Conference Description
Key Takeaways
- Executive-level cybersecurity summit addressing incident response, AI-driven threats, and operational resilience
- Designed for CISOs, CIOs, and senior security leaders from regulated industries across Asia-Pacific
- Coverage of post-quantum cryptography readiness, insider threat management, and third-party risk
- Interactive format combining panels, workshops, roundtables, and case study presentations
- Partners include ISACA, ISC2, Diligent, Illumio, and Seatrium
Introduction
The Cyber Resilience Summit Singapore 2026 brings together senior cybersecurity executives at Marina Bay Sands to address the operational and strategic challenges facing organisations as threat actors increasingly leverage artificial intelligence and automation. The summit is structured for CISOs, CIOs, and heads of security responsible for protecting critical infrastructure and enterprise systems across the Asia-Pacific region. With ransomware attacks growing more sophisticated and AI lowering the barrier to entry for malicious actors, the event focuses on practical approaches to incident response, crisis management, and maintaining business continuity under pressure.
The timing reflects a broader industry shift. Organisations are no longer asking whether they will face a significant cyber incident but how effectively they can respond when one occurs. This summit positions cyber resilience not as a technical function alone but as a board-level concern requiring coordination across security operations, risk management, and business leadership.
About the Cyber Resilience Summit Singapore 2026
Held in person at Marina Bay Sands, the summit is designed as an executive-level gathering rather than a broad industry exhibition. The format emphasises depth over breadth, with panel discussions, interactive workshops, roundtable conversations, and case study presentations forming the core programme. This structure allows senior practitioners to engage directly with peers facing similar challenges in financial services, energy and utilities, public sector organisations, and other regulated industries.
The event draws support from established industry bodies and technology providers. ISACA and ISC2, both recognised globally for cybersecurity certification and professional development, are among the partners. Diligent, known for governance and risk management platforms, and Illumio, a specialist in zero trust segmentation, also participate alongside Seatrium, reflecting the summit’s relevance to both enterprise technology and critical infrastructure sectors.
Incident Response and Crisis Management in Practice
A central theme running through the summit is the practical execution of incident response. While many organisations have documented response plans, the gap between documentation and effective execution under pressure remains significant. Sessions address how security teams can build and test response capabilities before incidents occur, including tabletop exercises, simulation-based training, and post-incident review processes that feed lessons back into operational improvements.
Crisis management extends beyond the security operations centre. Effective response requires coordination with legal, communications, executive leadership, and often external regulators. The summit explores how organisations can establish clear escalation paths and decision-making frameworks that function under the time pressure and uncertainty characteristic of serious security incidents. For industries subject to mandatory breach notification requirements, this coordination becomes particularly critical.
AI-Driven Threats and Defensive Applications
Artificial intelligence appears throughout the programme in two distinct contexts. On the threat side, AI has reduced the technical skill required to conduct sophisticated attacks. Automated reconnaissance, AI-generated phishing content, and machine learning-assisted vulnerability discovery have expanded the capabilities available to threat actors at various skill levels. This democratisation of attack tools means organisations face a broader range of adversaries than in previous years.
Defensively, AI and automation offer opportunities to improve detection speed, reduce analyst fatigue, and scale monitoring capabilities beyond what manual processes allow. The summit examines how security teams are integrating these technologies into their operations while managing the risks of over-reliance on automated systems. Finding the appropriate balance between human judgment and machine-assisted analysis remains an active area of development for most security organisations.
Preparing for Post-Quantum Cryptography
Post-quantum cybersecurity readiness represents a longer-term but increasingly urgent concern. Current public-key cryptographic systems, which underpin secure communications, digital signatures, and authentication mechanisms across virtually all enterprise systems, are vulnerable to attack by sufficiently powerful quantum computers. While such computers do not yet exist at the scale required, the timeline for their development has shortened, and data encrypted today may be harvested for future decryption.
The summit addresses how organisations can begin inventorying their cryptographic dependencies, evaluating post-quantum algorithms now being standardised, and developing migration roadmaps. For industries with long data retention requirements or systems with extended operational lifespans, this planning work cannot wait until quantum computers become operational threats.
Managing Insider Threats and Third-Party Risk
External threat actors receive significant attention in cybersecurity discussions, but insider threats and third-party risks often present equally serious challenges. Insider threats encompass both malicious actors and well-intentioned employees whose mistakes create security exposures. Effective programmes must balance monitoring and access controls against operational efficiency and employee trust.
Third-party risk has grown as organisations increasingly depend on external vendors, cloud service providers, and interconnected supply chains. A security incident at a critical supplier can propagate rapidly through dependent organisations. The summit explores frameworks for assessing third-party security postures, establishing contractual requirements, and maintaining visibility into supplier security practices. Recent regulatory developments in several jurisdictions have formalised expectations around third-party risk management, making this an area of compliance concern as well as operational necessity.
Business Continuity and Operational Resilience
Cyber resilience ultimately connects to business continuity. The ability to maintain critical operations during and after a security incident determines whether an organisation experiences a manageable disruption or a catastrophic failure. This requires understanding which business processes depend on which technical systems, establishing recovery priorities, and ensuring that backup and recovery mechanisms actually function when needed.
Operational resilience frameworks, now mandated in various forms by financial regulators in multiple jurisdictions, require organisations to demonstrate they can continue delivering critical services under a range of adverse scenarios. The summit provides a forum for practitioners to share approaches to meeting these requirements while building genuinely effective resilience capabilities rather than compliance-focused documentation exercises.
Who Should Attend
The Cyber Resilience Summit Singapore 2026 is structured for senior practitioners with direct responsibility for cybersecurity strategy and operations. CISOs and CIOs will find the strategic discussions relevant to board-level reporting and resource allocation decisions. Heads of cybersecurity, IT security, technology risk, and enterprise risk management will benefit from the operational focus on incident response, threat detection, and resilience planning.
The programme is particularly relevant for professionals in financial services, energy and utilities, and public sector organisations, where regulatory requirements and critical infrastructure considerations add complexity to security operations. However, the core challenges of responding to AI-driven threats, managing third-party risk, and maintaining operational continuity apply broadly across industries.

