The Cyber Ecosystem 2020

event calendar icon

17 Sep 2020

15:00 -20:00


Open to: All

event map pin icon


(where applicable, further details sent upon registration)


This year’s Cambridge Cyber Risk Conference explores “The Cyber Ecosystem” – how cyber risk inter-connects with influences and consequences within and beyond the technical arena. In this conference we invite participants to explore the drivers of cyber risk for an individual organisation and from broader societal and macroeconomic trends.

The digital economy has been boosted by remote working and changes in retail distribution during the pandemic, and this has forced the global economy to reassess modes of consumption, supply, interaction, security and productivity. We invite participation from a wide variety of specialists and business managers, including cyber security specialists, ethical hackers, academics studying aspects of cyber crime, motivation, and technology, Chief Information Security Officers and their teams, cyber insurance practitioners, and advisors and specialists.

The Cyber Ecosystem 2020.


17 September 2020

15:00 – 15:15

Welcome address

Dr Michelle Tuveson, Executive Director, Centre for Risk Studies

15:15 – 15:55

Session 1: Cyber Ecosystem Disruptors

15:15-15:30 – The Great Digital Acceleration and Cyber Risk – Dr Andrew Coburn, Chief Scientist, Centre for Risk Studies

2020 has seen an unprecedented acceleration in digitisation of the global economy, driven by a perfect storm of COVID-19 lockdown and underlying social and market trends. This has prompted a step-change in cyber risk, with threat actors taking advantage of a new technology landscape, and leveraging the vulnerabilities it creates. The Cyber Ecosystem is both transforming society and is being transformed by it. Research at the Centre for Risk Studies suggests scenarios for cyber risk in the next few years ahead.

15:30-15:45 – Here Be Dragons… With Heavy Tails! – Éireann Leverett, Founder of Concinnity Risks, and Senior Risk Researcher, Centre for Risk Studies

The many headed hydra of new emerging risks haven’t even been measured yet. Digital acceleration also amplifies uncertainty in risk. So our ability to measure new cyber risks, needs to accelerate too. Old risks are like old money, easy to dismiss in conversation but impossible to ignore in a fight. Ransomware is the heavy tail of our dragon, and extortion of all types will continue to wag this beast.

15:45-15:55 – Q&A session

15:55 – 16:40

Session 2: Resilience in the Cyber Ecosystem

15:55-16:00 – Introduction to the session and Q&A coordinator – Dr Maria Bada, Research Associate, Cambridge Cyber Crime Centre

16:00-16:15 – The Era of Data-Driven Policymaking – Stephen Boyer, Chief Technology Officer, Bitsight

One contributing factor for global cyber insecurity: historical lack of data and measurement to drive better decision-making. As cybersecurity performance data and analytics become more readily available, can policymakers take advantage of this information to create a more secure and resilient ecosystem? A discussion of data and research that may usher in a “new era” of data-driven policymaking.

16:15-16:30 – Insuring Against the New Wave of Ransomware – Dr Matt Harrison, Director, Product Management, Cyber, Risk Management Solutions

16:30-16:40 – Q&A session

16:40 – 17:25

Session 3: The Next Generation of Ecosystem Disruptors

16:40-16:45 – Introduction to the session and Q&A coordinator – Derek Blum, Senior Director, Product Management, Risk Management Solutions

16:45-17:00 – A Failure of Digital Trust – Dr Jennifer Daffron, Lead, Technology Risk Research, Centre for Risk Studies, Anthony Shapella, Head of Analytics, Global Cyber Team, AIG General Insurance

A collaboration between the Centre for Risk Studies and AIG addresses systemic risk in cyber space. The number and variety of technologies, connections, and infrastructure that characterise the global internet makes this challenging, however certain key technologies, services, protocols and vendors make up a core internet “backbone” that represents aggregation risk if they were to fail. Failure of Transport Layer Security (TLS) is an under-appreciated potential source of systemic risk in the digital economy, illustrated with a scenario that features in a new report, published as a result of the collaboration.

17:00-17:15 – A Space Parable: Disrupting Satellite Broadband Security – James Pavur, Doctoral Student, Department of Computer Science, University of Oxford

This talk delves into the weaknesses of a “security through complexity” mindset through the lens of real-world eavesdropping attacks in satellite broadband network. In it, we see how less than £250 worth of equipment can be used by attackers to target critical infrastructure systems and personal communications privacy via satellite internet connections. We delve into how this situation came about and how disruptive shifts in threat models can undermine security risk-calculus that hinges on assumptions of attacker incompetence.

17:15-17:25 – Q&A session – Moderated by Derek Blum


Panel discussion: Managing Cyber Risk in an Uncertain Future

Managing Cyber Risk in an Uncertain Future

Moderated by Dr Matt Harrison, Director, Product Management, Cyber, Risk Management Solutions


  • Joe Turnstall, Senior Risk Manager & Head of Insurance, easyJet
  • Kelly Malynn, Senior Risk Manager, Beazley
  • Dr Maria Bada, Research Associate, Cambridge Cybercrime Centre
  • Zaman Uddin, Head of Technology Risk and Compliance, Tesco

17:55 – 18:00

Closing remarks

Professor Danny Ralph, Academic Director, Centre for Risk Studies


Dr Michelle Tuveson

Executive Director, Cambridge Centre for Risk Studies

Dr Michelle Tuveson is a Founder and Executive Director at the Cambridge Centre for Risk Studies hosted at the University of Cambridge Judge Business School. Her responsibilities include the overall executive leadership at the Centre. This includes developing partnership relationships with corporations, governments, and other academic centres. Dr Tuveson leads the Cambridge CRO Council and she chairs the organising committee for the Cambridge Risk Centre’s Annual Risk Summits. She is one of the lead organisers of the Aspen Crisis and Risk Forum. She is an advisor to the World Economic Forum’s 2015 Global Risk Report and a contributor to the Financial Times Special Report on Risk Management. She is also an advisor to a number of corporations and boards as well as a frequent conference speaker.

Dr Tuveson has worked in corporations within the technology sector with her most recent position in the Emerging Markets Group at Lockheed Martin. Prior to that, she held positions with management strategy firm Booz Allen & Hamilton, and US R&D organisation MITRE Corporation. Dr Tuveson’s academic research focuses on the application of simulation models to study risk governance structures associated with the role of the Chief Risk Officer. She was awarded by the Career Communications Group, Inc. as a Technology Star for Women in Science, Technology, Engineering and Maths (STEM). She earned her BS in Engineering from the Massachusetts Institute of Technology, MS in Applied Math from Johns Hopkins University, and PhD in Engineering from the University of Cambridge. She is a member of Christ’s College, Cambridge.

Eireann Leverett

Senior Risk Researcher, Cambridge Centre for Risk Studies

Eireann is a Risk Researcher at the Centre for Risk Studies, where his research focuses upon technological disasters and the economic impacts of computer security failures or accidents.

Visit Eireann Leverett’s profile

Dr Jennifer Daffron

Cyber Research Lead, Cambridge Centre for Risk Studies

Dr Jennifer Daffron is the Cyber Research Lead at the Cambridge Centre for Risk Studies. Her research interests include defining and exposing cyber threat vulnerabilities on organisational and human behavioural platforms. Jennifer holds a PhD in Experimental Psychology from the University of Cambridge.

Derek Blum

Senior Director, Product Management, Risk Management Solutions

Derek Blum is a Senior Director, Product Management at Risk Management Solutions.  He is an entrepreneurial product and project manager with a skill for solving complex problems and working cross-functionally.

Matt Harrison

Director, Product Management, Cyber, Risk Management Solutions

Matt is the recently appointed Director of Product Management, for Cyber Solutions at RMS.

Prior to this he worked at Hiscox for 14 years in a wide variety of predominately specialty cat modelling/exposure management roles.  The last six years were primarily focused on building capability to measure cyber and liability/casualty risk.

Matt has a PhD in Physics (Fluid Mechanics), which has had a startlingly minimal cross-over with his career to date.

Kelly Malynn

Senior Risk Manager, Beazley

Kelly is a Senior Risk Manager at Beazley and for the last five years has had a specialist focus on cyber risk and innovation across all classes of business, most recently developing Beazley affirmative physical damage marine hull product.

She is responsible for providing cyber risk assurance to the board on the systemic aggregation potential, emerging risks, exposure management and capital provisions. She is also responsible for the implementation of the Beazley strategic initiative on client experience and chair of the environmental working group under the responsible business committee.

She has been at Beazley since 2009, has 20 years of London Market experience and is a member of the LMA’s Cyber Strategy Group which operates under the LMA Board.

Andrew Coburn

Chief Scientific Advisor, Centre for Risk Studies

Dr Andrew Coburn manages the External Advisory Board of the Centre for Risk Studies, coordinating the inputs of consumers of research into the Centre’s risk agenda. Andrew is the principal coordinator of the research programme on ‘System Shock’ at the Centre.

Andrew is one of the leading contributors to the creation of the class of catastrophe models that over the past 20 years has come to be an accepted part both of business management in financial services and of public policy making for societal risk. He has extensive experience in developing models and using them for business decision support. Andrew has also provided research inputs into government policy, such as House of Congress legislation on terrorism risk management policy and urban planning for disaster mitigation in Mexico, Metro Manila, and Southern Italy.

Dr Andrew Coburn is a member of the senior management of Risk Management Solutions, the leading provider of catastrophe risk models to the insurance industry.

Maria Bada

Senior Research Associate, Cambridge Cyber Crime Centre

Dr Maria Bada is a Senior Research Associate at the Cambridge Cyber Crime Centre.

The Cambridge Cybercrime Centre is a multi-disciplinary initiative combining expertise from the University of Cambridge’s Department of Computer Science and Technology, Institute of Criminology and Faculty of Law.

Anthony Shapella

Head of Analytics, Global Cyber Team, AIG General Insurance

Anthony Shapella is Head of Analytics, Global Cyber Team at AIG.

Anthony has more than 15 years of experience leading risk and analytics teams. His specialities include cyber risk/accumulation modelling, emerging risk analysis and research, financial analysis and modelling, property and market strategy, and strategic and decision making.

James Pavur

Doctoral Student, Department of Computer Science, University of Oxford

James is a doctoral student in the Department of Computer Science, University of Oxford.  He is a hacker at heart, and always interested in the dynamics connecting weird hardware, security, and privacy. Right now, his main focus is on satellite systems security. He hopes to complete his PhD next year and then start the next adventure.

Joe Tunstall

Senior Risk Manager and Head of Insurance, easyJet

Zaman Uddin

Head of Technology Risk and Compliance, Tesco