Boards want clarity in cyber risk. Jack presents a governance framework using data and risk models to guide strategy, oversight & assurance.
Speaker
Jack Freund, Ph.D
Agenda
6:30pm - Event Start
6:30pm - Introduction
6:40pm - Presentation
7:25pm - Questions and answers
8:00pm - Event close
Synopsis
As cybersecurity evolves into a board-level concern, organisations must build governance programs that are both technically informed and strategically aligned. In this session, Dr. Jack Freund will present a risk governance framework he has developed and refined over years of executive experience.
The session will cover:
- The roles and responsibilities of stakeholders in a cyber risk governance program.
- How to decompose cyber risk into actionable domains.
- The use of risk appetite statements to guide investment and assurance.
- Strategies for integrating cyber risk with enterprise risk management (ERM).
- How findings from the IRIS 2025 report can ground these practices in real-world frequency and severity data.
Participants will leave with a structured model they can adapt to their own organisations, along with insights into how empirical risk data can support better assurance, risk transfer decisions, and communication with leadership.
About the speaker
Jack Freund is an award-winning thought leader in cyber risk governance and quantification.
As Executive Fellow at Cyentia Institute, he leads initiatives that translate empirical research into actionable guidance for enterprise risk programs.
He is the co-author of the book on the FAIR model of CRQ and has served in executive roles at several top financial institutions and cyber risk startups. His research and executive advisory work focus on aligning cyber risk with board expectations, developing risk appetite statements, and creating scalable assurance and TPRM programs.
Dr. Freund is a recognised expert in translating complex risk data into strategic insights. His work has been published widely, including in ISACA and ISSA Journals, and he is a frequent speaker at global conferences.
He holds a PhD in Information Systems and serves as Vice President of the ISSA Education Foundation. LinkedIn | X
Our events are for adults aged 16 years and over.
BCS is a membership organisation. If you enjoy this event, please consider joining BCS. You’ll be very welcome. You’ll receive access to many exclusive career development tools, an introduction to a thriving professional community and also help us Make IT Good For Society. Join BCS today
Please note: if you have any accessibility needs, please let us know via groups@bcs.uk and we’ll work with you to make suitable arrangements.
If you are attending in person, please familiarise yourself with the Visitor Instructions for the BCS London Office.
For overseas delegates who wish to attend the event, please note that BCS does not issue invitation letters.
This event is brought to you by: IRMA (Information Risk Management and Assurance) specialist group