Jamie Tolles, Maureen Gallagher, Daniel Backo, Nicholas Cramer
Session Time: Fri, May 8, 2026: 02:30 PM – 03:30 PM
Passing a compliance audit should mean your organization is secure, but breach after breach tells a different story. Organizations that recently cleared SOC 2, HIPAA, and other assessments continue to suffer ransomware attacks and data breaches, often through gaps that the audit framework was never designed to examine. Join a DFIR practitioner, privacy attorney, and cyber insurance professional for a candid look at why compliance and security keep diverging, and what legal, insurance, and governance leaders need to do about it. Discussion topics include:
- What incident responders actually find at “compliant” organizations, and the patterns that keep repeating
- The litigation and regulatory exposure when “we passed our audit” fails as a legal defense
- How cyber insurers are evaluating security posture beyond compliance attestations, and what it means for coverage
- Practical steps to close the gap between controls on paper and controls in practice before an attacker finds it first
Jamie Tolles, Vice President, Incident Response, IDX
Maureen Gallagher, Partner, Kirkland & Ellis
Daniel Backo, Senior Cyber Adviser, Acrisure
Nicholas Cramer, VP DFIR Services, IDX (moderator)
Reading Materials:
