Midway through the ‘Digital Decade’, the EU continues on an ambitious journey to bolster its cybersecurity posture amid a significantly evolving threat landscape. A wave of initiatives, including legislations like NIS2, CRA, CSOA, DORA and CSA, has demonstrated the block’s commitment to build a unified and resilient cybersecurity ecosystem and to enhance its collective cyber incident management capabilities. 

As the transition from policymaking to implementation in a context of ‘regulatory simplification’ raises critical questions about harmonisation, practical implications for businesses and the balance between regulation, innovation and sector-specific needs, this session will explore the opportunities and hurdles in achieving a coherent and effective EU cybersecurity framework, as well as operational effectiveness. It will also look ahead at future initiatives, including the review of the Cyber Security Act, and their potential impact on the cybersecurity landscape beyond 2025.

This session will explore, amongst other key topics: 

• The opportunities and challenges of implementing the EU’s cybersecurity regulations across member states and sectors.
• Practical implications for businesses navigating compliance requirements in a complex regulatory environment.
• The future trajectory of EU cybersecurity policy, including the revision of the Cybersecurity Act and the role of certification schemes.
• Ensuring that new legislative initiatives align with innovation, competitiveness, and resilience goals.
• The role of public-private partnerships in mitigating emerging cyber threats and enhancing preparedness.
• Coordinated efforts, including the EU Blueprint for large-scale cyber incidents and the Cybersecurity Emergency Mechanism, to strengthen collective resilience, and the tools needed to ensure effective coordination during cascading cyber incidents affecting multiple member states.

Cybersecurity is a cornerstone of the European Union’s Industrial Strategy. Strengthening Europe’s cybersecurity market is not just about protecting critical infrastructure – it is also about fostering innovation, reducing reliance on foreign technologies, and ensuring digital sovereignty. This session will explore how Europe can bolster its cybersecurity market to achieve these goals, addressing challenges like fragmentation, the need for greater innovation and support for cybersecurity start-ups and SMEs. It will examine the EU’s efforts to foster homegrown solutions, the importance of public-private partnerships in driving research and development, mechanisms to attract private capital and encourage technological innovation, as well as key policies, such as the CRA, and the role of standardisation and certification frameworks in building a robust and globally competitive cybersecurity ecosystem. 

Possible questions:

• How is the EU addressing the fragmentation of the Single Market to facilitate the scaling up of European cybersecurity companies? What specific measures are needed to achieve deeper. market integration? What policies can be implemented to encourage healthy competition and maintain a diverse cybersecurity ecosystem?
• How can cybersecurity be positioned as a driver of economic growth rather than just a regulatory requirement?
• How can it be ensured that vendor consolidation does not stifle innovation and limit market access for smaller players?
•  How can a unified certification framework enhance trust, security, and industrial competitiveness?
•  How can Europe increase R&D investment in critical areas like AI-driven cybersecurity and quantum computing security to close the innovation gap with global competitors?
• What role will the European Cybersecurity Competence Centre play in fostering cross-border collaboration? How can Public-Private Partnerships strengthen Europe’s cyber resilience and technological leadership?

The rapidly evolving field of cybersecurity highlights an essential truth: technology alone is not enough to counter the growing sophistication and frequency of cyber threats. Human vulnerability – whether through phishing, insider threats, or unintentional lapses in security protocols – is the most significant risk to organisational and individual cybersecurity. As businesses and governments face a widening skills gap in cybersecurity professionals, the challenge of equipping and empowering people with the knowledge and tools to combat threats has never been more critical.

This session will examine the vital role of the human factor in cybersecurity, exploring the barriers to attracting and retaining talent, the strategies for re/up/skilling the workforce, and the role of public awareness in creating a culture of cyber resilience. It will discuss actionable solutions to address the global cybersecurity skills shortage, innovative approaches to harness the potential of AI and machine learning alongside human expertise, and effective education strategies to embed cyber awareness at every organisational and societal level.

Possible questions:

• How successful have awareness programs and training initiatives been in mitigating threats arising from phishing, social engineering, ransomware, and what more needs to be done to equip citizens from different demographic groups and professional sectors with the skills needed to meet emerging cybersecurity challenges?
• What is the latest on the EU’s efforts to address the critical shortage of cybersecurity professionals, including initiatives like the Cyber Skills Academy and the European Skills Pact? What best practices from other leading nations (US, UK, Canada, Japan, Singapore) in attracting and retaining cybersecurity talent can be leveraged? How can global efforts to ensure mutual recognition of cybersecurity qualifications be harmonised?
• How can cybersecurity education evolve to address both current threats and anticipate future skills requirements?
• What innovative strategies are needed to attract diverse and underrepresented groups to cybersecurity careers?
• How can governments, industry, and academia collaborate to close the skills gap and create a steady pipeline of talent?
• What are the essential skills required to address new technological challenges, such as AI-driven threats and quantum computing risks?

In an era of rapid technological advancements, cybersecurity stands at a crossroads—where emerging technologies create both opportunities and new vulnerabilities. This session will explore this duality, examining how innovations such as AI/ML, automation technologies, blockchain, edge computing and quantum are reshaping the cybersecurity landscape, offering immense potential for enhancing threat protection and resilience, while also introducing novel attack surfaces and vulnerabilities that malicious actors can exploit. It will feature real-world case studies, discuss innovative approaches to threat protection, and examine the critical need for robust but adaptive regulatory frameworks and international collaboration in this area. This will foster a dialogue on how to effectively harness the power of technology while mitigating its inherent risks, ultimately contributing to a more secure and resilient digital future.

Possible questions:

• To what extent do advanced technologies, such as AI and quantum computing, heighten vulnerabilities in critical infrastructure, supply chains, and public/private sectors operations? What role do these same technologies play in developing more resilient security architectures?
• How is AI altering the dynamics between cyber attackers and defenders? How can AI-driven tools be effectively utilised to enhance threat detection, incident response, and vulnerability management in the face of increasingly sophisticated cyberattacks? What role can quantum computing play in developing next-generation cryptographic techniques to protect sensitive data in a post-quantum world? How can blockchain technology be leveraged to secure supply chains, ensure data integrity, and improve transparency in complex systems? How can cloud security solutions be enhanced to address the unique challenges posed by multi-cloud and hybrid cloud environments?
• How can we move beyond “security by design” and embrace “resilience by design” to build systems that can withstand attacks and recover quickly?
• How can cross-border cooperation in research, development, and threat intelligence can accelerate innovation while strengthening global cyber defences? What role can the European Cybersecurity Competence Centre play in fostering international collaboration?
• How equitable access to advanced cybersecurity technologies worldwide be ensured to avoid exacerbating the digital divide? How can we better understand the complex interplay of geopolitical factors and technological advancements in the cybersecurity domain?
• How can we make advanced security solutions more accessible to smaller organisations?
• How can regulatory frameworks keep pace with the rapid development of emerging technologies while still fostering innovation?

In today’s rapidly evolving digital landscape, organisations must adopt a proactive approach to cyber security and resilience. As explored in previous sessions, cyber threats continue to grow in complexity, and ensuring business continuity requires a holistic approach that integrates governance, technology, and human factors. This session will explore best practices for operationalising cyber security and resilience within organisations, helping decision-makers embed security into core business processes. It will focus on actionable strategies to assess, manage, and mitigate cyber risks, ensuring robust preparedness in the face of increasing threats taking into account emerging regulatory landscapes and compliance obligations. With insights from the latest EU report on telecommunications and electricity cybersecurity, the EU network code on cybersecurity for the electricity sector and EU Action Plan on Cybersecurity for Healthcare, speakers will explore sector specific challenges and also discuss collaborative approaches for strengthening ecosystem-wide cyber resilience as well as best practices for enhancing cyber resilience, securing supply chains, and preparing for potential disruptions.

• What are the most significant cyber threats organisations face today, and how can they prepare for them? Are all critical sectors affected by the same threats?
  
• How can organisations integrate cyber security within business strategy, decision-making processes and operational workflows?
  
• How can organisations build adaptive resilience capabilities that evolve with the threat landscape? What strategies help organisations stay ahead of regulatory requirements while maintaining operational efficiency? What role do zero-trust security architectures play?
  
• What are the most effective approaches for managing third-party and supply chain risks? How should organisations approach the challenge of fourth party relationships in their risk assessment framework? How does NIS2 impact third-party risk management, and what key changes have businesses prepared for?
  
• What role does industry collaboration play in mitigating systemic threats and improving ecosystem-wide resilience? What role should larger organisations play in elevating the cybersecurity capabilities of their smaller partners to prevent them from becoming potential threat vectors?

As cyber threats continue to evolve and grow in complexity, the EU has undertaken unprecedented steps to strengthen its collective cyber incident management capabilities. This session will explore the block’s current preparedness framework for managing large-scale cyber incidents, examining recent initiatives and identifying areas for improvement. Speakers will analyse the EU’s multi-layered approach to cyber resilience, from strategic coordination to operational response mechanisms and discuss the implementation of the EU Cyber Blueprint for coordinated response to large-scale cyber incidents, debating how this framework can be best operationalised across member states. The session will highlight the critical importance of information sharing, risk management harmonisation, and dependency mapping across the Union to achieve a comprehensive understanding of vulnerabilities and potential cascading effects. Speakers will share perspectives on public-private partnerships in incident management and threat intelligence sharing, highlighting successful models and opportunities for improvement.

• How will recent developments, such as the introduction of the Cyber Solidarity Act the Cyber Blueprint and targeted amendment to the Cybersecurity Act (CSA) will reshape incident response capabilities ?
• How effectively do exercises like “Blue OLEx” and “Cyber Europe” translate into improved real-world preparedness for large-scale cyber incidents? What are the key lessons learned and how are they being implemented?
• How can the link between technical cooperation and crisis management be strengthened to ensure a coordinated and effective response to large-scale cyber incidents?
• How can the EU improve its understanding of cross-border dependencies and potential cascading risks arising from cyberattacks on critical infrastructure? What mechanisms are needed to ensure effective information sharing and coordinated response in such scenarios?
  
• How can the EU further engage with the private sector to enhance cybersecurity preparedness and resilience? What incentives and frameworks are needed to foster greater collaboration and information sharing?
• How can the Cyber Emergency Mechanism remain adaptable to emerging threats while maintaining consistent response capabilities across different sectors and member states?

Against the backdrop of growing cyber threats and geopolitical instability, global cybersecurity demands a transformative approach to collective defence and collaboration. This session will explore the role of international collaboration in closing the global gap in cyber readiness, safeguarding critical infrastructure, protecting digital assets, and ensuring a secure foundation for economic growth as well as the challenges in building a unified approach to cybersecurity. Speakers will also examine the importance of harmonising cybersecurity standards, fostering regulatory consistency, and engaging in capacity-building efforts – especially for under-resourced regions – and ask what more can be done to promote international cooperation on cybersecurity issues and establish the EU as a trusted partner in the global digital landscape.

• What are the critical gaps in current international cybersecurity cooperation? What innovative mechanisms can be developed to foster trust, transparency and information sharing and meaningful collaboration among nations with diverse interests and varying levels of cyber capabilities? 
• How do geopolitical tensions impact cyber risk and international cooperation, and how can we balance national security concerns with the need for global cooperation?
• How do international norms and agreements influence the cybersecurity strategies of individual states, and how can initiatives to develop harmonised regulatory frameworks and standards be improved?
• What more can be done to enhance capacity building, particularly for under-resourced regions and developing economies? 
• What strategies can be put in place to overcome fragmentation and the rise of the “splinternet,” that hinder collective cyber defence and resilience?
• What steps can be taken to improve trust and information-sharing between public and private stakeholders globally? How can the cybersecurity of critical infrastructure systems be enhanced to mitigate cascading cross-border effects during cyber crises?

16:30 – 17:10 Session Opening Keynote speeches

17:10 – 18:00 Stakeholders Reactions and Panel discussion