral to the global economy.
  • The importance of aligning governments, financial institutions and tech corporations to develop cohesive strategies. This includes establishing clear roles and improving international coordination to effectively combat cyber threats that transcend national borders.
  • The necessity for financial institutions to adopt proactive cybersecurity measures, including cyberattack simulations, secure data storage and standardized international cybersecurity frameworks to protect against financial crises stemming from cyberattacks.

Moriah Hara,

AI Risk & Security Expert, 3x CISO, Board Advisor, Author, CISSP, CISM, AWS Security, PCI QSA

Hardik Mehta,

Global Head of Risk and Regulatory Compliance, JPMorganChase

9:30 - 10:00 BST

Resilience Under Fire

From a wave of retail breaches by youthful hacker collectives like Scattered Spider to the high-profile exploits of groups such as LAPSUS$, it’s clear that no sector is off-limits. This keynote fireside chat will explore how the financial services sector can fortify its defenses and maintain operations even as threats intensify. With regulators raising the bar on operational resilience – exemplified by Europe’s new DORA regulation requiring banks to prove they can withstand, respond to, and recover from major disruptions – resilience is now a strategic imperative, not just a buzzword.

In a candid conversation, we’ll examine what true cyber resilience looks like in practice – from how leading organizations leverage rapid containment techniques to isolate attacks, to lessons financial firms can draw from the latest wave of retailer-targeted breaches by groups like Scattered Spider on evolving threat tactics. The discussion will also tackle the human factor: with a shortage of skilled cybersecurity professionals straining defense teams, financial institutions must find ways to properly resource and support their security operations despite these challenges. Attendees will gain actionable insights into bolstering resilience, meeting new regulatory expectations, and keeping critical services running no matter what.

Key Takeaways:

  • Operational resilience as a mandate: Why banks and insurers must be prepared to withstand and bounce back from disruptions in light of regulations like DORA.
  • Proactive containment tactics: How leading firms are leveraging swift incident containment strategies to limit damage and keep attacks from spreading.
  • Lessons from new threats: What recent high-profile attacks – from retail breaches by Scattered Spider to the LAPSUS$ spree – reveal about evolving adversary tactics and vulnerabilities.
  • Addressing the talent gap: The critical need for investing in cybersecurity skills and resources to counter escalating threats amid industry-wide staff shortages.

Join this session to:

  • Understand how zero trust and AI together, unlike firewalls, provide the strongest cyber defense by stopping threat actors from lateral movement within networks
  • Learn strategies for protecting AI applications developed internally for customers and employees, while preventing data leaks from public AI applications
  • Discover how AI is being leveraged for better cyber defense, in areas like segmentation, data classification and agentic operations

Sanjit Ganguli,

VP, CTO in Residence, Zscaler

10:00 - 10:30 bst

Britain's Digital Fort Knox: Securing Finance Against Cyberthreats

From sophisticated ransomware assaults on fintech startups to large-scale cyber heists on major institutions, the changing threat landscape necessitates a swift, coordinated response. However, with so many players involved in cybersecurity, including financial institutions, IT businesses and regulatory authorities, the issue remains: who is in charge of protecting key systems? The U.K.’s rising reliance on digital finance necessitates protecting the country’s financial infrastructure from a growing wave of cyber assaults. Furthermore, as financial services such as open banking, digital payments and fintech innovations become more prevalent, new cybersecurity concerns develop, necessitating a strategic shift in how the sector interacts to mitigate cyber risks. 

In order to examine how the U.K. may strengthen public-private cooperation, share critical threat intelligence and improve regulatory frameworks, this panel will bring together experts from a variety of sectors. The session will discuss how the U.K. can improve its cybersecurity posture and maintain its position as a global leader in secure financial services. The conversation will include measures for securing digital assets, maintaining financial stability and assuring the U.K.’s continued leadership in a fast-changing financial ecosystem, as well as insights into balancing innovation with solid cybersecurity. Cross-industry collaboration will be critical in proactively addressing emerging dangers and maintaining the U.K.’s position as a leader in secure digital finance. 

Key Takeaways: 

  • Increasing supervision and resilience in response to the growth of digital banking by treating financial cyberthreats as national security threats;
  • Uniting banks, fintechs, regulators and intelligence agencies to dismantle silos, exchange intelligence and strengthen defenses;
  • Preserving innovation without sacrificing security by applying astute and safe tactics to support the growth of fintech and open banking.

Vlad Brodsky,

Chief Information Officer & Chief Information Security Officer, OTC Markets Group Inc.

Steve Lenderman,

Head of Fraud Prevention, iSolved, CyberEdBoard Member

Josh Cigna,

Solutions Architect, Yubico

10:30 - 11:00 bst

The DevSecOps Balancing Act: Culture & Security in the AI Era

This session will explore the evolving security challenges introduced by the increasing use of AI within development workflows and provide expert advice on how to foster a robust security culture to protect against modern threats and ensure compliance.
 
The conversation will cover:
  • How to balance developer productivity with security, especially in a fast-paced FinTech environment.
  • Practical strategies for improving developer adoption of security tooling.
  •  The critical role of security culture in an organisation’s overall security posture.
  • Understanding and mitigating the security challenges of integrating Agentic AI into development.

Chris Wysopal,

Chief Security Evangelist, Veracode

11:00 - 11:25 bst

Networking & Exhibition Break

Chris Wysopal,

Chief Security Evangelist, Veracode

11:25 - 11:55 bst

Driving Cyber Resilience Through Stronger Governance in Financial Services

This is necessary to meet increasingly stringent regulatory requirements as well as to safeguard sensitive assets. The threat landscape is changing quickly, revealing weaknesses in financial systems from ransomware and phishing schemes to insider threats and AI-driven attack vectors. The regulatory bar continues to rise, with institutions facing a complex array of requirements such as the FCA’s Operational Resilience Framework, GDPR, and new laws like the EU AI Act and the UK Government’s AI Opportunities Action Plan. Cybersecurity must now be completely integrated into corporate governance and business strategy; it can no longer be seen as a separate IT function in this context. 

We will discuss how CISOs and governance executives can foster a top-down culture of cyber resilience, as well as practical tips for implementing proactive measures against internal and external threats, ensuring board-level accountability, and coordinating security frameworks with legal requirements. Financial institutions in the UK are under greater scrutiny to improve their cybersecurity posture as cyber threats become more complex, both to safeguard assets and to fulfill increased regulatory obligations. 

Key Takeaways: 

  • How CISOs can work with boards to make cybersecurity a core business priority, not just an IT concern.
  • How to align cybersecurity strategy with evolving FCA, AI and data protection regulations to protect reputation and avoid penalties.
  • How to embrace proactive defense tactics – threat intelligence sharing, continuous risk assessments and insider threat mitigation.

Vincent Stoffer,

Field CTO, Corelight, Inc

11:55 - 12:25 bst

Digital Operational Resilience Act: Key Provisions and Best Practices

Today, organisations mandated to achieve compliance must create a strong supplier risk management program that identifies their critical Information and Communication Technology (ICT) providers, assesses subcontractor risk, and plans for substitutes in the event of a failure at a critical supplier. It’s the most stringent third-party risk mandate that regulated entities have seen in years.

With the challenge of DORA compliance comes the opportunity for a strengthened security posture throughout the supply chain. To align with DORA in a way that will advance your organisation’s security posture in the long term, it is necessary to understand ICT-related best practices and the tools available to help you achieve compliance. This presentation will provide an overview of the key provisions of DORA and their implications for Third-Party Risk Management (TPRM) teams, list best practices for DORA preparation and review key considerations for teams looking to implement the DORA framework.

Join this session for a discussion about:

  • Key DORA provisions
  • Entities regulated under DORA
  • Implications for third-party risk management teams
  • Best practices for achieving DORA compliance
  • Considerations for DORA implementation

Chris Young,

Cybersecurity Enterprise Account Executive, OpenText

12:25 - 12:45 bst

Inside Job: Tackling the Hidden Cybersecurity Threat Within

Insider hazards are becoming more complicated and challenging to identify, whether they are caused by irate workers, unintentional behaviour, or even well-meaning employees falling for phishing scams. These internal threats pose serious dangers to sensitive data and the confidence that both consumers and regulators have in institutions in the highly regulated financial industry of the U.K..
 
For instance, a well-known incident in recent years featured a trusted employee unintentionally giving attackers access through a skillfully designed phishing assault. This hack demonstrated how readily insiders, acting carelessly or maliciously, can take advantage of weaknesses in an organization’s security infrastructure, even in the face of robust external protection measures. Research shows that a large percentage of data breaches in the financial sector are caused by insider threats, such as social engineering, power abuse and human mistake. The integrity of even the best-defended systems is compromised by these threats, which frequently evade sophisticated perimeter protection mechanisms.
 
In order to investigate how financial organisations may successfully handle internal threats without sacrificing organisational efficacy or employee trust, this panel brings together specialists. Implementing zero trust security models, using AI-driven behavioural analytics to identify anomalous activity and putting a strong emphasis on staff training to lower human error are all important tactics. The conversation will provide practical advice on how to safeguard important information and create a cybersecurity-aware culture at all organisational levels.
 
Key Takeaways:
  • Experience artificial intelligence in action by learning how it may be used to identify unusual patterns of behaviour and swiftly address insider threats before they become more serious.
  • Find the correct balance and discover how to put security measures in place that safeguard private information without compromising worker trust or productivity.
  • Learn the importance of developing a strong cybersecurity mindset at all leadership levels to guarantee proactive threat detection, prevention and a safe corporate culture.

Kristopher Schroeder,

Founder & CEO, Replica Cyber

12:45 - 13:15 bst

Practical Steps to Achieve Compliance by Design in Financial Services

With DORA, NIS2, eIDAS, X9, the Cyber Resilience Act and PCI DSS 4.0 reshaping expectations, financial institutions must be ready to show that they meet regulatory requirements. This session explores practical steps to embed visibility, control and agility into your PKI and digital trust strategies. Learn how automation, centralised certificate management and consistent policy enforcement support your ability to demonstrate compliance with evolving standards and reduce operational risk.

Key Takeaways:

  • Learn how to navigate multi-regulatory obligations with confidence
  • Find out how to spot and leverage regulatory convergence
  • Discover how to harmonise your compliance strategy
  • Understand how best to embed compliance-by-design into your operational model

Tim Hill

VP, Software Engineering, Rocket Software

13:15 - 13:55 bst

Lunch & Exhibition Break

Tim Hill

VP, Software Engineering, Rocket Software

13:55 - 14:25 bst

Supply Chain Attacks Are the New Backdoor Into Banks

Cybercriminals are increasingly using these supply chain flaws as backdoors into financial systems, meanwhile, as each external partner adds new vulnerabilities. A single weak link in the chain, such as a software supplier with inadequate security measures or a ransomware-damaged payments processor, can have disastrous results, providing attackers with an easy way to access an organization’s vital systems and data.
 
With the increasing frequency and sophistication of supply chain threats, financial institutions need to adapt their security measures. This panel will examine well-known breaches and the disastrous effects they have had on the industry, as well as the quickly evolving regulatory environment. C-level executives will acquire vital knowledge on how to evaluate, oversee and protect third-party relationships without impeding creativity or operational effectiveness. We’ll offer doable tactics for improving third-party risk assessments, integrating security into vendor contracts, and guaranteeing ongoing monitoring of third-party security procedures.
 
Executives will have the skills necessary to defend their companies against supply chain threats and create strong, safe alliances that foster innovation while protecting private financial information at the end of this conversation.
 
Key Takeaways:
  • Why it’s now business-critical to do ongoing, dynamic third-party risk assessments. Find out how supply chain attacks are becoming a greater danger and how proactive risk management can lessen exposure.
  • How financial institutions can ensure that third parties adhere to stringent security standards by incorporating robust cybersecurity clauses into vendor agreements and Service Level Agreements (SLAs).
  • We’ll look at how organisations may keep ahead of compliance requirements and steer clear of expensive penalties as authorities tighten their laws for supply chain security, making sure they adhere to the most recent security directives.
 

Sandeep Bhide

VP Product Management, ProcessUnity

14:25 - 15:25 bst

Solution Room: Trust Undermined: An Immersive Simulation of AI-Augmented Insider Threats

This expertly designed session challenges participants to respond to cascading disruptions across IT and operational systems, unraveling the role of AI-augmented tactics in exploiting insider vulnerabilities. With a multi-phase simulation highlighting the cross-industry impact of AI-augmented insider threats on IT and operational systems, attendees will collaborate to develop actionable strategies for containment, detection and long-term defense.

What You Will Gain From This Experience: 

  • Precision Threat Response: Master techniques for isolating compromised systems, analyzing hybrid network activity, and mitigating cascading disruptions caused by insider-enabled AI attacks.

  • Real-World Scenario Insights: Understand how AI-driven insider threats exploit IT-OT vulnerabilities, with lessons applicable to sectors reliant on interconnected systems.

  • Actionable Defense Playbook: Design advanced countermeasures, including micro-segmentation, AI-based anomaly detection, and evidence preservation for incident response and regulatory requirements.

Scott Tenenbaum

Head of Claims, North America, Resilience

David Anderson

CIPP/US, Vice President, Cyber, Woodruff Sawyer - A Gallagher Company

Kimberly Pack

Counsel, Thompson Hine LLP

15:25 - 15:40 bst

Afternoon Break

Scott Tenenbaum

Head of Claims, North America, Resilience

David Anderson

CIPP/US, Vice President, Cyber, Woodruff Sawyer - A Gallagher Company

Kimberly Pack

Counsel, Thompson Hine LLP

15:40 - 16:10 bst

Compliance Is No Longer a Checkbox - It's a Competitive Edge

Compliance is now more than just a legal requirement in this complicated climate; it is a crucial component that can set a company apart from competitors. In addition to protecting themselves from regulatory fines, financial institutions that see compliance as a strategic advantage rather than a checklist are also gaining competitive advantage, resilience and trust.
To analyse the most recent regulatory developments, investigate how top institutions are using compliance to gain the trust of their clients, and look at how financial firms can make regulatory adherence a real differentiator in the marketplace, this session will bring together top regulators, compliance officers and CISOs. We’ll discuss useful strategies for overseeing compliance in various geographical areas with different frameworks and offer a road map for the future of international cybersecurity supervision.
 
Financial institutions may improve their cybersecurity posture, open up new development opportunities, and provide better value to clients who are increasingly putting their trust in safe, compliant businesses by proactively embracing compliance as a strategic enabler. Participants will leave the session knowing how to keep ahead of new regulatory trends, strategically connect compliance with business objectives, and transform compliance from a requirement into a competitive advantage.
 
Key Takeaways:
  • Learn about the most recent regulatory modifications and how they affect the security plans of your organisation, including the new demands for data protection and operational resilience.
  • How top companies are utilising regulatory compliance to stand out in the market, foster greater client loyalty, and improve brand reputation in addition to avoiding fines.
  • What C-level executives must do now to minimise risk and maximise compliance-driven possibilities while ensuring their companies are prepared for the upcoming regulatory wave.

Vincent Stoffer,

Field CTO, Corelight, Inc

16:10 - 16:40 bst

Cybercriminals Are Weaponizing AI Faster Than Banks Can Defend ​

Criminals are increasingly using machine learning and complex algorithms to get beyond standard security measures and conduct attacks at a never-before-seen scale, from highly automated hacking tools to AI-powered phishing campaigns and sophisticated deepfake-enabled fraud. The issue? Financial institutions are finding it difficult to stay up to date. Many banks and financial institutions are already at a disadvantage if they do not have AI-driven security solutions in place.
 
Using real-world examples of AI-driven attacks, the discussion will examine how thieves are utilising cutting-edge technologies to circumvent even the most robust traditional protections. We’ll also discuss how financial institutions may integrate AI into their cybersecurity infrastructure to swiftly detect, respond to and eradicate threats. The ethical, practical and legal concerns related to AI’s use in cybersecurity will also be analysed, with a focus on the important decisions that leaders must make to reconcile cutting-edge technology with responsible use. Reacting is no longer sufficient in a world where AI-powered threats are changing quickly; financial institutions need to be proactive and adaptable to stay ahead.
 
Key Takeaways:
  • Recognising how AI is enabling increasingly complex attacks, such as phishing, fraud and system breaches, and understanding where these threats are headed in the future.
  • How banks can use AI-powered solutions to improve threat identification, expedite reaction times, and more successfully reduce risks.
  • Navigating the challenges of implementing AI in cybersecurity, including making sure it is used ethically and adhering to new rules around its usage in security.

Seth Rose,

Supervisory Special Agent Group 06, U.S. Department of the Treasury/Cyber Investigations Unit

Imran Khan

VP Cyber Security Transformation Lead, BNP Paribas

16:40 - 16:50 BST

Closing Comments

Summit Sponsors

Become a Sponsor

Register

CPE Credits

ISMG Summits offer Continuing Professional Education Credits. Learn informative and engaging content created specifically for security professionals.

Claim Credits

The Summit Experience

Upcoming ISMG Events

CS4CA ANZ

February 10 - 11, 2026
See Event

EspanaSec

February 10 - 11, 2026
See Event

Implications of AI

February 24, 2026 | Virtual
See Event

Nullcon GOA

February 25 - March 1, 2026
See Event

ManuSec Europe

February 26 - 27, 2026
See Event

Upcoming ISMG Events

CS4CA ANZ

February 10 - 11, 2026
See Event

EspanaSec

February 10 - 11, 2026
See Event

Implications of AI

February 24, 2026 | Virtual
See Event