Cybersecurity governance is no longer a compliance exercise - it is a business imperative for critical infrastructure operators. Building effective policy frameworks requires balancing regulatory demands, operational realities and organizational culture. As frameworks such as NIS2, GDPR and the AI Act reshape expectations, companies must align cybersecurity with business strategy, ensuring governance, resilience and communication work hand in hand.

In this session, Marta Majtenyi, director of Information Security Office at Norsk Hydro, will discuss:

• Establishing scalable, “good enough” governance frameworks that drive compliance and resilience;
• Building trust, collaboration and clarity across IT, OT and business stakeholders;
• Embedding cybersecurity policy as a core pillar of enterprise strategy and sustainable growth.