Translating technical cyber risks into meaningful business outcomes remains a persistent challenge for security teams. Critical infrastructure organizations often measure impact through confidentiality, integrity and availability, yet miss the language that resonates across the enterprise - safety, resilience and trust. Moving from reactive compliance to proactive strategy requires reframing cyber risk through consequence-driven engineering principles that embed security throughout the asset life cycle, from design through ongoing evolution and decommissioning.

In this session, Emyr Thomas, head of Cyber Futures at National Highways, will discuss:

• Translating cyber risk into business language - safety, resilience and trust over CIA;
• Implementing guardrails to enable secure adoption of emerging technologies;
• The need of collaboration frameworks that scale security across operational levels.