The traditional three lines of defense - 3LoD - model, where the first line owns risk, the second line oversees it and the third line audits it - is being stress-tested by the velocity of cloud, artificial intelligence and digital transformation. In 2026, CISOs must reimagine this framework for cybersecurity, where the boundaries between business, technology and risk are blurring.

In this session, CISOs debate on how to structure security functions for accountability without creating silos, define metrics that resonate across lines of defense, and build a governance model that is agile enough for digital speed yet robust enough for regulatory scrutiny.

In this insightful discussion, Lt. Gen. Rajesh Pant, Lokesh Garg, Sanjay Bahl and Richard LaTulip discuss:

• Why continuous audit must replace periodic review as the baseline standard for third-line defense;
• How CISOs can translate vulnerabilities into financial impact to drive board-level accountability;
• What shared responsibility across the CISO, CRO and DPO looks like in cloud-native environments.