Program 2026

The Digital Decade brings not only new requirements but also a unique opportunity for growth:

- for organizations in the areas of cybersecurity, the ethical use of artificial intelligence, and disruptive technologies,

- for your people in developing digital competencies,

- for CIOs and CISOs stepping into indispensable roles that address strategic questions about how the organization and its processes function.

Digital compliance demands new capabilities — the ability to respond with foresight to an increasingly complex cybersecurity reality, a more sophisticated technological environment, and the need for continuous innovation. Managers will be expected to combine technical, legal and business perspectives and prepare the organization for various technological challenges and security threats.

We will demonstrate how digital compliance firmly positions technical and security specialists among key leadership roles and creates demand for higher competencies across other managerial positions. At the same time, we will show how compliance can transform into growth and innovation opportunities and enhance organizational value.

The growing use of digital technologies and artificial intelligence brings new legal, security, and operational challenges. The upcoming effectiveness of the AI Act, NIS2 requirements, stricter CRA rules, ISO/IEC 27001 standards and the emerging ISO/IEC 42001, GDPR obligations, the new Product Liability Directive, as well as other regulations such as the DSA or the Data Act, are pushing organizations to find ways to align these frameworks into one functional model of responsible management.

The expert duo will offer an integrated perspective and demonstrate how key regulations overlap, where they differ, and how together they help create a secure, auditable, and transparent environment for AI and other digital systems. Drawing on practical experience, they will show how to build an environment that can withstand legal, security, and technological scrutiny—while still enabling innovation.

Many companies see compliance as a necessary evil that no one truly understands. The most successful ones, however, view it as a practical framework for managing risks, data, and innovation. This session will explain the working approach needed to translate new legislative requirements into internal processes and to make compliance a natural part of company management rather than an incomprehensible puzzle.

Where is the role of people, and where is the role of technology? We will outline, in practical terms, what can help bring legal requirements, human factors, and technology together. The key lies in clarity and simplicity—both in the law itself and in its application.
"If you can't explain it simply, you don't understand it well enough."

Due diligence, which precedes almost every business acquisition in our market, now focuses largely on areas covered by digital compliance—from IP rights and personal data protection to cybersecurity. Experienced buyers know that these areas often reveal deficiencies that can reduce or delay the payment of the purchase price. How should digital compliance be structured, and what should you prioritize to ensure your company stands up to a curious auditor? And what should you watch out for when you are the one pursuing an acquisition?

We will take the audience directly into the real-life practice of one of the most prominent industrial groups in the Czech Republic. The session will show how Czechoslovak Group approached the setup and implementation of selected compliance activities, which internal processes it transformed, and how it works with data, technology, and management culture. Participants will learn which steps proved effective, what challenges were encountered, and what concrete benefits this journey delivered—from more reliable risk management to strengthened trust among investors and partners.

Modern attacks leveraging artificial intelligence are the focus of our talk. We tested these tools ourselves, which allows us to show how powerful they can be in the hands of attackers. During the session, we will introduce several of these freely available tools, and we will also cover real cases where AI has been used in actual attacks.

We will introduce ESET’s newly formed research team, shed light on the inner workings of today’s cybercriminal groups, and highlight one of the most widespread techniques used to disable security products. Drawing on its own analyses and incident investigations, the team will also point out the most common security weaknesses found in organizations.

Interested in AI security and building resilient applications? This talk will delve into securing language models against prompt injection threats. Explore deployment strategies in AWS and Azure, NLP input validation, prompt tracking, threat modeling, and effective countermeasures.

Logs are no longer just dead data for archiving. In an era where minutes determine success, log management is becoming the central brain of both IT operations and cybersecurity. This talk explores the key trends reshaping the field — from centralization to automated analysis. But we won’t stay in theory. We will walk you through an investigation of a real incident, showing how a properly configured environment can reveal the root cause of an outage or attack in moments, helping prevent critical damage. Discover how to turn terabytes of logs into clear, actionable answers.

What happens once quantum computers break today’s encryption? What will a world look like where trust in data is no longer a given and every archive may become a ticking time bomb?
Radek Šichtanc from O2 will offer a perspective from an operator already working with quantum-secured technologies and will show how organizations can start preparing for the post-quantum era today.
He will build on last year’s topic of the O2 Quantum Shield and expand it towards real-world experience, limitations, and upcoming challenges—from “harvest now, decrypt later” threats to new strategies for protecting long-lived data.

Cyber resilience today depends on the ability to maintain real-time visibility across all endpoint devices, their status, and their risks. This presentation will show how principles used in military environments—asset, configuration, patch, and vulnerability management (ACPV)—can be applied in the commercial sector. We will focus on how these processes connect with threat hunting and threat management to enable organizations to respond quickly and effectively to state-sponsored actors (APT). The goal is to inspire an architecture that combines instant control, scalability in heterogeneous environments, and demonstrable security.

Integrating AI models with CRM systems introduces major challenges related to privacy protection, consent management, security controls, and the risk of model hallucinations that may be mistaken for real customer information. Organizations must also ensure proper data segmentation and classification to prevent the unintended exposure of sensitive data, while maintaining compliance with regulatory requirements across different regions.

This session will explore proven principles of secure data boundaries, advanced access permissions, and the protective Trust Layer that ensures controlled and auditable interactions between AI models and customer data. We will also examine essential practices such as data masking, auditability, and zero-retention policies that safeguard customer information while enabling the full potential of AI-driven processes.

Is it possible to build strong security in a dynamic e-commerce environment without becoming a brake on development? At Heureka, we believe the answer is yes. The goal is security that makes sense for both people and the business. The lecture will offer insight into how a security mindset is being integrated into the company’s DNA and what specific threats the e-commerce sector is facing.

People cause most incidents — not technology. Yet many companies focus on tuning tools instead of building the right habits. In this fast-paced talk, we’ll highlight the most common mistakes we see across organizations: from weak phishing simulations to trainings that people just “click through.” Most importantly, I’ll show what actually works, how to measure real behavioral change, and how to set up a few simple steps that immediately boost resilience against attacks.

Automation, AI, Agentic SOC and other buzzwords are shaking up today’s (not only) CyberDefense world. This talk will focus on the current landscape of how suitable and meaningful selected approaches actually are, based on original research. We’ll look primarily at categories of solutions rather than specific products.