Digital and Cyber Resiliency: Beyond Compliance and Building a Resilience Culture

09:15-09:45 – Registration

09:45 – Introduction and Setting the Scene

Vysiion / Exponential-e & Future Water

10:00 – The Crisis of Culture

Future Water: Addressing the "D-minus" rating. Framing cyber as a "Safety" issue using the 25-year Health & Safety journey as a model.

10:20 – The Value of Data

Anmut

The value of data and why it's important to the sector, and the cyber security risk if something goes badly wrong - at time when the industry is generating more ways to use data to drive operations and asset management. 

10:35 – Legislative Keynote

Status of the Bill post-second reading and its impact on water as an Operator of Essential Services (OES).

10:50 – The Regulatory Gap

Ofwat: Update on the 2-year transition from DWI. Managing risk while the cyber enforcement team is in flux.

Key question: Who is implementing NIS?

11:05 - Coffee break

11:20 – The NCSC Water CAF

NCSC: Introduction to the water-specific Cyber Assessment Framework.

Focus on outcome-based security.

11:35 – Baseline: The Spending Gap

​Comparison of water sector spend per capita vs. Finance and Energy, including the £20k vs. £70k graduate-to-specialist salary distortion.

11:50 – Industry Presentation: Cyber as an Operational Risk

Honeywell — Digital and Cyber Resiliency Group Sponsor

​Why Cyber in Water isn’t an IT problem, but a critical operational and safety risk

​Exploring how cyber incidents in water can disrupt treatment processes, dosing accuracy, pumping, and pressure—ultimately impacting public health.

​This session will cover:

• The shift from IT-centric threats to operational (OT) environments
• Why traditional IT security models fall short in safety-critical systems
• How cyber risk directly affects physical processes and outcomes
• ​Lessons from other regulated industries to improve resilience in water

12:20 – Panel: Cultural Change

​How to train and upskill the existing workforce rather than relying on expensive external hires.

12:50 – Lunch

13:50 – Industry Presentation: Securing the Future (30 mins)

Vysiion

​Securing the Future: OT Cyber Security, Regulatory Compliance & the Analog-to-Digital Transition in the Water Sector

A strategic overview session covering:

• The evolving CNI threat landscape and why water is a prime target
• The distinction between IT and OT security
• ​The regulatory environment (NIS2, Cyber Bill, NCSC Water CAF)
• ​Practical approaches to OT security and structured risk assessment
• The analog-to-digital transition: risks, opportunities, and migration pathways

14:20 – Standards Landscape

​How the strong culture in health and safety can be translated into cyber security frameworks.

​Discussion points:

• Which standards best embed organisational cyber culture?
• Barriers to adopting cyber standards in OT environments

14:40 – Workshop: Cultural Blockers

​Breakout groups identifying barriers such as union concerns and investment silos that hinder cultural embedding.

15:05 – The Commitment

​Call to action: Launching the CAF Maturity Self-Assessment to be reviewed in October.

15:20 – Finish