Digital and Cyber Resiliency: Beyond Compliance and Building a Resilience Culture

​09:30 - Registration

​10:00 - The Crisis of Culture

​Future Water: Addressing the "D-minus" rating. Framing cyber as a "Safety" issue using the 25-year Health & Safety journey as a model.

​10:20 - Legislative Keynote

​Status of the Bill post-second reading and its impact on water as an Operator of Essential Services (OES).

​10:40 - The Regulatory Gap

​Ofwat: Update on the 2-year transition from DWI. Managing risk while the cyber enforcement team is in flux.
Key question: Who is implementing NIS?

​11:00 - The NCSC Water CAF

​NCSC: Introduction to the water-specific Cyber Assessment Framework.
Focus on outcome-based security.

​11:20 - Baseline: The Spending Gap

​Comparison of water sector spend per capita vs. Finance and Energy, including the £20k vs. £70k graduate-to-specialist salary distortion.

​Key questions:

• ​Why does the IT/OT expenditure gap exist?

• ​How can it be addressed?

​11:40 - Industry Presentation: Cyber as an Operational Risk

​Honeywell — Digital and Cyber Resiliency Group Sponsor

​Why Cyber in Water isn’t an IT problem, but a critical operational and safety risk

​Exploring how cyber incidents in water can disrupt treatment processes, dosing accuracy, pumping, and pressure—ultimately impacting public health.

​This session will cover:

• ​The shift from IT-centric threats to operational (OT) environments

• ​Why traditional IT security models fall short in safety-critical systems

• ​How cyber risk directly affects physical processes and outcomes

• ​Lessons from other regulated industries to improve resilience in water

​12:00 - Panel: Cultural Change (30 mins)

​How to train and upskill the existing workforce rather than relying on expensive external hires.

​12:30 - Lunch

​13:30 - Industry Presentation: Securing the Future

​Vysiion

​Securing the Future: OT Cyber Security, Regulatory Compliance & the Analog-to-Digital Transition in the Water Sector

​A strategic overview session covering:

• ​The evolving CNI threat landscape and why water is a prime target

• ​The distinction between IT and OT security

• ​The regulatory environment (NIS2, Cyber Bill, NCSC Water CAF)

• ​Practical approaches to OT security and structured risk assessment

• ​The analog-to-digital transition: risks, opportunities, and migration pathways

​14:00 - Standards Landscape

​How the strong culture in health and safety can be translated into cyber security frameworks.

​Discussion points:

• ​Which standards best embed organisational cyber culture?

• ​Barriers to adopting cyber standards in OT environments

​14:20 - Workshop: Cultural Blockers

​Breakout groups identifying barriers such as union concerns and investment silos that hinder cultural embedding.

​14:45 - The Commitment

​Call to action: Launching the CAF Maturity Self-Assessment to be reviewed in October.

​15:00 - Finish