You are invited to join us for the Federal Reserve / MIT Conference on Measuring Cyber Risk in the Financial Services Sector on September 7-8, 2022. We will be hosting experts from industry, government and academia to discuss the status of efforts to measure and track cyber risk across the financial system.
Distinguished keynote speakers and panelists will review the current challenges and discuss the potential ways that a comprehensive set of cyber metrics could enable system stakeholders to respond effectively to the rapidly evolving threat landscape. Topics include risk metrics and predictive statistics, threat analysis and scenario development and their relationship to operational resilience and financial stability. We’ll conclude with a discussion of how these efforts can improve risk mitigation and some promising initiatives that could address existing challenges.
This is a hybrid, in-person and virtual conference. You can join us in-person at MIT, but pre-registration is required due to limited seating:

Samberg Conference Center
50 Memorial Drive,
Cambridge, MA
Date & Time
September 7, 2022 9:00AM - 5:00PM

September 8, 2022 9:00AM - 12:30PM
Schedule - September 7
Continental Breakfast
Welcome and Opening Remarks: Daniela Rus, Professor, Head of MIT's Computer Science and Artificial Intelligence Lab (CSAIL)
The session will open with a fireside chat with Tom Barkin, President of the Federal Reserve Bank of Richmond and Andrew W. Lo, Charles E. and Susan T. Harris Professor at the MIT Sloan School of Management. Daniel Weitzner, 3Com Founders Senior Research Scientist chair at MIT’s Computer Science & Artificial Intelligence Laboratory, will moderate.

Andrew Lo will then provide additional remarks on the topic of cyber risk and the financial system.
Keynote: Kemba Eneas Walden, US White House, Office of the National Cyber Director
Keynote: Andrew W. Lo, MIT Sloan - Cybersecurity and the Financial System

Panel discussions on cybersecurity, operational resilience and financial stability

Cyber resilience is a key component of firms’ overall operational resilience. A lack of cyber resilience at individual or groups of firms makes the financial system as a whole more vulnerable to cyber events and bouts of financial instability. This panel will discuss how firms protect their most critical operations and core business lines with their own cyber resilience in mind, as well as the financial system’s cyber resilience, considering their firms’ critical role in the financial system. It also will explore how measures of cyber risk and resilience fit within larger measures of overall operational resilience.

Art Lindo, Deputy Director, Supervision & Regulation, Board of Governors
* Nicole Muryn Clement, Senior Vice President, Global Information Security, Bank of America
* Mahi Dontamsetti, Global Head of Non-Financial Risk & Chief Technology Risk Officer, State Street
* Ajoy Kumar, Chief Information Security Officer, DTCC

Panel discussion on evaluating cyber incidents

Measuring cyber risk requires data about security incidents related to the security posture, control failures, and resulting financial impacts of the incident. The goal of this session is to explore how firms classify and evaluate individual cyber incidents within their organizations and how these data are used to quantify and communicate risk.

Moderator: Josephine Wolff, Associate Professor of Cybersecurity Policy, The Fletcher School, Tufts University
* Sean Downey, Head of Cybersecurity Operations & Analytics, Fidelity Investments
* Martin Eling, Professor, Director of the Institute of Insurance Economics, University of St. Gallen
* Matt McCabe, General Counsel and Risk Officer, Kivu Consulting
* David Stone, Google
Panel discussion on risk metrics and predictive statistics

The quantification and analysis of cyber risk is a developing field and has not yet matured to the point where it can be consistently measured and managed against corporate risk appetites. This panel will discuss current state-of-the-art methodologies used in evaluating cyber risk, as well as existing gaps and future directions.

Moderator: Tammy Hornsby-Fink, Chief Information Security Officer, Federal Reserve System
* Steve Bishop, Research & information Director, ORX
* Martin Kreuzer, Senior Risk Manager Cyber Risks, Munich Re
* Ni Kenney, Senior Business Director, Capital One
Day one closing comments and adjourn
Schedule - September 8
Continental Breakfast
Welcome and Opening Remarks
Panel discussion on threat analysis and scenario development

This panel will focus on discussing existing approaches to understanding the major factors and players behind cyber risk threats, as well as the techniques uses, and the process of analyzing these threat and materialized events. The panelists will also discuss scenario developments approaches and existing gaps in this domain.

Moderator: Patricia Mosser, Director, MPA Program in Economic Policy Management; Senior Research Scholar, Columbia University's School of International and Public Affairs
* Nedim Baruh, Head of Operational Risk Measurement and Analytics, J.P. Morgan Chase
* Jack Jones, Chairman, The FAIR Institute
* Karmen Yu, Assistant Vice President, National Incident Response Team, Federal Reserve National IT
Keynote: Jim Routh, former CISO of MassMutual and Aetna
Panel discussion on next steps

Specialists utilize existing tools and frameworks (such as NIST and FAIR) to manage firms’ cyber risks.
However, firms often lack a way to measure, aggregate and translate granular elements into
business-level cyber risk metrics and information that can be (1) effectively communicated to business
line risk managers; (2) provided to boards, governance bodies and stakeholders; and (3) compared to
other financial service sector firms. This panel will seek to identify key gaps that could be addressed
jointly by industry and academia.
* Moderator: Taylor Reynolds, Research Director, MIT Internet Policy Research Initiative
* Steve Bishop, Research and Information Director, ORX
* Martin Eling, Professor, Director of the Institute of Insurance Economics, University of St. Gallen
* Aly Farooqui, Chief Risk Officer, IBM Cloud for Financial Services
* Jeffrey Gerlach, Vice President, Federal Reserve Bank of Richmond
* Jim Routh, former CISO of MassMutual and Aetna
* Nagarjuna Venna, MIT Sloan, Co-founder of Bitsight
Conference Concludes

Join us on September 7 and 8
We look forward to hosting you!

Processing Registration...