Catalin Cosma

Catalin Cosma

Cyber Regulatory Lead (Director), UBS

3:15 pm - 4:00 pm

COMPLIANCE VS COST – PANEL DISCUSSION

Balancing regulatory pressure with commercial reality through defensible, risk-based decision-making

  • Understanding how enforcement severity and penalties influence compliance priorities
  • Evaluating trade-offs between risk mitigation, cost efficiency, and operational performance
  • Developing frameworks to prioritise TPRM investment based on risk exposure and business impact
  • Communicating trade-offs and decision rationale to boards, regulators, and senior stakeholders
  • Building defensible, outcome-driven risk management strategies under financial and operational constraints

10:55 am - 11:45 am

CYBERSECURITY & AI-EXPANDED ATTACK SURFACES ACROSS THE THIRD-PARTY ECOSYSTEM – PANEL DISCUSSION

Increased cyber risk in a cloud-connected, AI-enabled landscape

  • Understanding how cloud connectivity, API integrations and AI-enabled workflows are expanding third and Nth-party attack surfaces
  • Examining how AI adoption by vendors introduces new cyber, data integrity and operational resilience risks
  • Exploring professionalisation of threat actors and increasingly sophisticated attack methods
  • Understanding failures caused by patching, software updates and configuration changes at 3rd and 4th parties

3:55 pm - 4:45 pm

COMPLIANCE VS COST – PANEL DISCUSSION

Balancing regulatory expectations with business reality

  • Understanding how enforcement severity and penalties influence compliance priorities
  • Evaluating trade-offs between risk mitigation, revenue and operational efficiency
  • Developing frameworks to allocate TPRM resources based on risk and cost impact
  • Communicating rationale and decisions to management, regulators, and stakeholders

12:10 pm - 12:55 pm

CYBER RISK IN AN AI-DRIVEN ECOSYSTEM: EXPANDING ATTACK SURFACES ACROSS THIRD AND NTH PARTIES – PANEL DISCUSSION

How cloud, APIs, and AI are expanding cyber exposure across interconnected ecosystems and why traditional controls are no longer sufficient

  • How cloud connectivity, APIs, and AI workflows expand third- and Nth-party attack surfaces
  • The cyber and operational risks introduced by vendor AI adoption
  • The growing sophistication and professionalisation of threat actors
  • Failures driven by patching, updates, and configuration changes across third and fourth parties
  • Strengthening cyber resilience across interconnected vendor environments