Abstract
A forward-looking discussion on structure, accountability, metrics, board-reporting and future-ready security functions.
The traditional three lines of defense - 3LoD - model, where the first line owns risk, the second line oversees it and the third line audits it - is being stress-tested by the velocity of cloud, AI and digital transformation. In 2026, CISOs must reimagine this framework for cybersecurity, where the boundaries between business, technology and risk are blurring.
This session brings together CISOs to debate how to structure security functions for accountability without creating silos, define metrics that resonate across lines of defense and build a governance model that is agile enough for digital speed yet robust enough for regulatory scrutiny. This session will cover: First-line accountability: Security as a business responsibility; Second-line evolution: CISO, chief revenue officer and data protection officer collaboration models; Third-line independence and effectiveness in fast-moving environments.