Digital and Cyber Resiliency: Beyond Compliance and Building a Resilience Culture

09:15-09:45 – Registration

09:45 – Introduction and Setting the Scene
Vysiion / Exponential-e & Future Water

10:00 – The Crisis of Culture
Future Water: Addressing the "D-minus" rating. Framing cyber as a "Safety" issue using the 25-year Health & Safety journey as a model.

10:20 – The Value of Data
Anmut
The value of data and why it's important to the sector, and the cyber security risk if something goes badly wrong - at time when the industry is generating more ways to use data to drive operations and asset management.

10:35 – Legislative Keynote
Status of the Bill post-second reading and its impact on water as an Operator of Essential Services (OES).

10:50 – The Regulatory Gap
Ofwat: Update on the 2-year transition from DWI. Managing risk while the cyber enforcement team is in flux.
Key question: Who is implementing NIS?

11:05 - Coffee break

11:20 – The NCSC Water CAF
NCSC: Introduction to the water-specific Cyber Assessment Framework.
Focus on outcome-based security.

11:35 – Baseline: The Spending Gap
Comparison of water sector spend per capita vs. Finance and Energy, including the £20k vs. £70k graduate-to-specialist salary distortion.

11:50 – Industry Presentation: Cyber as an Operational Risk
Honeywell — Digital and Cyber Resiliency Group Sponsor
Why Cyber in Water isn’t an IT problem, but a critical operational and safety risk
Exploring how cyber incidents in water can disrupt treatment processes, dosing accuracy, pumping, and pressure—ultimately impacting public health.
This session will cover:
The shift from IT-centric threats to operational (OT) environments
Why traditional IT security models fall short in safety-critical systems
How cyber risk directly affects physical processes and outcomes
Lessons from other regulated industries to improve resilience in water

12:20 – Panel: Cultural Change
How to train and upskill the existing workforce rather than relying on expensive external hires.

12:50 – Lunch

13:50 – Industry Presentation: Securing the Future (30 mins)
Vysiion
Securing the Future: OT Cyber Security, Regulatory Compliance & the Analog-to-Digital Transition in the Water Sector
A strategic overview session covering:
The evolving CNI threat landscape and why water is a prime target
The distinction between IT and OT security
The regulatory environment (NIS2, Cyber Bill, NCSC Water CAF)
Practical approaches to OT security and structured risk assessment
The analog-to-digital transition: risks, opportunities, and migration pathways

14:20 – Standards Landscape
How the strong culture in health and safety can be translated into cyber security frameworks.
Discussion points:
Which standards best embed organisational cyber culture?
Barriers to adopting cyber standards in OT environments

14:40 – Workshop: Cultural Blockers
Breakout groups identifying barriers such as union concerns and investment silos that hinder cultural embedding.

15:05 – The Commitment
Call to action: Launching the CAF Maturity Self-Assessment to be reviewed in October.

15:20 – Finish