ANNUAL INTERNATIONAL CYBER RISK MANAGEMENT CONFERENCE … · The International Cyber Risk Management Conference is designed to appeal to a wide audience of professionals — “because

2019 MAKING IT REALBecause Cyber Risk Is Everyone’s Business™

5TH ANNUAL INTERNATIONAL CYBER RISK MANAGEMENT CONFERENCE U.S. & CANADA

APRIL 15-16, 2019 METRO TORONTO

CONVENTION CENTRE

DON’T MISS OUT - REGISTER NOW! W W W . I C R M C . C O M

Lead Media SponsorVendor Sponsor

INTERNATIONAL CYBER RISK MANAGEMENT CONFERENCEPG 2

2019 MAKING IT REAL

Thank You to Our Sponsors

Become a Sponsor or ExhibitorTake advantage of this opportunity to reach your target audience at the premier event for cyber risk management. By sponsoring or exhibiting at ICRMC, your brand can gain exposure to industry influencers and thought leaders. For more information, please contact Laura Viau at [email protected] or +1.416.368.0777 x25

Gold Sponsors

Silver Sponsors

Platinum Sponsor

Supporting Sponsors

Other Media Sponsors

Canada’s Association of Information Technology (IT) Professionals.

TO REGISTER VISIT WWW.ICRMC.COM PG 3

Copyright © 2019 MSA Research Inc.

2019 MAKING IT REAL

Is Cyber Risk Part of Your Business Reality?The International Cyber Risk Management Conference is designed to appeal to a wide audience of professionals — “because cyber risk is everyone’s businessTM”. The conference is programmed to provide actionable information for all professionals that play a role in managing cyber risk in their organization—not just IT professionals. Past attendees include professionals from the following areas:

2019 MAKING IT REALToday’s cyber threats pose as much risk to businesses as overwhelming physical perils such as major floods, fires, earthquakes or pandemics. Huge costs, interruption to normal operations or the damage to reputation and brand resulting from a cyber attack can do irreparable harm to larger companies and threaten the very existence of smaller ones.

No one is immune from these threats. The carefully curated world-class agenda for the fifth North American annual International Cyber Risk Management Conference focuses on tangible takeaways that cyber risk stakeholders in all organizations can use to strengthen resilience.

If preparing for cyber risk is part of your business, and securing your data a priority, ICRMC is the place to be. Talk to others facing the same threats, and learn from top experts in the field, with:

� Open discussions on today’s most pressing risks

� Opportunities for networking and idea sharing

� Solution-oriented panels designed to drive change

Why Should You Attend?*Please note: speakers are subject to change without notice due to circumstances beyond our control

Ê CTOs, CISOs, CIOs, CPOs, CSOs and CROs

Ê Corporate Risk Managers & Captive Owners

Ê Audit/ Risk & Actuarial Consultants

Ê Board Risk / Audit / Governance Committee Members

Ê Legal Counsel

Ê Law Enforcement

Ê Claims Professionals

Ê Corporate Technology Risk & Security Professionals

Ê Regulators & Government

Ê Academics & Researchers

Ê Insurance Brokers, Insurers, MGAs & MGUs

Adam SegalEmcee for ICRMC 2019 and Director of Cyberspace and Digital Policy Program, Council on Foreign Relations

Joel BakerPresident & CEO, MSA Research Inc.

Welcoming Remarks 4:45 PM

Agenda Monday April 15th 2019

Playing Inside the Trust Economy: Recognizing the Value of Data in the Face of Regulatory and Technological Change

5:45 PM

Panelist

Beth DewittPartner, Risk Advisory, Deloitte LLP

Moderator

Adel MelekGlobal Vice Chairman, Risk Advisory, Deloitte LLP

Panelist

Daniel DobrygowskiHead of Governance & Policy, World Economic Forum Centre for Cybersecurity (C4C)


2019 MAKING IT REAL


Speaker

Dr. Phyllis SchneckManaging Director and Global Leader of Cyber Solutions, Promontory, an IBM Company

State of the Union - Understanding the Threat Horizon5:00 PM

We are living in the 4th industrial revolution, which is characterized by advancements in technology, robotics, machine learning/artificial intelligence (AI), and analytics. We know that, in order to thrive in the face of this changing economic and social landscape, organizations need to leverage these new technologies. We also know that critical and strategic decisions are driven through insights gleaned from the data a company holds and buys. Data about people. Data about performance. Data about data. With the proliferation of data breaches and the increasing number of public discussions about the appropriate use of data (recall Facebook-Cambridge Analytica), companies have a strategic and business imperative to ask questions not only about what insights can be derived from data, but also, what ethical obligations do we have to the people who share their data. Increasingly, our digital and data economy is being understood by consumers as a trust economy; one that is premised by a social contract between customer and company to use data appropriately and for good purposes (economic or otherwise). As companies disrupt themselves through the use of new tools like AI, having privacy, security and ethics engrained into the governance, design and ongoing operations of these solutions will greatly minimize reputational as well as operational risk; and, at the same time, will be a differentiator that will not only increase customer adoption of services, but ultimately lead to increased profitability. In this session, our panelists will discuss the evolving regulatory and technological landscape and how this impacts companies with respect to how they managed and use data, their obligations to protect data, and strategies companies can consider to manage privacy and security risks in the 4th industrial revolution.

Opening Remarks by Joel Baker and Adam Segal 9:00 AM

6:30 PMCocktail Reception Sponsored by:



2019 MAKING IT REAL

9:30 AM


Security Practitioners Perspective

Breakfast 8:00 AMAgenda Tuesday April 16th 2019

Panelist Nick SteeleDeputy CSO, Dell

Moderator Doug HowardVice President, Global Service & IT Innovation, RSA

Leading security practitioners handling real-world challenges will share insights in this roundtable session on security trends, compliance, risk management, and effectively communicating risks and solutions in terms that will resonate with corporate stakeholders. Thought leaders from RSA, Dell and Loblaw Company Ltd. will discuss how to effectively consume information in the quick-paced, security-threat landscape, prioritize execution plans, enable risk management and quantification as variables for decision-making, and how to properly balance compliance programs with routine and unscheduled security fires.

7:30 PMDinner and Keynote Presentation

David HicktonFounding Director, University of Pittsburgh Institute for Cyber Law, Policy and Security and former U.S. Attorney for the Western District of Pennsylvania at the DOJ under U.S. A.G. Loretta Lynch

After the keynote, Mr. Hickton will sit down for a fireside chat with BNN Bloomberg’s Amber Kanwar

Amber Kanwar Anchor/Reporter, BNN Bloomberg

Panelist Vivek KhindriaVice President, Cyber Security & Technology Risk, Loblaw Company Ltd.

10:30 AM Networking Break Sponsored by:


2019 MAKING IT REAL

Agenda Tuesday April 16th 2019

Concurrent Session A - Pulling Back the Curtain: The Future of Cyber Insurance10:50 AM2017 was inarguably the most financially devastating year to date for companies who experienced a cyber breach. Around the world, these incidents resulted in the loss of billions in market capital, the firing or resignation of CISOs and CEOs and large scale government investigations. In a 2018 global survey by the Ponemon Institute, IT security practitioners were more pessimistic than in past years about their ability to protect their organizations from cyber security threats. Yet, despite this apparent increase in the frequency and severity of cyber losses, the cyber insurance market has continued to grow and evolve. This session will consist of a candid conversation concerning the state of the cyber insurance market, the evolution of underwriting cyber risk, the convergence of coverage, and cyber claim trends. More specifically, we will talk through key considerations in building an effective insurance portfolio (including information about the limitations of insurance), dispel the myths concerning coverage and claims, and share our insights from both an underwriting and broking perspective.

Panelist Greg EskinsManaging Director, Specialties Leader, Marsh Canada

Moderator Greg MarkellPresident and CEO, Ridge Canada Cyber Solutions

Panelist Ruby Rai, CIPP/C, CRMManager, Cyber and Professional Liability, AIG Canada

Panelist Brian RosenbaumSVP, National Cyber & Privacy Practice Leader Aon Reed Stenhouse Inc.

PG 6

Group rate is available! Save an additional $100 each by registering three or more

ICRMC 2019 is accredited by RIBO 8 hours - Management



2019 MAKING IT REAL


10:50 AM

Panelist Jack JonesCo-founder and Executive Vice President, Research and Development, Risklens and Creator of Factor Analysis of Information Risk (FAIR)

Moderator Mike StramagliaExecutive in Residence, Global Risk Institute

Panelist Thomas DaviesAssociate Partner, Cyber Security, Financial Services Office, EY

Concurrent Session B - Coralling Cyber Operational Risk Controls and Measurement: GRI and FAIR InstituteThere’s an old saying in marketing that “Half of your marketing dollars are wasted. You just don’t know which half.” Given the common state of cyber risk measurement practices today, you have to wonder whether the same is true of cyber-related controls. In this session, the panel will discuss some of the challenges that currently limit our profession’s ability to identify and focus on the things that matter most, or understand the value of our controls. It will also discuss some of the misperceptions and challenges regarding cyber risk measurement that inhibit broader adoption of better risk measurement methods, and steps you can take to help make a difference.

11:45 AMThe Dark Side of Digitalization: data as friend and foe in the fight against cyber crime

Sir Rob WainwrightPartner, North-West Europe, Deloitte and former Executive Director, Europol

Panelist Cynthia Rojas SejasVice President, Risk Services, S&P Global Market Intelligence

Sponsored by:

The ICRMC app supports all devices.

The ICRMC app is useful before & during the conference. It can be accessed via mobile, desktop or tablet.• View a full list of attending delegates• Message other delegates• View the agenda• Learn more about sessions, speakers, and our

generous sponsors


2019 MAKING IT REAL


Organizations are constantly battling the onslaught of threat actors attacking their information assets. It has become best practice to work on improving incident response processes on an ongoing basis. Once breached, however, each situation is different and no matter how well you are prepared, things never go as planned. Alexander Rau, Senior Manager with Mandiant, and Rob Labbé, Director of Information Security at Teck Resources, will jointly discuss some of the lessons learned from publicly disclosed breaches to highlight key insights in possible improvements to processes, procedures during an incident response as well as third party engagement. As the co-founder of the MM-ISAC (Mining and Metals Information Technology Information Sharing and Analysis Center), Rob Labbé will also share the advantages of being a member of an ISAC and the benefits of information sharing, training and staff development, working groups and collaboration that come from working with other organizations within your industry.

Concurrent Session A - Success and Failure: Lessons Learned from Recent Breaches and ISAC Success Stories, a Conversation

Speaker

Alexander RauSenior Manager, Consulting Services, Mandiant

Speaker

Rob LabbéDirector, Information Security, Teck Resources Ltd.

2:15 PM

Mitigating Cyber Risk with Technology: What You Need to Consider1:15 PMThere are scores of technology options for cyber protection but how should an organization go about deciding what is the right technology option for its enterprise and risk profile? Our panel will discuss this issue from a user’s perspective, providing a framework for looking at how businesses should approach procurement decisions around cybersecurity technology and the available options.

Panelist Michael EubanksSVP, Information Technology and CIO, LCBO

Moderator Steve TenaiPartner, Aird & Berlis LLP

Panelist Azam DawoodHead of Technology Procurement BMO

Panelist Richard WilsonPartner, Cybersecurity and Privacy Consulting, PwC

DECEMBER 4-6, 2019HAMILTON PRINCESS & BEACH CLUB

WIN A TRIP TO

Register for ICRMC in Toronto for your chance to win a trip to attend ICRMC Bermuda!

courtesy of



2019 MAKING IT REAL


2:15 PM

Speaker Ben GoodmanFounder and CEO, 4A Security & Compliance

Speaker Jonathan LauxManaging Director and Head of Cyber Analytics, Aon

Concurrent Session B - Actuarial Perspectives on Cyber Pricing/Reserving/Aggregation Management, a Conversation

A Cyber Actuary and a Cyber Security Expert Walk into a Bar… Any discussion of cyber risk modeling usually starts with complaints about the evolving threat and scarcity of data. Thus far, actuaries have approached cyber risk with caution, even as the cyber insurance market has grown rapidly around them. Meanwhile, a small number of cyber security experts have taken steps to understand cyber insurance with the aim to establish a quantitative foundation for managing cyber risk. Join us for a conversation between two such individuals as they explore the tough questions and share their insights around cyber aggregation risk, silent cyber exposure, risk selection, reinsurance, and cyber catastrophe events, to name a few.

3:00 PMNetworking Break

Conference AV/Technology sponsored by

DECEMBER 4-6, 2019HAMILTON PRINCESS & BEACH CLUB

WIN A TRIP TO

Register for ICRMC in Toronto for your chance to win a trip to attend ICRMC Bermuda!

courtesy of

Sponsored by:


2019 MAKING IT REAL

Panelist Laurence CookeFounder and CEO, nanopay

Moderator Mike CookManaging Partner, Financial Services Sector, IBM

Panelist José FernandezAssociate Professor, École Polytechnique de Montréal

Panelist Michele MoscaCEO and President, evolutionQ Inc.

3:20 PM

Quantum and Blockchain have gathered much attention in recent years due to their potential as intensely disruptive technologies. Unfortunately, what they really are and what their real impact could be is often misunderstood. The advent of scalable quantum computers will put at risk our current use of public-key cryptography to secure Internet communications and otherwise support our digital economy. This potentially devastating effect requires us to plan and put in place risk mitigation strategies for this so-called “post-quantum era”. On the other hand, the use of blockchains has the potential to create distributed applications in the absence of a trusted third-party. This has vast-reaching implications in many sectors of our economy such as currency, banking, real-estate, supply chain, transport and even management. However, the use of distributed ledgers whose integrity is protected by blockchain technology can be inefficient and, in application domains where a trusted authority exists or is required, it might not be an optimal solution to manage trust. So is blockchain the answer for managing trust in a post-quantum world? Well, it depends... This panel will address this and related questions, with the more general aim of demystifying Quantum and Blockchain, what they are, how they are related, and what it really means to all of us in the future.

Agenda Tuesday April 16th 2019Two Technologies: The Quantum and Blockchain Cyber Steam Trains - SWOT Analysis

Panelist David VerbeetenDomain Expert (Insurance) ConsenSys

2019 MAKING IT REAL

4:15 PMCyber vs. Privacy: What are the differences? Why does it matter?


This panel will discuss the blurring lines between cyber security and privacy management both in terms of operations and regulatory requirements for leading organizations. What is the role of the CISO? And the Chief Privacy Officer? Many see these roles as merging, but should they? Are risk and liability reduced or compounded by a merged role? And what happens in the event of a crisis where the one function judges the other? Join the discussion and debate as this esteemed panel looks at real life crisis, how they were managed, and the outlook going forward under regulations such as GDPR, PIPEDA, and the California Consumer Privacy Act. From the opening views of ICRMC on the cyber threat and regulatory landscape, the panel closes ICRMC by making it real, with takeaways relevant to your organization.

Register Online Now - www.icrmc.com

Fee includes access to all sessions, breakfast, lunch, the cocktail reception & gala dinner. Prices are in Canadian dollars.

Group rate is available! Save an additional $100 each by registering three or more

$1395.00+HSTRegistration Fee

Attire: BusinessAcademic discount availableGroup discounts cannot be applied in conjunction with other discountsCredit card & cheque payments are accepted. Cheque payment is only available to Canadian residentsCancellation fee of $125 + HST applies per delegate, no refunds after March 15, 2019. Substitutions allowed at any time.For more info please contact Laura Viau at [email protected] or 416-368-0777 ext. 25

Moderator Kirsten ThompsonNational Lead of Transformative Technologies and Data Strategy Group, Partner, Privacy and Cybersecurity, Dentons LLP

Panelist Sooji SeoVice President and Chief Privacy Officer, Dell

5:00 PMConference Wrap Up by Marilyn Horrick of MSA Research Inc.

Panelist Anahi SantiagoCISO, Christiana Care Health System

Joel Baker President & CEO, MSA Research Inc.

Thomas Davies Associate Partner, Cyber Security, Financial Services Office, EY

Jennifer Drake Vice President and Legal Consultant, Financial Services Group, Aon

Gregory Eskins Managing Director, Specialties Practice Leader, Marsh Canada Ltd.

José Fernandez Associate Professor, École Polytechnique de Montréal

Greg Markell President & CEO, Ridge Canada Cyber Solutions Inc.

Adel Melek Global Vice Chairman, Risk Advisory Deloitte LLP

Alexander Rau Senior Manager, Consulting Services Mandiant

Michael Stramaglia Executive in Residence, Global Risk Institute

Steve Tenai Partner, Aird & Berlis LLP

Kirsten Thompson National Lead of Transformative Technologies and Data Strategy Group, Partner, Privacy and Cybersecurity, Dentons LLP

ICRMC 2019 Advisory Committee

Connect with us on Twitter: @ICRMConf #ICRMC2019

Lead Media Sponsor

Documents

ANNUAL INTERNATIONAL CYBER RISK MANAGEMENT CONFERENCE … · The International Cyber Risk Management Conference is designed to appeal to a wide audience of professionals — “because