Luke Bader, Director, Membership and Programs, and Bernadette Dunn, Director of Business Development, represented the FAIR Institute at Black Hat Europe 2025
Black Hat Europe never lacks for spectacle. This year was no exception. The 2025 conference in London buzzed with talk of generative AI, autonomous tooling, and the accelerating arms race between attackers and defenders. Yet amid the noise, one comment cut through with uncommon clarity.
Tarah Wheeler, Chief Security Officer, summed it up succinctly:
“Everyone is talking about AI stuff, but [FAIR] is what people will really need to be caring about in the next one to two years.”
What she was pointing to was not another tool or model. It was the growing urgency to frame cyber risk in financial terms.
AI dominates conference agendas because it feels new, fast, and existential. But boards and executives are not losing sleep over prompts and models. They are focused on financial exposure, regulatory scrutiny, capital allocation, and material business risk.
That gap between technical conversation and executive concern is widening. As a result, cyber leaders are being pushed toward frameworks that translate security risk into the economic language leadership already understands.
This is where financial risk frameworks, including FAIR, move from “nice to have” to essential.
Against a backdrop of hundreds of security vendors competing for attention, the FAIR Institute’s association booth offered something fundamentally different. It was not another product pitch. It was a conversation about decision-making.
While vendors showcased features, dashboards, and AI-driven claims, the FAIR Institute focused on a deeper question: how organizations justify security investments in the first place. That distinction mattered.
The booth became a space for grounding conversations. CISOs, practitioners, and vendors alike engaged in discussions on how financial risk quantification helps organizations prioritize initiatives, align security with business objectives, and communicate clearly with executives and boards.
In a conference dominated by tools, the FAIR Institute represented thinking.
One of the most valuable outcomes of attending Black Hat Europe was the opportunity to educate security vendors themselves. Many vendors struggle with a familiar challenge: their prospects believe in the product, but cannot justify the purchase internally.
FAIR addresses that problem.
Throughout the conference, Bernie Dunn, Director of Business Development at the FAIR Institute, spoke with vendors about how learning FAIR can strengthen their sales strategy (contact Bernie). The message resonated immediately. Vendors saw how a shared financial risk framework could help their prospects quantify exposure, defend investment decisions, and accelerate buying cycles.
Every vendor conversation led to a request for follow-up. The idea of FAIR Enablement within a partner ecosystem struck a chord. Vendors were not looking to replace their solutions. They wanted a way to position them within a defensible, executive-ready risk narrative.
These conversations directly reinforce a key 2026 focus for the FAIR Institute: expanding a partner ecosystem centered on FAIR Enablement.
Rather than treating FAIR as separate from technology, the Institute is increasingly positioned as the connective tissue that helps tools succeed in the enterprise. When vendors understand FAIR, they sell outcomes instead of features. When customers understand FAIR, they buy with confidence instead of hesitation.
Black Hat Europe demonstrated that vendors are ready for this shift. They are asking for education, alignment, and partnership, not just logos and sponsorships.
Another strong signal from the conference was renewed interest in executive education. Tarah Wheeler’s interest in learning more about executive-level training reflects a broader industry reality: Leaders need help translating cyber risk into strategic, board-ready insights.
Most executives were never trained to interpret loss magnitude, probability, or exposure in cyber terms. Likewise, many security leaders were never trained to communicate risk in financial language that resonates with decision-makers.
Executive education closes that gap. It equips organizations with a shared framework for making informed, defensible cyber risk decisions.
Try Cyber Risk Management for Executives Training
Black Hat Europe reinforced a clear truth. Tools will continue to evolve. AI will continue to dominate headlines. But the organizations that succeed will be those that can explain risk, justify investment, and guide leadership through uncertainty using financially grounded models.
The FAIR Institute’s presence mattered because it reminded the market that cyber risk management is not ultimately about technology. It is about decisions.
AI may be today’s headline. Financially grounded cyber risk is tomorrow’s mandate.
Become a FAIR Institute member for access to resources, discounts on training and more benefits of joining the international FAIR community.