Attack vectors are evolving rapidly. 56% of incidents handled last year involved third-party access points. Attackers exploit third parties, SaaS platforms and AI rather than traditional infrastructure. AI weaponisation accelerates: University of California research showed AI creating exploits with 51% success at under $3 cost. Defence advances too, with AI-powered vulnerability detection achieving 70% accuracy.

Visibility addresses agentic AI and new attack surfaces. Organisations must establish AI governance and harden AI identities. Trust centres on quantum-resilient cryptography as the European Commission mandates migrating all critical services by 2030, and unified identity management across employees, contractors, machines and AI agents.

Speed demands real-time capabilities through cyber data lakes and agentic AI platforms. ‘’Tomorrow we will talk about Patch Lunchtime, instead of Patch Tuesday; discovering vulnerabilities in the morning and patching before day’s end,’’ warned presenters. Value positions cybersecurity as a business enabler, demonstrating security’s contribution to growth under a value realisation office.

Talent scarcity emerged as critical. Shadow AI persists as Gartner research indicates approximately 70% of staff have bypassed or are willing to bypass organisational cybersecurity policies to accomplish work. One automative firm blocks unauthorised AI whilst investing in approved solutions. ‘’You cannot just block but you must provide alternatives,’’ they noted.

Regulatory complexity compounds challenges. European organisations face DORA for financial services, NIS2 directives, the Cyber Resilience Act and AI Act simultaneously. Geopolitical fragmentation reshapes strategies, requiring companies to map minimum viable operations and test isolation scenarios.

Luxembourg’s July 2023 POST incident exposed reality gaps in business continuity plans. A sophisticated IP-level attack targeting router loopback addresses caused cascading failures. Technical teams resolved issues within three hours, yet the incident revealed hidden dependencies in seemingly resilient architectures. POST’s representative highlighted national-level crisis complexities and multi-vendor strategy costs.

Wavestone’s roadmap comprises 30 actions distributed across 2026-2030. Initial phases establish data foundations and governance. Middle phases deploy automation and AI agents. Final phases target real-time capabilities including digital twins for testing.

Participants emphasised data governance as foundational, noting companies often focus on AI technology whilst neglecting data quality. Sovereignty debates extend beyond technology to organisational autonomy, with varying risk appetites across sectors.

As organisations navigate towards 20230, the intersection of accelerating threats, regulatory complexity and technological transformation demands strategic vision and tactical pragmatism. Success depends on balancing investment priorities, managing talent constraints and maintaining resilience whilst pursuing innovation.