May 22, 2025
4
minutes

UK Cyber Week 2025: Key Insights for CISOs and Trust Leaders

Tailor security awareness initiatives to address human needs, not just compliance requirements.

As Head of Trust at SecurityPal, I had the privilege of attending UK Cyber Week 2025 at Olympia London — a gathering that brought together more than 70 global cybersecurity leaders, practitioners, and executives to tackle the sector’s most urgent challenges. 

With speakers from organizations like Google, Microsoft, TikTok, the NFL, and Tesco, the event delivered a rich mix of strategic vision and practical guidance for CISOs and trust executives navigating today’s threat landscape.

Key Takeaways from UK Cyber Week

UK Cyber Week’s agenda spanned three major themes: 

  • Strategies for Success
  • Navigating AI
  • Cultivating a Cybersecurity-First Culture

Below, I share highlights and actionable insights from the sessions that resonated most with trust and security leaders.

Reframing Cybersecurity Through Human Nature

A standout keynote by Jane Frankland, MBE challenged us to look beyond technical threats and consider cybersecurity through the lens of Maslow’s Hierarchy of Needs. 

(Image Credit: Jane Frankland, MBE)

Frankland argued persuasively that human nature often represents the biggest risk. She stated that “cybersecurity is human, not tech tools”. That really resonated with me. Aligning security strategies with fundamental human motivations like belonging and safety can foster a more resilient security culture.

Actionable Insight: Tailor security awareness initiatives to address human needs, not just compliance requirements.

AI in Cybersecurity: Beyond the Hype

A data-driven session — presented by Jamie Collier, Lead Threat Intelligence Advisor (Europe) at Google — cut through the noise surrounding AI, leveraging Mandiant’s incident response data to show how attackers are using generative AI for sophisticated phishing, deepfakes, and automated reconnaissance. Defenders, meanwhile, can harness AI for rapid threat detection and response, but the speaker warned against overreliance on immature tools.

Key Takeaway: AI is a force multiplier for both attackers and defenders, but robust human oversight and validation remain essential.

Supply Chain Security: Lessons from Recent Compromises

This session dissected recent high-profile supply chain attacks, emphasizing how interconnected digital ecosystems amplify risk. The speaker — Andy Simpson, CISO at Supply Assure — advocated for continuous third-party risk assessments, transparency in vendor relationships, and zero trust adoption across supply chains.

Key Takeaway: Review and update third-party risk management frameworks to address evolving attack vectors and foster cross-functional collaboration between security, procurement, and legal teams.

Preparing for the Quantum Threat

I was particularly interested in learning more about “the quantum threat”. With quantum computing advancing rapidly, the speaker — Zygmunt Lozinski, Quantum Safe Networks at IBM) — focused on the urgent need to migrate to post-quantum cryptography (PQC). He outlined timelines for quantum threats and provided practical steps for preparing public key infrastructure (PKI) for a quantum-safe future.

Future quantum computers have the potential to break much of the cryptography that underpins trust in today’s digital world, including the encryption that secures financial transactions, medical records, and government communication.

Migration to PQC is the primary safeguard against quantum threats, according to the UK’s National Cyber Security Centre (NCSC). Of most interest: “Migration will happen, globally. It will not be possible to avoid PQC migration, so preparing and planning now will mean you can migrate securely and in an orderly fashion.

Key Takeaway: Inventory cryptographic assets and engage vendors about PQC readiness now, rather than waiting for a crisis.

Building a Cybersecurity-First Culture

A panel of CISOs and industry leaders shared strategies for cultivating awareness, resilience and a proactive security mindset. The consensus: humans are both the weakest link and the greatest asset. Successful programs blend engaging training, leadership buy-in, and incentives for positive behaviors, while also valuing diversity and neurodiversity in building adaptive teams.

Key takeaways for CISOs and Trust Leaders:

  • Implement engaging, ongoing security awareness programs.
  • Build resilience by preparing for breaches — not just preventing them.
  • Extend your cybersecurity culture to include suppliers and vendors.
  • Use automation and AI as tools, but keep people at the center of your strategy.
  • Regularly review and update incident response and recovery plans.

Incident Management Insights from TikTok

David Coles, incident management expert at TikTok, shared real-world lessons from managing major cyber incidents. He stressed the importance of clear communication, rapid decision-making, and regular post-incident reviews to drive continuous improvement.

Key Takeaway: Incident response plans must be regularly tested and updated to reflect the evolving threat landscape.

Diversity, Inclusion, and the Future Cyber Workforce

Sessions in the Inclusive Cyber Space track highlighted the strategic value of diversity and neurodiversity in cybersecurity. Speakers discussed accessible security education and shared case studies on supporting neurodiverse professionals.

Key Takeaway: Embracing diversity isn’t just a moral imperative — it’s a strategic advantage in a field defined by creativity and adaptability.

Final Recommendations for Trust Leaders

UK Cyber Week 2025 reinforced that cybersecurity is as much about people and process as it is about technology. The event provided actionable insights and invaluable networking opportunities with peers and industry leaders. 

5 Key Takeaways from UK Cyber Week

  1. Accelerate post-quantum cryptography planning and vendor engagement.
  2. Enhance third-party risk management with continuous monitoring and zero trust.  
  3. Invest in AI-driven defense tools, but maintain strong human oversight.
  4. Prioritize security culture initiatives, focusing on human motivations and inclusive practices.
  5. Regularly test and update incident response plans.

I am continuing to connect and collaborate with many of the speakers and attendees, and I encourage fellow CISOs and trust executives to engage with this community to stay ahead of emerging threats and best practices.

Let’s keep the conversation going and work together to build a more resilient, inclusive, and innovative cybersecurity future.

No items found.
No items found.
No items found.
No items found.
Lena Smart
Head of Trust

SecurityPal Q1 2025 Updates: AI, Trust Center & Data Room Enhancements

Explore SecurityPal's Q1 2025 updates—AI upgrades, Trust Center redesign, ROI dashboards, and more to streamline security reviews.

5 Ways to Boost Collaboration Between Security and Sales Team

Boost collaboration between security and sales teams. Learn how to streamline processes, build trust with prospects, and close deals faster.

Strengthening cybersecurity through CISO-CIO relations

Dive into the In Security podcast with Chris Cruz, CIO of Tanium, discussing vital CIO-CISO collaboration, cyber risk management, and AI challenges in remote work, to offer key security insights.
Solutions
Customer Assurance (CAx)™
Security Questionnaire Concierge
Trust Center
Knowledge Library
Copilot (AI)
Vendor Assess (TPRM)
Resources
eBooks & Whitepapers
Case Studies
Events & Webinars
FAQs
Blog
SecurityPal Council
Company
Vision & Values
Leadership Team
SOCC
Careers
Press
Newsroom
Connect
Contact us
Call us: +1 650-503-9216
Legal & Compliance
Terms of Use
Terms of Service
Privacy Policy
DPA
Security & Assurance