Report from FAIR Institute 2024 Europe Summit, Paris, on Risk Management Challenges of AI, DORA, NIS2, 3rd Party and More

The FAIR Institute’s 2024 Europe Summit gathered a highly engaged crowd of 100 business and cyber leaders in Paris on March 13 to learn about the latest techniques in quantitative cyber risk management, the tightening regulatory requirements for cyber in the EU, the threats and opportunities of GenAI and more top-of-mind issues.

Here are a few of the many highlights – but come back to the FAIR Institute website Resources page where we will soon post videos of the sessions.

FAIR Europe Summit 2024 - Nick Sanna Keynote 2

Welcome Address: Managing Cyber Risk in a Time of New Incident Disclosure Rules - Nick Sanna, President, FAIR Institute

Nick laid out the urgent problem of cyber risk management: “Economics for the attackers got better and economics for the defenders got worse. The reason we are here is we’ve got to change that economics…

 “This conference will address what it takes to address cyber risk as business risk…this community will help bridge the gap between the business and cyber in ways it has never been done before.”

Favorable signs for the FAIR community, Nick noted:

>>Boards are taking notice of cyber risk and senior management increasingly demands that the cyber risk team speaks in business terms and acts at the speed of business.

>>New regulations from the US Securities & Exchange Commission (SEC) and in Europe NIS2 and DORA, compel more rigorous, quantitative assessments of cyber risk.

The FAIR Institute is responding with new initiatives on controls analytics, material risk assessment, artificial intelligence, third party risk and cyber insurance and more research targets in what Nick called “the most significant transformation” of the group since he founded it in 2016.

FAIR Europe Summit 2024 - DORA - NIS2 2

Panel: The Significance of the NIS2 Directive and of the Digital Operational Resilience Act (DORA)

DORA applies only to resilience in the EU financial services sector. NIS2 applies more broadly across all sectors of the economy that provide critical infrastructure. Each will challenge companies to reconcile business and technical imperatives (an opportunity for FAIR analysis).  Discussion leader Anne Leslie of IBM, said that “we really do need cross functional teams and multidisciplinary skill sets because no single domain has all the answers on these topics.”


Anne Leslie, Cloud Risk & Controls Leader EMEA, Financial Services, IBM

Iva Tasheva, Co-founder & Cybersecurity Lead, CYEN; Working Group Member, ENISA

Cathie-Rosalie Joly, Partner, Bird & Bird Law Firm

Martina Dvar, Advisor, European Central Bank

FAIR Europe Summit 2024 - GenAI 2

Panel: GenAI Related Risk and Opportunities

The Summit heard from Jacqueline Lebo, author of the FAIR Institute’s playbook for risk analysis for AI scenarios, who explained the five steps from setting the purpose of a risk analysis to implementing a decision on addressing risks of AI as a productivity tool or a vector for threat actors.


Moderator: Pankaj Goyal, Director of Standards and Research, FAIR Institute

Gérôme Billois, Partner, Wavestone

Sabine Marcellin, IT Lawyer, Oxygen+

Jacqueline Lebo, Risk Advisory Manager in Security Services, Safe Security

FAIR Europe Summit 2024 - Jack Jones Keynote 2

Keynote: The Future of the Cyber Risk Management Profession - Jack Jones, Chairman, FAIR Institute

Jack gave a sweeping look at the state of the profession, arguing that it must move on from a reactive to a proactive posture and address the root causes of cyber risk. Jack warned that “the ability to apply AI broadly and effectively in cyber  risk management is going to be limited by the profession’s immaturity” and he invited the audience to “commit to being part of the solution.”

FAIR Europe Summit 2024 - Pankaj Goyal - Materiality Assessment 2

Panel: Meeting Regulatory Compliance - How to Think About Materiality with FAIR™

US and EU regulators have stepped up demands for swift reporting of cyber incidents of material impact – but what’s material? This session introduced the new FAIR Materiality Assessment Model (FAIR-MAM) that enables organizations to compile accurate loss magnitude data in a framework that’s ready to disclose to regulators if needed.


Pankaj Goyal, Director of Standards and Research, FAIR Institute

Mouhamad el Houssaini, Risk Director, ADP

FAIR Europe Summit 2024 -  Insident Disclosure Rules 2

CxO Panel: Managing Cyber Risk in a Time of New Incident Disclosure Rules

Moderator: Thiébaut Meyer, Director, Office of CISO, Google Cloud

Benoit Fuzeau, CISO, CASDEN; President, CLUSIF

Aljona Reiser, Head of Cyber Business Risk, Commerzbank AG

Ariane Chapelle, Partner, BDO Chapelle

FAIR Europe Summit 2024 - Cyber Insurance 2-1

Panel: Optimizing Cyber Insurance with Risk Quantification

Christopher Khadan, CCO, Safe Security

Leopold Larios, Dir. of Cyber Insurance Offering, Descartes

Andreas Schmitt, Global Cyber Underwriting, Zurich

Thierry Zucchi, Head of Cyber Activity, Relyens

Patrick Montagner, Dep. Sec. Gen, ACPR

FAIR Europe Summit 2024 - Meena Martin - TPRM 2

Panel: Re-thinking Third Party Risk Management

Meena Martin, VP Cyber Risk and Assurance, GSK

PXL_20240313_105609829 (1)

Panel: Case Study Panorama

Moderator: Tom Callaghan, Co-Founder, C-Risk

Pierre Olodo, Senior Lead Cyber Risk, Richemont

Anne Lupfer, Deputy CSO, Econocom

No alt text provided for this image

Panel: Case Study Panorama

Moderator: Greg Spicer, Co-Founder & CRO, Ostrich Cyber-Risk

Rob Moore, VP, Technology Risk, Mastercard

David Steng, Director, Cyber Risk & Economics, Group Cybersecurity Office, Fresenius Group 

Panel: Effectively Assessing Controls with FAIR

Moderator: Tom Callaghan, Co-Founder, C-Risk

Frédéric Bouveresse, IS&T Cyber Risks Governance Specialist, Alstom

Francesco Chiarini, Global Head - Technology Resilience, Sandoz


Meet the Members: Co-Chairs of the FAIR Institute’s New Swiss Chapter

FAIR Institute Europe Summit Preview: Preparing for EU’s NIS2 and DORA

Learn How FAIR Can Help You Make Better Business Decisions

Order today
image 37