Connecting business with cyber security

There will be tea, coffee and pastries for those who would like a pick-me-up before the conference starts for the day.

Simon Edwards, CEO and Founder of SE Labs and host of The-C2.

Cyber capability has become a central instrument of geopolitical power. Opening The-C2 2026, Lieutenant General Sir Tom Copinger Symes KCB CBE, Deputy Commander of the UK’s Cyber and Specialist Operations Command, will explore how global tensions are reshaping the cyber threat landscape. Drawing on experience at the heart of the UK’s cyber defence capability, he will examine how sophisticated cyber operatives operate, how nations prepare for and respond to digital conflict, and what this changing environment means for organisations seeking to build resilience, secure their supply chains and take ownership of cyber risk.

This session explores how multinationals build resilience amid geopolitical disruption, using two client case studies: one reactive (responding to an overnight state takeover), and one proactive (assessing exposure across a complex global supply chain). The discussion focuses on decision‑making, lessons learned, and practical actions leaders can apply immediately.

The geopolitical cyber landscape is shifting fast, and organisations are no longer on the sidelines. From escalating nation state activity to the growing exposure of the private sector, cyber risk is now deeply entangled with global instability.

Following the opening sessions, this breakout creates space to move beyond the headlines and into what this actually means in practice. Under Chatham House Rule, we will bring together senior leaders for a candid, discussion led conversation on how they are interpreting geopolitical cyber risk today and, crucially, what they are changing as a result.

Together, we will explore where organisations are taking decisive action, where uncertainty still exists at leadership level, and how ownership of these risks is shifting across the business. The aim is simple: to help turn a complex and evolving threat landscape into clearer, more confident decisions about what to do next.

The value of the MDR shared responsibility model can only be fully realised when we unite two different perspectives. MDR providers possess deep threat intelligence about adversary behaviour and emerging attacks, while enterprises hold business context about what actually matters to their organisation. This discussion examines how to close that gap across the entire security lifecycle, from detection strategy and threat hunting to vulnerability prioritisation and investment decisions. CrowdStrike’s Falcon Complete will discuss their evolution toward risk-based operations, including practical examples such as dynamic and tailored detection prioritisation. Enterprise CISOs will share the organisational challenges of articulating risk to external partners and what effective collaboration actually looks like. Together, we’ll explore actionable frameworks for merging threat intelligence with business impact: How do you communicate what matters? How should intelligence reshape your risk model? Where can partnerships break down? In an era of exploding vulnerabilities and AI-accelerated threats, this conversation addresses how to move beyond transactional MDR relationships toward genuine shared risk ownership, because neither party has the complete picture alone.

Re-fuel and recharge with the amazing hospitality at Merchants Taylors.

A talk through the journey of a scaling tech SME drawing attention from globally the largest most aggressive and sophisticated cyber actors. The lessons we have taken forward as we have grown.

Get the facts on how the modern threat landscape is changing risk quantification and prioritization, and how organizations can evolve their use of intelligence to set strategic priorities. Using the emergence of AI as a case, we demonstrate how to quantify and qualify emerging risk and the impact of uncertainty to organizations in practical terms. Executive Leaders will walk away with intelligence-driven risk management and cybersecurity strategies to improve their odds, gain advantage, and make the case for action at Board level.

In the era of rapid AI advancement, trust is essential. As organizations deploy increasingly powerful systems, they must manage risk while enabling innovation. This session explores how a responsible and trustworthy approach to AI helps organizations balance the risks of harm with the risks of missed innovation and untapped potential.

This panel will explore the growing cyber risks that arise as supply chains become increasingly interconnected. A central focus will be the expanding reliance on third-party providers that hold critical operational and customer data, and how vulnerabilities within these vendors can trigger disruption far beyond the original target. As weaknesses in shared services ripple across multiple organisations, the consequences can be widespread and difficult to contain. The discussion will examine practical ways to mitigate these threats and strengthen oversight across complex supply chains.

Join us for the warm-up before the much-anticipated C2 Dinner!

With the breathtaking Merchant Taylors venue as a backdrop, enjoy amazing hospitality and lively conversation at this exclusive event.

There will be tea, coffee and pastries for those who would like a pick-me-up before the conference starts for the day.

AI systems are increasingly being targeted by criminal groups and nation-state actors, yet most AI security incidents remain invisible to traditional threat intelligence and cyber reporting. This talk draws on a year-long research project conducted with the Australian National University analysing real-world AI security incidents, alongside the delivery of the first AI security framework and mandatory AI security training implemented within an Australian Government department. We outline the attack patterns emerging from incident data – including how adversaries exploit AI-specific weaknesses, why these attacks evade existing cyber and AI safety frameworks, and what this means for defenders. We then show how these insights were translated into a practical, government-scale AI security framework, designed to operate within real constraints: alignment with ISO and NIST guidance, bespoke government control frameworks, and the need to communicate risk effectively to technical, policy, and executive audiences. Attendees will leave with a clearer understanding of how AI is being attacked in practice, how incident-driven intelligence can inform defensible AI security strategies, and how similar lessons can be applied within their own organisations.

CISOs are influenced to buy by credible references, proven ROI, and solutions that mitigate their risks. They are turned off by impersonal, high-pressure sales tactics, unproven technology, and vendors who fail to show they understand the business’s specific needs and constraints. Building trust and demonstrating clear value are key drivers, while a lack of preparedness or a focus solely on product features are major deterrents. 

Nation-state cyber operations directly impact your security strategy, threat detection priorities, incident response plans, and resource allocation. From Chinese APT pre-positioning in critical infrastructure and Russian targeting of Ukraine supply chains to Iranian OT attacks and North Korean IT worker infiltration, CISOs and business leaders must understand which adversaries target them, why, and how to operationalize geopolitical intelligence. This interactive workshop equips CISOs with actionable tools to integrate threat intelligence into security operations, brief boards on nation-state risk, build crisis response capabilities for extended campaigns, and defend against adversaries whose objectives go far beyond financial gain.

As organisations rapidly deploy AI, many assume AI security can be managed through tools, controls, or centralised teams. This breakout session challenges that assumption through three real-world case studies. The first draws on anonymised work with government and large enterprises, showing how AI security risks emerge at governance and decision-making layers where leaders and non-technical stakeholders lack shared AI security understanding. The second examines AI-enabled fraud and impersonation attacks (such as voice deepfakes targeting finance and executive teams), demonstrating how AI risk increasingly sits outside traditional security functions. The third explores developer-driven AI security failures, including prompt injection and sensitive data exposure, where existing secure-by-design practices fail to translate to AI systems. Together, these cases show why AI security remains fundamentally human-centred and why organisation-wide AI upskilling is now a critical security, resilience, and workforce strategy.

AI systems are rapidly deployed across organizations, but accountability and governance lag behind. CISOs and boards face critical questions: Who is accountable when AI makes a wrong decision? How do we move from identifying AI risks to establishing clear ownership and oversight? What cybersecurity risks does AI introduce? How do we build governance that is auditable and defensible? This interactive breakout session provides a practical roadmap from AI risk assessment to accountability structures, aligned with emerging regulation including the EU AI Act and ISO/IEC 42001.

One of the unique experiences at The-C2 is the opportunity to connect and spend quality time with other delegates. We host a three course lunch to provide the time and atmosphere to generate interesting and meaningful conversations.

Join us as we explore the unconventional learning styles and motivations of digital natives who view system limits as a creative substrate to be bent rather than broken. This session delves into how peer validation and community clout often carry more weight for this cohort than formal credentials. Hear from a former ‘The Com’ cybercriminal who has now turned his life around, taking on red-teaming from the unique perspective of being a black-hat hacker.

Simon Edwards, CEO and Founder of SE Labs, wraps up The-C2 conference for 2026.

Join fellow delegates and speakers for an opportunity to network and chat over a drink and some canapés!