IT Security Insights 2026

The conference begins with a breakfast for all participants. Arrive early to connect with your peers and meet our partners in the exhibition area.

Quantum computers have the potential to break widely used public-key cryptosystems, such as RSA and elliptic-curve cryptography, which are a part of our current communication infrastructure. Post-quantum resilience is a field to address these vulnerabilities to ensure the long-term security of our data and communications. We address the practical aspects of transition to post-quantum cryptography covering strategy, inventory, execution, and validation as well as touch upon outstanding challenges of quantum key distribution and what might lie ahead.

Dive into the morning dynamic breakout sessions with hands-on workshops and live demos. Choose from four exciting parallel tracks, each powered by our supporting partners.

In today's threat landscape, where ransomware has become a $57 billion global crisis, traditional security models are proving insufficient. Organizations are investing heavily in prevention, yet breaches continue to occur - highlighting a critical gap between security plans and recovery readiness. This session explores the fundamental shift from defensive security to cyber resilience, examining why prevention alone isn't enough and how organizations can prepare for - and assume - breach. We'll discuss practical frameworks for building recovery readiness, the critical differences between disaster recovery and cyber recovery, and why testing your ability to restore operations is just as important as preventing attacks in the first place.

Key takeaways

• Understand the "Assume Breach" Paradigm – Why traditional security investments focus on prevention while recovery readiness remains critically underdeveloped, and how to rebalance your resilience strategy
• Distinguish Cyber Recovery from Disaster Recovery – Learn the fundamental differences in scope, goals, and methods between operational recovery, disaster recovery, and cyber recovery scenarios
• Build and Test Your Minimum Viable Company – Identify which critical applications and systems you need to resume operations, and why frequent testing is essential to validate recovery readiness
• Shift Your Success Metrics – Move beyond traditional RTO/RPO to Mean Time to Clean Recovery (MTCR) and understand why identifying your last clean backup point is critical to cyber resilience.

In this session, we explore Inalogy's innovative approach to enterprise IAM using open-source technologies—delivering flexibility, scalability, and cost-effectiveness without compromise

• Is security a part of digital sovereignty?
• Trustworthiness is building relationships - how does information technology fit into it?
• Are these three subjects related, and if so, how?

Key takeaways:

• How to build a security team with the correct competence?
• Aligning requirements

We invite you to participate in our distinguished roundtable sessions, providing a platform to voice your perspectives and engage in knowledge exchange with esteemed cybersecurity experts. Discussions will cover a wide range of critical topics shaping the cybersecurity landscape. The format will include two rotations, with delegates transitioning to new tables every 40 minutes to foster broader interaction.

“Many organizations are struggling to adapt to an increasingly unpredictable world. Economic recession and geopolitical instability has made it even more challenging to stay on top of Cyber Security. With Generative AI in the hands of adversaries we now have to rethink our understanding of the cyber threat landscape. 

Key Takeaways:

• Have your organization been attacked in an increasing rate compared to previously?
• Are you scaling up your Cyber Security and how is this done while in economic uncertainty?
• Have the type of controls you implement changed to deal with immediate threats? How do you balance this against your long-term plans?
• Have the geopolitical instability put new security topics on the agenda? For example Digital Soverignty in Cloud or Disaster Recovery?

Session involves information related to the threats involved in our AI space and how do we mitigate AI based threats with enhancement on building AI based cybersecurity skills

Key takeaways:

• How do you build AI enhanced skills in cybersecurity ?
• What are the threats evolving under the AI space ?
• How does the Global AI Cybersecurity market look like ?
• How does EC-Council help in the AI space ?

Here we can explore how modern awareness tools like phishing simulations, gamification and behavior-based nudges drive behavioral change, especially against evolving threats like AI-based phishing or deepfakes.

The rise of autonomous AI agents and generative AI presents a significant security paradox for organizations. While these technologies offer immense potential for productivity and efficiency by automating complex tasks and decision-making, they also introduce new and sophisticated security risks.

This roundtable will explore the security challenges and opportunities presented by agentic AI. We'll discuss how to balance the benefits of autonomous operations with the need for strong security protocols, examine potential attack vectors, and address the complex questions around accountability when AI agents make independent decisions. The goal is to provide actionable insights for security leaders and business executives to navigate this evolving landscape and protect their organizations.

Let’s be honest — in cybersecurity and tech, this gap is real.

• C-level leaders think in terms of revenue, market position, shareholder trust.
• Technical teams think in terms of system stability, vulnerabilities, compliance.

Both are right. But the friction — the miscommunication, the misaligned priorities — can cost companies time, money, and sometimes their reputation.

The session is about calling it out, unpacking it, and — most importantly — figuring out how to fix it.”

Key takeaways:

• Automatically class your information based on rules or not
• Have different applications/databases/locations for Confidential and Restricted"
• Have all information in same application but with instructions how to handle the different classes

Helena’s keynote will provide a high-level overview of how cybersecurity and information security legislation has evolved over time. The session will trace the journey from early legislation that largely referred to “best practice” — without clearly defining specific requirements or implementation methods — to today’s increasingly detailed and prescriptive regulatory frameworks such as DORA and NIS2.

Key takeaways:

• The keynote will explore how best practices have historically shaped legislation, gradually becoming formalised into binding legal requirements. This evolution will be illustrated through examples ranging from early regulatory principles dating back to the 1350s, through Swedish legislation such as Personuppgiftslagen, MSB’s recommendations for the public sector, Lagen om elektronisk kommunikation and PTS regulations, to more recent frameworks including NIS1, DORA, and NIS2.
• The session will conclude with reflections and forward-looking considerations on future regulatory developments, including potential implications of initiatives such as the Digital Omnibus, and how organisations can prepare for what comes next.

Synopsis: 

We are approaching a transition from a stage with legal & regulatory requirements in focus into the world of quantum, AI and the unknown. This panel will discuss how these changes will reshape our profession, organisations, ways of working and the technology.