TLC Connect - UK CISO Summit - UK CISO Summit 2026 | Cybersecurity Leadership Conference

TLC Connect CISO Summit - UK

13th & 14th October 2026

Mercedes-Benz World

13th & 14th October 2026

TLC Connect CISO Summit - UK

The TLC Connect CISO Summit UK brings together senior cybersecurity leaders responsible for protecting enterprise organisations in an environment defined by constant disruption, escalating threat activity, and growing operational pressure.

Across two focused days, CISOs, security executives, and cyber leaders will examine the realities shaping modern security leadership: AI-driven threats, resilience under pressure, supply chain exposure, regulatory scrutiny, identity risk, and the increasing expectation to translate cyber strategy into measurable business outcomes. This is not a summit built around theory or vendor-led hype. It is designed around practical leadership, operational resilience, and the decisions security teams are making right now to reduce risk while enabling the business to move forward.

The programme combines real-world case studies, peer-led roundtables, workshops, and candid executive discussions focused on what is actually working inside enterprise security environments. Attendees will leave with practical insight into cyber resilience, AI governance, exposure management, security operations, third-party risk, and communicating risk effectively at board level.

Days

Hours

Minutes

Seconds

Key Themes for 2026

Built for Speed, Engineered for Resilience: Governing Cyber Risk in the Age of Automation

Operational Resilience Under Constant Pressure

Keeping critical services stable while managing cyber risk, supplier dependency, technical debt, and operational disruption in increasingly volatile environments.

Simplifying Complexity & Regaining Control

Reducing tooling sprawl, fragmented architectures, and operational inefficiencies to improve visibility, execution speed, and security confidence.

AI, Automation & Security at Scale

Moving beyond AI experimentation toward governed, production-ready adoption while balancing innovation, resilience, compliance, and operational risk.

Leadership, Accountability & Board Communication

Helping CISOs translate cyber risk, resilience investment, and technology trade-offs into outcomes boards, regulators, and stakeholders can clearly understand.

Elevate Your Technology Leadership

Summit Agenda Overview

Welcome to the TLC Connect CISO Summit UK 2026. This invitation-only gathering brings together senior cybersecurity leaders responsible for defending enterprise organisations in an environment defined by relentless threat activity, operational disruption, regulatory pressure, and rising board-level scrutiny.

Across two focused days, the summit examines the realities shaping today’s security function: ransomware resilience, third-party exposure, identity risk, AI governance, security operations fatigue, and the growing challenge of securing increasingly complex digital estates. This is not a summit centred around abstract frameworks or transformation rhetoric. It is focused on the operational decisions, trade-offs, and leadership challenges CISOs are navigating right now.

The programme combines real-world case studies, candid executive discussions, peer-led roundtables, and technical workshops designed to explore what is actually working inside enterprise security environments. Attendees will hear honest lessons from security leaders operating under pressure, including what has failed, what has delivered measurable resilience improvements, and what organisations have deliberately stopped doing to reduce complexity, improve visibility, and strengthen cyber readiness.

Designed to deliver practical insight rather than theory, the summit provides actionable takeaways across cyber resilience, exposure management, AI security, supply chain assurance, security operations, and communicating cyber risk in ways boards, regulators, and stakeholders can clearly understand.

12:00 - Registration

Arrival, registration and networking lunch

13:00 - Chair's Welcome

Welcome and Agenda Overview

13:05 -Headline Keynote: The Non-Human Identity Reckoning: Governing Machine Credentials in the Age of Agentic AI

As enterprises race to deploy AI agents at scale, a parallel identity crisis is unfolding beneath the surface. New research from Rubrik Zero Labs reveals that non-human identities now outnumber human users 82-to-1 in enterprise environments, yet fewer than 20% of organisations have governance frameworks capable of managing them at this ratio.

Gartner placed “Identity and Access Management Adapts to AI Agents” among its top cybersecurity trends for 2026, and the OWASP Top 10 for Agentic Applications now lists Identity and Privilege Abuse in the top three attack vectors. Legacy IAM architectures, built for employees with usernames and passwords, were never designed for entities that autonomously decide, at runtime, what systems to access, what data to consume, and what actions to execute.

This keynote introduces a new security architecture paradigm for governing machine credentials: from API key lifecycle management and just-in-time privilege enforcement to runtime access controls for AI agents. We will explore how leading enterprises are closing the gap between agent deployment velocity and identity control maturity.

13:35 - Fireside Chat - Leading Under Scrutiny: Navigating Board Expectations, Regulatory Duty and Executive Risk

A wave of regulatory enforcement actions has consolidated what many CISOs feared: regulators and investors are no longer satisfied with holding the organisation accountable. Individuals are now in the frame. The UK's Cyber Security and Resilience Bill, introduced to Parliament in November 2025 and currently advancing through its legislative stages, extends the UK's cyber regulatory architecture to new sectors while codifying board-level accountability obligations and expanding personal liability provisions for executive leaders in critical national infrastructure.

Simultaneously, Gartner predicts that by 2028, 50% of CISOs will own disaster recovery alongside incident response — a mandate that extends both their influence and their legal exposure.

This session examines how security leaders are navigating the convergence of expanded authority and personal risk: building board relationships grounded in genuine risk partnership, documenting governance decisions that demonstrate informed judgment, and negotiating contractual safeguards that separate accountable risk acceptance from individual culpability.

14:10 - Customer Case Study Workshops - Zero Trust in Practice: Moving from Architecture Principles to Enforceable Controls

Most organisations have adopted zero trust terminology long before zero trust controls, creating a dangerous confidence gap between board-level language and operational reality.

In this session, we examine how one organisation moved beyond the zero trust whiteboard exercise to deploy enforceable controls across hybrid cloud environments, legacy infrastructure, and a distributed workforce.

The discussion includes the hard lessons learned when microsegmentation meets a 30-year-old ERP system.

14:35 - Customer Case Study Workshops - Rationalising the Security Stack: How to Build a Stronger Posture With Fewer Vendors

The average enterprise security team now manages over 75 distinct security tools — a sprawl that generates more noise than signal, burdens already stretched analysts, and creates integration gaps that threat actors routinely exploit.

In this case study, we examine a real-world programme to rationalise a 90-tool security stack to under 40, without reducing detection coverage or increasing MTTR.

The session covers the business case methodology that secured board approval, the technical architecture decisions that made consolidation operationally viable, and the unexpected benefits that only became visible after the programme was underway.

14:55 - Networking Break & Vendor Exploration

15:15 - Panel Discussion - From Compliance Theatre to Genuine Resilience: The UK Cyber Security and Resilience Bill Reality Check

Twelve months into DORA enforcement, and with the UK’s Cyber Security and Resilience Bill progressing through Parliament, the gap between regulatory intent and operational reality is becoming increasingly visible. Research published in early 2026 found that only 16% of organisations in scope for NIS2 are confident they are fully compliant, while 11% were entirely unaware they fell within its scope.

The NCSC’s 2025 Annual Report recorded 204 nationally significant cyber attacks in the year to September 2025, nearly double the previous year’s figure, accelerating the UK government’s legislative response and raising expectations for demonstrable resilience.

For organisations operating across both UK and EU jurisdictions, the divergence between the EU’s prescriptive Article 21 security requirements and the UK’s more principles-based approach has created a dual-compliance burden that most have not adequately resourced. The result is a widening gap between what regulators are signalling and what enterprises can operationally sustain.

This panel moves beyond the mechanics of compliance to examine what genuine operational resilience looks like in practice, from validated incident response and continuous assurance to supply-chain dependency mapping and board-level accountability. We explore why the organisations treating regulation as a minimum baseline rather than a maximum ambition are already differentiating on trust, transparency, and long-term resilience.

15:50 - Customer Case Study Workshop - The Entitlement Explosion: Managing Permissions Sprawl Across Human and Non-Human Identities

The volume of permissions that enterprise security teams are expected to govern has grown from millions to billions almost overnight. Veza's 2026 State of Identity and Access report found that organisations are facing a rapidly expanding and increasingly unmanageable identity attack surface, driven by uncontrolled growth in both human and non-human identities, including AI agents, service accounts, API tokens, and automation scripts.

IBM's 2025 Cost of a Data Breach report found that 97% of organisations that suffered an AI model breach lacked proper AI access controls.

This session examines how one enterprise built a unified permissions intelligence layer capable of governing identities across cloud workloads, SaaS applications, and agentic AI systems without slowing deployment velocity.

16:15 - Roundtable Discussions

Roundtable Discussion 1: Shadow AI and the Governance Gap — Controlling Employee-Led AI Adoption Before It Controls You

Over half of employees now use personal GenAI tools for work, and a third have entered sensitive data into unapproved systems — a risk that hasn’t improved despite strict policies.

This session explores how CISOs can replace ineffective bans with practical guardrails that guide safe, transparent GenAI use across the workforce.

Moderation Questions:

How do you distinguish between productive AI adoption and unacceptable risk exposure?
What technical controls are actually effective for managing shadow AI?
How do you build a culture where employees voluntarily report AI tool use?
Where does AI governance sit — CISO, Legal, or a new function entirely?

Roundtable Discussion 2: The Software Supply Chain Reckoning — SBOMs, Dependency Risk and the Coming Regulatory Mandate

Malicious open-source packages have exploded from 55,000 to 454,000 in three years, while cloud intrusions and near-real-time exploitation are accelerating software supply chain risk.

This session explores how CISOs can operationalise SBOM-driven assurance, from automated dependency scanning to contractual controls and shared intelligence across sprawling modern development environments.

Moderation Questions:

At what maturity level is your software supply chain security programme today?
How do you operationalise SBOM requirements without creating procurement paralysis?
What role should regulators play in mandating software supply chain transparency?
How do you manage open-source risk at scale when your developers depend on it?

Roundtable Discussion 3: Preemptive Defence in Practice — Moving from Detect-and-Respond to Anticipate-and-Neutralise

With time-to-exploit collapsing from 700 days to 44 and AI-generated attacks outpacing human defences, reactive security can no longer keep up.

This session explores how CISOs operationalise preemptive defence using intelligence, simulation, and organisational redesign to move security left of breach.

Moderation Questions:

What does “preemptive” mean in your security programme today and what gap exists?
How do you make the business case for investment in anticipatory capabilities?
Which threat intelligence sources are genuinely actionable at operational speed?
How do you measure the ROI of preemptive security investment?

16:45 - Fireside Chat – The Human Resilience Gap: Why Exhausted Security Teams Are Becoming an Enterprise Risk

The 2025 ISC2 Cybersecurity Workforce Study reported a global talent gap of 4.8 million professionals — a 19% increase year-on-year. But the headline masks a deeper structural failure. In 2024, 25% of organisations experienced cybersecurity layoffs, 37% absorbed budget cuts, and 90% reported critical skills shortages that materially elevate enterprise risk.

The result is a profession operating under sustained strain, where burnout is no longer a wellbeing issue but a quantifiable operational vulnerability. Elevated stress and cognitive fatigue are consistently linked to slower incident response, higher error rates, and reduced detection accuracy across SOC environments.

This session examines the organisational dynamics that make many security functions psychologically unsafe by design. The discussion will highlight why psychological safety is now a core resilience metric, directly correlated with faster detection, higher retention, and stronger defensive performance.

17:15 - Chair's closing remarks

18:30 - Networking Drinks

19:30 - Gala Dinner and Guest Speaker

08:00 - Registration & Networking Breakfast

08:45 - Chair's Opening and Day 1 Recap

08:55 - Opening Panel - Preemptive Cybersecurity: Why Detect-and-Respond Is No Longer Sufficient

Preemptive Cybersecurity is the defining security shift of the next three years (Gartner) — a move away from reactive monitoring toward anticipatory, AI-assisted threat neutralisation. The data underscores the urgency: time-to-exploit has collapsed from over 700 days in 2020 to just 44 days in 2025, AI-generated phishing now outperforms human red teams, cloud intrusions have risen 35% year-on-year, and the adversarial use of autonomous coding agents has fundamentally accelerated the kill chain.

Traditional detect-and-respond architectures assume attackers will be visible before they are effective. That assumption is no longer holding. Gartner forecasts that by 2028, security products lacking preemptive capabilities will lose market relevance, as boards shift from asking whether breaches can be contained to demanding evidence that threats can be anticipated and neutralised before exploitation.

This session examines what it takes to operationalise preemptive cybersecurity at scale — from architectural redesign and telemetry-driven intelligence to the cultural and organisational changes required to move from perimeter-defending to threat-anticipating. We explore the investments, capabilities, and operating models that enable security teams to act ahead of the adversary, not behind them.

09:20 - Panel Discussion - Governing Agentic AI: When Your Most Dangerous Insider Is a Machine

The rapid deployment of AI agents has reshaped the enterprise threat surface in ways that most governance models were never designed to handle. A 2026 Dark Reading survey found that 48% of security professionals now rank agentic AI as the year’s top attack vector, ahead of ransomware and nation-state campaigns.

Gartner projects that 40% of enterprise applications will incorporate task-specific AI agents by the end of 2026, up from fewer than 5% in 2025, creating an explosion of autonomous processes operating far beyond traditional oversight mechanisms.

The risk is not the agents themselves but the governance vacuum surrounding them: unmanaged non-human identities, over-permissioned service accounts, missing audit trails, and security awareness programmes built for human behaviour patterns that offer no coverage for autonomous decision-making.

This panel examines the governance frameworks that are actually working in early-adopter enterprises, from runtime privilege enforcement and agent identity lifecycle management to continuous validation of autonomous actions and board-level oversight of AI deployment. We explore the specific controls, operating models, and assurance mechanisms required to close the widening gap between agent velocity and organisational security maturity, and what CISOs must prioritise as AI becomes a first-class actor in the enterprise environment.

10:00 - Keynote – The Ransomware Economy: Disrupting the Business Model of Cybercrime

Ransomware has evolved from opportunistic malware into a global criminal economy, complete with supply chains, affiliate programmes, customer support models, and revenue targets. CrowdStrike’s 2026 Global Threat Report notes a 76% increase in data theft-only extortion, while Chainalysis reports that ransomware payments exceeded $1.3 billion in 2025, the highest ever recorded.

Meanwhile, the average breakout time for hands-on-keyboard intrusions has fallen to 62 minutes, compressing defenders’ response windows to near zero.

This keynote examines how defenders can disrupt the economics that make ransomware viable. We explore the financial incentives driving modern ransomware groups, the rise of Ransomware-as-a-Service (RaaS), and the operational innovations that have turned criminal syndicates into highly efficient enterprises.

The session highlights how intelligence sharing, automated response, identity-centric controls, and layered defence architectures can increase attacker costs, reduce their return on investment, and break the business model that underpins the ransomware ecosystem.

10:35 - Customer Case Study Workshop - Building the AI-Ready SOC: Lessons from Deploying Autonomous Detection and Response at Scale

Managed security services are growing at 11.1% in 2026, driven by organisations that cannot hire fast enough to keep pace with the threat landscape — the fastest rate in the services segment.

Yet many AI-augmented SOC deployments are falling short of their promise: alert volumes are rising, not falling, and analyst burnout has accelerated rather than reduced.

In this case study, we examine a large financial institution's journey to a genuinely autonomous threat detection and response capability, including the architecture decisions that reduced false positive rates by 60%, the change management programme that brought analysts on the journey rather than leaving them behind, and the governance model that satisfies both regulators and the board that AI-driven decisions remain auditable and accountable.

10:55 - Networking Break & Vendor Exploration

11:15 - Customer Case Study Workshops - The Security Debt at Scale: Quantifying, Prioritising and Eliminating Vulnerability Accumulation

The explosion of AI-assisted development has dramatically accelerated software delivery, and with it, the accumulation of security debt across enterprise code bases. Cloud intrusions increased 35% in 2025, and Mandiant's M-Trends 2026 report found that time-to-exploit has effectively reached near-real-time for well-resourced adversaries.

Yet most vulnerability management programmes remain fundamentally reactive: triaging an ever-growing backlog rather than addressing the structural conditions that generate it.

This session examines the findings of the 2026 State of Software Security research and offers a practical framework for quantifying security debt in business risk terms, prioritising remediation against attacker behaviour patterns, and building the developer culture change required to prevent debt from re-accumulating faster than it can be addressed.

11:40 - Executive Problem Exchange - The hardest security problem we’re currently struggling to solve

Cybersecurity leaders rarely struggle with a lack of information. More often, they struggle with isolation. The most valuable operational insight frequently comes not from frameworks or vendors, but from peers facing the same pressures in real time.

This interactive executive discussion is designed around one central question: “What is the hardest security problem your organisation is currently trying to solve?” Delegates will work through live operational challenges together, sharing practical approaches, lessons learned, failed strategies, and the decisions they are making under pressure.

The session is intentionally candid, peer-led, and discussion-driven — creating space for security leaders to compare approaches, pressure-test thinking, and exchange practical insight on the issues that rarely get discussed openly on stage.

12:00 - Panel Discussion - The Insider Threat Reinvented: Managing Human Risk in an Era of AI-Assisted Social Engineering

The insider threat landscape has been fundamentally transformed by two convergent forces: the hybrid workforce has dissolved the traditional perimeter that defined insider risk, and GenAI has equipped both malicious insiders and external social engineers with tools that make detection exponentially harder.

A Gartner survey found that 57% of employees use personal GenAI accounts for work and 33% have entered sensitive information into unapproved tools, often without malicious intent, but with material consequences. Nation-state actors are now routinely deploying AI-generated deepfake communications, synthetic personas, and LLM-crafted spear-phishing that defeats awareness training designed for pre-AI threats.

This panel examines the governance and technical architectures that are proving effective against the modern insider threat profile: from behavioural analytics and user entity behaviour analysis to the privacy-respecting monitoring frameworks that maintain employee trust while detecting genuine risk.

12:40 - Networking Lunch & Vendor Exploration

13:40 - Onstage Interview – Quantum Computing: What CISOs Need to Know Now - Separating Hype from Strategic Risk

Legacy modernisation remains one of the most urgent priorities for CIOs as organisations confront the rising cost, fragility, and operational drag of ageing systems. Over 40% of IT budgets are still consumed by maintaining legacy environments, while technical debt has grown by more than 30% in the past five years due to deferred modernisation (Gartner, Deloitte).

McKinsey’s 2025 research highlights that organisations with modern, modular architectures achieve up to 50% faster feature delivery and significantly lower incident rates, directly improving customer experience and operational resilience. This session explores how CIOs can simplify sprawling estates, retire or re-platform legacy systems, and build a flexible, scalable technology backbone that supports long-term digital growth.

The organisations that win in 2026 will be those that treat modernisation not as a one-off project, but as a continuous capability and strategic enabler.

14.00 - Roundtable Discussions

Roundtable Discussion 1: From Burnout to Balance — Safeguarding the Mental Health of Security Teams

Cybersecurity professionals often operate under relentless pressure, long hours, high stakes, and constant threat monitoring.

Participants will discuss how they can proactively address burnout, foster psychological safety, and embed wellbeing into the culture of security teams.

Moderation Questions:

What early warning signs of burnout should leaders look for in their teams?
How can cybersecurity leaders balance 24/7 operational demands with sustainable workloads?
Which wellbeing initiatives have proven effective in high-stress security environments?
How do you measure the ROI of wellbeing programmes in terms of resilience and retention?

Roundtable Discussion 2: Resilience Through Diversity — Building Teams That Think Differently

Diversity of thought, background, and experience strengthens problem-solving and resilience.

Participants will explore how to embed diversity, equity, and inclusion (DEI) into security hiring and leadership pipelines.

Moderation Questions:

How does diversity directly impact the resilience of a security team?
What barriers still exist to building diverse security teams, and how can they be dismantled?
How can cybersecurity leaders ensure DEI initiatives are authentic rather than performative?
What metrics or benchmarks can track progress in building diverse teams?

Roundtable Discussion 3: Upskilling for the Future — Preparing Teams for AI, Cloud, and Emerging Threats

As technology evolves, so must the skills of security professionals.

This roundtable focuses on continuous learning, reskilling, and preparing teams for the next wave of threats, from AI-driven attacks to quantum risks.

Moderation Questions:

Which emerging skills are most critical for security teams over the next 3–5 years?
How can cybersecurity leaders create a culture of continuous learning without overwhelming staff?
What role should certifications, labs, and simulations play in upskilling?
How do you balance investment in training with immediate operational needs?

14:50 - Panel Discussion –Third‑Party Risk in a Fragmented World: Continuous Assurance for AI, Cloud and Critical Suppliers

Third-party ecosystems have become the most volatile component of the modern enterprise attack surface. Forrester forecasts that 65% of breaches will originate in third-party environments by 2027, driven by opaque supply chains, unmanaged SaaS adoption, and the rapid introduction of AI vendors with limited security maturity.

ENISA’s 2026 Threat Landscape Report highlights a 37% year-on-year increase in supply-chain-driven incidents, while Gartner notes that 75% of organisations will require continuous security assurance from critical suppliers by 2028, replacing static questionnaires and annual audits.

At the same time, cloud concentration risk is accelerating: IDC reports that 42% of UK enterprises rely on fewer than three hyperscalers for mission-critical workloads, creating systemic dependencies that amplify the blast radius of outages, misconfigurations, and upstream compromises. The rise of AI agents and data-hungry models adds further complexity, with 451 Research finding that only 28% of organisations have visibility into how third-party AI systems handle, store, or train on enterprise data.

This panel examines how CISOs can build continuous, intelligence-driven assurance models that keep pace with a fragmented supplier landscape. We explore how leading organisations are integrating automated monitoring, contractual controls, shared intelligence networks, and AI-assisted risk scoring to manage third-party exposure at scale. The discussion will highlight why third-party risk is no longer a procurement exercise but a core pillar of enterprise resilience, requiring tight alignment across security, legal, procurement, and data governance teams.

15:20 - Closing Keynote – The Death of Human-Scale Security

Enterprise security has quietly crossed a threshold: the scale, velocity, and complexity of modern digital environments now exceed what human-led security operations were ever designed to manage.

Machine identities now outnumber humans by hundreds-to-one. AI agents are making autonomous decisions across enterprise systems. Threat actors are deploying automated exploitation at machine speed, while security teams remain constrained by organisational silos, manual workflows, fragmented tooling, and cognitive limits that simply cannot scale further.

The result is a growing mismatch between the speed of the modern threat landscape and the speed at which humans can realistically detect, interpret, and respond. Security teams are being asked to govern environments that are rapidly becoming too dynamic, too interconnected, and too autonomous for traditional operating models to sustain.

This closing keynote explores the emerging reality of post-human-scale cybersecurity — a world where resilience depends less on adding more analysts, more dashboards, or more controls, and more on redesigning enterprise security around autonomy, orchestration, machine reasoning, and radically simplified architectures.

The session examines what disappears, what survives, and what fundamentally changes as enterprise security transitions from a human-operated discipline into a machine-scale operating system for trust, control, and resilience.

15:45 - Chair's Closing Remarks & Key Takeaways

Who Should Attend?

Designed for Security Leaders Protecting Enterprise Resilience at Scale

CISOs & Chief Security Leaders

Chief Information Security Officers, Group CISOs, and Security Directors responsible for defining enterprise-wide cyber strategy, managing evolving threat exposure, strengthening resilience, and aligning security investment with business risk and operational priorities.

Security Operations & Incident Response Leaders

Senior leaders overseeing SOC operations, threat detection, incident response, and cyber defence programmes — focused on improving visibility, reducing response times, managing analyst fatigue, and strengthening operational readiness against modern threats

Identity, Risk & Governance Leaders

Security and risk leaders responsible for identity strategy, governance, regulatory compliance, third-party assurance, and AI security oversight — ensuring organisations maintain control, accountability, and resilience across increasingly complex digital environments.

Infrastructure, Resilience & Security Architecture Leaders

Technology and security leaders responsible for securing hybrid infrastructure, cloud environments, enterprise platforms, and critical services — focused on reducing complexity, improving resilience, and designing architectures capable of operating securely at enterprise scale.