Conference Description
Key Takeaways
- Executive-level cybersecurity conference addressing both IT and operational technology security challenges
- Dual-stream programme covering enterprise IT security and critical infrastructure protection
- Focus areas include nation-state threats, AI risk frameworks, adversary emulation, and incident response
- Designed for CISOs, CIOs, and senior technology leaders from critical infrastructure and enterprise sectors
- Explores post-quantum readiness, OT visibility, and vulnerability management strategies
Introduction
The Cyber Resilience Summit NSW 2026 convenes senior cybersecurity and technology leaders in Sydney to examine contemporary approaches to organisational defence against increasingly sophisticated threat actors. Held at the Hilton Hotel Sydney, the conference brings together professionals responsible for protecting both information technology environments and operational technology infrastructure across critical sectors including finance, utilities, telecommunications, healthcare, and pharmaceuticals.
The timing reflects a period of heightened concern within Australian cybersecurity circles. Nation-state actors continue to target critical infrastructure, artificial intelligence introduces novel attack vectors while simultaneously transforming defensive capabilities, and the convergence of IT and OT networks creates security challenges that traditional approaches struggle to address. For organisations operating essential services, the consequences of inadequate cyber resilience extend beyond data breaches to potential disruptions affecting public safety and economic stability.
About This Event
The summit operates across two parallel streams, separating IT security and OT security content to allow attendees to focus on their primary domain while maintaining opportunities to explore the intersection of both disciplines. This structure acknowledges that while IT and OT security share foundational principles, the operational constraints, legacy systems, and safety considerations in industrial environments demand specialised approaches.
Programming includes panel discussions, case studies, interactive workshops, and incident simulations designed to move beyond theoretical frameworks into practical application. The format emphasises peer collaboration, recognising that cybersecurity leaders often gain significant value from understanding how organisations facing similar challenges have approached specific problems.
Nation-State Threats and Geopolitical Implications
A significant portion of the programme addresses the influence of geopolitical developments on Australian cybersecurity posture. Nation-state actors have demonstrated sustained interest in critical infrastructure, intellectual property, and government systems, with techniques that often exceed the sophistication of financially motivated criminal groups. Understanding the motivations, capabilities, and targeting patterns of these actors has become essential for organisations that may find themselves within their scope of interest.
The summit examines how global events translate into specific risks for Australian organisations and explores defensive strategies appropriate for threats that operate with significant resources and long-term objectives. This includes discussion of threat intelligence integration, attribution challenges, and the practical limitations of defending against well-resourced adversaries.
Artificial Intelligence and the Evolving Risk Landscape
The rapid deployment of artificial intelligence tools across enterprise environments has introduced security considerations that many organisations are still working to understand. The summit addresses AI from multiple angles: as a potential attack vector, as a tool that adversaries increasingly leverage, and as a capability that defenders must learn to govern effectively.
Particular attention falls on autonomous agents and the risks associated with AI systems that can take actions with limited human oversight. As organisations integrate these capabilities into business processes, security teams face questions about data exposure, decision integrity, and the potential for AI systems to be manipulated or compromised. The programme explores emerging frameworks for AI risk management and governance structures that balance innovation with appropriate controls.
Operational Technology Security and Critical Infrastructure Protection
The dedicated OT stream reflects the distinct challenges facing organisations responsible for industrial control systems, manufacturing environments, and critical infrastructure. Unlike IT environments where regular patching and system updates represent standard practice, OT systems often operate under constraints that make traditional security approaches impractical. Equipment may run for decades, downtime carries significant operational or safety implications, and the consequences of security controls interfering with physical processes can be severe.
Sessions address OT network visibility, a foundational challenge given that many organisations lack comprehensive understanding of the assets operating within their industrial environments. Vulnerability management in OT contexts requires different approaches than IT equivalents, balancing the need to address known weaknesses against operational continuity requirements. The programme also covers incident readiness specific to OT environments, where response procedures must account for physical safety considerations absent from purely digital incidents.
Adversary Emulation and Security Assurance
The summit dedicates significant attention to adversary emulation and controls testing, reflecting a broader industry shift toward validating security investments through realistic assessment. Rather than relying solely on compliance frameworks or theoretical control designs, organisations increasingly seek to understand how their defences perform against techniques that actual threat actors employ.
This approach, sometimes characterised as thinking like an attacker, involves systematically testing detection capabilities, response procedures, and security controls against known adversary behaviours. The programme explores methodologies for conducting these assessments, interpreting results, and translating findings into meaningful security improvements. For organisations that have invested substantially in security tooling, adversary emulation provides evidence of whether those investments deliver expected protection.
Incident Response and Crisis Management
Effective incident response remains a persistent challenge for organisations of all sizes. The summit addresses both the technical dimensions of detecting and containing security incidents and the broader crisis management considerations that major breaches inevitably trigger. This includes coordination across technical teams, executive leadership, legal counsel, and external stakeholders under time pressure and incomplete information.
Incident simulations within the programme provide opportunities for attendees to work through realistic scenarios, testing decision-making processes and identifying gaps in preparedness that tabletop exercises might not reveal. The emphasis falls on practical readiness rather than theoretical planning, acknowledging that organisations often discover significant gaps in their response capabilities only when facing actual incidents.
Governance, Risk Frameworks, and Post-Quantum Considerations
Beyond immediate tactical concerns, the summit addresses strategic governance questions facing cybersecurity leaders. This includes aligning cyber risk management with broader enterprise risk frameworks, communicating effectively with boards and executive leadership, and navigating evolving regulatory requirements affecting Australian organisations.
Post-quantum readiness emerges as a forward-looking topic, recognising that while practical quantum computing threats to current cryptographic standards remain years away, the transition to quantum-resistant algorithms requires planning that should begin well in advance. Organisations with long data retention requirements or systems with extended replacement cycles face particular urgency in understanding their cryptographic dependencies and developing migration strategies.
Who Should Attend
The summit targets senior professionals with strategic responsibility for cybersecurity within their organisations. This includes Chief Information Security Officers, Chief Information Officers, and executives leading cybersecurity, technology risk, threat intelligence, and offensive security functions. The OT stream specifically addresses professionals responsible for operational technology environments, including those overseeing industrial control systems and critical infrastructure protection.
Attendees typically represent large enterprises and critical infrastructure organisations across finance, utilities, telecommunications, healthcare, education, and pharmaceutical sectors. The executive-level positioning assumes familiarity with cybersecurity fundamentals and focuses on strategic challenges, emerging threats, and leadership considerations rather than introductory technical content.

