Taking place on March 12 and 13 at Park Plaza, Riverbank, London, PrivSec & GRC Connect London provides a platform for organisations to address the cumulative nature of risk.

PrivSec & GRC Connect London’s comprehensive agenda is led by subject matter experts, business chiefs and industry leaders, giving attendees a deep-dive into challenges and solutions on the rapidly evolving GRC landscape.

Event speaker, Gary Brown is Chief Privacy Officer at Westinghouse Electric Company LLC. He is a qualified chartered accountant and a privacy professional. An accomplished senior executive with 20 years’ extensive experience, Gary has operated at Board level in a variety of roles within a number of complex organisations across Financial Services, Leisure and Retail. He is also a non-executive director with positions in the Health, Education and Charitable sectors.

Gary will be attending PrivSec & GRC Connect London to talk about how ransomware “tabletop” exercises can help organisations to mitigate cyberattack risk.

Below, Gary answers questions on his professional journey and introduces the key issues.

Could you outline your career so far?

After an early career in finance, I was asked to lead the GDPR implementation for a major UK bank. I found data protection and privacy exciting and quickly became passionate in this area.

Following delivery of that program, I became the Data Protection Officer for a start-up bank, though we never ‘started’ due to the challenges of raising funding as Covid was breaking out. This lead me to leave Financial Services and start as Chief Privacy Officer at Westinghouse Electric Company, a global provider of nuclear energy.

What mistakes are businesses continuing to make regarding their security posture, and in terms of preparedness in the event of a security incident?

Businesses either assume it ‘won’t happen here’, and are therefore not ready when it inevitably does. Or they assume, if it does then everyone will know what to do, what to say, and how to respond. This hardly ever happens, unless all players are well rehearsed, from CEO and other business leaders, all the way through to the professionals who will be called to action.

How can “tabletop exercises” help organisations to prepare for and respond to cyberattacks?

In a safe space, tabletop exercises can help everyone understand the role they are required to play during a live incident, what they need to know, where to find the information they will need to use, and how to contact other colleagues they will need to rely upon and work with.

Everyone learns something on these occasions. Better to learn what you don’t know in a rehearsal, than during a live attack, when time is critical and the pressure can be immense.