FIndlay Whitelaw

FIndlay Whitelaw

"Exabeam" field CISO

12:00 - 12:30

NIS2 and the Risk You Can't See: Identity, Behaviour and Insider Threat

NIS2 is often framed as a compliance, but in reality it is exposing a deeper issue in that some organisations cannot always explain understand what happening insider their environments. This session explores why insider risk, identity, behaviour and visibility are reshaping how we detect and respond to cyber threats.

09:20 - 09:45

From Human to Hybrid: The Next Insider Threat Won’t Be Human

This session reframes the insider-threat landscape as AI systems gain greater autonomy, access, and influence within organisations. Insider risk is no longer limited to human actors, it now includes AI-driven processes capable of behaviours that can appear malicious, whether intentional or accidental. The discussion will explore how AI is reshaping intent, capability, and control, and how these shifts introduce new vulnerabilities across hybrid human–AI workflows. It will also show why traditional identity-based monitoring cannot keep pace with machine-enabled insider activity. Attendees will leave with a clearer understanding of this emerging threat and practical guidance on adopting behaviour-focused detection models that surface anomalies, regardless of whether they originate from a person or an increasingly capable AI system.