Cyber 2018

Risks, Governance and Crisis Response

28 June 2018 - 9:30am to 29 June 2018 - 1:30pm
Add to Calendar

Chatham House, London





Pricing and booking information


Supporting organizations and media partners

Venue and accommodation

Press registration

Contact us

The last year has witnessed major hacks on high profile corporations that inflicted massive damage to business confidence and compromised the data of millions of consumers. Attacks such as WannaCry and Not-Petya demonstrated the capability of state-sponsored actors to cause major disruption and highlighted a range of international cyber security vulnerabilities.  

As businesses and citizens attempt to understand and protect themselves against these threats, the cyber landscape is experiencing a period of rapid change driven by growth in internet of things (IoT) technologies and the design and deployment of artificial intelligence (AI). Without consideration of the emerging security challenges these technological developments present, a range of potential new risks even more catastrophic than recent attacks could emerge. 

While governments attempt to keep up with the pace of change, cyber attacks continue to grow in scale and complexity, putting them under pressure to respond with protectionist policies and in some countries creep towards ever increasing ‘cyber sovereignty’. The risk of an increasingly fragmented cyberspace is now very real. 

In this context, Chatham House Cyber 2018 will take stock of the current situation and:

  • Explore the dynamics of state-sponsored cyber threats and assess the main reasons behind the targeting of specific businesses and sectors by cyber attackers
  • Evaluate where government cyber policy frameworks are keeping up and where they are not
  • Explore how the risks posed by the IoT and AI can be managed and how responsibilities for security can be shared
  • Assess how the regulatory landscape around data protection and privacy is changing the way businesses are operating
  • Consider strategic approaches to quantify and control cyber risks and improve cyber crisis management practices when things go wrong

The Chatham House Rule 
To enable as open a debate as possible, this conference will be held under the Chatham House Rule.


Thursday 28 June 


Session One | New and Continuing Risks to Business and the Critical Infrastructure

In the context of increasing cyber attacks on major companies and critical national infrastructure around the world, this opening session will address the latest developments and ask what has been attacked, what is still being attacked and why. It will both explore state-to-state threats and assess the main reasons behind the targeting of specific businesses and sectors. 

Session Two | Government Policy and Approaches to Cyber Challenges

There is a growing consensus that major cyber-attacks are now a question of ‘when’ rather than ‘if’. As cyber-attacks continue to evolve in scale and complexity, governments are facing increasing pressure to protect their economies and national security. This session will explore where policy frameworks are keeping up, where they are not and what the consequences are for the future. 

  • How prepared are governments to respond to the fallout of major cyber-attacks? 
  • How is pressure on governments to act forcefully on domestic security issues shaping the cyber policy landscape?
  • What progress is being made in terms of international cooperation and harmonization of regulatory and legal frameworks?
  • How successfully are governments and international organisations engaging with technology companies to find solutions to key issues? 
  • Will moves towards ‘cyber sovereignty’ in some countries intensify? What consequences could increasingly protectionist policies towards data localization and encryption have for the future of the internet?
  • What real progress is being made in the fight against cyber crime? Who is leading this?

Session Three | Increased Connectivity, Standardization and Security

With the number of connected devices projected to more than double by 2020 to more than 20 billion, there is significant potential for new vulnerabilities to be exploited, for example by malware used carry out distributed denial-of-service (DDoS) attacks. As the development and deployment of IoT and AI technologies continues, the internet will be used to control not only objects, but our infrastructure and physical environment. Answers to key questions about regulation, security and interoperability will need to be established. This session will explore this and ask:  

  • The IoT has the potential to amplify weak points in many IT and OT environments due to its unprecedented reach and complexity. How can security be built into devices, software applications and network connections to address those challenges?
  • How are national and international standards and product certification initiatives for new connected technologies developing? 
  • What is the potential for AI and machine learning to detect, prevent and predict cyber-attacks? 
  • To what extent will privacy and security concerns affect the proliferation of these technologies?

Session Four | Privacy, Security and Personal Data

Businesses hold vast amounts of data and personal information on consumers and citizens. The exchange and flow of this information is vital to the functioning of the internet and key to the value and success of the world’s leading technology companies, driving the growth of the online economy. Although encryption technologies are key to securing privacy, increasing state surveillance and the rise of ethical and criminal hacking means privacy is being challenged. In response to this, regulators across different jurisdictions have been changing the rules on how data is processed, accessed, stored and shared.  This session will assess how data regulation can be balanced in a way that is acceptable to citizens and regulators while ensuring ease of data flow and transfer. It will also address the practical implications for companies dealing with a changing regulatory landscape.  

  • How is data regulation changing the way businesses operate? How can increasingly divergent and potentially conflicting rules and regulatory systems be navigated? 
  • What measures do companies now need to take to ensure the safety of their customers and their data? What new tools are there to secure an individual’s personal data?
  • As the volume and value of personal data held by companies continues to grow, how can companies manage issues of trust and transparency?
  • How can the need for data privacy and national and commercial security be balanced? 
  • What are the risks to businesses of increasingly strict data localization requirements?
  • What consideration should be given on how to manage the vast amounts of data that will be collected through growth in IoT technologies? 

1730 End of day one and reception hosted by Chatham House

Friday 29 June

Session Five | Cyber Risk and Defence

Organizations are increasingly cyber reliant, interconnected and vulnerable to potentially damaging shocks caused by attacks and cyber breaches. Given increasing levels of connection and convergence, organizations face challenges not only to secure systems, data and intellectual property, but also in understanding how their assets form part of the wider digital environment in which they operate. This session will assess strategies being deployed to manage cyber risk and explore what more can be done to increase cyber resilience.

  • What is the potential for new technologies or approaches to revolutionize cyber security?
  • How can penetration testing best be incorporated into security systems? How can independent researchers be incentivized to disclose vulnerabilities responsibly?
  • How can cyber risk be effectively quantified and insured against?
  • In what way could the emergence of cyber insurance for individuals alter the dynamics of risk?

Session Six | Approaches to Cyber Crisis Management

Organizations are becoming increasingly aware that they must operate on the basis that it is not possible to defend against, or even identify, every attack or cyber breach. Cyber security management strategies must now include detailed processes and contingencies for when something goes wrong. In reality, there is often little planning for dealing with the immediate fallout and longer-term consequences of such attacks. This session will explore strategic approaches to cyber crisis management and ask what needs to be done to improve cyber crisis management practices. 

  • Given the ever increasing scale and cost of attacks, does cyber defence even deter at all? Is there too much emphasis on cyber deterrence and defence?
  • What are organizations doing to plan for when the worst happens? What is the right approach to developing cyber incident response plans?
  • Do senior leaders in business have sufficient understanding of cyber security to provide effective oversight? How are leadership structures changing to respond to cyber threats?
  • What can we learn from recent high-profile cyber attacks on major organizations and how they have been handled?

1300 End of conference 

© The Royal Institute of International Affairs 2018

Keynote speaker


Benedikt Abendroth

Senior Cybersecurity Strategist, Microsoft

Thomas Fitschen

Director for the United Nations, International Cyber Policy and Counter-Terrorism, Federal Foreign Office of Germany

Carmen Gonsalves

Carmen Gonsalves, Head, International Cyber Policy, Ministry of Foreign Affairs, The Hague
Udo Helmbrecht to speak at Chatham House Cyber 2018 conference

Udo Helmbrecht

Executive Director, European Union Agency for Network and Information Security (ENISA)
Marina Kaljurand to speak at Chatham House Cyber 2018 conference

Marina Kaljurand

Chair, Global Commission on Stability of Cyberspace
Patricia Lewis

Patricia Lewis

Research Director, International Security, Chatham House
Paddy McGuiness Cabinet Office to speak at Chatham House Cyber 2018 conference

Paddy McGuinness

Deputy National Security Advisor, Cabinet Office
Dave Palmer to speak at Chatham House Cyber 2018 conference

Dave Palmer

Director of Technology, DarkTrace

Stephen Pattison

Vice President Public Affairs, ARM Holdings plc
Jamie Shea to speak at Chatham House cyber 2018 conference

Jamie Shea

Deputy Assistant Secretary General for Emerging Security Challenges, NATO
Emily Taylor to speak at Chatham House Cyber 2018 conference

Emily Taylor

Editor, Journal of Cyber Policy; Associate Fellow, International Security, Chatham House
Rob Wainwright to speak at Chatham House Cyber 2018 conference

Rob Wainwright

Executive Director, Europol
Steven Wilson to speak at Chatham House Cyber 2018 conference

Steven Wilson

Head of the European Cybercrime Centre (EC3), EUROPOL

Register by Friday 27 April 2018 to benefit from the early booking rate.

Ways to book:

  1. Phone: Call Charlie Burnett Rae on +44 (0)20 7957 5727
  2. Online: Click here to complete the online registration form
  3. Email/Post: Download a PDF registration form, complete and return to Louisa Troughton via email or post to: Louisa Troughton, Chatham House, 10 St. Jame's Square, London, SW1Y 4LE

Check if your organization is a member of Chatham House here.



Partners and major corporate members  
All organizations£545£645
Standard corporate member  
Commercial organizations£1,190£1,390
Government departments£720£820
NGOs and academics£440£540
Commercial organizations£1,335£1,535
Government departments£810£920
NGOs and academics£490£595

Your delegate pass includes:

  • Conference attendance
  • Documentation
  • Lunch and refreshments

Travel and accommodation are not included. View a list of recommended hotels here.

Microsoft to sponsor Chatham House Globalization of Competition Policy 2016 conference           


If you are interested in becoming a sponsor for this event, please contact Adam Bowie on +44 (0) 20 7957 5732

Digital Forensics Magazine Cyber Security Review Critical Infrastructure Protection CPO Magazine

If you are interested in partnering on this event, please contact  Ayesha Arif on +44 (0)20 7957 5753

Chatham House
10 St James's Square
[email protected]

Telephone: +44 (0)20 7957 5643
Fax: +44 (0)20 7957 5710

If you wish to book the venue for your own event please phone +44 (0)20 7314 2764

The nearest tube station is Piccadilly Circus which is on the Piccadilly and the Bakerloo Underground lines. From Piccadilly follow Regent Street southwards towards Pall Mall and take the first road on the right called Jermyn Street. Duke of York Street is the second road on the left and leads to St James's Square. Chatham House is immediately on your right.


Although we cannot book accommodation for delegates, we have arranged a reduced rate at some nearby hotels, where you can book your own accommodation. Please inform the hotel that you will be attending a conference at Chatham House (The Royal Institute of International Affairs) to qualify for the Institute's reduced rate.

Please note all rates are subject to availability.

Flemings Mayfair
13 Half Moon Street
London - W1J 7BH

Tel: + 44 (0)20 7499 2964
Fax: + 44 (0)20 7499 1817
[email protected]

Classic Double without breakfast: £195 +VAT

The Cavendish London
81 Jermyn Street
London - SW1U 6JF

Tel: + 44 (0)20 7930 2111
Fax: + 44 (0)20 7839 2125
[email protected] 

Classic Room without breakfast: £205 +VAT

Book The Cavendish online

The Stafford London 
St James's Place
London - SW1A 1NJ

Tel: 020 7493 0111
Fax: 020 7493 7121
[email protected]

Classic Queen without breakfast: £247 +VAT
Quote Chatham House


This conference will be held under the Chatham House Rule. Information for journalists.

Press can request a press pass.

For enquiries relating to the conference agenda or sponsorship please call Adam Bowie on +44 (0) 20 7957 5732

For registration enquiries please call Charlie Burnett Rae on +44 (0)20 7957 5727

For general enquiries please email [email protected] 

The Chatham House Rule

To enable as open a debate as possible, this event will be held under the Chatham House Rule.