Cyber Risk Agenda

Cyber Risk Agenda

Cyber Risk Summit


Building cyber resilience

09:00 - 09:30

In an era of uncertainty, how can your firm build cyber resilience? Gain practical insights on key considerations with a focus on remote working and third party risk. 

Nasser Fattah

former MD cyber security, IT and third party risk



Cybersecurity Metrics 

09:30 - 10:00



Cybersecurity risk is a known concern, but the current decision making process is not decreasing the number of breaches.  59% of organizations experienced a significant or material breach in the last 12 months.  The role of the CISO is often still viewed as compliance-driven, the role needs to change from mandate driven (compliance) to mission driven (agent of change).  Boards are increasingly involved in cybersecurity, but require additional insight as well as responsibility in the process.  To fulfill their oversight role and make informed decisions, they seek richer communications in terms they can understand.  This session will discuss how metrics can be used to address these challenges, drive value to the business, improve the cybersecurity posture of an organization and provide clear returns of investments on security initiatives on which to make decisions as well as establish a partnership between the CISO and Board.  Topics will include what metrics to report, how to tell a forward facing story driven by underlying metrics for clear decision-making and pitfalls to avoid.


Coffee break and virtual meet-ups

15:00 - 15:30

Take advantage of our AI powered networking tool! Match-make with like-minded firms, vendors, academics, consultants and specialists. Benchmark with your colleagues, grab a coffee with a consultant or a tech vendor, visit our exhibition area or join one of our chat groups.


How are firms quantifying risk in the current landscape?

11:00 - 12:00

Milliman CRS
  • Working effectively with third parties
  • Continuity and working from home: do we have a backup plan?
  • Cyber quantification: how is this impacting monitoring models for fraud and aml?
  • What immediate trends have been identified and how are behaviours are changing? (how this is changing the nature of the risk and exposure )
  • How are you educating your staff?
  • What can be said of third parties and  the global supply chain?
Chris Beck

Executive risk consultant


Chris is a member of Milliman’s Cyber Risk Solutions (CRS) practice group.  The practice delivers a portfolio of risk consulting services, such as enterprise risk design, cyber risk assessment and quantification, test and build projects, operational risk assessments, enterprise risk management (ERM) education and training, and ERM technology evaluation. The CRS practice uses diagnostic consulting strategies to understand an organization’s enterprise risk goals and challenges and then customize solutions to deliver required business results. 


Chris has 15 years of professional experience.  His experience includes work in the banking, insurance, capital markets and card sectors helping clients assess and mitigate risk. 

Prior to joining Milliman, Chris was a Senior Manager in Accenture’s Finance and Risk Management Consulting practice, delivering work for global financial service clients.   Additionally, Chris served as an active duty Naval Officer and has multiple overseas deployments. 

Professional experience and subject matter advisory includes: 

  • Cyber Security metrics and governance
  • Financial Service Regulatory and Compliance initiatives
  • Risk Management 
  • Corporate and Risk Governance
  • Surveillance 
  • Financial Services operating model and cost reduction
  • Regulatory remediation and responses
  • Legal department risk and optimization
  • Leading large cross functional projects and teams


  • BS Political Science, University of Wisconsin–Madison
  • MBA, University of Chicago – Booth School of Business

Sophia Kazinnik

Quantitative research

Federal Reserve Bank of Richmond

Michael Barton

Senior director of quantitative assessments

United Health Group

Michael Barton is the Director of Operational Risk Quantification and Scenario Analysis at AIG.  In his role, he leads the development and implementation of operational risk stress testing, economic capital estimation, and allocation of those estimates to the business lines, as well as supporting the development of and quantification of operational loss scenarios for the organization.  In this role, Michael has worked extensively with cyber and business professionals around identifying and quantifying cyber risk.  Before working at AIG, Michael was the Head of the Regulatory Solutions Quantification group in U.S. Bank’s Corporate Treasury department.  In this role, he was responsible for CCAR/DFAST and Regulatory Capital modeling for Operational Risk as well as setting up a governance framework for models and analytical tools in the Corporate Treasury department.  Previous to those roles, Michael worked in an actuarial capacity at Sun Life Financial in Boston handling variable annuity reserving, fixed and variable annuity lapse study estimations, and retirement product pricing.  He held a similar variable annuity reserving role in Security Benefit Corporation in Topeka, KS before that.  Michael has a Bachelor’s Degree in Mathematics with an Actuarial Emphasis, and a Master’s Degree in Theology.

Thomas Kartanowicz

Head of Information Security


<p>Tom Kartanowicz has been Head of Information Security for Natixis CIB Americas since 2012, having joined the Firm in 2007. Prior to joining Natixis, he was a Systems Administrator at Principia Partners and, earlier, for New York University.</p>
<p>Mr. Kartanowicz is a member of NY Metro Infragard and the NY Metro Chapter of ISSA. He holds a CISSP and CISM.</p>
<p>Mr. Kartanowicz holds an MS, Information Technology from University of Maryland University College and a BS, Computer Science from New York University.</p>
<p>Mr. Kartanowicz has appeared as a panelist and presenter at Technology Managers Forum, CISO Summit NY, NetSPI Executive Leadership Luncheon and GFMI Vendor Risk Management conferences.</p>

Steve Bishop

Head of risk information & insurance


Steve Bishop is responsible for developing and implementing the strategy for risk information activities within the ORX, the world’s largest operational risk association. He also leads the ORX insurance service, including managing the global insurance loss data service, and running working groups and events specifically tailored for insurance firms. Risk information includes responsibility for ORX Scenarios – a service that supports organisations with effective scenario development; data standards; developing the ORX Reference Taxonomy; the ORX quality assurance framework (governing loss data services); and the development of ORX services to support the management of material risks, for example the ORX Cyber service that Steve and his team are in the process of launching. Steve has been at ORX for three and a half years and prior to joining held a number of risk management positions in both banking and insurance.  


Quickfire demos: Cyber pitch Shark Tank

12:00 - 12:30

The greatest and most innovative technology providers will demonstrate the magic behind the tech. Each technology has no more than 5 minutes to highlight what makes their solution particularly bleeding edge.


Cloud Security: rethinking cybersecurity, risk and audit processes

13:45 - 14:30



Cloud and containers are forcing organizations to rethink their cybersecurity, risk and audit processes. In this workshop we will address the main challenges that organizations are facing in their secure Cloud adoption. We will have a fireside chat with one of our cloud security partners leading the cloud security for a client migrating applications to cloud technologies. The fireside chat will be managed as a two-way interview sharing our experiences and thoughts on topics like CISO cloud security programs and the need for new cyber management processes that are driven by the Cloud philosophy. We will discuss the security challenges that organizations are facing in their Cloud adoption journey. Our topics will include hybrid cloud and multi-cloud architectures addressing the role of cloud-native security tooling for the zero-trust model implementation. We hope that this discussion will drive improved cloud security and risk management towards the enablement of secure and trusted Cloud environments.


Coffee break and virtual meet-ups

15:00 - 15:30

Take advantage of our AI powered networking tool! Match-make with like-minded firms, vendors, academics, consultants and specialists. Benchmark with your colleagues, grab a coffee with a consultant or a tech vendor, visit our exhibition area or join one of our chat groups.


Staying ahead of the shifting threat landscape

10:30 - 11:30

•Manoeuvring the rise of ransomware attacks
•How to manage: pay or delay
•Managing the associated reputational risk
•Keeping a pulse on phishing sophistication
•Keeping abreast of ongoing threats with your gateways team, GSOC and threat intelligence
Jörgen Mellberg

CISO, Head of IT & DPO

Sparbanken Syd


Think tank: Cyber resilience, remote working and third parties

11:30 - 12:30

Network with your industry peers in an informal virtual discussion group led and moderated by practitioners. Join the dialogue of your choice with 10-15 other professionals exploring the pressing issues keeping you awake at night. A brief introduction will be made by the moderator followed by a series of questions open to the participants in a free flowing discussion allowing you to gain and share insights.

Our Cyber Risk Summit partners

EY is a leader in serving the financial services industry

We understand the importance of asking great questions. It’s how you innovate, transform and achieve a better working world. One that benefits our clients, our people and our communities. Finance fuels our lives. No other sector can touch so many people or shape so many futures. That’s why globally we employ 26,000 people who focus on financial services and nothing else. Our connected financial services teams are dedicated to providing assurance, tax, transaction and advisory services to the banking and capital markets, insurance, and wealth and asset management sectors. It’s our global connectivity and local knowledge that ensures we deliver the insights and quality services to help build trust and confidence in the capital markets and in economies the world over. By connecting people with the right mix of knowledge and insight, we are able to ask great questions. The better the question. The better the answer. The better the world works.

Milliman is an independent, privately owned, global professional services firm. Our legacy is actuarial science; we have become a global leader in actuarial services, risk and predictive analytics. Our background and business model is driven by our client focus using rigorous quantitative techniques applied to risk assessments and modeling.

Milliman’s Cyber Risk Solutions (CRS) is composed of a cross-functional team with complementary skills sets:

  • Enterprise Risk Management and Operational Risk
  • Emerging threat detection and modeling
  • Consumer behavioral data and time series analytics
  • Data sciences, including predictive modeling
  • Regulatory remediation
  • Actuarial science

Milliman CRS understands the quantification of operational risks such as conduct, vendor, cyber, reputational, climate, disgruntled employee, etc. is becoming ever more important. We understand where models that quantify risk are beginning to fail and how decision makers can take actionable steps to mitigate financial losses.